1 /******************************************************************************
2  *
3  *  Copyright (C) 2008-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  this file contains the main ATT functions
22  *
23  ******************************************************************************/
24 
25 #include "common/bt_target.h"
26 
27 #if BLE_INCLUDED == TRUE
28 
29 #include "gatt_int.h"
30 #include "stack/l2c_api.h"
31 #include "btm_int.h"
32 #include "btm_ble_int.h"
33 #include "osi/allocator.h"
34 
35 /* Configuration flags. */
36 #define GATT_L2C_CFG_IND_DONE   (1<<0)
37 #define GATT_L2C_CFG_CFM_DONE   (1<<1)
38 
39 /* minimum GATT MTU size over BR/EDR link
40 */
41 #define GATT_MIN_BR_MTU_SIZE       48
42 
43 /********************************************************************************/
44 /*              L O C A L    F U N C T I O N     P R O T O T Y P E S            */
45 /********************************************************************************/
46 static void gatt_le_connect_cback (UINT16 chan, BD_ADDR bd_addr, BOOLEAN connected,
47                                    UINT16 reason, tBT_TRANSPORT transport);
48 static void gatt_le_data_ind (UINT16 chan, BD_ADDR bd_addr, BT_HDR *p_buf);
49 static void gatt_le_cong_cback(BD_ADDR remote_bda, BOOLEAN congest);
50 #if (CLASSIC_BT_GATT_INCLUDED == TRUE)
51 static void gatt_l2cif_connect_ind_cback (BD_ADDR  bd_addr, UINT16 l2cap_cid,
52         UINT16 psm, UINT8 l2cap_id);
53 static void gatt_l2cif_connect_cfm_cback (UINT16 l2cap_cid, UINT16 result);
54 static void gatt_l2cif_config_ind_cback (UINT16 l2cap_cid, tL2CAP_CFG_INFO *p_cfg);
55 static void gatt_l2cif_config_cfm_cback (UINT16 l2cap_cid, tL2CAP_CFG_INFO *p_cfg);
56 static void gatt_l2cif_disconnect_ind_cback (UINT16 l2cap_cid, BOOLEAN ack_needed);
57 static void gatt_l2cif_disconnect_cfm_cback (UINT16 l2cap_cid, UINT16 result);
58 static void gatt_l2cif_data_ind_cback (UINT16 l2cap_cid, BT_HDR *p_msg);
59 #endif  ///CLASSIC_BT_GATT_INCLUDED == TRUE
60 static void gatt_send_conn_cback (tGATT_TCB *p_tcb);
61 #if (CLASSIC_BT_GATT_INCLUDED == TRUE)
62 static void gatt_l2cif_congest_cback (UINT16 cid, BOOLEAN congested);
63 static const tL2CAP_APPL_INFO dyn_info = {
64     gatt_l2cif_connect_ind_cback,
65     gatt_l2cif_connect_cfm_cback,
66     NULL,
67     gatt_l2cif_config_ind_cback,
68     gatt_l2cif_config_cfm_cback,
69     gatt_l2cif_disconnect_ind_cback,
70     gatt_l2cif_disconnect_cfm_cback,
71     NULL,
72     gatt_l2cif_data_ind_cback,
73     gatt_l2cif_congest_cback,
74     NULL
75 } ;
76 #endif  ///CLASSIC_BT_GATT_INCLUDED == TRUE
77 
78 #if GATT_DYNAMIC_MEMORY == FALSE
79 tGATT_CB  gatt_cb;
80 #else
81 tGATT_CB  *gatt_cb_ptr;
82 #endif
83 
84 tGATT_DEFAULT gatt_default;
85 
86 /*******************************************************************************
87 **
88 ** Function         gatt_init
89 **
90 ** Description      This function is enable the GATT profile on the device.
91 **                  It clears out the control blocks, and registers with L2CAP.
92 **
93 ** Returns          void
94 **
95 *******************************************************************************/
gatt_init(void)96 void gatt_init (void)
97 {
98     tL2CAP_FIXED_CHNL_REG  fixed_reg;
99 
100 #if GATT_DYNAMIC_MEMORY
101     gatt_cb_ptr = (tGATT_CB *)osi_malloc(sizeof(tGATT_CB));
102 #endif /* #if GATT_DYNAMIC_MEMORY */
103     memset (&gatt_cb, 0, sizeof(tGATT_CB));
104     memset (&fixed_reg, 0, sizeof(tL2CAP_FIXED_CHNL_REG));
105 
106     gatt_cb.auto_disc = TRUE;
107     gatt_cb.p_clcb_list = list_new(osi_free_func);
108     gatt_cb.p_tcb_list  = list_new(osi_free_func);
109 #if defined(GATT_INITIAL_TRACE_LEVEL)
110     gatt_cb.trace_level = GATT_INITIAL_TRACE_LEVEL;
111 #else
112     gatt_cb.trace_level = BT_TRACE_LEVEL_NONE;    /* No traces */
113 #endif
114     gatt_cb.def_mtu_size = GATT_DEF_BLE_MTU_SIZE;
115     gatt_cb.sign_op_queue = fixed_queue_new(QUEUE_SIZE_MAX);
116     gatt_cb.srv_chg_clt_q = fixed_queue_new(QUEUE_SIZE_MAX);
117     gatt_cb.pending_new_srv_start_q = fixed_queue_new(QUEUE_SIZE_MAX);
118     gatt_cb.srv_chg_mode = GATTS_SEND_SERVICE_CHANGE_MODE;
119 
120     /* First, register fixed L2CAP channel for ATT over BLE */
121     fixed_reg.fixed_chnl_opts.mode         = L2CAP_FCR_BASIC_MODE;
122     fixed_reg.fixed_chnl_opts.max_transmit = 0xFF;
123     fixed_reg.fixed_chnl_opts.rtrans_tout  = 2000;
124     fixed_reg.fixed_chnl_opts.mon_tout     = 12000;
125     fixed_reg.fixed_chnl_opts.mps          = 670;
126     fixed_reg.fixed_chnl_opts.tx_win_sz    = 1;
127 
128     fixed_reg.pL2CA_FixedConn_Cb = gatt_le_connect_cback;
129     fixed_reg.pL2CA_FixedData_Cb = gatt_le_data_ind;
130     fixed_reg.pL2CA_FixedCong_Cb = gatt_le_cong_cback;      /* congestion callback */
131     fixed_reg.default_idle_tout  = 0xffff;                  /* 0xffff default idle timeout */
132 
133     L2CA_RegisterFixedChannel (L2CAP_ATT_CID, &fixed_reg);
134 
135 #if (CLASSIC_BT_GATT_INCLUDED == TRUE)
136     /* Now, register with L2CAP for ATT PSM over BR/EDR */
137     if (!L2CA_Register (BT_PSM_ATT, (tL2CAP_APPL_INFO *) &dyn_info)) {
138         GATT_TRACE_ERROR ("ATT Dynamic Registration failed");
139     }
140 #endif  ///CLASSIC_BT_GATT_INCLUDED == TRUE
141     BTM_SetSecurityLevel(TRUE, "", BTM_SEC_SERVICE_ATT, BTM_SEC_NONE, BT_PSM_ATT, 0, 0);
142     BTM_SetSecurityLevel(FALSE, "", BTM_SEC_SERVICE_ATT, BTM_SEC_NONE, BT_PSM_ATT, 0, 0);
143 
144     gatt_cb.hdl_cfg.gatt_start_hdl = GATT_GATT_START_HANDLE;
145     gatt_cb.hdl_cfg.gap_start_hdl  = GATT_GAP_START_HANDLE;
146     gatt_cb.hdl_cfg.app_start_hdl  = GATT_APP_START_HANDLE;
147 #if (GATTS_INCLUDED == TRUE)
148     gatt_profile_db_init();
149 #endif  ///GATTS_INCLUDED == TRUE
150     //init local MTU size
151     gatt_default.local_mtu = GATT_MAX_MTU_SIZE;
152 }
153 
154 
155 /*******************************************************************************
156 **
157 ** Function         gatt_free
158 **
159 ** Description      This function frees resources used by the GATT profile.
