1 /******************************************************************************
2 *
3 * Copyright 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This module contains action functions of the link control state machine.
22 *
23 ******************************************************************************/
24 #include <bluetooth/log.h>
25 #include <com_android_bluetooth_flags.h>
26 #include <string.h>
27
28 #include <cstdint>
29
30 #include "avct_api.h"
31 #include "avct_int.h"
32 #include "bta/include/bta_sec_api.h"
33 #include "btif/include/btif_av.h"
34 #include "device/include/device_iot_conf_defs.h"
35 #include "device/include/device_iot_config.h"
36 #include "internal_include/bt_target.h"
37 #include "l2cap_types.h"
38 #include "osi/include/allocator.h"
39 #include "osi/include/fixed_queue.h"
40 #include "stack/avct/avct_defs.h"
41 #include "stack/include/avct_api.h"
42 #include "stack/include/bt_hdr.h"
43 #include "stack/include/bt_psm_types.h"
44 #include "stack/include/bt_types.h"
45 #include "stack/include/l2cap_interface.h"
46
47 using namespace bluetooth;
48
49 /* packet header length lookup table */
50 const uint8_t avct_lcb_pkt_type_len[] = {AVCT_HDR_LEN_SINGLE, AVCT_HDR_LEN_START, AVCT_HDR_LEN_CONT,
51 AVCT_HDR_LEN_END};
52
53 /*******************************************************************************
54 *
55 * Function avct_lcb_msg_asmbl
56 *
57 * Description Reassemble incoming message.
58 *
59 *
60 * Returns Pointer to reassembled message; NULL if no message
61 * available.
62 *
63 ******************************************************************************/
avct_lcb_msg_asmbl(tAVCT_LCB * p_lcb,BT_HDR * p_buf)64 static BT_HDR* avct_lcb_msg_asmbl(tAVCT_LCB* p_lcb, BT_HDR* p_buf) {
65 uint8_t* p;
66 uint8_t pkt_type;
67 BT_HDR* p_ret;
68
69 if (p_buf->len < 1) {
70 osi_free(p_buf);
71 p_ret = NULL;
72 return p_ret;
73 }
74
75 /* parse the message header */
76 p = (uint8_t*)(p_buf + 1) + p_buf->offset;
77 pkt_type = AVCT_PKT_TYPE(p);
78
79 /* quick sanity check on length */
80 if (p_buf->len < avct_lcb_pkt_type_len[pkt_type] ||
81 (sizeof(BT_HDR) + p_buf->offset + p_buf->len) > BT_DEFAULT_BUFFER_SIZE) {
82 osi_free(p_buf);
83 log::warn("Bad length during reassembly");
84 p_ret = NULL;
85 } else if (pkt_type == AVCT_PKT_TYPE_SINGLE) {
86 /* single packet */
87 /* if reassembly in progress drop message and process new single */
88 if (p_lcb->p_rx_msg != NULL) {
89 log::warn("Got single during reassembly");
90 }
91
92 osi_free_and_reset((void**)&p_lcb->p_rx_msg);
93
94 p_ret = p_buf;
95 } else if (pkt_type == AVCT_PKT_TYPE_START) {
96 /* start packet */
97 /* if reassembly in progress drop message and process new start */
98 if (p_lcb->p_rx_msg != NULL) {
99 log::warn("Got start during reassembly");
100 }
101
102 osi_free_and_reset((void**)&p_lcb->p_rx_msg);
103
104 /*
105 * Allocate bigger buffer for reassembly. As lower layers are
106 * not aware of possible packet size after reassembly, they
107 * would have allocated smaller buffer.
