1 /******************************************************************************
2  *
3  *  Copyright (C) 2009-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  this file contains functions relating to BLE management.
22  *
23  ******************************************************************************/
24 
25 #include <string.h>
26 #include "common/bt_target.h"
27 //#include "bt_utils.h"
28 #include "stack/l2cdefs.h"
29 #include "l2c_int.h"
30 #include "stack/btu.h"
31 #include "btm_int.h"
32 #include "stack/hcimsgs.h"
33 #include "device/controller.h"
34 
35 #if (BLE_INCLUDED == TRUE)
36 
37 #if (BLE_50_FEATURE_SUPPORT == TRUE)
38 const tHCI_ExtConnParams ext_conn_params = {
39     .scan_interval = 0x40,
40     .scan_window = 0x40,
41     .conn_interval_min = 320, // 306-> 362Kbps
42     .conn_interval_max = 320,
43     .conn_latency = 0,
44     .sup_timeout = 600,
45     .min_ce_len  = 0,
46     .max_ce_len = 0,
47 };
48 #define BLE_PHY_NO_PREF                  0
49 #define BLE_PHY_PREF_MASK                ((1 << 2) | (1 << 1) | (1 << 0))
50 
51 #endif // #if (BLE_50_FEATURE_SUPPORT == TRUE)
52 
53 static BOOLEAN l2cble_start_conn_update (tL2C_LCB *p_lcb);
54 extern int64_t esp_system_get_time(void);
55 
56 /*******************************************************************************
57 **
58 **  Function        L2CA_CancelBleConnectReq
59 **
60 **  Description     Cancel a pending connection attempt to a BLE device.
61 **
62 **  Parameters:     BD Address of remote
63 **
64 **  Return value:   TRUE if connection was cancelled
65 **
66 *******************************************************************************/
L2CA_CancelBleConnectReq(BD_ADDR rem_bda)67 BOOLEAN L2CA_CancelBleConnectReq (BD_ADDR rem_bda)
68 {
69     tL2C_LCB *p_lcb;
70 
71     /* There can be only one BLE connection request outstanding at a time */
72     if (btm_ble_get_conn_st() == BLE_CONN_IDLE) {
73         L2CAP_TRACE_WARNING ("L2CA_CancelBleConnectReq - no connection pending");
74         return (FALSE);
75     }
76 
77     if (memcmp (rem_bda, l2cb.ble_connecting_bda, BD_ADDR_LEN)) {
78         L2CAP_TRACE_WARNING ("L2CA_CancelBleConnectReq - different  BDA Connecting: %08x%04x  Cancel: %08x%04x",
79                              (l2cb.ble_connecting_bda[0] << 24) + (l2cb.ble_connecting_bda[1] << 16) + (l2cb.ble_connecting_bda[2] << 8) + l2cb.ble_connecting_bda[3],
80                              (l2cb.ble_connecting_bda[4] << 8) + l2cb.ble_connecting_bda[5],
81                              (rem_bda[0] << 24) + (rem_bda[1] << 16) + (rem_bda[2] << 8) + rem_bda[3], (rem_bda[4] << 8) + rem_bda[5]);
82 
83         return (FALSE);
84     }
85 
86     if (btsnd_hcic_ble_create_conn_cancel()) {
87         p_lcb = l2cu_find_lcb_by_bd_addr(rem_bda, BT_TRANSPORT_LE);
88         /* Do not remove lcb if an LE link is already up as a peripheral */
89         if (p_lcb != NULL &&
90                 !(p_lcb->link_role == HCI_ROLE_SLAVE && BTM_ACL_IS_CONNECTED(rem_bda))) {
91             p_lcb->disc_reason = L2CAP_CONN_CANCEL;
92             l2cu_release_lcb (p_lcb);
93         }
94         /* update state to be cancel, wait for connection cancel complete */
95         btm_ble_set_conn_st (BLE_CONN_CANCEL);
96 
97         return (TRUE);
98     } else {
99         return (FALSE);
100     }
101 }
102 
103 /*******************************************************************************
104 **
105 **  Function        L2CA_UpdateBleConnParams
106 **
107 **  Description     Update BLE connection parameters.