160 **
161 ** Returns          void
162 **
163 *******************************************************************************/
164 #if (GATT_INCLUDED == TRUE)
gatt_free(void)165 void gatt_free(void)
166 {
167     GATT_TRACE_DEBUG("gatt_free()");
168     fixed_queue_free(gatt_cb.sign_op_queue, NULL);
169     gatt_cb.sign_op_queue = NULL;
170     fixed_queue_free(gatt_cb.srv_chg_clt_q, NULL);
171     gatt_cb.srv_chg_clt_q = NULL;
172     fixed_queue_free(gatt_cb.pending_new_srv_start_q, NULL);
173     gatt_cb.pending_new_srv_start_q = NULL;
174 
175     list_node_t *p_node = NULL;
176     tGATT_TCB   *p_tcb  = NULL;
177     for(p_node = list_begin(gatt_cb.p_tcb_list); p_node; p_node = list_next(p_node)) {
178 	p_tcb = list_node(p_node);
179         fixed_queue_free(p_tcb->pending_enc_clcb, NULL);
180         p_tcb->pending_enc_clcb = NULL;
181 
182         fixed_queue_free(p_tcb->pending_ind_q, NULL);
183         p_tcb->pending_ind_q = NULL;
184 
185         btu_free_timer(&p_tcb->conf_timer_ent);
186         memset(&p_tcb->conf_timer_ent, 0, sizeof(TIMER_LIST_ENT));
187 
188         btu_free_timer(&p_tcb->ind_ack_timer_ent);
189         memset(&p_tcb->ind_ack_timer_ent, 0, sizeof(TIMER_LIST_ENT));
190 
191 #if (GATTS_INCLUDED == TRUE)
192         fixed_queue_free(p_tcb->sr_cmd.multi_rsp_q, NULL);
193         p_tcb->sr_cmd.multi_rsp_q = NULL;
194 #endif /* #if (GATTS_INCLUDED == TRUE) */
195     }
196     list_free(gatt_cb.p_tcb_list);
197     list_free(gatt_cb.p_clcb_list);
198 
199 #if (GATTS_INCLUDED == TRUE)
200     for (int i = 0; i < GATT_MAX_SR_PROFILES; i++) {
201         gatt_remove_an_item_from_list(&gatt_cb.hdl_list_info, &gatt_cb.hdl_list[i]);
202         gatt_free_attr_value_buffer(&gatt_cb.hdl_list[i]);
203         gatt_free_hdl_buffer(&gatt_cb.hdl_list[i]);
204     }
205 #endif /* #if (GATTS_INCLUDED == TRUE) */
206 #if GATT_DYNAMIC_MEMORY
207     FREE_AND_RESET(gatt_cb_ptr);
208 #endif /* #if GATT_DYNAMIC_MEMORY */
209 }
210 #endif  ///GATTS_INCLUDED == TRUE
211 
212 /*******************************************************************************
213 **
214 ** Function         gatt_connect
215 **
216 ** Description      This function is called to initiate a connection to a peer device.
217 **
218 ** Parameter        rem_bda: remote device address to connect to.
219 **                  bd_addr_type: emote device address type.
220 ** Returns          TRUE if connection is started, otherwise return FALSE.
221 **
222 *******************************************************************************/
gatt_connect(BD_ADDR rem_bda,tBLE_ADDR_TYPE bd_addr_type,tGATT_TCB * p_tcb,tBT_TRANSPORT transport,BOOLEAN is_aux)223 BOOLEAN gatt_connect (BD_ADDR rem_bda, tBLE_ADDR_TYPE bd_addr_type, tGATT_TCB *p_tcb, tBT_TRANSPORT transport, BOOLEAN is_aux)
224 {
225     BOOLEAN             gatt_ret = FALSE;
226 
227     if (gatt_get_ch_state(p_tcb) != GATT_CH_OPEN) {
228         gatt_set_ch_state(p_tcb, GATT_CH_CONN);
229     }
230 
231     if (transport == BT_TRANSPORT_LE) {
232         p_tcb->att_lcid = L2CAP_ATT_CID;
233         gatt_ret = L2CA_ConnectFixedChnl (L2CAP_ATT_CID, rem_bda, bd_addr_type, is_aux);
234 #if (CLASSIC_BT_GATT_INCLUDED == TRUE)
235     } else {
236         if ((p_tcb->att_lcid = L2CA_ConnectReq(BT_PSM_ATT, rem_bda)) != 0) {
237             gatt_ret = TRUE;
238         }
239 #endif  ///CLASSIC_BT_GATT_INCLUDED == TRUE
240 
241     }
242 
243     return gatt_ret;
244 }
245 
246 /*******************************************************************************
247 **
248 ** Function         gatt_disconnect
249 **
250 ** Description      This function is called to disconnect to an ATT device.
251 **
252 ** Parameter        p_tcb: pointer to the TCB to disconnect.
253 **
254 ** Returns          TRUE: if connection found and to be disconnected; otherwise
255 **                  return FALSE.
256 **
257 *******************************************************************************/
gatt_disconnect(tGATT_TCB * p_tcb)258 BOOLEAN gatt_disconnect (tGATT_TCB *p_tcb)
259 {
260     BOOLEAN             ret = FALSE;
261     tGATT_CH_STATE      ch_state;
262     GATT_TRACE_DEBUG ("gatt_disconnect ");
263 
264     if (p_tcb != NULL) {
265         ret = TRUE;
266         if ( (ch_state = gatt_get_ch_state(p_tcb)) != GATT_CH_CLOSING ) {
267             if (p_tcb->att_lcid == L2CAP_ATT_CID) {
268                 if (ch_state == GATT_CH_OPEN) {
269                     /* only LCB exist between remote device and local */
270                     ret = L2CA_RemoveFixedChnl (L2CAP_ATT_CID, p_tcb->peer_bda);
271                 } else {
272                     gatt_set_ch_state(p_tcb, GATT_CH_CLOSING);
273                     ret = L2CA_CancelBleConnectReq (p_tcb->peer_bda);
274                 }
275 #if (CLASSIC_BT_GATT_INCLUDED == TRUE)
276             } else {
277                 ret = L2CA_DisconnectReq(p_tcb->att_lcid);
278 #endif  ///CLASSIC_BT_GATT_INCLUDED == TRUE
279             }
280         } else {
281             GATT_TRACE_DEBUG ("gatt_disconnect already in closing state");
282         }
283     }
284 
285     return ret;
286 }
287 
288 /*******************************************************************************
289 **
290 ** Function         gatt_update_app_hold_link_status
291 **
292 ** Description      Update the application use link status
293 **
294 ** Returns          void.