108 */
109 if (sizeof(BT_HDR) + p_buf->offset + p_buf->len > BT_DEFAULT_BUFFER_SIZE) {
110 osi_free(p_buf);
111 p_ret = NULL;
112 return p_ret;
113 }
114 p_lcb->p_rx_msg = (BT_HDR*)osi_malloc(BT_DEFAULT_BUFFER_SIZE);
115 memcpy(p_lcb->p_rx_msg, p_buf, sizeof(BT_HDR) + p_buf->offset + p_buf->len);
116
117 /* Free original buffer */
118 osi_free(p_buf);
119
120 /* update p to point to new buffer */
121 p = (uint8_t*)(p_lcb->p_rx_msg + 1) + p_lcb->p_rx_msg->offset;
122
123 /* copy first header byte over nosp */
124 *(p + 1) = *p;
125
126 /* set offset to point to where to copy next */
127 p_lcb->p_rx_msg->offset += p_lcb->p_rx_msg->len;
128
129 /* adjust length for packet header */
130 p_lcb->p_rx_msg->len -= 1;
131
132 p_ret = NULL;
133 } else {
134 /* continue or end */
135 /* if no reassembly in progress drop message */
136 if (p_lcb->p_rx_msg == NULL) {
137 osi_free(p_buf);
138 log::warn("Pkt type={} out of order", pkt_type);
139 p_ret = NULL;
140 } else {
141 /* get size of buffer holding assembled message */
142 /*
143 * NOTE: The buffer is allocated above at the beginning of the
144 * reassembly, and is always of size BT_DEFAULT_BUFFER_SIZE.
145 */
146 uint16_t buf_len = BT_DEFAULT_BUFFER_SIZE - sizeof(BT_HDR);
147
148 /* adjust offset and len of fragment for header byte */
149 p_buf->offset += AVCT_HDR_LEN_CONT;
150 p_buf->len -= AVCT_HDR_LEN_CONT;
151
152 /* verify length */
153 if ((p_lcb->p_rx_msg->offset + p_buf->len) > buf_len) {
154 /* won't fit; free everything */
155 log::warn("Fragmented message too big!");
156 osi_free_and_reset((void**)&p_lcb->p_rx_msg);
157 osi_free(p_buf);
158 p_ret = NULL;
159 } else {
160 /* copy contents of p_buf to p_rx_msg */
161 memcpy((uint8_t*)(p_lcb->p_rx_msg + 1) + p_lcb->p_rx_msg->offset,
162 (uint8_t*)(p_buf + 1) + p_buf->offset, p_buf->len);
163
164 if (pkt_type == AVCT_PKT_TYPE_END) {
165 p_lcb->p_rx_msg->offset -= p_lcb->p_rx_msg->len;
166 p_lcb->p_rx_msg->len += p_buf->len;
167 p_ret = p_lcb->p_rx_msg;
168 p_lcb->p_rx_msg = NULL;
169 } else {
170 p_lcb->p_rx_msg->offset += p_buf->len;
171 p_lcb->p_rx_msg->len += p_buf->len;
172 p_ret = NULL;
173 }
174 osi_free(p_buf);
175 }
176 }
177 }
178 return p_ret;
179 }
180
181 /*******************************************************************************
182 *
183 * Function avct_lcb_chnl_open
184 *
185 * Description Open L2CAP channel to peer
186 *
187 *
188 * Returns Nothing.
189 *
190 ******************************************************************************/
avct_lcb_chnl_open(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT *)191 void avct_lcb_chnl_open(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* /* p_data */) {
192 uint16_t result = AVCT_RESULT_FAIL;
193
194 p_lcb->ch_state = AVCT_CH_CONN;
195 p_lcb->ch_lcid = stack::l2cap::get_interface().L2CA_ConnectReqWithSecurity(
196 BT_PSM_AVCTP, p_lcb->peer_addr, BTA_SEC_AUTHENTICATE | BTA_SEC_ENCRYPT);
197 if (p_lcb->ch_lcid == 0) {
198 /* if connect req failed, send ourselves close event */
199 tAVCT_LCB_EVT avct_lcb_evt;
200 avct_lcb_evt.result = result;
201 avct_lcb_event(p_lcb, AVCT_LCB_LL_CLOSE_EVT, &avct_lcb_evt);
202 }
203 }
204
205 /*******************************************************************************
206 *
207 * Function avct_lcb_unbind_disc
208 *
209 * Description Deallocate ccb and call callback with disconnect event.