108 **
109 **  Parameters:     BD Address of remote
110 **
111 **  Return value:   TRUE if update started
112 **
113 *******************************************************************************/
L2CA_UpdateBleConnParams(BD_ADDR rem_bda,UINT16 min_int,UINT16 max_int,UINT16 latency,UINT16 timeout)114 BOOLEAN L2CA_UpdateBleConnParams (BD_ADDR rem_bda, UINT16 min_int, UINT16 max_int,
115                                   UINT16 latency, UINT16 timeout)
116 {
117     tL2C_LCB            *p_lcb;
118     tACL_CONN           *p_acl_cb = btm_bda_to_acl(rem_bda, BT_TRANSPORT_LE);
119 
120     /* See if we have a link control block for the remote device */
121     p_lcb = l2cu_find_lcb_by_bd_addr (rem_bda, BT_TRANSPORT_LE);
122 
123     /* If we don't have one, create one and accept the connection. */
124     if (!p_lcb || !p_acl_cb) {
125         L2CAP_TRACE_WARNING ("L2CA_UpdateBleConnParams - unknown BD_ADDR %08x%04x",
126                              (rem_bda[0] << 24) + (rem_bda[1] << 16) + (rem_bda[2] << 8) + rem_bda[3],
127                              (rem_bda[4] << 8) + rem_bda[5]);
128         return (FALSE);
129     }
130 
131     if (p_lcb->transport != BT_TRANSPORT_LE) {
132         L2CAP_TRACE_WARNING ("L2CA_UpdateBleConnParams - BD_ADDR %08x%04x not LE",
133                              (rem_bda[0] << 24) + (rem_bda[1] << 16) + (rem_bda[2] << 8) + rem_bda[3],
134                              (rem_bda[4] << 8) + rem_bda[5]);
135         return (FALSE);
136     }
137 
138     if (p_lcb->conn_update_mask & L2C_BLE_UPDATE_PARAM_FULL){
139         UINT8 status = HCI_ERR_ILLEGAL_COMMAND;
140         L2CAP_TRACE_ERROR("There are two connection parameter requests that are being updated, please try later ");
141         if (conn_param_update_cb.update_conn_param_cb != NULL) {
142             tBTM_LE_UPDATE_CONN_PRAMS update_param;
143             update_param.max_conn_int = max_int;
144             update_param.min_conn_int = min_int;
145             update_param.conn_int = p_lcb->current_used_conn_interval;
146             update_param.slave_latency = p_lcb->current_used_conn_latency;
147             update_param.supervision_tout = p_lcb->current_used_conn_timeout;
148             (conn_param_update_cb.update_conn_param_cb)(status, p_lcb->remote_bd_addr, &update_param);
149         }
150         return (FALSE);
151     }
152 
153     p_lcb->waiting_update_conn_min_interval = min_int;
154     p_lcb->waiting_update_conn_max_interval = max_int;
155     p_lcb->waiting_update_conn_latency = latency;
156     p_lcb->waiting_update_conn_timeout = timeout;
157 
158     p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
159 
160     if(l2cble_start_conn_update(p_lcb) == TRUE) {
161         UINT32 time = CalConnectParamTimeout(p_lcb);
162         btu_start_timer(&p_lcb->upda_con_timer, BTU_TTYPE_L2CAP_UPDA_CONN_PARAMS, time);
163     }
164 
165     return (TRUE);
166 }
167 
168 
169 /*******************************************************************************
170 **
171 **  Function        L2CA_EnableUpdateBleConnParams
172 **
173 **  Description     Enable or disable update based on the request from the peer
174 **
175 **  Parameters:     BD Address of remote
176 **
177 **  Return value:   TRUE if update started
178 **
179 *******************************************************************************/
L2CA_EnableUpdateBleConnParams(BD_ADDR rem_bda,BOOLEAN enable)180 BOOLEAN L2CA_EnableUpdateBleConnParams (BD_ADDR rem_bda, BOOLEAN enable)
181 {
182     tL2C_LCB            *p_lcb;
183 
184     /* See if we have a link control block for the remote device */
185     p_lcb = l2cu_find_lcb_by_bd_addr (rem_bda, BT_TRANSPORT_LE);
186 
187     if (!p_lcb) {
188         L2CAP_TRACE_WARNING ("L2CA_EnableUpdateBleConnParams - unknown BD_ADDR %08x%04x",
189                              (rem_bda[0] << 24) + (rem_bda[1] << 16) + (rem_bda[2] << 8) + rem_bda[3],
190                              (rem_bda[4] << 8) + rem_bda[5]);
191         return (FALSE);
192     }
193 
194     L2CAP_TRACE_API ("%s - BD_ADDR %08x%04x enable %d current upd state 0x%02x", __FUNCTION__,
195                      (rem_bda[0] << 24) + (rem_bda[1] << 16) + (rem_bda[2] << 8) + rem_bda[3],
196                      (rem_bda[4] << 8) + rem_bda[5], enable, p_lcb->conn_update_mask);
197 
198     if (p_lcb->transport != BT_TRANSPORT_LE) {
199         L2CAP_TRACE_WARNING ("%s - BD_ADDR %08x%04x not LE (link role %d)", __FUNCTION__,
200                              (rem_bda[0] << 24) + (rem_bda[1] << 16) + (rem_bda[2] << 8) + rem_bda[3],
201                              (rem_bda[4] << 8) + rem_bda[5], p_lcb->link_role);
202         return (FALSE);
203     }
204 
205     if (p_lcb->current_used_conn_interval <= BTM_BLE_CONN_INT_MAX_DEF && (p_lcb->conn_update_mask & L2C_BLE_CONN_UPDATE_DISABLE) == 0){
206         return (FALSE);
207     }
208     bool is_disable = (p_lcb->conn_update_mask & L2C_BLE_CONN_UPDATE_DISABLE);
209     if(l2cu_plcb_active_count() >1 && !(enable && is_disable)) {
210         return FALSE;
211     }
212 
213     if (enable) {
214         p_lcb->conn_update_mask &= ~L2C_BLE_CONN_UPDATE_DISABLE;
215     } else {
216         p_lcb->conn_update_mask |= L2C_BLE_CONN_UPDATE_DISABLE;
217     }
218 
219     if (l2cble_start_conn_update(p_lcb) == TRUE) {
220         UINT32 time = CalConnectParamTimeout(p_lcb);
221         btu_start_timer(&p_lcb->upda_con_timer, BTU_TTYPE_L2CAP_UPDA_CONN_PARAMS, time);
222     }
223 
224     return (TRUE);
225 }
226 
227 
228 /*******************************************************************************
229 **
230 ** Function         L2CA_GetBleConnRole
231 **
232 ** Description      This function returns the connection role.
