1 /* rfcomm.c - RFCOMM handling */
2
3 /*
4 * Copyright (c) 2016 Intel Corporation
5 *
6 * SPDX-License-Identifier: Apache-2.0
7 */
8
9 #include <zephyr/kernel.h>
10 #include <string.h>
11 #include <errno.h>
12 #include <zephyr/sys/atomic.h>
13 #include <zephyr/sys/byteorder.h>
14 #include <zephyr/sys/util.h>
15 #include <zephyr/debug/stack.h>
16
17 #include <zephyr/bluetooth/hci.h>
18 #include <zephyr/bluetooth/bluetooth.h>
19 #include <zephyr/bluetooth/conn.h>
20 #include <zephyr/bluetooth/l2cap.h>
21
22 #include <zephyr/bluetooth/classic/rfcomm.h>
23
24 #include "host/hci_core.h"
25 #include "host/conn_internal.h"
26 #include "l2cap_br_internal.h"
27 #include "rfcomm_internal.h"
28
29 #define LOG_LEVEL CONFIG_BT_RFCOMM_LOG_LEVEL
30 #include <zephyr/logging/log.h>
31 LOG_MODULE_REGISTER(bt_rfcomm);
32
33 #define RFCOMM_CHANNEL_START 0x01
34 #define RFCOMM_CHANNEL_END 0x1e
35
36 #define RFCOMM_MIN_MTU BT_RFCOMM_SIG_MIN_MTU
37 #define RFCOMM_DEFAULT_MTU 127
38
39 #define RFCOMM_MAX_CREDITS (BT_BUF_ACL_RX_COUNT - 1)
40 #define RFCOMM_CREDITS_THRESHOLD (RFCOMM_MAX_CREDITS / 2)
41 #define RFCOMM_DEFAULT_CREDIT RFCOMM_MAX_CREDITS
42
43 #define RFCOMM_CONN_TIMEOUT K_SECONDS(60)
44 #define RFCOMM_DISC_TIMEOUT K_SECONDS(20)
45 #define RFCOMM_IDLE_TIMEOUT K_SECONDS(2)
46
47 #define DLC_RTX(_w) CONTAINER_OF(k_work_delayable_from_work(_w), \
48 struct bt_rfcomm_dlc, rtx_work)
49 #define SESSION_RTX(_w) CONTAINER_OF(k_work_delayable_from_work(_w), \
50 struct bt_rfcomm_session, rtx_work)
51
52 static struct bt_rfcomm_server *servers;
53
54 #define RFCOMM_SESSION(_ch) CONTAINER_OF(_ch, \
55 struct bt_rfcomm_session, br_chan.chan)
56
57 static struct bt_rfcomm_session bt_rfcomm_pool[CONFIG_BT_MAX_CONN];
58
59 /* reversed, 8-bit, poly=0x07 */
60 static const uint8_t rfcomm_crc_table[256] = {
61 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
62 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
63 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
64 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
65
66 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
67 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
68 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
69 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
70
71 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
72 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
73 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
74 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
75
76 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
77 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
78 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
79 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
80
81 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
82 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
83 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
84 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
85
86 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
87 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
88 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
89 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
90
91 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
92 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
93 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
94 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
95
96 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
97 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
98 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
99 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
100 };
101
rfcomm_calc_fcs(uint16_t len,const uint8_t * data)102 static uint8_t rfcomm_calc_fcs(uint16_t len, const uint8_t *data)
103 {
104 uint8_t fcs = 0xff;
105
106 while (len--) {
107 fcs = rfcomm_crc_table[fcs ^ *data++];
108 }
109
110 /* Ones compliment */
111 return (0xff - fcs);
112 }
113
rfcomm_check_fcs(uint16_t len,const uint8_t * data,uint8_t recvd_fcs)114 static bool rfcomm_check_fcs(uint16_t len, const uint8_t *data,
115 uint8_t recvd_fcs)
116 {
117 uint8_t fcs = 0xff;
118
119 while (len--) {
120 fcs = rfcomm_crc_table[fcs ^ *data++];
121 }
122
123 /* Ones compliment */
124 fcs = rfcomm_crc_table[fcs ^ recvd_fcs];
125
126 /*0xCF is the reversed order of 11110011.*/
127 return (fcs == 0xcf);
128 }
129
rfcomm_dlcs_lookup_dlci(struct bt_rfcomm_dlc * dlcs,uint8_t dlci)130 static struct bt_rfcomm_dlc *rfcomm_dlcs_lookup_dlci(struct bt_rfcomm_dlc *dlcs,
131 uint8_t dlci)
132 {
133 for (; dlcs; dlcs = dlcs->_next) {
134 if (dlcs->dlci == dlci) {
135 return dlcs;
136 }
137 }
138
139 return NULL;
140 }
141
rfcomm_dlcs_remove_dlci(struct bt_rfcomm_dlc * dlcs,uint8_t dlci)142 static struct bt_rfcomm_dlc *rfcomm_dlcs_remove_dlci(struct bt_rfcomm_dlc *dlcs,
143 uint8_t dlci)
144 {
145 struct bt_rfcomm_dlc *tmp;
146
147 if (!dlcs) {
148 return NULL;
149 }
150
151 /* If first node is the one to be removed */
152 if (dlcs->dlci == dlci) {
153 dlcs->session->dlcs = dlcs->_next;
154 return dlcs;
155 }
156
157 for (tmp = dlcs, dlcs = dlcs->_next; dlcs; dlcs = dlcs->_next) {
158 if (dlcs->dlci == dlci) {
159 tmp->_next = dlcs->_next;
160 return dlcs;
161 }
162 tmp = dlcs;
163 }
164
165 return NULL;
166 }
167
rfcomm_server_lookup_channel(uint8_t channel)168 static struct bt_rfcomm_server *rfcomm_server_lookup_channel(uint8_t channel)
169 {
170 struct bt_rfcomm_server *server;
171
172 for (server = servers; server; server = server->_next) {
173 if (server->channel == channel) {
174 return server;
175 }
176 }
177
178 return NULL;
179 }
180
181 static struct bt_rfcomm_session *
rfcomm_sessions_lookup_bt_conn(struct bt_conn * conn)182 rfcomm_sessions_lookup_bt_conn(struct bt_conn *conn)
183 {
184 int i;
185
186 for (i = 0; i < ARRAY_SIZE(bt_rfcomm_pool); i++) {
187 struct bt_rfcomm_session *session = &bt_rfcomm_pool[i];
188
189 if (session->br_chan.chan.conn == conn) {
190 return session;
191 }
192 }
193
194 return NULL;
195 }
196
bt_rfcomm_server_register(struct bt_rfcomm_server * server)197 int bt_rfcomm_server_register(struct bt_rfcomm_server *server)
198 {
199 if (server->channel > RFCOMM_CHANNEL_END || !server->accept) {
200 return -EINVAL;
201 }
202
203 if (!server->channel) {
204 uint8_t chan = (uint8_t)BT_RFCOMM_CHAN_DYNAMIC_START;
205
206 for (; chan <= RFCOMM_CHANNEL_END; chan++) {
207 /* Check if given channel is already in use */
208 if (!rfcomm_server_lookup_channel(chan)) {
209 server->channel = chan;
210 LOG_DBG("Allocated channel 0x%02x for new server", chan);
211 break;
212 }
213 }
214
215 if (!server->channel) {
216 LOG_WRN("No free dynamic rfcomm channels available");
217 return -EADDRNOTAVAIL;
218 }
219 } else {
220 /* Check if given channel is already in use */
221 if (rfcomm_server_lookup_channel(server->channel)) {
222 LOG_WRN("Channel already registered");
223 return -EADDRINUSE;
224 }
225 }
226
227 LOG_DBG("Channel 0x%02x", server->channel);
228
229 server->_next = servers;