210 *
211 *
212 * Returns Nothing.
213 *
214 ******************************************************************************/
avct_lcb_unbind_disc(tAVCT_LCB *,tAVCT_LCB_EVT * p_data)215 void avct_lcb_unbind_disc(tAVCT_LCB* /* p_lcb */, tAVCT_LCB_EVT* p_data) {
216 avct_ccb_dealloc(p_data->p_ccb, AVCT_DISCONNECT_CFM_EVT, 0, NULL);
217 }
218
219 /*******************************************************************************
220 *
221 * Function avct_lcb_open_ind
222 *
223 * Description Handle an LL_OPEN event. For each allocated ccb already
224 * bound to this lcb, send a connect event. For each
225 * unbound ccb with a new PID, bind that ccb to this lcb and
226 * send a connect event.
227 *
228 *
229 * Returns Nothing.
230 *
231 ******************************************************************************/
avct_lcb_open_ind(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)232 void avct_lcb_open_ind(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
233 tAVCT_CCB* p_ccb = &avct_cb.ccb[0];
234 int i;
235 bool bind = false;
236
237 if (btif_av_src_sink_coexist_enabled()) {
238 bool is_originater = false;
239
240 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
241 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb) && p_ccb->cc.role == AVCT_ROLE_INITIATOR) {
242 log::verbose("find int handle {}", i);
243 is_originater = true;
244 }
245 }
246
247 p_ccb = &avct_cb.ccb[0];
248 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
249 /* if ccb allocated and */
250 /** M: to avoid avctp collision, make sure the collision can be checked @{
251 */
252 log::verbose("{} ccb to lcb, alloc {}, role {}, pid 0x{:04x}", i, p_ccb->allocated,
253 avct_role_text(p_ccb->cc.role), p_ccb->cc.pid);
254 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb)) {
255 /* if bound to this lcb send connect confirm event */
256 if (p_ccb->cc.role == AVCT_ROLE_INITIATOR) {
257 /** @} */
258 bind = true;
259 if (!stack::l2cap::get_interface().L2CA_SetTxPriority(p_lcb->ch_lcid,
260 L2CAP_CHNL_PRIORITY_HIGH)) {
261 log::warn("Unable to set L2CAP transmit high priority peer:{} lcid:0x{:04x}",
262 p_ccb->p_lcb->peer_addr, p_lcb->ch_lcid);
263 }
264 p_ccb->cc.p_ctrl_cback(avct_ccb_to_idx(p_ccb), AVCT_CONNECT_CFM_EVT, 0,
265 &p_lcb->peer_addr);
266 } else if ((p_ccb->cc.role == AVCT_ROLE_ACCEPTOR) &&
267 avct_lcb_has_pid(p_lcb, p_ccb->cc.pid)) {
268 /* if unbound acceptor and lcb doesn't already have a ccb for this PID */
269 /* to avoid avctp collision, make sure the collision can be checked */
270 /* bind ccb to lcb and send connect ind event */
271 if (is_originater) {
272 log::error("int exist, unbind acp handle:{}", i);
273 p_ccb->p_lcb = NULL;
274 } else {
275 bind = true;
276 p_ccb->p_lcb = p_lcb;
277 if (!stack::l2cap::get_interface().L2CA_SetTxPriority(p_lcb->ch_lcid,
278 L2CAP_CHNL_PRIORITY_HIGH)) {
279 log::warn("Unable to set L2CAP transmit high priority peer:{} lcid:0x{:04x}",
280 p_ccb->p_lcb->peer_addr, p_lcb->ch_lcid);
281 }
282 p_ccb->cc.p_ctrl_cback(avct_ccb_to_idx(p_ccb), AVCT_CONNECT_IND_EVT, 0,
283 &p_lcb->peer_addr);
284 }
285 }
286 }
287 }
288 } else {
289 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
290 /* if ccb allocated and */
291 if (p_ccb->allocated) {
292 /* if bound to this lcb send connect confirm event */
293 if (p_ccb->p_lcb == p_lcb) {
294 bind = true;
295 if (!stack::l2cap::get_interface().L2CA_SetTxPriority(p_lcb->ch_lcid,