295 **
296 *******************************************************************************/
gatt_update_app_hold_link_status(tGATT_IF gatt_if,tGATT_TCB * p_tcb,BOOLEAN is_add)297 void gatt_update_app_hold_link_status (tGATT_IF gatt_if, tGATT_TCB *p_tcb, BOOLEAN is_add)
298 {
299     UINT8 i;
300     BOOLEAN found = FALSE;
301 
302     if (p_tcb == NULL) {
303         GATT_TRACE_ERROR("gatt_update_app_hold_link_status p_tcb=NULL");
304         return;
305     }
306 
307 
308     for (i = 0; i < GATT_MAX_APPS; i++) {
309         if (p_tcb->app_hold_link[i] ==  gatt_if) {
310             found = TRUE;
311             if (!is_add) {
312                 p_tcb->app_hold_link[i] = 0;
313                 break;
314             }
315         }
316     }
317 
318     if (!found && is_add) {
319         for (i = 0; i < GATT_MAX_APPS; i++) {
320             if (p_tcb->app_hold_link[i] ==  0) {
321                 p_tcb->app_hold_link[i] = gatt_if;
322                 found = TRUE;
323                 break;
324             }
325         }
326     }
327 
328     GATT_TRACE_DEBUG("gatt_update_app_hold_link_status found=%d[1-found] idx=%d gatt_if=%d is_add=%d", found, i, gatt_if, is_add);
329 
330 }
331 
332 /*******************************************************************************
333 **
334 ** Function         gatt_update_app_use_link_flag
335 **
336 ** Description      Update the application use link flag and optional to check the acl link
337 **                  if the link is up then set the idle time out accordingly
338 **
339 ** Returns          void.
340 **
341 *******************************************************************************/
gatt_update_app_use_link_flag(tGATT_IF gatt_if,tGATT_TCB * p_tcb,BOOLEAN is_add,BOOLEAN check_acl_link)342 void gatt_update_app_use_link_flag (tGATT_IF gatt_if, tGATT_TCB *p_tcb, BOOLEAN is_add, BOOLEAN check_acl_link)
343 {
344     GATT_TRACE_DEBUG("gatt_update_app_use_link_flag  is_add=%d chk_link=%d",
345                      is_add, check_acl_link);
346 
347     gatt_update_app_hold_link_status(gatt_if, p_tcb, is_add);
348 
349     if (check_acl_link &&
350             p_tcb &&
351             p_tcb->att_lcid == L2CAP_ATT_CID && /* only update link idle timer for fixed channel */
352             (BTM_GetHCIConnHandle(p_tcb->peer_bda, p_tcb->transport) != GATT_INVALID_ACL_HANDLE)) {
353         if (is_add) {
354             GATT_TRACE_DEBUG("GATT disables link idle timer");
355             /* acl link is connected disable the idle timeout */
356             GATT_SetIdleTimeout(p_tcb->peer_bda, GATT_LINK_NO_IDLE_TIMEOUT, p_tcb->transport);
357         } else {
358             if (!gatt_num_apps_hold_link(p_tcb)) {
359                 /* acl link is connected but no application needs to use the link
360                    so set the timeout value to GATT_LINK_IDLE_TIMEOUT_WHEN_NO_APP seconds */
361                 GATT_TRACE_DEBUG("GATT starts link idle timer =%d sec", GATT_LINK_IDLE_TIMEOUT_WHEN_NO_APP);
362                 GATT_SetIdleTimeout(p_tcb->peer_bda, GATT_LINK_IDLE_TIMEOUT_WHEN_NO_APP, p_tcb->transport);
363             }
364 
365         }
366     }
367 }
368 
369 /*******************************************************************************
370 **
371 ** Function         gatt_act_connect
372 **
373 ** Description      GATT connection initiation.
374 **
375 ** Returns          void.
376 **
377 *******************************************************************************/
gatt_act_connect(tGATT_REG * p_reg,BD_ADDR bd_addr,tBLE_ADDR_TYPE bd_addr_type,tBT_TRANSPORT transport,BOOLEAN is_aux)378 BOOLEAN gatt_act_connect (tGATT_REG *p_reg, BD_ADDR bd_addr,
379                                     tBLE_ADDR_TYPE bd_addr_type, tBT_TRANSPORT transport, BOOLEAN is_aux)
380 {
381     BOOLEAN     ret = FALSE;
382     tGATT_TCB   *p_tcb;
383     UINT8       st;
384 
385     if ((p_tcb = gatt_find_tcb_by_addr(bd_addr, transport)) != NULL) {
386         ret = TRUE;
387         st = gatt_get_ch_state(p_tcb);
388 
389         /* before link down, another app try to open a GATT connection */
390         if (st == GATT_CH_OPEN &&  gatt_num_apps_hold_link(p_tcb) == 0 &&
391                 transport == BT_TRANSPORT_LE ) {
392             if (!gatt_connect(bd_addr, bd_addr_type, p_tcb, transport, is_aux)) {
393                 ret = FALSE;
394             }
395         } else if (st == GATT_CH_CLOSING) {
396             /* need to complete the closing first */
397             ret = FALSE;
398         } else {
399             GATT_TRACE_WARNING("gatt_connect wrong state %d", st);
400         }
401     } else {
402         if ((p_tcb = gatt_allocate_tcb_by_bdaddr(bd_addr, transport)) != NULL) {
403             if (!gatt_connect(bd_addr, bd_addr_type, p_tcb, transport, is_aux)) {
404                 GATT_TRACE_ERROR("gatt_connect failed");
405 
406                 // code enter here if create connection failed. if disconnect after connection, code will not enter here
407 
408                 // p_tcb, p_tcb->pending_enc_clcb, and p_tcb->pending_ind_q have been freed in gatt_cleanup_upon_disc(),
409                 // but here p_tcb is get from gatt_allocate_tcb_by_bdaddr(), is too old, so we get p_tcb again
410                 p_tcb = gatt_find_tcb_by_addr(bd_addr, transport);
411                 if(p_tcb != NULL) {
412                     if(p_tcb->pending_enc_clcb != NULL) {
413                         fixed_queue_free(p_tcb->pending_enc_clcb, NULL);
414                     }
415                     if(p_tcb->pending_ind_q != NULL) {
416                         fixed_queue_free(p_tcb->pending_ind_q, NULL);
417                     }
418                     gatt_tcb_free(p_tcb);
419                 }
420 
421             } else {
422                 ret = TRUE;
423             }
424         } else {
425             ret = 0;
426             GATT_TRACE_ERROR("Max TCB for gatt_if [%d] reached.", p_reg->gatt_if);
427         }
428     }
429 
430     if (ret) {
431         gatt_update_app_use_link_flag(p_reg->gatt_if, p_tcb, TRUE, FALSE);
432     }
433 
434     return ret;
435 }
436 
437 /*******************************************************************************
438 **
439 ** Function         gatt_le_connect_cback
440 **
441 ** Description      This callback function is called by L2CAP to indicate that
442 **                  the ATT fixed channel for LE is
443 **                      connected (conn = TRUE)/disconnected (conn = FALSE).