233 **
234 ** Returns          link role.
235 **
236 *******************************************************************************/
L2CA_GetBleConnRole(BD_ADDR bd_addr)237 UINT8 L2CA_GetBleConnRole (BD_ADDR bd_addr)
238 {
239     UINT8       role = HCI_ROLE_UNKNOWN;
240 
241     tL2C_LCB *p_lcb;
242 
243     if ((p_lcb = l2cu_find_lcb_by_bd_addr (bd_addr, BT_TRANSPORT_LE)) != NULL) {
244         role = p_lcb->link_role;
245     }
246 
247     return role;
248 }
249 
250 /*******************************************************************************
251 **
252 ** Function l2cble_notify_le_connection
253 **
254 ** Description This function notifiy the l2cap connection to the app layer
255 **
256 ** Returns none
257 **
258 *******************************************************************************/
l2cble_notify_le_connection(BD_ADDR bda)259 void l2cble_notify_le_connection (BD_ADDR bda)
260 {
261     tL2C_LCB *p_lcb = l2cu_find_lcb_by_bd_addr (bda, BT_TRANSPORT_LE);
262     tACL_CONN *p_acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE) ;
263 
264     if (p_lcb != NULL && p_acl != NULL && p_lcb->link_state != LST_CONNECTED) {
265 
266         if(p_acl->link_role == HCI_ROLE_SLAVE) {
267             //clear p_cb->state, controller will stop adv when ble connected.
268             tBTM_BLE_INQ_CB *p_cb = &btm_cb.ble_ctr_cb.inq_var;
269             if(p_cb) {
270                 p_cb->adv_mode = BTM_BLE_ADV_DISABLE;
271                 p_cb->state = BTM_BLE_STOP_ADV;
272             }
273         }
274         /* update link status */
275         btm_establish_continue(p_acl);
276         /* update l2cap link status and send callback */
277         p_lcb->link_state = LST_CONNECTED;
278         l2cu_process_fixed_chnl_resp (p_lcb);
279     }
280 }
281 
282 /*******************************************************************************
283 **
284 ** Function         l2cble_scanner_conn_comp
285 **
286 ** Description      This function is called when an HCI Connection Complete
287 **                  event is received while we are a scanner (so we are master).
288 **
289 ** Returns          void
290 **
291 *******************************************************************************/
l2cble_scanner_conn_comp(UINT16 handle,BD_ADDR bda,tBLE_ADDR_TYPE type,UINT16 conn_interval,UINT16 conn_latency,UINT16 conn_timeout)292 void l2cble_scanner_conn_comp (UINT16 handle, BD_ADDR bda, tBLE_ADDR_TYPE type,
293                                UINT16 conn_interval, UINT16 conn_latency, UINT16 conn_timeout)
294 {
295     tL2C_LCB            *p_lcb;
296     tBTM_SEC_DEV_REC    *p_dev_rec = btm_find_or_alloc_dev (bda);
297 
298     L2CAP_TRACE_DEBUG ("l2cble_scanner_conn_comp: HANDLE=%d addr_type=%d conn_interval=%d slave_latency=%d supervision_tout=%d",
299                        handle,  type, conn_interval, conn_latency, conn_timeout);
300 
301     l2cb.is_ble_connecting = FALSE;
302 
303     /* See if we have a link control block for the remote device */
304     p_lcb = l2cu_find_lcb_by_bd_addr (bda, BT_TRANSPORT_LE);
305 
306     /* If we don't have one, create one. this is auto connection complete. */
307     if (!p_lcb) {
308         p_lcb = l2cu_allocate_lcb (bda, FALSE, BT_TRANSPORT_LE);
309         if (!p_lcb) {
310 #if (SMP_INCLUDED == TRUE)
311             btm_sec_disconnect (handle, HCI_ERR_NO_CONNECTION);
312             L2CAP_TRACE_ERROR ("l2cble_scanner_conn_comp - failed to allocate LCB");
313 #endif  ///SMP_INCLUDED == TRUE
314             return;
315         } else {
316             if (!l2cu_initialize_fixed_ccb (p_lcb, L2CAP_ATT_CID, &l2cb.fixed_reg[L2CAP_ATT_CID - L2CAP_FIRST_FIXED_CHNL].fixed_chnl_opts)) {
317 #if (SMP_INCLUDED == TRUE)
318                 btm_sec_disconnect (handle, HCI_ERR_NO_CONNECTION);
319                 L2CAP_TRACE_WARNING ("l2cble_scanner_conn_comp - LCB but no CCB");
320 #endif  ///SMP_INCLUDED == TRUE
321                 return ;
322             }
323         }
324     } else if (p_lcb->link_state != LST_CONNECTING) {