296 L2CAP_CHNL_PRIORITY_HIGH)) {
297 log::warn("Unable to set L2CAP transmit high priority peer:{} lcid:0x{:04x}",
298 p_ccb->p_lcb->peer_addr, p_lcb->ch_lcid);
299 }
300 p_ccb->cc.p_ctrl_cback(avct_ccb_to_idx(p_ccb), AVCT_CONNECT_CFM_EVT, 0,
301 &p_lcb->peer_addr);
302 } else if ((p_ccb->p_lcb == NULL) && (p_ccb->cc.role == AVCT_ROLE_ACCEPTOR) &&
303 (avct_lcb_has_pid(p_lcb, p_ccb->cc.pid) == NULL)) {
304 /* if unbound acceptor and lcb doesn't already have a ccb for this PID */
305 /* bind ccb to lcb and send connect ind event */
306 bind = true;
307 p_ccb->p_lcb = p_lcb;
308 if (!stack::l2cap::get_interface().L2CA_SetTxPriority(p_lcb->ch_lcid,
309 L2CAP_CHNL_PRIORITY_HIGH)) {
310 log::warn("Unable to set L2CAP transmit high priority peer:{} lcid:0x{:04x}",
311 p_ccb->p_lcb->peer_addr, p_lcb->ch_lcid);
312 }
313 p_ccb->cc.p_ctrl_cback(avct_ccb_to_idx(p_ccb), AVCT_CONNECT_IND_EVT, 0,
314 &p_lcb->peer_addr);
315 }
316 }
317 }
318 }
319
320 /* if no ccbs bound to this lcb, disconnect */
321 if (!bind) {
322 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(p_lcb->peer_addr, IOT_CONF_KEY_AVRCP_CONN_FAIL_COUNT);
323 avct_lcb_event(p_lcb, AVCT_LCB_INT_CLOSE_EVT, p_data);
324 }
325 }
326
327 /*******************************************************************************
328 *
329 * Function avct_lcb_open_fail
330 *
331 * Description L2CAP channel open attempt failed. Deallocate any ccbs
332 * on this lcb and send connect confirm event with failure.
333 *
334 *
335 * Returns Nothing.
336 *
337 ******************************************************************************/
avct_lcb_open_fail(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)338 void avct_lcb_open_fail(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
339 tAVCT_CCB* p_ccb = &avct_cb.ccb[0];
340 int i;
341
342 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
343 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb)) {
344 avct_ccb_dealloc(p_ccb, AVCT_CONNECT_CFM_EVT, p_data->result, &p_lcb->peer_addr);
345 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(p_lcb->peer_addr, IOT_CONF_KEY_AVRCP_CONN_FAIL_COUNT);
346 }
347 }
348 }
349
350 /*******************************************************************************
351 *
352 * Function avct_lcb_close_ind
353 *
354 * Description L2CAP channel closed by peer. Deallocate any initiator
355 * ccbs on this lcb and send disconnect ind event.
356 *
357 *
358 * Returns Nothing.
359 *
360 ******************************************************************************/
avct_lcb_close_ind(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT *)361 void avct_lcb_close_ind(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* /* p_data */) {
362 tAVCT_CCB* p_ccb = &avct_cb.ccb[0];
363 int i;
364
365 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
366 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb)) {
367 if (p_ccb->cc.role == AVCT_ROLE_INITIATOR) {
368 avct_ccb_dealloc(p_ccb, AVCT_DISCONNECT_IND_EVT, 0, &p_lcb->peer_addr);
369 } else {
370 p_ccb->p_lcb = NULL;
371 (*p_ccb->cc.p_ctrl_cback)(avct_ccb_to_idx(p_ccb), AVCT_DISCONNECT_IND_EVT, 0,
372 &p_lcb->peer_addr);
373 }
374 }
375 }
376 }
377
378 /*******************************************************************************
379 *
380 * Function avct_lcb_close_cfm
381 *
382 * Description L2CAP channel closed by us. Deallocate any initiator
383 * ccbs on this lcb and send disconnect ind or cfm event.