444 **
445 *******************************************************************************/
gatt_le_connect_cback(UINT16 chan,BD_ADDR bd_addr,BOOLEAN connected,UINT16 reason,tBT_TRANSPORT transport)446 static void gatt_le_connect_cback (UINT16 chan, BD_ADDR bd_addr, BOOLEAN connected,
447                                    UINT16 reason, tBT_TRANSPORT transport)
448 {
449 
450     tGATT_TCB       *p_tcb = gatt_find_tcb_by_addr(bd_addr, transport);
451     BOOLEAN                 check_srv_chg = FALSE;
452     tGATTS_SRV_CHG          *p_srv_chg_clt = NULL;
453 
454     /* ignore all fixed channel connect/disconnect on BR/EDR link for GATT */
455     if (transport == BT_TRANSPORT_BR_EDR) {
456         return;
457     }
458 
459     GATT_TRACE_DEBUG ("GATT   ATT protocol channel with BDA: %08x%04x is %s",
460                       (bd_addr[0] << 24) + (bd_addr[1] << 16) + (bd_addr[2] << 8) + bd_addr[3],
461                       (bd_addr[4] << 8) + bd_addr[5], (connected) ? "connected" : "disconnected");
462 
463     if ((p_srv_chg_clt = gatt_is_bda_in_the_srv_chg_clt_list(bd_addr)) != NULL) {
464         check_srv_chg = TRUE;
465     } else {
466         if (btm_sec_is_a_bonded_dev(bd_addr)) {
467             gatt_add_a_bonded_dev_for_srv_chg(bd_addr);
468         }
469     }
470 
471     if (connected) {
472         /* do we have a channel initiating a connection? */
473         if (p_tcb) {
474             /* we are initiating connection */
475             if ( gatt_get_ch_state(p_tcb) == GATT_CH_CONN) {
476                 /* send callback */
477                 gatt_set_ch_state(p_tcb, GATT_CH_OPEN);
478                 p_tcb->payload_size = GATT_DEF_BLE_MTU_SIZE;
479 
480                 gatt_send_conn_cback(p_tcb);
481             }
482             if (check_srv_chg) {
483 #if (GATTS_INCLUDED == TRUE)
484                 gatt_chk_srv_chg (p_srv_chg_clt);
485 #endif  ///GATTS_INCLUDED == TRUE
486             }
487         }
488         /* this is incoming connection or background connection callback */
489 
490         else {
491             if ((p_tcb = gatt_allocate_tcb_by_bdaddr(bd_addr, BT_TRANSPORT_LE)) != NULL) {
492                 p_tcb->att_lcid = L2CAP_ATT_CID;
493 
494                 gatt_set_ch_state(p_tcb, GATT_CH_OPEN);
495 
496                 p_tcb->payload_size = GATT_DEF_BLE_MTU_SIZE;
497 
498                 gatt_send_conn_cback (p_tcb);
499                 if (check_srv_chg) {
500 #if (GATTS_INCLUDED == TRUE)
501                     gatt_chk_srv_chg (p_srv_chg_clt);
502 #endif  ///GATTS_INCLUDED == TRUE
503                 }
504             } else {
505                 GATT_TRACE_ERROR("CCB max out, no rsources");
506             }
507         }
508     } else {
509         gatt_cleanup_upon_disc(bd_addr, reason, transport);
510         GATT_TRACE_DEBUG ("ATT disconnected");
511     }
512 }
513 
514 /*******************************************************************************
515 **
516 ** Function         gatt_channel_congestion
517 **
518 ** Description      This function is called to process the congestion callback
519 **                  from lcb
520 **
521 ** Returns          void
522 **
523 *******************************************************************************/
gatt_channel_congestion(tGATT_TCB * p_tcb,BOOLEAN congested)524 static void gatt_channel_congestion(tGATT_TCB *p_tcb, BOOLEAN congested)
525 {
526     UINT8 i = 0;
527     tGATT_REG *p_reg = NULL;
528     UINT16 conn_id;
529 #if (GATTC_INCLUDED == TRUE)
530     /* if uncongested, check to see if there is any more pending data */
531     if (p_tcb != NULL && congested == FALSE) {
532         gatt_cl_send_next_cmd_inq(p_tcb);
533     }
534 #endif  ///GATTC_INCLUDED == TRUE
535     /* notifying all applications for the connection up event */
536     for (i = 0, p_reg = gatt_cb.cl_rcb ; i < GATT_MAX_APPS; i++, p_reg++) {
537         if (p_reg->in_use) {
538             if (p_reg->app_cb.p_congestion_cb) {
539                 conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_reg->gatt_if);
540                 (*p_reg->app_cb.p_congestion_cb)(conn_id, congested);
541             }
542         }
543     }
544 }
545 
546 /*******************************************************************************
547 **
548 ** Function         gatt_le_cong_cback
549 **
550 ** Description      This function is called when GATT fixed channel is congested
551 **                  or uncongested.
552 **
553 ** Returns          void
554 **
555 *******************************************************************************/
gatt_le_cong_cback(BD_ADDR remote_bda,BOOLEAN congested)556 static void gatt_le_cong_cback(BD_ADDR remote_bda, BOOLEAN congested)
557 {
558     tGATT_TCB *p_tcb = gatt_find_tcb_by_addr(remote_bda, BT_TRANSPORT_LE);
559 
560     /* if uncongested, check to see if there is any more pending data */
561     if (p_tcb != NULL) {
562         gatt_channel_congestion(p_tcb, congested);
563     }
564 }
565 
566 /*******************************************************************************
567 **
568 ** Function         gatt_le_data_ind
569 **
570 ** Description      This function is called when data is received from L2CAP.
571 **                  if we are the originator of the connection, we are the ATT
572 **                  client, and the received message is queued up for the client.
573 **
574 **                  If we are the destination of the connection, we are the ATT
575 **                  server, so the message is passed to the server processing
576 **                  function.
577 **
578 ** Returns          void
579 **
580 *******************************************************************************/
gatt_le_data_ind(UINT16 chan,BD_ADDR bd_addr,BT_HDR * p_buf)581 static void gatt_le_data_ind (UINT16 chan, BD_ADDR bd_addr, BT_HDR *p_buf)
582 {
583     tGATT_TCB    *p_tcb;
584 
585     /* Find CCB based on bd addr */
586     if ((p_tcb = gatt_find_tcb_by_addr (bd_addr, BT_TRANSPORT_LE)) != NULL &&
587             gatt_get_ch_state(p_tcb) >= GATT_CH_OPEN) {
588         gatt_data_process(p_tcb, p_buf);
589     } else {
590         osi_free (p_buf);
591 
592         if (p_tcb != NULL) {
593             GATT_TRACE_WARNING ("ATT - Ignored L2CAP data while in state: %d\n",
594                                 gatt_get_ch_state(p_tcb));
595         }
596     }
597 }
598 
599 /*******************************************************************************
600 **
601 ** Function         gatt_l2cif_connect_ind
602 **
603 ** Description      This function handles an inbound connection indication
604 **                  from L2CAP. This is the case where we are acting as a
605 **                  server.