325         L2CAP_TRACE_ERROR ("L2CAP got BLE scanner conn_comp in bad state: %d", p_lcb->link_state);
326         return;
327     }
328     btu_stop_timer(&p_lcb->timer_entry);
329 
330     /* Save the handle */
331     p_lcb->handle = handle;
332 
333     /* Connected OK. Change state to connected, we were scanning so we are master */
334     p_lcb->link_role  = HCI_ROLE_MASTER;
335     p_lcb->transport  = BT_TRANSPORT_LE;
336 
337     /* update link parameter, set slave link as non-spec default upon link up */
338     p_lcb->waiting_update_conn_min_interval = p_lcb->waiting_update_conn_max_interval = p_lcb->current_used_conn_interval = conn_interval;
339     p_lcb->waiting_update_conn_timeout = p_lcb->current_used_conn_timeout = conn_timeout;
340     p_lcb->waiting_update_conn_latency = p_lcb->current_used_conn_latency = conn_latency;
341     p_lcb->conn_update_mask = L2C_BLE_NOT_DEFAULT_PARAM;
342     p_lcb->updating_param_flag = false;
343 
344     /* If there are any preferred connection parameters, set them now */
345     if ( (p_dev_rec->conn_params.min_conn_int     >= BTM_BLE_CONN_INT_MIN ) &&
346             (p_dev_rec->conn_params.min_conn_int     <= BTM_BLE_CONN_INT_MAX ) &&
347             (p_dev_rec->conn_params.max_conn_int     >= BTM_BLE_CONN_INT_MIN ) &&
348             (p_dev_rec->conn_params.max_conn_int     <= BTM_BLE_CONN_INT_MAX ) &&
349             (p_dev_rec->conn_params.slave_latency    <= BTM_BLE_CONN_LATENCY_MAX ) &&
350             (p_dev_rec->conn_params.supervision_tout >= BTM_BLE_CONN_SUP_TOUT_MIN) &&
351             (p_dev_rec->conn_params.supervision_tout <= BTM_BLE_CONN_SUP_TOUT_MAX) &&
352             ((conn_interval < p_dev_rec->conn_params.min_conn_int &&
353               p_dev_rec->conn_params.min_conn_int != BTM_BLE_CONN_PARAM_UNDEF) ||
354              (conn_interval > p_dev_rec->conn_params.max_conn_int) ||
355              (conn_latency > p_dev_rec->conn_params.slave_latency) ||
356              (conn_timeout > p_dev_rec->conn_params.supervision_tout))) {
357         L2CAP_TRACE_ERROR ("upd_ll_conn_params: HANDLE=%d min_conn_int=%d max_conn_int=%d slave_latency=%d supervision_tout=%d",
358                            handle, p_dev_rec->conn_params.min_conn_int, p_dev_rec->conn_params.max_conn_int,
359                            p_dev_rec->conn_params.slave_latency, p_dev_rec->conn_params.supervision_tout);
360 
361         p_lcb->waiting_update_conn_min_interval = p_dev_rec->conn_params.min_conn_int;
362         p_lcb->waiting_update_conn_max_interval = p_dev_rec->conn_params.max_conn_int;
363         p_lcb->waiting_update_conn_timeout      = p_dev_rec->conn_params.supervision_tout;
364         p_lcb->waiting_update_conn_latency      = p_dev_rec->conn_params.slave_latency;
365 
366         btsnd_hcic_ble_upd_ll_conn_params (handle,
367                                            p_dev_rec->conn_params.min_conn_int,
368                                            p_dev_rec->conn_params.max_conn_int,
369                                            p_dev_rec->conn_params.slave_latency,
370                                            p_dev_rec->conn_params.supervision_tout,
371                                            BLE_CE_LEN_MIN, BLE_CE_LEN_MIN);
372     }
373 
374     /* Tell BTM Acl management about the link */
375     btm_acl_created (bda, NULL, p_dev_rec->sec_bd_name, handle, p_lcb->link_role, BT_TRANSPORT_LE);
376 
377     p_lcb->peer_chnl_mask[0] = L2CAP_FIXED_CHNL_ATT_BIT | L2CAP_FIXED_CHNL_BLE_SIG_BIT | L2CAP_FIXED_CHNL_SMP_BIT;
378 
379     btm_ble_set_conn_st(BLE_CONN_IDLE);
380 
381 #if BLE_PRIVACY_SPT == TRUE
382     btm_ble_disable_resolving_list(BTM_BLE_RL_INIT, TRUE);
383 #endif
384 }
385 
386 
387 /*******************************************************************************
388 **
389 ** Function         l2cble_advertiser_conn_comp
390 **
391 ** Description      This function is called when an HCI Connection Complete
392 **                  event is received while we are an advertiser (so we are slave).