230 servers = server;
231
232 return 0;
233 }
234
rfcomm_dlc_tx_trigger(struct bt_rfcomm_dlc * dlc)235 static void rfcomm_dlc_tx_trigger(struct bt_rfcomm_dlc *dlc)
236 {
237 int err;
238
239 if ((dlc == NULL) || (dlc->tx_work.handler == NULL)) {
240 return;
241 }
242
243 LOG_DBG("DLC %p TX trigger", dlc);
244
245 err = k_work_submit(&dlc->tx_work);
246 if (err < 0) {
247 LOG_ERR("Failed to submit tx work: %d", err);
248 }
249 }
250
rfcomm_dlcs_tx_trigger(struct bt_rfcomm_dlc * dlcs)251 static void rfcomm_dlcs_tx_trigger(struct bt_rfcomm_dlc *dlcs)
252 {
253 for (struct bt_rfcomm_dlc *dlc = dlcs; dlc != NULL; dlc = dlc->_next) {
254 rfcomm_dlc_tx_trigger(dlc);
255 }
256 }
257
rfcomm_dlc_tx_give_credits(struct bt_rfcomm_dlc * dlc,uint8_t credits)258 static void rfcomm_dlc_tx_give_credits(struct bt_rfcomm_dlc *dlc,
259 uint8_t credits)
260 {
261 LOG_DBG("dlc %p credits %u", dlc, credits);
262
263 while (credits--) {
264 k_sem_give(&dlc->tx_credits);
265 rfcomm_dlc_tx_trigger(dlc);
266 }
267
268 LOG_DBG("dlc %p updated credits %u", dlc, k_sem_count_get(&dlc->tx_credits));
269 }
270
rfcomm_dlc_destroy(struct bt_rfcomm_dlc * dlc)271 static void rfcomm_dlc_destroy(struct bt_rfcomm_dlc *dlc)
272 {
273 LOG_DBG("dlc %p", dlc);
274
275 k_work_cancel_delayable(&dlc->rtx_work);
276 k_work_cancel(&dlc->tx_work);
277
278 dlc->state = BT_RFCOMM_STATE_IDLE;
279 dlc->session = NULL;
280
281 if (dlc->ops && dlc->ops->disconnected) {
282 dlc->ops->disconnected(dlc);
283 }
284 }
285
rfcomm_dlc_disconnect(struct bt_rfcomm_dlc * dlc)286 static void rfcomm_dlc_disconnect(struct bt_rfcomm_dlc *dlc)
287 {
288 uint8_t old_state = dlc->state;
289
290 LOG_DBG("dlc %p", dlc);
291
292 if (dlc->state == BT_RFCOMM_STATE_DISCONNECTED) {
293 return;
294 }
295
296 dlc->state = BT_RFCOMM_STATE_DISCONNECTED;
297
298 switch (old_state) {
299 case BT_RFCOMM_STATE_CONNECTED:
300 rfcomm_dlc_tx_trigger(dlc);
301 break;
302 default:
303 rfcomm_dlc_destroy(dlc);
304 break;
305 }
306 }
307
rfcomm_session_disconnected(struct bt_rfcomm_session * session)308 static void rfcomm_session_disconnected(struct bt_rfcomm_session *session)
309 {
310 struct bt_rfcomm_dlc *dlc;
311
312 LOG_DBG("Session %p", session);
313
314 if (session->state == BT_RFCOMM_STATE_DISCONNECTED) {
315 return;
316 }
317
318 for (dlc = session->dlcs; dlc;) {
319 struct bt_rfcomm_dlc *next;
320
321 /* prefetch since disconnected callback may cleanup */
322 next = dlc->_next;
323 dlc->_next = NULL;
324
325 rfcomm_dlc_disconnect(dlc);
326
327 dlc = next;
328 }
329
330 session->state = BT_RFCOMM_STATE_DISCONNECTED;
331 session->dlcs = NULL;
332 }
333
bt_rfcomm_create_pdu(struct net_buf_pool * pool)334 struct net_buf *bt_rfcomm_create_pdu(struct net_buf_pool *pool)
335 {
336 /* Length in RFCOMM header can be 2 bytes depending on length of user
337 * data
338 */
339 return bt_conn_create_pdu(pool,
340 sizeof(struct bt_l2cap_hdr) +
341 sizeof(struct bt_rfcomm_hdr) + 1);
342 }
343
rfcomm_send_cb(struct bt_rfcomm_session * session,struct net_buf * buf,bt_conn_tx_cb_t cb,void * user_data)344 static int rfcomm_send_cb(struct bt_rfcomm_session *session, struct net_buf *buf,
345 bt_conn_tx_cb_t cb, void *user_data)
346 {
347 int err;
348
349 err = bt_l2cap_br_chan_send_cb(&session->br_chan.chan, buf, cb, user_data);
350 if (err < 0) {
351 net_buf_unref(buf);
352 }
353
354 return err;
355 }
356
rfcomm_send(struct bt_rfcomm_session * session,struct net_buf * buf)357 static int rfcomm_send(struct bt_rfcomm_session *session, struct net_buf *buf)
358 {
359 return rfcomm_send_cb(session, buf, NULL, NULL);
360 }
361
rfcomm_send_sabm(struct bt_rfcomm_session * session,uint8_t dlci)362 static int rfcomm_send_sabm(struct bt_rfcomm_session *session, uint8_t dlci)
363 {
364 struct bt_rfcomm_hdr *hdr;
365 struct net_buf *buf;
366 uint8_t cr, fcs;
367
368 buf = bt_l2cap_create_pdu(NULL, 0);
369
370 hdr = net_buf_add(buf, sizeof(*hdr));
371 cr = BT_RFCOMM_CMD_CR(session->role);
372 hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
373 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_SABM, BT_RFCOMM_PF_NON_UIH);
374 hdr->length = BT_RFCOMM_SET_LEN_8(0);
375
376 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
377 net_buf_add_u8(buf, fcs);
378
379 return rfcomm_send(session, buf);
380 }
381
rfcomm_send_disc(struct bt_rfcomm_session * session,uint8_t dlci)382 static int rfcomm_send_disc(struct bt_rfcomm_session *session, uint8_t dlci)
383 {
384 struct bt_rfcomm_hdr *hdr;
385 struct net_buf *buf;
386 uint8_t fcs, cr;
387
388 LOG_DBG("dlci %d", dlci);
389
390 buf = bt_l2cap_create_pdu(NULL, 0);
391
392 hdr = net_buf_add(buf, sizeof(*hdr));
393 cr = BT_RFCOMM_CMD_CR(session->role);
394 hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
395 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_DISC, BT_RFCOMM_PF_NON_UIH);
396 hdr->length = BT_RFCOMM_SET_LEN_8(0);
397 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
398 net_buf_add_u8(buf, fcs);
399
400 return rfcomm_send(session, buf);
401 }
402
rfcomm_session_disconnect(struct bt_rfcomm_session * session)403 static void rfcomm_session_disconnect(struct bt_rfcomm_session *session)
404 {
405 if (session->dlcs) {
406 return;
407 }
408
409 session->state = BT_RFCOMM_STATE_DISCONNECTING;
410 rfcomm_send_disc(session, 0);
411 k_work_reschedule(&session->rtx_work, RFCOMM_DISC_TIMEOUT);
412 }
413
rfcomm_make_uih_msg(struct bt_rfcomm_session * session,uint8_t cr,uint8_t type,uint8_t len)414 static struct net_buf *rfcomm_make_uih_msg(struct bt_rfcomm_session *session,
415 uint8_t cr, uint8_t type,
416 uint8_t len)
417 {
418 struct bt_rfcomm_hdr *hdr;
419 struct bt_rfcomm_msg_hdr *msg_hdr;
420 struct net_buf *buf;
421 uint8_t hdr_cr;
422
423 buf = bt_l2cap_create_pdu(NULL, 0);
424
425 hdr = net_buf_add(buf, sizeof(*hdr));
426 hdr_cr = BT_RFCOMM_UIH_CR(session->role);
427 hdr->address = BT_RFCOMM_SET_ADDR(0, hdr_cr);
428 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_UIH, BT_RFCOMM_PF_UIH);
429 hdr->length = BT_RFCOMM_SET_LEN_8(sizeof(*msg_hdr) + len);
430
431 msg_hdr = net_buf_add(buf, sizeof(*msg_hdr));
432 msg_hdr->type = BT_RFCOMM_SET_MSG_TYPE(type, cr);
433 msg_hdr->len = BT_RFCOMM_SET_LEN_8(len);
434
435 return buf;
436 }
437
rfcomm_connected(struct bt_l2cap_chan * chan)438 static void rfcomm_connected(struct bt_l2cap_chan *chan)
439 {
440 struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
441
442 LOG_DBG("Session %p", session);
443
444 /* Need to include UIH header and FCS*/
445 session->mtu = MIN(session->br_chan.rx.mtu,
446 session->br_chan.tx.mtu) -
447 BT_RFCOMM_HDR_SIZE - BT_RFCOMM_FCS_SIZE;
448
449 if (session->state == BT_RFCOMM_STATE_CONNECTING) {
450 rfcomm_send_sabm(session, 0);
451 }
452 }
453
rfcomm_disconnected(struct bt_l2cap_chan * chan)454 static void rfcomm_disconnected(struct bt_l2cap_chan *chan)
455 {
456 struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
457
458 LOG_DBG("Session %p", session);
459
460 k_work_cancel_delayable(&session->rtx_work);
461 rfcomm_session_disconnected(session);