606 **
607 ** Returns          void
608 **
609 *******************************************************************************/
610 #if (CLASSIC_BT_GATT_INCLUDED == TRUE)
gatt_l2cif_connect_ind_cback(BD_ADDR bd_addr,UINT16 lcid,UINT16 psm,UINT8 id)611 static void gatt_l2cif_connect_ind_cback (BD_ADDR  bd_addr, UINT16 lcid, UINT16 psm, UINT8 id)
612 {
613     /* do we already have a control channel for this peer? */
614     UINT8       result = L2CAP_CONN_OK;
615     tL2CAP_CFG_INFO cfg;
616     tGATT_TCB       *p_tcb = gatt_find_tcb_by_addr(bd_addr, BT_TRANSPORT_BR_EDR);
617     UNUSED(psm);
618 
619     GATT_TRACE_ERROR("Connection indication cid = %d", lcid);
620     /* new connection ? */
621     if (p_tcb == NULL) {
622         /* allocate tcb */
623         if ((p_tcb = gatt_allocate_tcb_by_bdaddr(bd_addr, BT_TRANSPORT_BR_EDR)) == NULL) {
624             /* no tcb available, reject L2CAP connection */
625             result = L2CAP_CONN_NO_RESOURCES;
626         } else {
627             p_tcb->att_lcid = lcid;
628         }
629 
630     } else { /* existing connection , reject it */
631         result = L2CAP_CONN_NO_RESOURCES;
632     }
633 
634     /* Send L2CAP connect rsp */
635     L2CA_ConnectRsp(bd_addr, id, lcid, result, 0);
636 
637     /* if result ok, proceed with connection */
638     if (result == L2CAP_CONN_OK) {
639         /* transition to configuration state */
640         gatt_set_ch_state(p_tcb, GATT_CH_CFG);
641 
642         /* Send L2CAP config req */
643         memset(&cfg, 0, sizeof(tL2CAP_CFG_INFO));
644         cfg.mtu_present = TRUE;
645         cfg.mtu = gatt_default.local_mtu;
646 
647         L2CA_ConfigReq(lcid, &cfg);
648     }
649 
650 }
651 
652 /*******************************************************************************
653 **
654 ** Function         gatt_l2c_connect_cfm_cback
655 **
656 ** Description      This is the L2CAP connect confirm callback function.
657 **
658 **
659 ** Returns          void
660 **
661 *******************************************************************************/
gatt_l2cif_connect_cfm_cback(UINT16 lcid,UINT16 result)662 static void gatt_l2cif_connect_cfm_cback(UINT16 lcid, UINT16 result)
663 {
664     tGATT_TCB       *p_tcb;
665     tL2CAP_CFG_INFO cfg;
666 
667     /* look up clcb for this channel */
668     if ((p_tcb = gatt_find_tcb_by_cid(lcid)) != NULL) {
669         GATT_TRACE_DEBUG("gatt_l2c_connect_cfm_cback result: %d ch_state: %d, lcid:0x%x", result, gatt_get_ch_state(p_tcb), p_tcb->att_lcid);
670 
671         /* if in correct state */
672         if (gatt_get_ch_state(p_tcb) == GATT_CH_CONN) {
673             /* if result successful */
674             if (result == L2CAP_CONN_OK) {
675                 /* set channel state */
676                 gatt_set_ch_state(p_tcb, GATT_CH_CFG);
677 
678                 /* Send L2CAP config req */
679                 memset(&cfg, 0, sizeof(tL2CAP_CFG_INFO));
680                 cfg.mtu_present = TRUE;
681                 cfg.mtu = gatt_default.local_mtu;
682                 L2CA_ConfigReq(lcid, &cfg);
683             }
684             /* else initiating connection failure */
685             else {
686                 gatt_cleanup_upon_disc(p_tcb->peer_bda, result, GATT_TRANSPORT_BR_EDR);
687             }
688         } else { /* wrong state, disconnect it */
689             if (result == L2CAP_CONN_OK) {
690                 /* just in case the peer also accepts our connection - Send L2CAP disconnect req */
691                 L2CA_DisconnectReq(lcid);
692             }
693         }
694     }
695 }
696 
697 /*******************************************************************************
698 **
699 ** Function         gatt_l2cif_config_cfm_cback
700 **
701 ** Description      This is the L2CAP config confirm callback function.
702 **
703 **
704 ** Returns          void
705 **
706 *******************************************************************************/
gatt_l2cif_config_cfm_cback(UINT16 lcid,tL2CAP_CFG_INFO * p_cfg)707 void gatt_l2cif_config_cfm_cback(UINT16 lcid, tL2CAP_CFG_INFO *p_cfg)
708 {
709     tGATT_TCB       *p_tcb;
710     tGATTS_SRV_CHG  *p_srv_chg_clt = NULL;
711 
712     /* look up clcb for this channel */
713     if ((p_tcb = gatt_find_tcb_by_cid(lcid)) != NULL) {
714         /* if in correct state */
715         if ( gatt_get_ch_state(p_tcb) == GATT_CH_CFG) {
716             /* if result successful */
717             if (p_cfg->result == L2CAP_CFG_OK) {
718                 /* update flags */
719                 p_tcb->ch_flags |= GATT_L2C_CFG_CFM_DONE;
720 
721                 /* if configuration complete */
722                 if (p_tcb->ch_flags & GATT_L2C_CFG_IND_DONE) {
723                     gatt_set_ch_state(p_tcb, GATT_CH_OPEN);
724 
725                     if ((p_srv_chg_clt = gatt_is_bda_in_the_srv_chg_clt_list(p_tcb->peer_bda)) != NULL) {
726 #if (GATTS_INCLUDED == TRUE)
727                         gatt_chk_srv_chg(p_srv_chg_clt);
728 #endif  ///GATTS_INCLUDED == TRUE
729                     } else {
730                         if (btm_sec_is_a_bonded_dev(p_tcb->peer_bda)) {
731                             gatt_add_a_bonded_dev_for_srv_chg(p_tcb->peer_bda);
732                         }
733                     }
734 
735                     /* send callback */
736                     gatt_send_conn_cback(p_tcb);
737                 }
738             }
739             /* else failure */
740             else {
741                 /* Send L2CAP disconnect req */
742                 L2CA_DisconnectReq(lcid);
743             }
744         }
745     }
746 }
747 
748 /*******************************************************************************
749 **
750 ** Function         gatt_l2cif_config_ind_cback
751 **
752 ** Description      This is the L2CAP config indication callback function.