393 **
394 ** Returns          void
395 **
396 *******************************************************************************/
l2cble_advertiser_conn_comp(UINT16 handle,BD_ADDR bda,tBLE_ADDR_TYPE type,UINT16 conn_interval,UINT16 conn_latency,UINT16 conn_timeout)397 void l2cble_advertiser_conn_comp (UINT16 handle, BD_ADDR bda, tBLE_ADDR_TYPE type,
398                                   UINT16 conn_interval, UINT16 conn_latency, UINT16 conn_timeout)
399 {
400     tL2C_LCB            *p_lcb;
401     tBTM_SEC_DEV_REC    *p_dev_rec;
402     UNUSED(type);
403     UNUSED(conn_interval);
404     UNUSED(conn_latency);
405     UNUSED(conn_timeout);
406 
407     /* See if we have a link control block for the remote device */
408     p_lcb = l2cu_find_lcb_by_bd_addr (bda, BT_TRANSPORT_LE);
409 
410     /* If we don't have one, create one and accept the connection. */
411     if (!p_lcb) {
412         p_lcb = l2cu_allocate_lcb (bda, FALSE, BT_TRANSPORT_LE);
413         if (!p_lcb) {
414 #if (SMP_INCLUDED == TRUE)
415             btm_sec_disconnect (handle, HCI_ERR_NO_CONNECTION);
416 #endif  ///SMP_INCLUDED == TRUE
417             L2CAP_TRACE_ERROR ("l2cble_advertiser_conn_comp - failed to allocate LCB");
418             return;
419         } else {
420             if (!l2cu_initialize_fixed_ccb (p_lcb, L2CAP_ATT_CID, &l2cb.fixed_reg[L2CAP_ATT_CID - L2CAP_FIRST_FIXED_CHNL].fixed_chnl_opts)) {
421 #if (SMP_INCLUDED == TRUE)
422                 btm_sec_disconnect (handle, HCI_ERR_NO_CONNECTION);
423 #endif  ///SMP_INCLUDED == TRUE
424                 L2CAP_TRACE_WARNING ("l2cble_scanner_conn_comp - LCB but no CCB");
425                 return ;
426             }
427         }
428     }
429 
430     /* Save the handle */
431     p_lcb->handle = handle;
432 
433     /* Connected OK. Change state to connected, we were advertising, so we are slave */
434     p_lcb->link_role  = HCI_ROLE_SLAVE;
435     p_lcb->transport  = BT_TRANSPORT_LE;
436 
437     /* update link parameter, set slave link as non-spec default upon link up */
438     p_lcb->waiting_update_conn_min_interval = p_lcb->waiting_update_conn_max_interval = p_lcb->current_used_conn_interval = conn_interval;
439     p_lcb->waiting_update_conn_timeout      =  p_lcb->current_used_conn_timeout = conn_timeout;
440     p_lcb->waiting_update_conn_latency      =  p_lcb->current_used_conn_latency = conn_latency;
441     p_lcb->conn_update_mask = L2C_BLE_NOT_DEFAULT_PARAM;
442     p_lcb->updating_param_flag = false;
443 
444     /* Tell BTM Acl management about the link */
445     p_dev_rec = btm_find_or_alloc_dev (bda);
446 
447     btm_acl_created (bda, NULL, p_dev_rec->sec_bd_name, handle, p_lcb->link_role, BT_TRANSPORT_LE);
448 
449 #if BLE_PRIVACY_SPT == TRUE
450     btm_ble_disable_resolving_list(BTM_BLE_RL_ADV, TRUE);
451 #endif
452 
453     p_lcb->peer_chnl_mask[0] = L2CAP_FIXED_CHNL_ATT_BIT | L2CAP_FIXED_CHNL_BLE_SIG_BIT | L2CAP_FIXED_CHNL_SMP_BIT;
454 
455     if (!HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(controller_get_interface()->get_features_ble()->as_array)) {
456         p_lcb->link_state = LST_CONNECTED;
457         l2cu_process_fixed_chnl_resp (p_lcb);
458     }
459 
460     /* when adv and initiating are both active, cancel the direct connection */
461     if (l2cb.is_ble_connecting && memcmp(bda, l2cb.ble_connecting_bda, BD_ADDR_LEN) == 0) {
462         L2CA_CancelBleConnectReq(bda);
463     }
464 }
465 
466 /*******************************************************************************
467 **
468 ** Function         l2cble_conn_comp
469 **
470 ** Description      This function is called when an HCI Connection Complete
471 **                  event is received.
472 **
473 ** Returns          void
474 **
475 *******************************************************************************/
l2cble_conn_comp(UINT16 handle,UINT8 role,BD_ADDR bda,tBLE_ADDR_TYPE type,UINT16 conn_interval,UINT16 conn_latency,UINT16 conn_timeout)476 void l2cble_conn_comp(UINT16 handle, UINT8 role, BD_ADDR bda, tBLE_ADDR_TYPE type,
477                       UINT16 conn_interval, UINT16 conn_latency, UINT16 conn_timeout)
478 {
479     btm_ble_update_link_topology_mask(role, TRUE);
480 
481     if (role == HCI_ROLE_MASTER) {
482         l2cble_scanner_conn_comp(handle, bda, type, conn_interval, conn_latency, conn_timeout);
483     } else {
484         l2cble_advertiser_conn_comp(handle, bda, type, conn_interval, conn_latency, conn_timeout);
485     }
486 }
487 
488 /*******************************************************************************
489 **
490 **  Function        l2cble_start_conn_update
491 **
492 **  Description     start BLE connection parameter update process based on status
493 **
494 **  Parameters:     lcb : l2cap link control block
495 **
496 **  Return value:   true if successfully sending the request to peer device, else false.