462 session->state = BT_RFCOMM_STATE_IDLE;
463 }
464
rfcomm_dlc_rtx_timeout(struct k_work * work)465 static void rfcomm_dlc_rtx_timeout(struct k_work *work)
466 {
467 struct bt_rfcomm_dlc *dlc = DLC_RTX(work);
468 struct bt_rfcomm_session *session = dlc->session;
469
470 LOG_WRN("dlc %p state %d timeout", dlc, dlc->state);
471
472 rfcomm_dlcs_remove_dlci(session->dlcs, dlc->dlci);
473 rfcomm_dlc_disconnect(dlc);
474 rfcomm_session_disconnect(session);
475 }
476
rfcomm_dlc_init(struct bt_rfcomm_dlc * dlc,struct bt_rfcomm_session * session,uint8_t dlci,bt_rfcomm_role_t role)477 static void rfcomm_dlc_init(struct bt_rfcomm_dlc *dlc,
478 struct bt_rfcomm_session *session,
479 uint8_t dlci,
480 bt_rfcomm_role_t role)
481 {
482 struct k_work_sync sync;
483
484 LOG_DBG("dlc %p", dlc);
485
486 if (dlc->tx_work.handler != NULL) {
487 /* Make sure the tx_work is cancelled before reinitializing */
488 k_work_cancel_sync(&dlc->tx_work, &sync);
489 /* Reset the work handler to NULL before the DLC connected */
490 dlc->tx_work.handler = NULL;
491 }
492
493 dlc->dlci = dlci;
494 dlc->session = session;
495 dlc->rx_credit = RFCOMM_DEFAULT_CREDIT;
496 dlc->state = BT_RFCOMM_STATE_INIT;
497 dlc->role = role;
498 k_work_init_delayable(&dlc->rtx_work, rfcomm_dlc_rtx_timeout);
499
500 /* Start a conn timer which includes auth as well */
501 k_work_schedule(&dlc->rtx_work, RFCOMM_CONN_TIMEOUT);
502
503 dlc->_next = session->dlcs;
504 session->dlcs = dlc;
505 }
506
rfcomm_dlc_accept(struct bt_rfcomm_session * session,uint8_t dlci)507 static struct bt_rfcomm_dlc *rfcomm_dlc_accept(struct bt_rfcomm_session *session,
508 uint8_t dlci)
509 {
510 struct bt_rfcomm_server *server;
511 struct bt_rfcomm_dlc *dlc;
512 uint8_t channel;
513
514 channel = BT_RFCOMM_GET_CHANNEL(dlci);
515 server = rfcomm_server_lookup_channel(channel);
516 if (!server) {
517 LOG_ERR("Server Channel not registered");
518 return NULL;
519 }
520
521 if (server->accept(session->br_chan.chan.conn, server, &dlc) < 0) {
522 LOG_DBG("Incoming connection rejected");
523 return NULL;
524 }
525
526 if (!BT_RFCOMM_CHECK_MTU(dlc->mtu)) {
527 rfcomm_dlc_destroy(dlc);
528 return NULL;
529 }
530
531 rfcomm_dlc_init(dlc, session, dlci, BT_RFCOMM_ROLE_ACCEPTOR);
532 dlc->mtu = MIN(dlc->mtu, session->mtu);
533
534 return dlc;
535 }
536
rfcomm_send_dm(struct bt_rfcomm_session * session,uint8_t dlci)537 static int rfcomm_send_dm(struct bt_rfcomm_session *session, uint8_t dlci)
538 {
539 struct bt_rfcomm_hdr *hdr;
540 struct net_buf *buf;
541 uint8_t fcs, cr;
542
543 LOG_DBG("dlci %d", dlci);
544
545 buf = bt_l2cap_create_pdu(NULL, 0);
546
547 hdr = net_buf_add(buf, sizeof(*hdr));
548 cr = BT_RFCOMM_RESP_CR(session->role);
549 hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
550 /* For DM PF bit is not relevant, we set it 1 */
551 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_DM, BT_RFCOMM_PF_NON_UIH);
552 hdr->length = BT_RFCOMM_SET_LEN_8(0);
553 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
554 net_buf_add_u8(buf, fcs);
555
556 return rfcomm_send(session, buf);
557 }
558
rfcomm_check_fc(struct bt_rfcomm_dlc * dlc)559 static bool rfcomm_check_fc(struct bt_rfcomm_dlc *dlc)
560 {
561 int err;
562
563 LOG_DBG("Wait for credits or MSC FC %p", dlc);
564 /* Wait for credits or MSC FC */
565 err = k_sem_take(&dlc->tx_credits, K_NO_WAIT);
566 if (err != 0) {
567 LOG_DBG("Credits not available");
568 return false;
569 }
570
571 LOG_DBG("Credits available");
572 if (dlc->session->cfc == BT_RFCOMM_CFC_SUPPORTED) {
573 LOG_DBG("Credits available");
574 return true;
575 }
576
577 err = k_sem_take(&dlc->session->fc, K_NO_WAIT);
578 if (err != 0) {
579 k_sem_give(&dlc->tx_credits);
580 LOG_DBG("Flow control not available");
581 return false;
582 }
583
584 /* Give the sems immediately so that sem will be available for all
585 * the bufs in the queue. It will be blocked only once all the bufs
586 * are sent (which will preempt this thread) and FCOFF / FC bit
587 * with 1, is received.
588 */
589 k_sem_give(&dlc->session->fc);
590 k_sem_give(&dlc->tx_credits);
591
592 LOG_DBG("Flow control available");
593 return true;
594 }
595
bt_rfcomm_tx_destroy(struct bt_rfcomm_dlc * dlc,struct net_buf * buf)596 static void bt_rfcomm_tx_destroy(struct bt_rfcomm_dlc *dlc, struct net_buf *buf)
597 {
598 LOG_DBG("dlc %p, buf %p", dlc, buf);
599
600 if ((buf == NULL) || (buf->len == 0)) {
601 return;
602 }
603
604 if (dlc && dlc->ops && dlc->ops->sent) {
605 dlc->ops->sent(dlc, -ESHUTDOWN);
606 }
607 }
608
rfcomm_sent(struct bt_conn * conn,void * user_data,int err)609 static void rfcomm_sent(struct bt_conn *conn, void *user_data, int err)
610 {
611 struct bt_rfcomm_dlc *dlc;
612
613 LOG_DBG("conn %p", conn);
614
615 if (user_data == NULL) {
616 return;
617 }
618
619 dlc = (struct bt_rfcomm_dlc *)user_data;
620
621 rfcomm_dlc_tx_trigger(dlc);
622
623 if (dlc && dlc->ops && dlc->ops->sent) {
624 dlc->ops->sent(dlc, err);
625 }
626 }
627
rfcomm_dlc_tx_worker(struct k_work * work)628 static void rfcomm_dlc_tx_worker(struct k_work *work)
629 {
630 struct bt_rfcomm_dlc *dlc = CONTAINER_OF(work, struct bt_rfcomm_dlc, tx_work);
631 struct net_buf *buf;
632
633 LOG_DBG("Work for dlc %p state %u", dlc, dlc->state);
634
635 if (dlc->state < BT_RFCOMM_STATE_CONNECTED) {
636 return;
637 }
638
639 if (dlc->state == BT_RFCOMM_STATE_CONNECTED ||
640 dlc->state == BT_RFCOMM_STATE_USER_DISCONNECT) {
641 if (k_fifo_is_empty(&dlc->tx_queue) == true) {
642 goto user_disconnect;
643 }
644
645 if (rfcomm_check_fc(dlc) == false) {
646 LOG_DBG("FC or credit not available");
647 goto user_disconnect;
648 }
649
650 buf = k_fifo_get(&dlc->tx_queue, K_NO_WAIT);
651 LOG_DBG("Tx buf %p", buf);
652 if (rfcomm_send_cb(dlc->session, buf, rfcomm_sent, dlc) < 0) {
653 /* This fails only if channel is disconnected */
654 dlc->state = BT_RFCOMM_STATE_DISCONNECTED;
655 bt_rfcomm_tx_destroy(dlc, buf);
656 LOG_ERR("Failed to send buffer, disconnected");
657 goto disconnect;
658 }
659
660 if (k_fifo_is_empty(&dlc->tx_queue) == false) {
661 rfcomm_dlc_tx_trigger(dlc);
662 return;
663 }
664
665 user_disconnect:
666 if (dlc->state == BT_RFCOMM_STATE_USER_DISCONNECT) {
667 LOG_DBG("Process user disconnect");
668 goto disconnect;
669 }
670
671 return;
672 }
673
674 disconnect:
675 LOG_DBG("dlc %p disconnected - cleaning up", dlc);
676
677 /* Give back any allocated buffers */
678 while ((buf = k_fifo_get(&dlc->tx_queue, K_NO_WAIT))) {
679 bt_rfcomm_tx_destroy(dlc, buf);
680 net_buf_unref(buf);
681 }
682
683 if (dlc->state == BT_RFCOMM_STATE_USER_DISCONNECT) {
684 dlc->state = BT_RFCOMM_STATE_DISCONNECTING;
685 }
686
687 if (dlc->state == BT_RFCOMM_STATE_DISCONNECTING) {
688 rfcomm_send_disc(dlc->session, dlc->dlci);
689 k_work_reschedule(&dlc->rtx_work, RFCOMM_DISC_TIMEOUT);
690 } else {
691 rfcomm_dlc_destroy(dlc);
692 }
693
694 LOG_DBG("dlc %p exiting", dlc);
695 }
696
rfcomm_send_ua(struct bt_rfcomm_session * session,uint8_t dlci)697 static int rfcomm_send_ua(struct bt_rfcomm_session *session, uint8_t dlci)