384 *
385 *
386 * Returns Nothing.
387 *
388 ******************************************************************************/
avct_lcb_close_cfm(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)389 void avct_lcb_close_cfm(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
390 tAVCT_CCB* p_ccb = &avct_cb.ccb[0];
391 int i;
392 uint8_t event;
393
394 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
395 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb)) {
396 /* if this ccb initiated close send disconnect cfm otherwise ind */
397 if (p_ccb->ch_close) {
398 p_ccb->ch_close = false;
399 event = AVCT_DISCONNECT_CFM_EVT;
400 } else {
401 event = AVCT_DISCONNECT_IND_EVT;
402 }
403
404 if (p_ccb->cc.role == AVCT_ROLE_INITIATOR) {
405 avct_ccb_dealloc(p_ccb, event, p_data->result, &p_lcb->peer_addr);
406 } else {
407 p_ccb->p_lcb = NULL;
408 (*p_ccb->cc.p_ctrl_cback)(avct_ccb_to_idx(p_ccb), event, p_data->result, &p_lcb->peer_addr);
409 }
410 }
411 }
412 }
413
414 /*******************************************************************************
415 *
416 * Function avct_lcb_bind_conn
417 *
418 * Description Bind ccb to lcb and send connect cfm event.
419 *
420 *
421 * Returns Nothing.
422 *
423 ******************************************************************************/
avct_lcb_bind_conn(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)424 void avct_lcb_bind_conn(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
425 p_data->p_ccb->p_lcb = p_lcb;
426 (*p_data->p_ccb->cc.p_ctrl_cback)(avct_ccb_to_idx(p_data->p_ccb), AVCT_CONNECT_CFM_EVT, 0,
427 &p_lcb->peer_addr);
428 }
429
430 /*******************************************************************************
431 *
432 * Function avct_lcb_chk_disc
433 *
434 * Description A ccb wants to close; if it is the last ccb on this lcb,
435 * close channel. Otherwise just deallocate and call
436 * callback.
437 *
438 * Returns Nothing.
439 *
440 ******************************************************************************/
avct_lcb_chk_disc(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)441 void avct_lcb_chk_disc(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
442 avct_close_bcb(p_lcb, p_data);
443 if (avct_lcb_last_ccb(p_lcb, p_data->p_ccb)) {
444 log::info("Closing last avct channel to device");
445 p_data->p_ccb->ch_close = true;
446 avct_lcb_event(p_lcb, AVCT_LCB_INT_CLOSE_EVT, p_data);
447 } else {
448 log::info("Closing avct channel with active remaining channels");
449 avct_lcb_unbind_disc(p_lcb, p_data);
450 }
451 }
452
453 /*******************************************************************************
454 *
455 * Function avct_lcb_chnl_disc
456 *
457 * Description Disconnect L2CAP channel.
458 *
459 *
460 * Returns Nothing.
461 *
462 ******************************************************************************/
avct_lcb_chnl_disc(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT *)463 void avct_lcb_chnl_disc(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* /* p_data */) {
464 avct_l2c_disconnect(p_lcb->ch_lcid, 0);
465 }
466
467 /*******************************************************************************
468 *
469 * Function avct_lcb_bind_fail
470 *
471 * Description Deallocate ccb and call callback with connect event
472 * with failure result.
473 *
474 *
475 * Returns Nothing.
476 *
477 ******************************************************************************/
avct_lcb_bind_fail(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)478 void avct_lcb_bind_fail(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
479 avct_ccb_dealloc(p_data->p_ccb, AVCT_CONNECT_CFM_EVT, AVCT_RESULT_FAIL, NULL);
480 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(p_lcb->peer_addr, IOT_CONF_KEY_AVRCP_CONN_FAIL_COUNT);
481 }
482
483 /*******************************************************************************
484 *
485 * Function avct_lcb_cong_ind
486 *
487 * Description Handle congestion indication from L2CAP.