497 **
498 *******************************************************************************/
l2cble_start_conn_update(tL2C_LCB * p_lcb)499 static BOOLEAN l2cble_start_conn_update (tL2C_LCB *p_lcb)
500 {
501     UINT16 min_conn_int, max_conn_int, slave_latency, supervision_tout;
502 #if (defined BLE_LLT_INCLUDED) && (BLE_LLT_INCLUDED == TRUE) && (BLE_SLAVE_UPD_CONN_PARAMS == TRUE)
503     tACL_CONN *p_acl_cb = btm_bda_to_acl(p_lcb->remote_bd_addr, BT_TRANSPORT_LE);
504 #endif    /* defined BLE_LLT_INCLUDED) && (BLE_LLT_INCLUDED == TRUE) && (BLE_SLAVE_UPD_CONN_PARAMS == TRUE */
505 
506     if (p_lcb->conn_update_mask & L2C_BLE_UPDATE_PENDING) {
507         L2CAP_TRACE_WARNING("%s, the last connection update command still pending.", __func__);
508         p_lcb->conn_update_mask |= L2C_BLE_UPDATE_PARAM_FULL;
509         return FALSE;
510     }
511 
512     if (p_lcb->conn_update_mask & L2C_BLE_CONN_UPDATE_DISABLE) {
513         /* application requests to disable parameters update.
514            If parameters are already updated, lets set them
515            up to what has been requested during connection establishement */
516         if (p_lcb->conn_update_mask & L2C_BLE_NOT_DEFAULT_PARAM &&
517                 /* current connection interval is greater than default min */
518                 p_lcb->current_used_conn_interval > BTM_BLE_CONN_INT_MAX_DEF) {
519             /* use 6 * 1.25 = 7.5 ms as fast connection parameter, 0 slave latency */
520             min_conn_int = max_conn_int = BTM_BLE_CONN_INT_MIN;
521             slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF;
522             supervision_tout = BTM_BLE_CONN_TIMEOUT_DEF;
523 
524             /* if both side 4.1, or we are master device, send HCI command */
525             if (p_lcb->link_role == HCI_ROLE_MASTER
526 #if (defined BLE_LLT_INCLUDED) && (BLE_LLT_INCLUDED == TRUE) && (BLE_SLAVE_UPD_CONN_PARAMS == TRUE)
527                     || (HCI_LE_CONN_PARAM_REQ_SUPPORTED(controller_get_interface()->get_features_ble()->as_array) &&
528                         HCI_LE_CONN_PARAM_REQ_SUPPORTED(p_acl_cb->peer_le_features))
529 #endif
530                ) {
531                 btsnd_hcic_ble_upd_ll_conn_params(p_lcb->handle, min_conn_int, max_conn_int,
532                                                   slave_latency, supervision_tout, BLE_CE_LEN_MIN, BLE_CE_LEN_MIN);
533             } else {
534                 l2cu_send_peer_ble_par_req (p_lcb, min_conn_int, max_conn_int, slave_latency, supervision_tout);
535             }
536 
537             //cache save
538             p_lcb->updating_conn_min_interval = min_conn_int;
539             p_lcb->updating_conn_max_interval = max_conn_int;
540             p_lcb->updating_param_flag = true;
541 
542             p_lcb->conn_update_mask |= L2C_BLE_UPDATE_PENDING;
543             p_lcb->conn_update_mask &= ~L2C_BLE_NOT_DEFAULT_PARAM;
544             p_lcb->conn_update_mask |=  L2C_BLE_NEW_CONN_PARAM;
545             return TRUE;
546         }else {
547             return FALSE;
548         }
549     } else {
550         /* application allows to do update, if we were delaying one do it now */
551         if (p_lcb->conn_update_mask & L2C_BLE_NEW_CONN_PARAM) {
552             /* if both side 4.1, or we are master device, send HCI command */
553             if (p_lcb->link_role == HCI_ROLE_MASTER
554 #if (defined BLE_LLT_INCLUDED) && (BLE_LLT_INCLUDED == TRUE) && (BLE_SLAVE_UPD_CONN_PARAMS == TRUE)
555                     || (HCI_LE_CONN_PARAM_REQ_SUPPORTED(controller_get_interface()->get_features_ble()->as_array) &&
556                         HCI_LE_CONN_PARAM_REQ_SUPPORTED(p_acl_cb->peer_le_features))
557 #endif
558                ) {
559                 btsnd_hcic_ble_upd_ll_conn_params(p_lcb->handle, p_lcb->waiting_update_conn_min_interval,
560                                                   p_lcb->waiting_update_conn_max_interval, p_lcb->waiting_update_conn_latency, p_lcb->waiting_update_conn_timeout, BLE_CE_LEN_MIN, BLE_CE_LEN_MIN);
561             } else {
562                 l2cu_send_peer_ble_par_req (p_lcb, p_lcb->waiting_update_conn_min_interval, p_lcb->waiting_update_conn_max_interval,
563                                             p_lcb->waiting_update_conn_latency, p_lcb->waiting_update_conn_timeout);
564             }
565 
566             //cache save
567             p_lcb->updating_conn_min_interval = p_lcb->waiting_update_conn_min_interval;
568             p_lcb->updating_conn_max_interval = p_lcb->waiting_update_conn_max_interval;
569             p_lcb->updating_param_flag = true;
570 
571             p_lcb->conn_update_mask |= L2C_BLE_UPDATE_PENDING;
572             p_lcb->conn_update_mask &= ~L2C_BLE_NEW_CONN_PARAM;
573             p_lcb->conn_update_mask |= L2C_BLE_NOT_DEFAULT_PARAM;
574             return TRUE;
575         } else {
576             return FALSE;
577         }
578     }
579 }
580 
581 /*******************************************************************************
582 **
583 ** Function         l2cble_process_conn_update_evt
584 **
585 ** Description      This function enables the connection update request from remote
586 **                  after a successful connection update response is received.