698 {
699 struct bt_rfcomm_hdr *hdr;
700 struct net_buf *buf;
701 uint8_t cr, fcs;
702
703 buf = bt_l2cap_create_pdu(NULL, 0);
704
705 hdr = net_buf_add(buf, sizeof(*hdr));
706 cr = BT_RFCOMM_RESP_CR(session->role);
707 hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
708 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_UA, BT_RFCOMM_PF_NON_UIH);
709 hdr->length = BT_RFCOMM_SET_LEN_8(0);
710
711 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
712 net_buf_add_u8(buf, fcs);
713
714 return rfcomm_send(session, buf);
715 }
716
rfcomm_send_msc(struct bt_rfcomm_dlc * dlc,uint8_t cr,uint8_t v24_signal)717 static int rfcomm_send_msc(struct bt_rfcomm_dlc *dlc, uint8_t cr,
718 uint8_t v24_signal)
719 {
720 struct bt_rfcomm_msc *msc;
721 struct net_buf *buf;
722 uint8_t fcs;
723
724 buf = rfcomm_make_uih_msg(dlc->session, cr, BT_RFCOMM_MSC,
725 sizeof(*msc));
726
727 msc = net_buf_add(buf, sizeof(*msc));
728 /* cr bit should be always 1 in MSC */
729 msc->dlci = BT_RFCOMM_SET_ADDR(dlc->dlci, 1);
730 msc->v24_signal = v24_signal;
731
732 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
733 net_buf_add_u8(buf, fcs);
734
735 return rfcomm_send(dlc->session, buf);
736 }
737
rfcomm_send_rls(struct bt_rfcomm_dlc * dlc,uint8_t cr,uint8_t line_status)738 static int rfcomm_send_rls(struct bt_rfcomm_dlc *dlc, uint8_t cr,
739 uint8_t line_status)
740 {
741 struct bt_rfcomm_rls *rls;
742 struct net_buf *buf;
743 uint8_t fcs;
744
745 buf = rfcomm_make_uih_msg(dlc->session, cr, BT_RFCOMM_RLS,
746 sizeof(*rls));
747
748 rls = net_buf_add(buf, sizeof(*rls));
749 /* cr bit should be always 1 in RLS */
750 rls->dlci = BT_RFCOMM_SET_ADDR(dlc->dlci, 1);
751 rls->line_status = line_status;
752
753 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
754 net_buf_add_u8(buf, fcs);
755
756 return rfcomm_send(dlc->session, buf);
757 }
758
rfcomm_send_rpn(struct bt_rfcomm_session * session,uint8_t cr,struct bt_rfcomm_rpn * rpn)759 static int rfcomm_send_rpn(struct bt_rfcomm_session *session, uint8_t cr,
760 struct bt_rfcomm_rpn *rpn)
761 {
762 struct net_buf *buf;
763 uint8_t fcs;
764
765 buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_RPN, sizeof(*rpn));
766
767 net_buf_add_mem(buf, rpn, sizeof(*rpn));
768
769 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
770 net_buf_add_u8(buf, fcs);
771
772 return rfcomm_send(session, buf);
773 }
774
bt_rfcomm_send_rpn_cmd(struct bt_rfcomm_dlc * dlc,struct bt_rfcomm_rpn * rpn)775 int bt_rfcomm_send_rpn_cmd(struct bt_rfcomm_dlc *dlc, struct bt_rfcomm_rpn *rpn)
776 {
777 struct bt_rfcomm_session *session;
778
779 if (!dlc || !rpn) {
780 return -EINVAL;
781 }
782
783 /* Validate baud rate */
784 if (rpn->baud_rate > BT_RFCOMM_RPN_BAUD_RATE_230400) {
785 LOG_ERR("Invalid baud rate: %u", rpn->baud_rate);
786 return -EINVAL;
787 }
788
789 session = dlc->session;
790 if (!session) {
791 return -ENOTCONN;
792 }
793
794 if (dlc->state != BT_RFCOMM_STATE_CONNECTED) {
795 return -ENOTCONN;
796 }
797
798 LOG_DBG("dlc %p", dlc);
799
800 /* Set DLCI in the RPN command */
801 rpn->dlci = BT_RFCOMM_SET_ADDR(dlc->dlci, 1);
802
803 /* Send the RPN command */
804 return rfcomm_send_rpn(session, BT_RFCOMM_MSG_CMD_CR, rpn);
805 }
806
rfcomm_send_test(struct bt_rfcomm_session * session,uint8_t cr,uint8_t * pattern,uint8_t len)807 static int rfcomm_send_test(struct bt_rfcomm_session *session, uint8_t cr,
808 uint8_t *pattern, uint8_t len)
809 {
810 struct net_buf *buf;
811 uint8_t fcs;
812
813 buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_TEST, len);
814
815 net_buf_add_mem(buf, pattern, len);
816
817 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
818 net_buf_add_u8(buf, fcs);
819
820 return rfcomm_send(session, buf);
821 }
822
rfcomm_send_nsc(struct bt_rfcomm_session * session,uint8_t cmd_type)823 static int rfcomm_send_nsc(struct bt_rfcomm_session *session, uint8_t cmd_type)
824 {
825 struct net_buf *buf;
826 uint8_t fcs;
827
828 buf = rfcomm_make_uih_msg(session, BT_RFCOMM_MSG_RESP_CR,
829 BT_RFCOMM_NSC, sizeof(cmd_type));
830
831 net_buf_add_u8(buf, cmd_type);
832
833 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
834 net_buf_add_u8(buf, fcs);
835
836 return rfcomm_send(session, buf);
837 }
838
rfcomm_send_fcon(struct bt_rfcomm_session * session,uint8_t cr)839 static int rfcomm_send_fcon(struct bt_rfcomm_session *session, uint8_t cr)
840 {
841 struct net_buf *buf;
842 uint8_t fcs;
843
844 buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_FCON, 0);
845
846 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
847 net_buf_add_u8(buf, fcs);
848
849 return rfcomm_send(session, buf);
850 }
851
rfcomm_send_fcoff(struct bt_rfcomm_session * session,uint8_t cr)852 static int rfcomm_send_fcoff(struct bt_rfcomm_session *session, uint8_t cr)
853 {
854 struct net_buf *buf;
855 uint8_t fcs;
856
857 buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_FCOFF, 0);
858
859 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
860 net_buf_add_u8(buf, fcs);
861
862 return rfcomm_send(session, buf);
863 }
864
rfcomm_dlc_connected(struct bt_rfcomm_dlc * dlc)865 static void rfcomm_dlc_connected(struct bt_rfcomm_dlc *dlc)
866 {
867 dlc->state = BT_RFCOMM_STATE_CONNECTED;
868
869 rfcomm_send_msc(dlc, BT_RFCOMM_MSG_CMD_CR, BT_RFCOMM_DEFAULT_V24_SIG);
870
871 if (dlc->session->cfc == BT_RFCOMM_CFC_UNKNOWN) {
872 /* This means PN negotiation is not done for this session and
873 * can happen only for 1.0b device.
874 */
875 dlc->session->cfc = BT_RFCOMM_CFC_NOT_SUPPORTED;
876 }
877
878 if (dlc->session->cfc == BT_RFCOMM_CFC_NOT_SUPPORTED) {
879 LOG_DBG("CFC not supported %p", dlc);
880 rfcomm_send_fcon(dlc->session, BT_RFCOMM_MSG_CMD_CR);
881 /* Use tx_credits as binary sem for MSC FC */
882 k_sem_init(&dlc->tx_credits, 0, 1);
883 }
884
885 /* Cancel conn timer */
886 k_work_cancel_delayable(&dlc->rtx_work);
887
888 k_fifo_init(&dlc->tx_queue);
889 k_work_init(&dlc->tx_work, rfcomm_dlc_tx_worker);
890
891 if (dlc->ops && dlc->ops->connected) {
892 dlc->ops->connected(dlc);
893 }
894 }
895
896 enum security_result {
897 RFCOMM_SECURITY_PASSED,
898 RFCOMM_SECURITY_REJECT,
899 RFCOMM_SECURITY_PENDING
900 };
901
rfcomm_dlc_security(struct bt_rfcomm_dlc * dlc)902 static enum security_result rfcomm_dlc_security(struct bt_rfcomm_dlc *dlc)
903 {
904 struct bt_conn *conn = dlc->session->br_chan.chan.conn;
905
906 LOG_DBG("dlc %p", dlc);
907
908 /* If current security level is greater than or equal to required
909 * security level then return SUCCESS.
910 * For SSP devices the current security will be at least MEDIUM
911 * since L2CAP is enforcing it
912 */
913 if (conn->sec_level >= dlc->required_sec_level) {
914 return RFCOMM_SECURITY_PASSED;
915 }
916
917 if (!bt_conn_set_security(conn, dlc->required_sec_level)) {
918 /*
919 * General Bonding refers to the process of performing bonding
920 * during connection setup or channel establishment procedures
921 * as a precursor to accessing a service.
922 * For current case, it is dedicated bonding.