488 *
489 *
490 * Returns Nothing.
491 *
492 ******************************************************************************/
avct_lcb_cong_ind(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)493 void avct_lcb_cong_ind(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
494 tAVCT_CCB* p_ccb = &avct_cb.ccb[0];
495 int i;
496 uint8_t event;
497 BT_HDR* p_buf;
498
499 /* set event */
500 event = (p_data->cong) ? AVCT_CONG_IND_EVT : AVCT_UNCONG_IND_EVT;
501 p_lcb->cong = p_data->cong;
502 if (!p_lcb->cong && !fixed_queue_is_empty(p_lcb->tx_q)) {
503 while (!p_lcb->cong && (p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_lcb->tx_q)) != NULL) {
504 if (stack::l2cap::get_interface().L2CA_DataWrite(p_lcb->ch_lcid, p_buf) ==
505 tL2CAP_DW_RESULT::CONGESTED) {
506 p_lcb->cong = true;
507 }
508 }
509 }
510
511 /* send event to all ccbs on this lcb */
512 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
513 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb)) {
514 (*p_ccb->cc.p_ctrl_cback)(avct_ccb_to_idx(p_ccb), event, 0, &p_lcb->peer_addr);
515 }
516 }
517 }
518
519 /*******************************************************************************
520 *
521 * Function avct_lcb_discard_msg
522 *
523 * Description Discard a message sent in from the API.
524 *
525 *
526 * Returns Nothing.
527 *
528 ******************************************************************************/
avct_lcb_discard_msg(tAVCT_LCB *,tAVCT_LCB_EVT * p_data)529 void avct_lcb_discard_msg(tAVCT_LCB* /* p_lcb */, tAVCT_LCB_EVT* p_data) {
530 log::warn("Dropping message");
531 osi_free_and_reset((void**)&p_data->ul_msg.p_buf);
532 }
533
534 /*******************************************************************************
535 *
536 * Function avct_lcb_send_msg
537 *
538 * Description Build and send an AVCTP message.
539 *
540 *
541 * Returns Nothing.
542 *
543 ******************************************************************************/
avct_lcb_send_msg(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)544 void avct_lcb_send_msg(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
545 uint16_t curr_msg_len;
546 uint8_t pkt_type;
547 uint8_t hdr_len;
548 uint8_t* p;
549 uint8_t nosp = 0; /* number of subsequent packets */
550 uint16_t temp;
551 uint16_t buf_size = p_lcb->peer_mtu + L2CAP_MIN_OFFSET + BT_HDR_SIZE;
552
553 /* store msg len */
554 curr_msg_len = p_data->ul_msg.p_buf->len;
555
556 /* initialize packet type and other stuff */
557 if (curr_msg_len <= (p_lcb->peer_mtu - AVCT_HDR_LEN_SINGLE)) {
558 pkt_type = AVCT_PKT_TYPE_SINGLE;
559 } else {
560 pkt_type = AVCT_PKT_TYPE_START;
561 temp = (curr_msg_len + AVCT_HDR_LEN_START - p_lcb->peer_mtu);
562 nosp = temp / (p_lcb->peer_mtu - 1) + 1;