587 **
588 ** Returns          void
589 **
590 *******************************************************************************/
l2cble_process_conn_update_evt(UINT16 handle,UINT8 status,UINT16 conn_interval,UINT16 conn_latency,UINT16 conn_timeout)591 void l2cble_process_conn_update_evt (UINT16 handle, UINT8 status, UINT16 conn_interval,
592                                                        UINT16 conn_latency, UINT16 conn_timeout)
593 {
594     tL2C_LCB *p_lcb;
595 
596     /* See if we have a link control block for the remote device */
597     p_lcb = l2cu_find_lcb_by_handle(handle);
598     if (!p_lcb) {
599         L2CAP_TRACE_WARNING("le con upd: inv hdl=%d", handle);
600         return;
601     }
602     if (status == HCI_SUCCESS){
603         p_lcb->current_used_conn_interval = conn_interval;
604         p_lcb->current_used_conn_latency = conn_latency;
605         p_lcb->current_used_conn_timeout = conn_timeout;
606     }else{
607         L2CAP_TRACE_WARNING("le con upd: err_stat=0x%x", status);
608     }
609 
610     p_lcb->conn_update_mask &= ~L2C_BLE_UPDATE_PENDING;
611     p_lcb->conn_update_mask &= ~L2C_BLE_UPDATE_PARAM_FULL;
612     btu_stop_timer(&p_lcb->upda_con_timer);
613 
614     if (conn_param_update_cb.update_conn_param_cb != NULL) {
615         l2c_send_update_conn_params_cb(p_lcb, status);
616     }
617 
618     if (l2cble_start_conn_update(p_lcb) == TRUE) {
619         UINT32 time = CalConnectParamTimeout(p_lcb);
620         btu_start_timer(&p_lcb->upda_con_timer, BTU_TTYPE_L2CAP_UPDA_CONN_PARAMS, time);
621     }
622 
623     btu_stop_timer (&p_lcb->timer_entry);
624 
625     L2CAP_TRACE_DEBUG("le con upd: conn_update_mask=%d", p_lcb->conn_update_mask);
626 }
627 
628 /*******************************************************************************
629 **
630 ** Function         l2cble_get_conn_param_format_err_from_contoller
631 **
632 ** Description      This function is called when host get illegal connection paramrters
633 **                  format status from controller
634 **
635 ** Returns          void
636 **
637 *******************************************************************************/
l2cble_get_conn_param_format_err_from_contoller(UINT8 status,UINT16 handle)638 void l2cble_get_conn_param_format_err_from_contoller (UINT8 status, UINT16 handle)
639 {
640     tL2C_LCB *p_lcb;
641 
642     /* See if we have a link control block for the remote device */
643     p_lcb = l2cu_find_lcb_by_handle(handle);
644     if (!p_lcb) {
645         L2CAP_TRACE_ERROR("%s: Invalid handle: %d", __FUNCTION__, handle);
646         return;
647     }
648 
649     p_lcb->conn_update_mask &= ~L2C_BLE_UPDATE_PENDING;
650 
651     btu_stop_timer (&p_lcb->upda_con_timer);
652 
653     if (conn_param_update_cb.update_conn_param_cb != NULL) {
654         l2c_send_update_conn_params_cb(p_lcb, status);
655     }
656     if ((p_lcb->conn_update_mask & L2C_BLE_UPDATE_PARAM_FULL) != 0){
657         p_lcb->conn_update_mask &= ~L2C_BLE_UPDATE_PARAM_FULL;
658         if (l2cble_start_conn_update(p_lcb) == TRUE) {
659             UINT32 time = CalConnectParamTimeout(p_lcb);
660             btu_start_timer(&p_lcb->upda_con_timer, BTU_TTYPE_L2CAP_UPDA_CONN_PARAMS, time);
661         }
662     }
663 
664 }
665 
666 /*******************************************************************************
667 **
668 ** Function         l2cble_process_sig_cmd
669 **
670 ** Description      This function is called when a signalling packet is received
671 **                  on the BLE signalling CID
672 **
673 ** Returns          void
674 **
675 *******************************************************************************/
l2cble_process_sig_cmd(tL2C_LCB * p_lcb,UINT8 * p,UINT16 pkt_len)676 void l2cble_process_sig_cmd (tL2C_LCB *p_lcb, UINT8 *p, UINT16 pkt_len)
677 {
678     UINT8           *p_pkt_end;
679     UINT8           cmd_code, id;
680     UINT16          cmd_len;
681     UINT16          min_interval, max_interval, latency, timeout;
682 
683     p_pkt_end = p + pkt_len;
684 
685     STREAM_TO_UINT8  (cmd_code, p);
686     STREAM_TO_UINT8  (id, p);
687     STREAM_TO_UINT16 (cmd_len, p);
688 
689     /* Check command length does not exceed packet length */
690     if ((p + cmd_len) > p_pkt_end) {