923 */
924 atomic_set_bit(conn->flags, BT_CONN_BR_GENERAL_BONDING);
925 /* If Security elevation is initiated or in progress */
926 return RFCOMM_SECURITY_PENDING;
927 }
928
929 /* Security request failed */
930 return RFCOMM_SECURITY_REJECT;
931 }
932
rfcomm_dlc_drop(struct bt_rfcomm_dlc * dlc)933 static void rfcomm_dlc_drop(struct bt_rfcomm_dlc *dlc)
934 {
935 LOG_DBG("dlc %p", dlc);
936
937 rfcomm_dlcs_remove_dlci(dlc->session->dlcs, dlc->dlci);
938 rfcomm_dlc_destroy(dlc);
939 }
940
rfcomm_dlc_close(struct bt_rfcomm_dlc * dlc)941 static int rfcomm_dlc_close(struct bt_rfcomm_dlc *dlc)
942 {
943 LOG_DBG("dlc %p", dlc);
944
945 switch (dlc->state) {
946 case BT_RFCOMM_STATE_SECURITY_PENDING:
947 if (dlc->role == BT_RFCOMM_ROLE_ACCEPTOR) {
948 rfcomm_send_dm(dlc->session, dlc->dlci);
949 }
950 __fallthrough;
951 case BT_RFCOMM_STATE_INIT:
952 rfcomm_dlc_drop(dlc);
953 break;
954 case BT_RFCOMM_STATE_CONNECTING:
955 case BT_RFCOMM_STATE_CONFIG:
956 dlc->state = BT_RFCOMM_STATE_DISCONNECTING;
957 rfcomm_send_disc(dlc->session, dlc->dlci);
958 k_work_reschedule(&dlc->rtx_work, RFCOMM_DISC_TIMEOUT);
959 break;
960 case BT_RFCOMM_STATE_CONNECTED:
961 dlc->state = BT_RFCOMM_STATE_DISCONNECTING;
962 rfcomm_dlc_tx_trigger(dlc);
963 break;
964 case BT_RFCOMM_STATE_DISCONNECTING:
965 case BT_RFCOMM_STATE_DISCONNECTED:
966 break;
967 case BT_RFCOMM_STATE_IDLE:
968 default:
969 return -EINVAL;
970 }
971
972 return 0;
973 }
974
rfcomm_handle_sabm(struct bt_rfcomm_session * session,uint8_t dlci)975 static void rfcomm_handle_sabm(struct bt_rfcomm_session *session, uint8_t dlci)
976 {
977 if (!dlci) {
978 if (rfcomm_send_ua(session, dlci) < 0) {
979 return;
980 }
981
982 session->state = BT_RFCOMM_STATE_CONNECTED;
983 } else {
984 struct bt_rfcomm_dlc *dlc;
985 enum security_result result;
986
987 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
988 if (!dlc) {
989 dlc = rfcomm_dlc_accept(session, dlci);
990 if (!dlc) {
991 rfcomm_send_dm(session, dlci);
992 return;
993 }
994 }
995
996 result = rfcomm_dlc_security(dlc);
997 switch (result) {
998 case RFCOMM_SECURITY_PENDING:
999 dlc->state = BT_RFCOMM_STATE_SECURITY_PENDING;
1000 return;
1001 case RFCOMM_SECURITY_PASSED:
1002 break;
1003 case RFCOMM_SECURITY_REJECT:
1004 default:
1005 rfcomm_send_dm(session, dlci);
1006 rfcomm_dlc_drop(dlc);
1007 return;
1008 }
1009
1010 if (rfcomm_send_ua(session, dlci) < 0) {
1011 return;
1012 }
1013
1014 /* Cancel idle timer if any */
1015 k_work_cancel_delayable(&session->rtx_work);
1016
1017 rfcomm_dlc_connected(dlc);
1018 }
1019 }
1020
rfcomm_send_pn(struct bt_rfcomm_dlc * dlc,uint8_t cr)1021 static int rfcomm_send_pn(struct bt_rfcomm_dlc *dlc, uint8_t cr)
1022 {
1023 struct bt_rfcomm_pn *pn;
1024 struct net_buf *buf;
1025 uint8_t fcs;
1026
1027 buf = rfcomm_make_uih_msg(dlc->session, cr, BT_RFCOMM_PN, sizeof(*pn));
1028
1029 LOG_DBG("mtu %x", dlc->mtu);
1030
1031 pn = net_buf_add(buf, sizeof(*pn));
1032 pn->dlci = dlc->dlci;
1033 pn->mtu = sys_cpu_to_le16(dlc->mtu);
1034 if (dlc->state == BT_RFCOMM_STATE_CONFIG &&
1035 (dlc->session->cfc == BT_RFCOMM_CFC_UNKNOWN ||
1036 dlc->session->cfc == BT_RFCOMM_CFC_SUPPORTED)) {
1037 pn->credits = dlc->rx_credit;
1038 if (cr) {
1039 pn->flow_ctrl = BT_RFCOMM_PN_CFC_CMD;
1040 } else {
1041 pn->flow_ctrl = BT_RFCOMM_PN_CFC_RESP;
1042 }
1043 } else {
1044 /* If PN comes in already opened dlc or cfc not supported
1045 * these should be 0
1046 */
1047 pn->credits = 0U;
1048 pn->flow_ctrl = 0U;
1049 }
1050 pn->max_retrans = 0U;
1051 pn->ack_timer = 0U;
1052 pn->priority = 0U;
1053
1054 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
1055 net_buf_add_u8(buf, fcs);
1056
1057 return rfcomm_send(dlc->session, buf);
1058 }
1059
rfcomm_send_credit(struct bt_rfcomm_dlc * dlc,uint8_t credits)1060 static int rfcomm_send_credit(struct bt_rfcomm_dlc *dlc, uint8_t credits)
1061 {
1062 struct bt_rfcomm_hdr *hdr;
1063 struct net_buf *buf;
1064 uint8_t fcs, cr;
1065
1066 LOG_DBG("Dlc %p credits %d", dlc, credits);
1067
1068 buf = bt_l2cap_create_pdu(NULL, 0);
1069
1070 hdr = net_buf_add(buf, sizeof(*hdr));
1071 cr = BT_RFCOMM_UIH_CR(dlc->session->role);
1072 hdr->address = BT_RFCOMM_SET_ADDR(dlc->dlci, cr);
1073 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_UIH,
1074 BT_RFCOMM_PF_UIH_CREDIT);
1075 hdr->length = BT_RFCOMM_SET_LEN_8(0);
1076 net_buf_add_u8(buf, credits);
1077 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
1078 net_buf_add_u8(buf, fcs);
1079
1080 return rfcomm_send(dlc->session, buf);
1081 }
1082
rfcomm_dlc_start(struct bt_rfcomm_dlc * dlc)1083 static int rfcomm_dlc_start(struct bt_rfcomm_dlc *dlc)
1084 {
1085 enum security_result result;
1086
1087 LOG_DBG("dlc %p", dlc);
1088
1089 result = rfcomm_dlc_security(dlc);
1090 switch (result) {
1091 case RFCOMM_SECURITY_PASSED:
1092 dlc->mtu = MIN(dlc->mtu, dlc->session->mtu);
1093 dlc->state = BT_RFCOMM_STATE_CONFIG;
1094 rfcomm_send_pn(dlc, BT_RFCOMM_MSG_CMD_CR);
1095 break;
1096 case RFCOMM_SECURITY_PENDING:
1097 dlc->state = BT_RFCOMM_STATE_SECURITY_PENDING;
1098 break;
1099 case RFCOMM_SECURITY_REJECT:
1100 default:
1101 return -EIO;
1102 }
1103
1104 return 0;
1105 }
1106
rfcomm_handle_ua(struct bt_rfcomm_session * session,uint8_t dlci)1107 static void rfcomm_handle_ua(struct bt_rfcomm_session *session, uint8_t dlci)
1108 {
1109 struct bt_rfcomm_dlc *dlc, *next;
1110 int err;
1111
1112 if (!dlci) {
1113 switch (session->state) {
1114 case BT_RFCOMM_STATE_CONNECTING:
1115 session->state = BT_RFCOMM_STATE_CONNECTED;
1116 for (dlc = session->dlcs; dlc; dlc = next) {
1117 next = dlc->_next;
1118 if (dlc->role == BT_RFCOMM_ROLE_INITIATOR &&
1119 dlc->state == BT_RFCOMM_STATE_INIT) {
1120 if (rfcomm_dlc_start(dlc) < 0) {
1121 rfcomm_dlc_drop(dlc);
1122 }
1123 }
1124 }
1125 /* Disconnect session if there is no dlcs left */
1126 rfcomm_session_disconnect(session);
1127 break;
1128 case BT_RFCOMM_STATE_DISCONNECTING:
1129 session->state = BT_RFCOMM_STATE_DISCONNECTED;
1130 /* Cancel disc timer */
1131 k_work_cancel_delayable(&session->rtx_work);
1132 err = bt_l2cap_chan_disconnect(&session->br_chan.chan);
1133 if (err < 0) {
1134 session->state = BT_RFCOMM_STATE_IDLE;
1135 }
1136 break;
1137 default:
1138 break;
1139 }
1140 } else {
1141 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
1142 if (!dlc) {
1143 return;
1144 }
1145
1146 switch (dlc->state) {
1147 case BT_RFCOMM_STATE_CONNECTING:
1148 rfcomm_dlc_connected(dlc);
1149 break;
1150 case BT_RFCOMM_STATE_DISCONNECTING:
1151 rfcomm_dlc_drop(dlc);
1152 rfcomm_session_disconnect(session);
1153 break;
1154 default:
1155 break;
1156 }
1157 }
1158 }
1159
rfcomm_handle_dm(struct bt_rfcomm_session * session,uint8_t dlci)1160 static void rfcomm_handle_dm(struct bt_rfcomm_session *session, uint8_t dlci)
1161 {
1162 struct bt_rfcomm_dlc *dlc;
1163
1164 LOG_DBG("dlci %d", dlci);
1165
1166 dlc = rfcomm_dlcs_remove_dlci(session->dlcs, dlci);
1167 if (!dlc) {
1168 return;
1169 }
1170
1171 rfcomm_dlc_disconnect(dlc);
1172 rfcomm_session_disconnect(session);
1173 }
1174
rfcomm_handle_msc(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t cr)1175 static void rfcomm_handle_msc(struct bt_rfcomm_session *session,
1176 struct net_buf *buf, uint8_t cr)
1177 {
1178 struct bt_rfcomm_msc *msc = (void *)buf->data;
1179 struct bt_rfcomm_dlc *dlc;
1180 uint8_t dlci = BT_RFCOMM_GET_DLCI(msc->dlci);
1181
1182 LOG_DBG("dlci %d", dlci);
1183
1184 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
1185 if (!dlc) {
1186 return;
1187 }
1188
1189 if (cr == BT_RFCOMM_MSG_RESP_CR) {
1190 return;
1191 }
1192
1193 if (dlc->session->cfc == BT_RFCOMM_CFC_NOT_SUPPORTED) {
1194 /* Only FC bit affects the flow on RFCOMM level */
1195 if (BT_RFCOMM_GET_FC(msc->v24_signal)) {
1196 /* If FC bit is 1 the device is unable to accept frames.
1197 * Take the semaphore with timeout K_NO_WAIT so that
1198 * dlc thread will be blocked when it tries sem_take
1199 * before sending the data. K_NO_WAIT timeout will make
1200 * sure that RX thread will not be blocked while taking
1201 * the semaphore.