753 **
754 **
755 ** Returns          void
756 **
757 *******************************************************************************/
gatt_l2cif_config_ind_cback(UINT16 lcid,tL2CAP_CFG_INFO * p_cfg)758 void gatt_l2cif_config_ind_cback(UINT16 lcid, tL2CAP_CFG_INFO *p_cfg)
759 {
760     tGATT_TCB       *p_tcb;
761     tGATTS_SRV_CHG  *p_srv_chg_clt = NULL;
762     /* look up clcb for this channel */
763     if ((p_tcb = gatt_find_tcb_by_cid(lcid)) != NULL) {
764         /* GATT uses the smaller of our MTU and peer's MTU  */
765         if ( p_cfg->mtu_present &&
766                 (p_cfg->mtu >= GATT_MIN_BR_MTU_SIZE && p_cfg->mtu < L2CAP_DEFAULT_MTU)) {
767             p_tcb->payload_size = p_cfg->mtu;
768         } else {
769             p_tcb->payload_size = L2CAP_DEFAULT_MTU;
770         }
771 
772         /* send L2CAP configure response */
773         memset(p_cfg, 0, sizeof(tL2CAP_CFG_INFO));
774         p_cfg->result = L2CAP_CFG_OK;
775         L2CA_ConfigRsp(lcid, p_cfg);
776 
777         /* if first config ind */
778         if ((p_tcb->ch_flags & GATT_L2C_CFG_IND_DONE) == 0) {
779             /* update flags */
780             p_tcb->ch_flags |= GATT_L2C_CFG_IND_DONE;
781 
782             /* if configuration complete */
783             if (p_tcb->ch_flags & GATT_L2C_CFG_CFM_DONE) {
784                 gatt_set_ch_state(p_tcb, GATT_CH_OPEN);
785                 if ((p_srv_chg_clt = gatt_is_bda_in_the_srv_chg_clt_list(p_tcb->peer_bda)) != NULL) {
786 #if (GATTS_INCLUDED == TRUE)
787                     gatt_chk_srv_chg(p_srv_chg_clt);
788 #endif  ///GATTS_INCLUDED == TRUE
789                 } else {
790                     if (btm_sec_is_a_bonded_dev(p_tcb->peer_bda)) {
791                         gatt_add_a_bonded_dev_for_srv_chg(p_tcb->peer_bda);
792                     }
793                 }
794 
795                 /* send callback */
796                 gatt_send_conn_cback(p_tcb);
797             }
798         }
799     }
800 }
801 
802 /*******************************************************************************
803 **
804 ** Function         gatt_l2cif_disconnect_ind_cback
805 **
806 ** Description      This is the L2CAP disconnect indication callback function.
807 **
808 **
809 ** Returns          void
810 **
811 *******************************************************************************/
gatt_l2cif_disconnect_ind_cback(UINT16 lcid,BOOLEAN ack_needed)812 void gatt_l2cif_disconnect_ind_cback(UINT16 lcid, BOOLEAN ack_needed)
813 {
814     tGATT_TCB       *p_tcb;
815     UINT16          reason;
816 
817     /* look up clcb for this channel */
818     if ((p_tcb = gatt_find_tcb_by_cid(lcid)) != NULL) {
819         if (ack_needed) {
820             /* send L2CAP disconnect response */
821             L2CA_DisconnectRsp(lcid);
822         }
823         if (gatt_is_bda_in_the_srv_chg_clt_list(p_tcb->peer_bda) == NULL) {
824             if (btm_sec_is_a_bonded_dev(p_tcb->peer_bda)) {
825                 gatt_add_a_bonded_dev_for_srv_chg(p_tcb->peer_bda);
826             }
827         }
828         /* if ACL link is still up, no reason is logged, l2cap is disconnect from peer */
829         if ((reason = L2CA_GetDisconnectReason(p_tcb->peer_bda, p_tcb->transport)) == 0) {
830             reason = GATT_CONN_TERMINATE_PEER_USER;
831         }
832 
833         /* send disconnect callback */
834         gatt_cleanup_upon_disc(p_tcb->peer_bda, reason, GATT_TRANSPORT_BR_EDR);
835     }
836 }
837 
838 /*******************************************************************************
839 **
840 ** Function         gatt_l2cif_disconnect_cfm_cback
841 **
842 ** Description      This is the L2CAP disconnect confirm callback function.
843 **
844 **
845 ** Returns          void
846 **
847 *******************************************************************************/
gatt_l2cif_disconnect_cfm_cback(UINT16 lcid,UINT16 result)848 static void gatt_l2cif_disconnect_cfm_cback(UINT16 lcid, UINT16 result)
849 {
850     tGATT_TCB       *p_tcb;
851     UINT16          reason;
852     UNUSED(result);
853 
854     /* look up clcb for this channel */
855     if ((p_tcb = gatt_find_tcb_by_cid(lcid)) != NULL) {
856         /* If the device is not in the service changed client list, add it... */
857         if (gatt_is_bda_in_the_srv_chg_clt_list(p_tcb->peer_bda) == NULL) {
858             if (btm_sec_is_a_bonded_dev(p_tcb->peer_bda)) {
859                 gatt_add_a_bonded_dev_for_srv_chg(p_tcb->peer_bda);
860             }
861         }
862 
863         /* send disconnect callback */
864         /* if ACL link is still up, no reason is logged, l2cap is disconnect from peer */
865         if ((reason = L2CA_GetDisconnectReason(p_tcb->peer_bda, p_tcb->transport)) == 0) {
866             reason = GATT_CONN_TERMINATE_LOCAL_HOST;
867         }
868 
869         gatt_cleanup_upon_disc(p_tcb->peer_bda, reason, GATT_TRANSPORT_BR_EDR);
870     }
871 }
872 
873 /*******************************************************************************
874 **
875 ** Function         gatt_l2cif_data_ind_cback
876 **
877 ** Description      This is the L2CAP data indication callback function.
878 **
879 **
880 ** Returns          void
881 **
882 *******************************************************************************/
gatt_l2cif_data_ind_cback(UINT16 lcid,BT_HDR * p_buf)883 static void gatt_l2cif_data_ind_cback(UINT16 lcid, BT_HDR *p_buf)
884 {
885     tGATT_TCB       *p_tcb;
886 
887     /* look up clcb for this channel */
888     if ((p_tcb = gatt_find_tcb_by_cid(lcid)) != NULL &&
889             gatt_get_ch_state(p_tcb) == GATT_CH_OPEN) {
890         /* process the data */
891         gatt_data_process(p_tcb, p_buf);
892     } else { /* prevent buffer leak */
893         osi_free(p_buf);
894     }
895 
896 }
897 
898 /*******************************************************************************
899 **
900 ** Function         gatt_l2cif_congest_cback
901 **
902 ** Description      L2CAP congestion callback
903 **
904 ** Returns          void
905 **
906 *******************************************************************************/
gatt_l2cif_congest_cback(UINT16 lcid,BOOLEAN congested)907 static void gatt_l2cif_congest_cback (UINT16 lcid, BOOLEAN congested)
908 {
909     tGATT_TCB *p_tcb = gatt_find_tcb_by_cid(lcid);
910 
911     if (p_tcb != NULL) {
912         gatt_channel_congestion(p_tcb, congested);
913     }
914 
915 }
916 #endif  ///CLASSIC_BT_GATT_INCLUDED == TRUE
917 
918 /*******************************************************************************
919 **
920 ** Function         gatt_send_conn_cback
921 **
922 ** Description      Callback used to notify layer above about a connection.