563 if ((temp % (p_lcb->peer_mtu - 1)) != 0) {
564 nosp++;
565 }
566 }
567
568 /* while we haven't sent all packets */
569 while (curr_msg_len != 0) {
570 BT_HDR* p_buf;
571
572 /* set header len */
573 hdr_len = avct_lcb_pkt_type_len[pkt_type];
574
575 /* if remaining msg must be fragmented */
576 if (p_data->ul_msg.p_buf->len > (p_lcb->peer_mtu - hdr_len)) {
577 /* get a new buffer for fragment we are sending */
578 p_buf = (BT_HDR*)osi_malloc(buf_size);
579
580 /* copy portion of data from current message to new buffer */
581 p_buf->offset = L2CAP_MIN_OFFSET + hdr_len;
582 p_buf->len = p_lcb->peer_mtu - hdr_len;
583
584 memcpy((uint8_t*)(p_buf + 1) + p_buf->offset,
585 (uint8_t*)(p_data->ul_msg.p_buf + 1) + p_data->ul_msg.p_buf->offset, p_buf->len);
586
587 p_data->ul_msg.p_buf->offset += p_buf->len;
588 p_data->ul_msg.p_buf->len -= p_buf->len;
589 } else {
590 p_buf = p_data->ul_msg.p_buf;
591 }
592
593 curr_msg_len -= p_buf->len;
594
595 /* set up to build header */
596 p_buf->len += hdr_len;
597 p_buf->offset -= hdr_len;
598 p = (uint8_t*)(p_buf + 1) + p_buf->offset;
599
600 /* build header */
601 AVCT_BUILD_HDR(p, p_data->ul_msg.label, pkt_type, p_data->ul_msg.cr);
602 if (pkt_type == AVCT_PKT_TYPE_START) {
603 UINT8_TO_STREAM(p, nosp);
604 }
605 if ((pkt_type == AVCT_PKT_TYPE_START) || (pkt_type == AVCT_PKT_TYPE_SINGLE)) {
606 UINT16_TO_BE_STREAM(p, p_data->ul_msg.p_ccb->cc.pid);
607 }
608
609 if (p_lcb->cong) {
610 fixed_queue_enqueue(p_lcb->tx_q, p_buf);
611 } else {
612 /* send message to L2CAP */
613 if (stack::l2cap::get_interface().L2CA_DataWrite(p_lcb->ch_lcid, p_buf) ==
614 tL2CAP_DW_RESULT::CONGESTED) {
615 p_lcb->cong = true;
616 }
617 }
618
619 /* update pkt type for next packet */
620 if (curr_msg_len > (p_lcb->peer_mtu - AVCT_HDR_LEN_END)) {
621 pkt_type = AVCT_PKT_TYPE_CONT;
622 } else {
623 pkt_type = AVCT_PKT_TYPE_END;
624 }
625 }
626 log::verbose("tx_q_count:{}", fixed_queue_length(p_lcb->tx_q));
627 return;
628 }
629
630 /*******************************************************************************
631 *
632 * Function avct_lcb_free_msg_ind
633 *
634 * Description Discard an incoming AVCTP message.
635 *
636 *
637 * Returns Nothing.
638 *
639 ******************************************************************************/
avct_lcb_free_msg_ind(tAVCT_LCB *,tAVCT_LCB_EVT * p_data)640 void avct_lcb_free_msg_ind(tAVCT_LCB* /* p_lcb */, tAVCT_LCB_EVT* p_data) {
641 if (p_data == NULL) {
642 return;
643 }
644
645 osi_free_and_reset((void**)&p_data->p_buf);
646 }
647
648 /*******************************************************************************
649 *
650 * Function avct_lcb_msg_ind
651 *
652 * Description Handle an incoming AVCTP message.
653 *
654 *
655 * Returns Nothing.