1202 */
1203 k_sem_take(&dlc->tx_credits, K_NO_WAIT);
1204 } else {
1205 /* Give the sem so that it will unblock the waiting dlc
1206 * thread in sem_take().
1207 */
1208 k_sem_give(&dlc->tx_credits);
1209 rfcomm_dlc_tx_trigger(dlc);
1210 }
1211 }
1212
1213 rfcomm_send_msc(dlc, BT_RFCOMM_MSG_RESP_CR, msc->v24_signal);
1214 }
1215
rfcomm_handle_rls(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t cr)1216 static void rfcomm_handle_rls(struct bt_rfcomm_session *session,
1217 struct net_buf *buf, uint8_t cr)
1218 {
1219 struct bt_rfcomm_rls *rls = (void *)buf->data;
1220 uint8_t dlci = BT_RFCOMM_GET_DLCI(rls->dlci);
1221 struct bt_rfcomm_dlc *dlc;
1222
1223 LOG_DBG("dlci %d", dlci);
1224
1225 if (!cr) {
1226 /* Ignore if its a response */
1227 return;
1228 }
1229
1230 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
1231 if (!dlc) {
1232 return;
1233 }
1234
1235 /* As per the ETSI same line status has to returned in the response */
1236 rfcomm_send_rls(dlc, BT_RFCOMM_MSG_RESP_CR, rls->line_status);
1237 }
1238
rfcomm_handle_rpn(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t cr)1239 static void rfcomm_handle_rpn(struct bt_rfcomm_session *session,
1240 struct net_buf *buf, uint8_t cr)
1241 {
1242 struct bt_rfcomm_rpn default_rpn, *rpn = (void *)buf->data;
1243 uint8_t dlci = BT_RFCOMM_GET_DLCI(rpn->dlci);
1244 uint8_t data_bits, stop_bits, parity_bits;
1245 /* Exclude fcs to get number of value bytes */
1246 uint8_t value_len = buf->len - 1;
1247
1248 LOG_DBG("dlci %d", dlci);
1249
1250 if (!cr) {
1251 /* Ignore if its a response */
1252 return;
1253 }
1254
1255 if (value_len == sizeof(*rpn)) {
1256 /* Accept all the values proposed by the sender */
1257 rpn->param_mask = sys_cpu_to_le16(BT_RFCOMM_RPN_PARAM_MASK_ALL);
1258 rfcomm_send_rpn(session, BT_RFCOMM_MSG_RESP_CR, rpn);
1259 return;
1260 }
1261
1262 if (value_len != 1U) {
1263 return;
1264 }
1265
1266 /* If only one value byte then current port settings has to be returned
1267 * We will send default values
1268 */
1269 default_rpn.dlci = BT_RFCOMM_SET_ADDR(dlci, 1);
1270 default_rpn.baud_rate = BT_RFCOMM_RPN_BAUD_RATE_9600;
1271 default_rpn.flow_control = BT_RFCOMM_RPN_FLOW_NONE;
1272 default_rpn.xoff_char = BT_RFCOMM_RPN_XOFF_CHAR;
1273 default_rpn.xon_char = BT_RFCOMM_RPN_XON_CHAR;
1274 data_bits = BT_RFCOMM_RPN_DATA_BITS_8;
1275 stop_bits = BT_RFCOMM_RPN_STOP_BITS_1;
1276 parity_bits = BT_RFCOMM_RPN_PARITY_NONE;
1277 default_rpn.line_settings = BT_RFCOMM_SET_LINE_SETTINGS(data_bits,
1278 stop_bits,
1279 parity_bits);
1280 default_rpn.param_mask = sys_cpu_to_le16(BT_RFCOMM_RPN_PARAM_MASK_ALL);
1281
1282 rfcomm_send_rpn(session, BT_RFCOMM_MSG_RESP_CR, &default_rpn);
1283 }
1284
rfcomm_handle_pn(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t cr)1285 static void rfcomm_handle_pn(struct bt_rfcomm_session *session,
1286 struct net_buf *buf, uint8_t cr)
1287 {
1288 struct bt_rfcomm_pn *pn = (void *)buf->data;
1289 struct bt_rfcomm_dlc *dlc;
1290
1291 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, pn->dlci);
1292 if (!dlc) {
1293 /* Ignore if it is a response */
1294 if (!cr) {
1295 return;
1296 }
1297
1298 if (!BT_RFCOMM_CHECK_MTU(pn->mtu)) {
1299 LOG_ERR("Invalid mtu %d", pn->mtu);
1300 rfcomm_send_dm(session, pn->dlci);
1301 return;
1302 }
1303
1304 dlc = rfcomm_dlc_accept(session, pn->dlci);
1305 if (!dlc) {
1306 rfcomm_send_dm(session, pn->dlci);
1307 return;
1308 }
1309
1310 LOG_DBG("Incoming connection accepted dlc %p", dlc);
1311
1312 dlc->mtu = MIN(dlc->mtu, sys_le16_to_cpu(pn->mtu));
1313
1314 if (pn->flow_ctrl == BT_RFCOMM_PN_CFC_CMD) {
1315 if (session->cfc == BT_RFCOMM_CFC_UNKNOWN) {
1316 session->cfc = BT_RFCOMM_CFC_SUPPORTED;
1317 }
1318 k_sem_init(&dlc->tx_credits, 0, K_SEM_MAX_LIMIT);
1319 rfcomm_dlc_tx_give_credits(dlc, pn->credits);
1320 } else {
1321 session->cfc = BT_RFCOMM_CFC_NOT_SUPPORTED;
1322 }
1323
1324 dlc->state = BT_RFCOMM_STATE_CONFIG;
1325 rfcomm_send_pn(dlc, BT_RFCOMM_MSG_RESP_CR);
1326 /* Cancel idle timer if any */
1327 k_work_cancel_delayable(&session->rtx_work);
1328 } else {
1329 /* If its a command */
1330 if (cr) {
1331 if (!BT_RFCOMM_CHECK_MTU(pn->mtu)) {
1332 LOG_ERR("Invalid mtu %d", pn->mtu);
1333 rfcomm_dlc_close(dlc);
1334 return;
1335 }
1336 dlc->mtu = MIN(dlc->mtu, sys_le16_to_cpu(pn->mtu));
1337 rfcomm_send_pn(dlc, BT_RFCOMM_MSG_RESP_CR);
1338 } else {
1339 if (dlc->state != BT_RFCOMM_STATE_CONFIG) {
1340 return;
1341 }
1342
1343 dlc->mtu = MIN(dlc->mtu, sys_le16_to_cpu(pn->mtu));
1344 if (pn->flow_ctrl == BT_RFCOMM_PN_CFC_RESP) {
1345 if (session->cfc == BT_RFCOMM_CFC_UNKNOWN) {
1346 session->cfc = BT_RFCOMM_CFC_SUPPORTED;
1347 }
1348 k_sem_init(&dlc->tx_credits, 0, K_SEM_MAX_LIMIT);
1349 rfcomm_dlc_tx_give_credits(dlc, pn->credits);
1350 } else {
1351 session->cfc = BT_RFCOMM_CFC_NOT_SUPPORTED;
1352 }
1353
1354 dlc->state = BT_RFCOMM_STATE_CONNECTING;
1355 rfcomm_send_sabm(session, dlc->dlci);
1356 }
1357 }
1358 }
1359
rfcomm_handle_disc(struct bt_rfcomm_session * session,uint8_t dlci)1360 static void rfcomm_handle_disc(struct bt_rfcomm_session *session, uint8_t dlci)
1361 {
1362 struct bt_rfcomm_dlc *dlc;
1363
1364 LOG_DBG("Dlci %d", dlci);
1365
1366 if (dlci) {
1367 dlc = rfcomm_dlcs_remove_dlci(session->dlcs, dlci);
1368 if (!dlc) {
1369 rfcomm_send_dm(session, dlci);
1370 return;
1371 }
1372
1373 rfcomm_send_ua(session, dlci);
1374 rfcomm_dlc_disconnect(dlc);
1375
1376 if (!session->dlcs) {
1377 /* Start a session idle timer */
1378 k_work_reschedule(&dlc->session->rtx_work,
1379 RFCOMM_IDLE_TIMEOUT);
1380 }
1381 } else {
1382 /* Cancel idle timer */
1383 k_work_cancel_delayable(&session->rtx_work);
1384 rfcomm_send_ua(session, 0);
1385 rfcomm_session_disconnected(session);
1386 }
1387 }
1388
rfcomm_handle_msg(struct bt_rfcomm_session * session,struct net_buf * buf)1389 static void rfcomm_handle_msg(struct bt_rfcomm_session *session,
1390 struct net_buf *buf)
1391 {
1392 struct bt_rfcomm_msg_hdr *hdr;
1393 uint8_t msg_type, len, cr;
1394
1395 if (buf->len < sizeof(*hdr)) {
1396 LOG_ERR("Too small RFCOMM message");
1397 return;
1398 }
1399
1400 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
1401 msg_type = BT_RFCOMM_GET_MSG_TYPE(hdr->type);
1402 cr = BT_RFCOMM_GET_MSG_CR(hdr->type);
1403 len = BT_RFCOMM_GET_LEN(hdr->len);
1404
1405 LOG_DBG("msg type %x cr %x", msg_type, cr);
1406
1407 switch (msg_type) {
1408 case BT_RFCOMM_PN:
1409 rfcomm_handle_pn(session, buf, cr);
1410 break;
1411 case BT_RFCOMM_MSC:
1412 rfcomm_handle_msc(session, buf, cr);
1413 break;
1414 case BT_RFCOMM_RLS:
1415 rfcomm_handle_rls(session, buf, cr);
1416 break;
1417 case BT_RFCOMM_RPN:
1418 rfcomm_handle_rpn(session, buf, cr);
1419 break;
1420 case BT_RFCOMM_TEST:
1421 if (!cr) {
1422 break;
1423 }
1424 rfcomm_send_test(session, BT_RFCOMM_MSG_RESP_CR, buf->data,
1425 buf->len - 1);
1426 break;
1427 case BT_RFCOMM_FCON:
1428 if (session->cfc == BT_RFCOMM_CFC_SUPPORTED) {
1429 LOG_ERR("FCON received when CFC is supported ");
1430 return;
1431 }
1432
1433 if (!cr) {
1434 break;
1435 }
1436
1437 /* Give the sem so that it will unblock the waiting dlc threads
1438 * of this session in sem_take().