923 **
924 **
925 ** Returns          void
926 **
927 *******************************************************************************/
gatt_send_conn_cback(tGATT_TCB * p_tcb)928 static void gatt_send_conn_cback(tGATT_TCB *p_tcb)
929 {
930     UINT8               i;
931     tGATT_REG           *p_reg;
932     tGATT_BG_CONN_DEV   *p_bg_dev = NULL;
933     UINT16              conn_id;
934 
935     p_bg_dev = gatt_find_bg_dev(p_tcb->peer_bda);
936 
937     /* notifying all applications for the connection up event */
938     for (i = 0,  p_reg = gatt_cb.cl_rcb ; i < GATT_MAX_APPS; i++, p_reg++) {
939         if (p_reg->in_use) {
940             if (p_bg_dev && gatt_is_bg_dev_for_app(p_bg_dev, p_reg->gatt_if)) {
941                 gatt_update_app_use_link_flag(p_reg->gatt_if, p_tcb, TRUE, TRUE);
942             }
943 
944             if (p_reg->app_cb.p_conn_cb) {
945                 conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_reg->gatt_if);
946                 (*p_reg->app_cb.p_conn_cb)(p_reg->gatt_if, p_tcb->peer_bda, conn_id,
947                                            TRUE, 0, p_tcb->transport);
948             }
949         }
950     }
951 
952 
953     if (gatt_num_apps_hold_link(p_tcb) &&  p_tcb->att_lcid == L2CAP_ATT_CID ) {
954         /* disable idle timeout if one or more clients are holding the link disable the idle timer */
955         GATT_SetIdleTimeout(p_tcb->peer_bda, GATT_LINK_NO_IDLE_TIMEOUT, p_tcb->transport);
956     }
957 }
958 
959 /*******************************************************************************
960 **
961 ** Function         gatt_le_data_ind
962 **
963 ** Description      This function is called when data is received from L2CAP.
964 **                  if we are the originator of the connection, we are the ATT
965 **                  client, and the received message is queued up for the client.
966 **
967 **                  If we are the destination of the connection, we are the ATT
968 **                  server, so the message is passed to the server processing
969 **                  function.
970 **
971 ** Returns          void
972 **
973 *******************************************************************************/
gatt_data_process(tGATT_TCB * p_tcb,BT_HDR * p_buf)974 void gatt_data_process (tGATT_TCB *p_tcb, BT_HDR *p_buf)
975 {
976     UINT8   *p = (UINT8 *)(p_buf + 1) + p_buf->offset;
977     UINT8   op_code, pseudo_op_code;
978 #if (GATTS_INCLUDED == TRUE) || (GATTC_INCLUDED == TRUE)
979     UINT16  msg_len;
980 #endif ///(GATTS_INCLUDED == TRUE) || (GATTC_INCLUDED == TRUE)
981 
982 
983     if (p_buf->len > 0) {
984 #if (GATTS_INCLUDED == TRUE) || (GATTC_INCLUDED == TRUE)
985         msg_len = p_buf->len - 1;
986 #endif ///(GATTS_INCLUDED == TRUE) || (GATTC_INCLUDED == TRUE)
987         STREAM_TO_UINT8(op_code, p);
988 
989         /* remove the two MSBs associated with sign write and write cmd */
990         pseudo_op_code = op_code & (~GATT_WRITE_CMD_MASK);
991 
992         if (pseudo_op_code < GATT_OP_CODE_MAX) {
993             if (op_code == GATT_SIGN_CMD_WRITE) {
994 #if (SMP_INCLUDED == TRUE)
995                 gatt_verify_signature(p_tcb, p_buf);
996 #endif  ///SMP_INCLUDED == TRUE
997             } else {
998                 /* message from client */
999                 if ((op_code % 2) == 0) {
1000 #if (GATTS_INCLUDED == TRUE)
1001                     gatt_server_handle_client_req (p_tcb, op_code, msg_len, p);
1002 #endif  ///GATTS_INCLUDED == TRUE
1003                 } else {
1004 #if (GATTC_INCLUDED == TRUE)
1005                     gatt_client_handle_server_rsp (p_tcb, op_code, msg_len, p);
1006 #endif  ///GATTC_INCLUDED == TRUE
1007                 }
1008             }
1009         } else {
1010             if (op_code & GATT_COMMAND_FLAG) {
1011                 GATT_TRACE_ERROR ("ATT - Rcvd L2CAP data, unknown cmd: 0x%x\n", op_code);
1012             } else {
1013                 GATT_TRACE_ERROR ("ATT - Rcvd L2CAP data, unknown req: 0x%x\n", op_code);
1014                 gatt_send_error_rsp (p_tcb, GATT_REQ_NOT_SUPPORTED, op_code, 0, FALSE);
1015             }
1016         }
1017     } else {
1018         GATT_TRACE_ERROR ("invalid data length, ignore\n");
1019     }
1020 
1021     osi_free (p_buf);
1022 }
1023 
1024 /*******************************************************************************
1025 **
1026 ** Function         gatt_add_a_bonded_dev_for_srv_chg
1027 **
1028 ** Description      Add a bonded dev to the service changed client list
1029 **
1030 ** Returns          void
1031 **
1032 *******************************************************************************/
gatt_add_a_bonded_dev_for_srv_chg(BD_ADDR bda)1033 void gatt_add_a_bonded_dev_for_srv_chg (BD_ADDR bda)
1034 {
1035     tGATTS_SRV_CHG_REQ req;
1036     tGATTS_SRV_CHG srv_chg_clt;
1037 
1038     memcpy(srv_chg_clt.bda, bda, BD_ADDR_LEN);
1039     srv_chg_clt.srv_changed = FALSE;
1040     if (gatt_add_srv_chg_clt(&srv_chg_clt) != NULL) {
1041         memcpy(req.srv_chg.bda, bda, BD_ADDR_LEN);
1042         req.srv_chg.srv_changed = FALSE;
1043         if (gatt_cb.cb_info.p_srv_chg_callback) {
1044             (*gatt_cb.cb_info.p_srv_chg_callback)(GATTS_SRV_CHG_CMD_ADD_CLIENT, &req, NULL);
1045         }
1046     }
1047 }
1048 
1049 /*******************************************************************************
1050 **
1051 ** Function         gatt_send_srv_chg_ind
1052 **
1053 ** Description      This function is called to send a service changed indication to
1054 **                  the specified bd address
1055 **
1056 ** Returns          GATT_SUCCESS if successfully sent; otherwise error code
1057 **
1058 *******************************************************************************/
1059 #if (GATTS_INCLUDED == TRUE)
gatt_send_srv_chg_ind(BD_ADDR peer_bda)1060 tGATT_STATUS gatt_send_srv_chg_ind (BD_ADDR peer_bda)
1061 {
1062     UINT8   handle_range[GATT_SIZE_OF_SRV_CHG_HNDL_RANGE];
1063     UINT8   *p = handle_range;
1064     UINT16  conn_id;
1065     tGATT_STATUS  status = GATT_ERROR;
1066     GATT_TRACE_DEBUG("gatt_send_srv_chg_ind");
1067 
1068     if (gatt_cb.handle_of_h_r) {
1069         if ((conn_id = gatt_profile_find_conn_id_by_bd_addr(peer_bda)) != GATT_INVALID_CONN_ID) {
1070             UINT16_TO_STREAM (p, 1);
1071             UINT16_TO_STREAM (p, 0xFFFF);
1072             status = GATTS_HandleValueIndication (conn_id,
1073                                          gatt_cb.handle_of_h_r,
1074                                          GATT_SIZE_OF_SRV_CHG_HNDL_RANGE,