656 *
657 ******************************************************************************/
avct_lcb_msg_ind(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)658 void avct_lcb_msg_ind(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
659 uint8_t* p;
660 uint8_t label, type, cr_ipid;
661 uint16_t pid;
662 tAVCT_CCB* p_ccb;
663
664 /* this p_buf is to be reported through p_msg_cback. The layer_specific
665 * needs to be set properly to indicate that it is received through
666 * control channel */
667 p_data->p_buf->layer_specific = AVCT_DATA_CTRL;
668
669 /* reassemble message; if no message available (we received a fragment) return
670 */
671 p_data->p_buf = avct_lcb_msg_asmbl(p_lcb, p_data->p_buf);
672 if (p_data->p_buf == NULL) {
673 return;
674 }
675
676 p = (uint8_t*)(p_data->p_buf + 1) + p_data->p_buf->offset;
677
678 /* parse header byte */
679 AVCT_PARSE_HDR(p, label, type, cr_ipid);
680 /* parse PID */
681 BE_STREAM_TO_UINT16(pid, p);
682
683 /* check for invalid cr_ipid */
684 if (cr_ipid == AVCT_CR_IPID_INVALID) {
685 log::warn("Invalid cr_ipid {}", cr_ipid);
686 osi_free_and_reset((void**)&p_data->p_buf);
687 return;
688 }
689
690 bool bind = false;
691 if (btif_av_src_sink_coexist_enabled()) {
692 bind = avct_msg_ind_for_src_sink_coexist(p_lcb, p_data, label, cr_ipid, pid);
693 osi_free_and_reset((void**)&p_data->p_buf);
694 if (bind) {
695 return;
696 }
697 } else {
698 /* lookup PID */
699 p_ccb = avct_lcb_has_pid(p_lcb, pid);
700 if (p_ccb) {
701 /* PID found; send msg up, adjust bt hdr and call msg callback */
702 p_data->p_buf->offset += AVCT_HDR_LEN_SINGLE;
703 p_data->p_buf->len -= AVCT_HDR_LEN_SINGLE;
704 (*p_ccb->cc.p_msg_cback)(avct_ccb_to_idx(p_ccb), label, cr_ipid, p_data->p_buf);
705 return;
706 }
707 }
708
709 /* PID not found; drop message */
710 log::warn("No ccb for PID=0x{:04x}", pid);
711 osi_free_and_reset((void**)&p_data->p_buf);
712
713 /* if command send reject */
714 if (cr_ipid == AVCT_CMD) {
715 BT_HDR* p_buf = (BT_HDR*)osi_malloc(AVCT_CMD_BUF_SIZE);
716 p_buf->len = AVCT_HDR_LEN_SINGLE;
717 p_buf->offset = AVCT_MSG_OFFSET - AVCT_HDR_LEN_SINGLE;
718 p = (uint8_t*)(p_buf + 1) + p_buf->offset;
719 AVCT_BUILD_HDR(p, label, AVCT_PKT_TYPE_SINGLE, AVCT_REJ);
720 UINT16_TO_BE_STREAM(p, pid);
721
722 uint16_t len = p_buf->len;
723
724 if (stack::l2cap::get_interface().L2CA_DataWrite(p_lcb->ch_lcid, p_buf) !=
725 tL2CAP_DW_RESULT::SUCCESS) {
726 log::warn("Unable to write L2CAP data peer:{} lcid:0x{:04x} len:{}", p_lcb->peer_addr,
727 p_lcb->ch_lcid, len);
728 }
729 }
730 }
731
avct_msg_ind_for_src_sink_coexist(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data,uint8_t label,uint8_t cr_ipid,uint16_t pid)732 bool avct_msg_ind_for_src_sink_coexist(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data, uint8_t label,
733 uint8_t cr_ipid, uint16_t pid) {
734 bool bind = false;
735 tAVCT_CCB* p_ccb;
736 int p_buf_len;
737
738 p_ccb = &avct_cb.ccb[0];
739 p_data->p_buf->offset += AVCT_HDR_LEN_SINGLE;
740 p_data->p_buf->len -= AVCT_HDR_LEN_SINGLE;
741 p_buf_len = BT_HDR_SIZE + p_data->p_buf->offset + p_data->p_buf->len;
742
743 for (int i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
744 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb) && (p_ccb->cc.pid == pid)) {
745 /* PID found; send msg up, adjust bt hdr and call msg callback */
746 bind = true;
747 BT_HDR* p_tmp_buf = (BT_HDR*)osi_malloc(p_buf_len);
748 memcpy(p_tmp_buf, p_data->p_buf, p_buf_len);
749 (*p_ccb->cc.p_msg_cback)(avct_ccb_to_idx(p_ccb), label, cr_ipid, p_tmp_buf);
750 }
751 }
752
753 return bind;
754 }
755