1439 */
1440 k_sem_give(&session->fc);
1441 rfcomm_send_fcon(session, BT_RFCOMM_MSG_RESP_CR);
1442 rfcomm_dlcs_tx_trigger(session->dlcs);
1443 break;
1444 case BT_RFCOMM_FCOFF:
1445 if (session->cfc == BT_RFCOMM_CFC_SUPPORTED) {
1446 LOG_ERR("FCOFF received when CFC is supported ");
1447 return;
1448 }
1449
1450 if (!cr) {
1451 break;
1452 }
1453
1454 /* Take the semaphore with timeout K_NO_WAIT so that all the
1455 * dlc threads in this session will be blocked when it tries
1456 * sem_take before sending the data. K_NO_WAIT timeout will
1457 * make sure that RX thread will not be blocked while taking
1458 * the semaphore.
1459 */
1460 k_sem_take(&session->fc, K_NO_WAIT);
1461 rfcomm_send_fcoff(session, BT_RFCOMM_MSG_RESP_CR);
1462 break;
1463 default:
1464 LOG_WRN("Unknown/Unsupported RFCOMM Msg type 0x%02x", msg_type);
1465 rfcomm_send_nsc(session, hdr->type);
1466 break;
1467 }
1468 }
1469
rfcomm_dlc_update_credits(struct bt_rfcomm_dlc * dlc)1470 static void rfcomm_dlc_update_credits(struct bt_rfcomm_dlc *dlc)
1471 {
1472 uint8_t credits;
1473
1474 if (dlc->session->cfc == BT_RFCOMM_CFC_NOT_SUPPORTED) {
1475 return;
1476 }
1477
1478 LOG_DBG("dlc %p credits %u", dlc, dlc->rx_credit);
1479
1480 /* Only give more credits if it went below the defined threshold */
1481 if (dlc->rx_credit > RFCOMM_CREDITS_THRESHOLD) {
1482 return;
1483 }
1484
1485 /* Restore credits */
1486 credits = RFCOMM_MAX_CREDITS - dlc->rx_credit;
1487 dlc->rx_credit += credits;
1488
1489 rfcomm_send_credit(dlc, credits);
1490 }
1491
rfcomm_handle_data(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t dlci,uint8_t pf)1492 static void rfcomm_handle_data(struct bt_rfcomm_session *session,
1493 struct net_buf *buf, uint8_t dlci, uint8_t pf)
1494
1495 {
1496 struct bt_rfcomm_dlc *dlc;
1497
1498 LOG_DBG("dlci %d, pf %d", dlci, pf);
1499
1500 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
1501 if (!dlc) {
1502 LOG_ERR("Data recvd in non existing DLC");
1503 rfcomm_send_dm(session, dlci);
1504 return;
1505 }
1506
1507 LOG_DBG("dlc %p rx credit %d", dlc, dlc->rx_credit);
1508
1509 if (dlc->state != BT_RFCOMM_STATE_CONNECTED) {
1510 return;
1511 }
1512
1513 if (pf == BT_RFCOMM_PF_UIH_CREDIT) {
1514 if (buf->len == 0) {
1515 LOG_WRN("Data recvd is invalid");
1516 return;
1517 }
1518 rfcomm_dlc_tx_give_credits(dlc, net_buf_pull_u8(buf));
1519 }
1520
1521 if (buf->len > BT_RFCOMM_FCS_SIZE) {
1522 if (dlc->session->cfc == BT_RFCOMM_CFC_SUPPORTED &&
1523 !dlc->rx_credit) {
1524 LOG_ERR("Data recvd when rx credit is 0");
1525 rfcomm_dlc_close(dlc);
1526 return;
1527 }
1528
1529 /* Remove FCS */
1530 buf->len -= BT_RFCOMM_FCS_SIZE;
1531 if (dlc->ops && dlc->ops->recv) {
1532 dlc->ops->recv(dlc, buf);
1533 }
1534
1535 dlc->rx_credit--;
1536 rfcomm_dlc_update_credits(dlc);
1537 }
1538 }
1539
bt_rfcomm_dlc_send(struct bt_rfcomm_dlc * dlc,struct net_buf * buf)1540 int bt_rfcomm_dlc_send(struct bt_rfcomm_dlc *dlc, struct net_buf *buf)
1541 {
1542 uint8_t fcs, cr;
1543
1544 if (!buf) {
1545 return -EINVAL;
1546 }
1547
1548 LOG_DBG("dlc %p tx credit %d", dlc, k_sem_count_get(&dlc->tx_credits));
1549
1550 if (dlc->state != BT_RFCOMM_STATE_CONNECTED) {
1551 return -ENOTCONN;
1552 }
1553
1554 if (buf->len > dlc->mtu) {
1555 return -EMSGSIZE;
1556 }
1557
1558 /* length */
1559 if (buf->len > BT_RFCOMM_MAX_LEN_8) {
1560 /* Length is 2 byte */
1561 net_buf_push_le16(buf, BT_RFCOMM_SET_LEN_16(buf->len));
1562 } else {
1563 net_buf_push_u8(buf, BT_RFCOMM_SET_LEN_8(buf->len));
1564 }
1565
1566 /* control */
1567 net_buf_push_u8(buf, BT_RFCOMM_SET_CTRL(BT_RFCOMM_UIH,
1568 BT_RFCOMM_PF_UIH_NO_CREDIT));
1569 /* address */
1570 cr = BT_RFCOMM_UIH_CR(dlc->session->role);
1571 net_buf_push_u8(buf, BT_RFCOMM_SET_ADDR(dlc->dlci, cr));
1572
1573 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
1574 net_buf_add_u8(buf, fcs);
1575
1576 k_fifo_put(&dlc->tx_queue, buf);
1577 rfcomm_dlc_tx_trigger(dlc);
1578
1579 return buf->len;
1580 }
1581
rfcomm_recv(struct bt_l2cap_chan * chan,struct net_buf * buf)1582 static int rfcomm_recv(struct bt_l2cap_chan *chan, struct net_buf *buf)
1583 {
1584 struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
1585 struct bt_rfcomm_hdr *hdr = (void *)buf->data;
1586 struct bt_rfcomm_hdr_ext *hdr_ext = (void *)buf->data;
1587 uint8_t dlci, frame_type, fcs, fcs_len;
1588 uint16_t msg_len;
1589 uint16_t hdr_len;
1590
1591 /* Need to consider FCS also*/
1592 if (buf->len < (sizeof(*hdr) + sizeof(fcs))) {
1593 LOG_ERR("Too small RFCOMM Frame");
1594 return 0;
1595 }
1596
1597 dlci = BT_RFCOMM_GET_DLCI(hdr->address);
1598 frame_type = BT_RFCOMM_GET_FRAME_TYPE(hdr->control);
1599
1600 LOG_DBG("session %p dlci %x type %x", session, dlci, frame_type);
1601
1602 if (BT_RFCOMM_LEN_EXTENDED(hdr->length)) {
1603 msg_len = BT_RFCOMM_GET_LEN_EXTENDED(hdr_ext->hdr.length, hdr_ext->second_length);
1604 hdr_len = sizeof(*hdr_ext);
1605 } else {
1606 msg_len = BT_RFCOMM_GET_LEN(hdr->length);
1607 hdr_len = sizeof(*hdr);
1608 }
1609
1610 if (buf->len < (hdr_len + msg_len + sizeof(fcs))) {
1611 LOG_ERR("Too small RFCOMM information (%u < %zu)", buf->len,
1612 hdr_len + msg_len + sizeof(fcs));
1613 return 0;
1614 }
1615
1616 fcs_len = (frame_type == BT_RFCOMM_UIH) ? BT_RFCOMM_FCS_LEN_UIH : hdr_len;
1617 fcs = *(net_buf_tail(buf) - sizeof(fcs));
1618 if (!rfcomm_check_fcs(fcs_len, buf->data, fcs)) {
1619 LOG_ERR("FCS check failed");
1620 return 0;
1621 }
1622
1623 net_buf_pull(buf, hdr_len);
1624
1625 switch (frame_type) {
1626 case BT_RFCOMM_SABM:
1627 rfcomm_handle_sabm(session, dlci);
1628 break;
1629 case BT_RFCOMM_UIH:
1630 if (!dlci) {
1631 rfcomm_handle_msg(session, buf);
1632 } else {
1633 rfcomm_handle_data(session, buf, dlci, BT_RFCOMM_GET_PF(hdr->control));
1634 }
1635 break;
1636 case BT_RFCOMM_DISC:
1637 rfcomm_handle_disc(session, dlci);
1638 break;
1639 case BT_RFCOMM_UA:
1640 rfcomm_handle_ua(session, dlci);
1641 break;
1642 case BT_RFCOMM_DM:
1643 rfcomm_handle_dm(session, dlci);
1644 break;
1645 default:
1646 LOG_WRN("Unknown/Unsupported RFCOMM Frame type 0x%02x", frame_type);
1647 break;
1648 }
1649
1650 return 0;
1651 }
1652
rfcomm_encrypt_change(struct bt_l2cap_chan * chan,uint8_t hci_status)1653 static void rfcomm_encrypt_change(struct bt_l2cap_chan *chan,