1075                                          handle_range);
1076         } else {
1077             status = GATT_NOT_FOUND;
1078             GATT_TRACE_ERROR("Unable to find conn_id for  %02x%02x%02x%02x%02x%02x ",
1079                              peer_bda[0], peer_bda[1],  peer_bda[2], peer_bda[3], peer_bda[4], peer_bda[5]);
1080         }
1081     }
1082     return status;
1083 }
1084 
1085 
1086 /*******************************************************************************
1087 **
1088 ** Function         gatt_chk_srv_chg
1089 **
1090 ** Description      Check sending service changed Indication is required or not
1091 **                  if required then send the Indication
1092 **
1093 ** Returns          void
1094 **
1095 *******************************************************************************/
gatt_chk_srv_chg(tGATTS_SRV_CHG * p_srv_chg_clt)1096 void gatt_chk_srv_chg(tGATTS_SRV_CHG *p_srv_chg_clt)
1097 {
1098     GATT_TRACE_DEBUG("gatt_chk_srv_chg srv_changed=%d", p_srv_chg_clt->srv_changed );
1099 
1100     if (p_srv_chg_clt->srv_changed) {
1101         gatt_send_srv_chg_ind(p_srv_chg_clt->bda);
1102     }
1103 }
1104 #endif  ///GATTS_INCLUDED == TRUE
1105 
1106 
1107 /*******************************************************************************
1108 **
1109 ** Function         gatt_init_srv_chg
1110 **
1111 ** Description      This function is used to initialize the service changed
1112 **                  attribute value
1113 **
1114 ** Returns          void
1115 **
1116 *******************************************************************************/
gatt_init_srv_chg(void)1117 void gatt_init_srv_chg (void)
1118 {
1119     tGATTS_SRV_CHG_REQ req;
1120     tGATTS_SRV_CHG_RSP rsp;
1121     BOOLEAN status;
1122     UINT8 num_clients, i;
1123     tGATTS_SRV_CHG  srv_chg_clt;
1124 
1125     GATT_TRACE_DEBUG("gatt_init_srv_chg");
1126     if (gatt_cb.cb_info.p_srv_chg_callback) {
1127         status = (*gatt_cb.cb_info.p_srv_chg_callback)(GATTS_SRV_CHG_CMD_READ_NUM_CLENTS, NULL, &rsp);
1128 
1129         if (status && rsp.num_clients) {
1130             GATT_TRACE_DEBUG("gatt_init_srv_chg num_srv_chg_clt_clients=%d", rsp.num_clients);
1131             num_clients = rsp.num_clients;
1132             i = 1; /* use one based index */
1133             while ((i <= num_clients) && status) {
1134                 req.client_read_index = i;
1135                 if ((status = (*gatt_cb.cb_info.p_srv_chg_callback)(GATTS_SRV_CHG_CMD_READ_CLENT, &req, &rsp)) == TRUE) {
1136                     memcpy(&srv_chg_clt, &rsp.srv_chg , sizeof(tGATTS_SRV_CHG));
1137                     if (gatt_add_srv_chg_clt(&srv_chg_clt) == NULL) {
1138                         GATT_TRACE_ERROR("Unable to add a service change client");
1139                         status = FALSE;
1140                     }
1141                 }
1142                 i++;
1143             }
1144         }
1145     } else {
1146         GATT_TRACE_DEBUG("gatt_init_srv_chg callback not registered yet");
1147     }
1148 }
1149 
1150 /*******************************************************************************
1151 **
1152 ** Function         gatt_proc_srv_chg
1153 **
1154 ** Description      This function is process the service changed request
1155 **
1156 ** Returns          void
1157 **
1158 *******************************************************************************/
1159 #if (GATTS_INCLUDED == TRUE)
gatt_proc_srv_chg(void)1160 void gatt_proc_srv_chg (void)
1161 {
1162     UINT8               start_idx, found_idx;
1163     BD_ADDR             bda;
1164     BOOLEAN             srv_chg_ind_pending = FALSE;
1165     tGATT_TCB           *p_tcb;
1166     tBT_TRANSPORT      transport;
1167 
1168     GATT_TRACE_DEBUG ("gatt_proc_srv_chg");
1169 
1170     if (gatt_cb.cb_info.p_srv_chg_callback && gatt_cb.handle_of_h_r) {
1171         gatt_set_srv_chg();
1172         start_idx = 0;
1173         while (gatt_find_the_connected_bda(start_idx, bda, &found_idx, &transport)) {
1174             p_tcb = gatt_get_tcb_by_idx(found_idx);
1175 	    srv_chg_ind_pending  = gatt_is_srv_chg_ind_pending(p_tcb);
1176 
1177             if (!srv_chg_ind_pending) {
1178                 gatt_send_srv_chg_ind(bda);
1179             } else {
1180                 GATT_TRACE_DEBUG ("discard srv chg - already has one in the queue");
1181             }
1182             start_idx = ++found_idx;
1183         }
1184     }
1185 }
1186 #endif  ///GATTS_INCLUDED == TRUE
1187 
1188 /*******************************************************************************
1189 **
1190 ** Function         gatt_set_ch_state
1191 **
1192 ** Description      This function set the ch_state in tcb
1193 **
1194 ** Returns          none
1195 **
1196 *******************************************************************************/
gatt_set_ch_state(tGATT_TCB * p_tcb,tGATT_CH_STATE ch_state)1197 void gatt_set_ch_state(tGATT_TCB *p_tcb, tGATT_CH_STATE ch_state)
1198 {
1199     if (p_tcb) {
1200         GATT_TRACE_DEBUG ("gatt_set_ch_state: old=%d new=%d", p_tcb->ch_state, ch_state);
1201         p_tcb->ch_state = ch_state;
1202     }
1203 }
1204 
1205 /*******************************************************************************
1206 **
1207 ** Function         gatt_get_ch_state
1208 **
1209 ** Description      This function get the ch_state in tcb
1210 **
1211 ** Returns          none
1212 **
1213 *******************************************************************************/
gatt_get_ch_state(tGATT_TCB * p_tcb)1214 tGATT_CH_STATE gatt_get_ch_state(tGATT_TCB *p_tcb)
1215 {
1216     tGATT_CH_STATE ch_state = GATT_CH_CLOSE;
1217     if (p_tcb) {
1218         GATT_TRACE_DEBUG ("gatt_get_ch_state: ch_state=%d", p_tcb->ch_state);
1219         ch_state = p_tcb->ch_state;
1220     }
1221     return ch_state;
1222 }
1223 
gatt_get_local_mtu(void)1224 uint16_t gatt_get_local_mtu(void)
1225 {
1226     return gatt_default.local_mtu;
1227 }
1228 
gatt_set_local_mtu(uint16_t mtu)1229 void gatt_set_local_mtu(uint16_t mtu)
1230 {
1231     gatt_default.local_mtu = mtu;
1232 }
1233 
gatt_tcb_active_count(void)1234 uint8_t gatt_tcb_active_count(void)
1235 {
1236     tGATT_TCB   *p_tcb  = NULL;
1237     list_node_t *p_node = NULL;
1238     uint8_t count = 0;
1239 
1240     for(p_node = list_begin(gatt_cb.p_tcb_list); p_node; p_node = list_next(p_node)) {
1241         p_tcb = list_node(p_node);
1242         if (p_tcb && p_tcb->in_use && (p_tcb->ch_state != GATT_CH_CLOSE)) {
1243             count++;
1244         }
1245     }
1246 
1247     return count;
1248 }
1249 
1250 #endif /* BLE_INCLUDED */
1251