1654 uint8_t hci_status)
1655 {
1656 struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
1657 struct bt_conn *conn = chan->conn;
1658 struct bt_rfcomm_dlc *dlc, *next;
1659
1660 LOG_DBG("session %p status 0x%02x encr 0x%02x", session, hci_status, conn->encrypt);
1661
1662 for (dlc = session->dlcs; dlc; dlc = next) {
1663 next = dlc->_next;
1664
1665 if (dlc->state != BT_RFCOMM_STATE_SECURITY_PENDING) {
1666 continue;
1667 }
1668
1669 if (hci_status || !conn->encrypt ||
1670 conn->sec_level < dlc->required_sec_level) {
1671 rfcomm_dlc_close(dlc);
1672 continue;
1673 }
1674
1675 if (dlc->role == BT_RFCOMM_ROLE_ACCEPTOR) {
1676 rfcomm_send_ua(session, dlc->dlci);
1677 rfcomm_dlc_connected(dlc);
1678 } else {
1679 dlc->mtu = MIN(dlc->mtu, session->mtu);
1680 dlc->state = BT_RFCOMM_STATE_CONFIG;
1681 rfcomm_send_pn(dlc, BT_RFCOMM_MSG_CMD_CR);
1682 }
1683 }
1684 }
1685
rfcomm_session_rtx_timeout(struct k_work * work)1686 static void rfcomm_session_rtx_timeout(struct k_work *work)
1687 {
1688 struct bt_rfcomm_session *session = SESSION_RTX(work);
1689
1690 LOG_WRN("session %p state %d timeout", session, session->state);
1691
1692 switch (session->state) {
1693 case BT_RFCOMM_STATE_CONNECTED:
1694 rfcomm_session_disconnect(session);
1695 break;
1696 case BT_RFCOMM_STATE_DISCONNECTING:
1697 session->state = BT_RFCOMM_STATE_DISCONNECTED;
1698 if (bt_l2cap_chan_disconnect(&session->br_chan.chan) < 0) {
1699 session->state = BT_RFCOMM_STATE_IDLE;
1700 }
1701 break;
1702 }
1703 }
1704
rfcomm_session_new(bt_rfcomm_role_t role)1705 static struct bt_rfcomm_session *rfcomm_session_new(bt_rfcomm_role_t role)
1706 {
1707 int i;
1708 static const struct bt_l2cap_chan_ops ops = {
1709 .connected = rfcomm_connected,
1710 .disconnected = rfcomm_disconnected,
1711 .recv = rfcomm_recv,
1712 .encrypt_change = rfcomm_encrypt_change,
1713 };
1714
1715 for (i = 0; i < ARRAY_SIZE(bt_rfcomm_pool); i++) {
1716 struct bt_rfcomm_session *session = &bt_rfcomm_pool[i];
1717
1718 if (session->br_chan.chan.conn) {
1719 continue;
1720 }
1721
1722 LOG_DBG("session %p initialized", session);
1723
1724 session->br_chan.chan.ops = &ops;
1725 session->br_chan.rx.mtu = CONFIG_BT_RFCOMM_L2CAP_MTU;
1726 session->state = BT_RFCOMM_STATE_INIT;
1727 session->role = role;
1728 session->cfc = BT_RFCOMM_CFC_UNKNOWN;
1729 k_work_init_delayable(&session->rtx_work,
1730 rfcomm_session_rtx_timeout);
1731 k_sem_init(&session->fc, 0, 1);
1732
1733 return session;
1734 }
1735
1736 return NULL;
1737 }
1738
bt_rfcomm_dlc_connect(struct bt_conn * conn,struct bt_rfcomm_dlc * dlc,uint8_t channel)1739 int bt_rfcomm_dlc_connect(struct bt_conn *conn, struct bt_rfcomm_dlc *dlc,
1740 uint8_t channel)
1741 {
1742 struct bt_rfcomm_session *session;
1743 struct bt_l2cap_chan *chan;
1744 uint8_t dlci;
1745 int ret;
1746
1747 LOG_DBG("conn %p dlc %p channel %d", conn, dlc, channel);
1748
1749 if (!dlc) {
1750 return -EINVAL;
1751 }
1752
1753 if (!conn || conn->state != BT_CONN_CONNECTED) {
1754 return -ENOTCONN;
1755 }
1756
1757 if (channel < RFCOMM_CHANNEL_START || channel > RFCOMM_CHANNEL_END) {
1758 return -EINVAL;
1759 }
1760
1761 if (!BT_RFCOMM_CHECK_MTU(dlc->mtu)) {
1762 return -EINVAL;
1763 }
1764
1765 session = rfcomm_sessions_lookup_bt_conn(conn);
1766 if (!session) {
1767 session = rfcomm_session_new(BT_RFCOMM_ROLE_INITIATOR);
1768 if (!session) {
1769 return -ENOMEM;
1770 }
1771 }
1772
1773 dlci = BT_RFCOMM_DLCI(session->role, channel);
1774
1775 if (rfcomm_dlcs_lookup_dlci(session->dlcs, dlci)) {
1776 return -EBUSY;
1777 }
1778
1779 rfcomm_dlc_init(dlc, session, dlci, BT_RFCOMM_ROLE_INITIATOR);
1780
1781 switch (session->state) {
1782 case BT_RFCOMM_STATE_INIT:
1783 if (session->role == BT_RFCOMM_ROLE_ACCEPTOR) {
1784 /* There is an ongoing incoming conn */
1785 break;
1786 }
1787 chan = &session->br_chan.chan;
1788 BR_CHAN(chan)->required_sec_level = dlc->required_sec_level;
1789 ret = bt_l2cap_chan_connect(conn, chan, BT_L2CAP_PSM_RFCOMM);
1790 if (ret < 0) {
1791 session->state = BT_RFCOMM_STATE_IDLE;
1792 goto fail;
1793 }
1794 session->state = BT_RFCOMM_STATE_CONNECTING;
1795 break;
1796 case BT_RFCOMM_STATE_CONNECTING:
1797 break;
1798 case BT_RFCOMM_STATE_CONNECTED:
1799 ret = rfcomm_dlc_start(dlc);
1800 if (ret < 0) {
1801 goto fail;
1802 }
1803 /* Cancel idle timer if any */
1804 k_work_cancel_delayable(&session->rtx_work);
1805 break;
1806 default:
1807 LOG_ERR("Invalid session state %d", session->state);
1808 ret = -EINVAL;
1809 goto fail;
1810 }
1811
1812 return 0;
1813
1814 fail:
1815 rfcomm_dlcs_remove_dlci(session->dlcs, dlc->dlci);
1816 dlc->state = BT_RFCOMM_STATE_IDLE;
1817 dlc->session = NULL;
1818 return ret;
1819 }
1820
bt_rfcomm_dlc_disconnect(struct bt_rfcomm_dlc * dlc)1821 int bt_rfcomm_dlc_disconnect(struct bt_rfcomm_dlc *dlc)
1822 {
1823 LOG_DBG("dlc %p", dlc);
1824
1825 if (!dlc) {
1826 return -EINVAL;
1827 }
1828
1829 if (dlc->state == BT_RFCOMM_STATE_CONNECTED) {
1830 /* This is to handle user initiated disconnect to send pending
1831 * bufs in the queue before disconnecting
1832 * Queue a dummy buffer (in case if queue is empty) to wake up
1833 * and stop the tx thread.
1834 */
1835 dlc->state = BT_RFCOMM_STATE_USER_DISCONNECT;
1836 rfcomm_dlc_tx_trigger(dlc);
1837 k_work_reschedule(&dlc->rtx_work, RFCOMM_DISC_TIMEOUT);
1838
1839 return 0;
1840 }
1841
1842 return rfcomm_dlc_close(dlc);
1843 }
1844
rfcomm_accept(struct bt_conn * conn,struct bt_l2cap_server * server,struct bt_l2cap_chan ** chan)1845 static int rfcomm_accept(struct bt_conn *conn, struct bt_l2cap_server *server,
1846 struct bt_l2cap_chan **chan)
1847 {
1848 struct bt_rfcomm_session *session;
1849
1850 LOG_DBG("conn %p", conn);
1851
1852 session = rfcomm_session_new(BT_RFCOMM_ROLE_ACCEPTOR);
1853 if (session) {
1854 *chan = &session->br_chan.chan;
1855 return 0;
1856 }
1857
1858 LOG_ERR("No available RFCOMM context for conn %p", conn);
1859
1860 return -ENOMEM;
1861 }
1862
bt_rfcomm_init(void)1863 void bt_rfcomm_init(void)
1864 {
1865 static struct bt_l2cap_server server = {
1866 .psm = BT_L2CAP_PSM_RFCOMM,
1867 .accept = rfcomm_accept,
1868 .sec_level = BT_SECURITY_L1,
1869 };
1870
1871 bt_l2cap_br_server_register(&server);
1872 }
1873