691         L2CAP_TRACE_WARNING ("L2CAP - LE - format error, pkt_len: %d  cmd_len: %d  code: %d", pkt_len, cmd_len, cmd_code);
692         return;
693     }
694 
695     switch (cmd_code) {
696     case L2CAP_CMD_REJECT:
697     case L2CAP_CMD_ECHO_RSP:
698     case L2CAP_CMD_INFO_RSP:
699         p += 2;
700         break;
701     case L2CAP_CMD_ECHO_REQ:
702     case L2CAP_CMD_INFO_REQ:
703         l2cu_send_peer_cmd_reject (p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0, 0);
704         break;
705 
706     case L2CAP_CMD_BLE_UPDATE_REQ:
707         STREAM_TO_UINT16 (min_interval, p); /* 0x0006 - 0x0C80 */
708         STREAM_TO_UINT16 (max_interval, p); /* 0x0006 - 0x0C80 */
709         STREAM_TO_UINT16 (latency, p);  /* 0x0000 - 0x03E8 */
710         STREAM_TO_UINT16 (timeout, p);  /* 0x000A - 0x0C80 */
711         /* If we are a master, the slave wants to update the parameters */
712         if (p_lcb->link_role == HCI_ROLE_MASTER) {
713             if (min_interval < BTM_BLE_CONN_INT_MIN || min_interval > BTM_BLE_CONN_INT_MAX ||
714                     max_interval < BTM_BLE_CONN_INT_MIN || max_interval > BTM_BLE_CONN_INT_MAX ||
715                     latency  > BTM_BLE_CONN_LATENCY_MAX ||
716                     timeout < BTM_BLE_CONN_SUP_TOUT_MIN || timeout > BTM_BLE_CONN_SUP_TOUT_MAX ||
717                     /* The supervision_timeout parameter defines the link supervision timeout for the connection.
718                        The supervision_timeout in milliseconds shall be large than (1 + latency) * max_interval * 2,
719                        where max_interval is given in milliseconds. (See [Vol 6] Part B, Section 4.5.2).
720                        supervision_timeout (mult of 10ms); conn_interval (mult of 1.25ms)
721                        (max_interval * 1.25 * 2) replaced by ((max_interval * 5) >> 1).
722                     */
723                     ((timeout * 10) < ((1 + latency) *((max_interval * 5) >> 1))) ||
724                     max_interval < min_interval) {
725                 l2cu_send_peer_ble_par_rsp (p_lcb, L2CAP_CFG_UNACCEPTABLE_PARAMS, id);
726 
727                 L2CAP_TRACE_ERROR("slave connection parameters update failed, the parameters are out of range");
728 
729             } else {
730 
731                 l2cu_send_peer_ble_par_rsp (p_lcb, L2CAP_CFG_OK, id);
732                 p_lcb->waiting_update_conn_min_interval = min_interval;
733                 p_lcb->waiting_update_conn_max_interval = max_interval;
734                 p_lcb->waiting_update_conn_latency = latency;
735                 p_lcb->waiting_update_conn_timeout = timeout;
736                 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
737 
738                 if (l2cble_start_conn_update(p_lcb) == TRUE) {
739                     UINT32 time = CalConnectParamTimeout(p_lcb);
740                     btu_start_timer(&p_lcb->upda_con_timer, BTU_TTYPE_L2CAP_UPDA_CONN_PARAMS, time);
741                 }
742             }
743         } else {
744             l2cu_send_peer_cmd_reject (p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0, 0);
745         }
746         break;
747 
748     case L2CAP_CMD_BLE_UPDATE_RSP: {
749         UINT16 result = 0;
750         STREAM_TO_UINT16(result, p); //result = 0 connection param accepted, result = 1 connection param rejected.
751         UINT8 status = (result == 0) ? HCI_SUCCESS : HCI_ERR_PARAM_OUT_OF_RANGE;
752         if (status != HCI_SUCCESS) {
753             btu_stop_timer(&p_lcb->upda_con_timer);
754             p_lcb->conn_update_mask &= ~L2C_BLE_UPDATE_PENDING;
755             p_lcb->conn_update_mask &= ~L2C_BLE_UPDATE_PARAM_FULL;
756             l2c_send_update_conn_params_cb(p_lcb, status);
757         }
758         break;
759     }
760     default:
761         L2CAP_TRACE_WARNING ("L2CAP - LE - unknown cmd code: %d", cmd_code);
762         l2cu_send_peer_cmd_reject (p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0, 0);
763         return;
764     }
765 }
766 
767 /*******************************************************************************
768 **
769 ** Function         l2cble_init_direct_conn
770 **
771 ** Description      This function is to initate a direct connection
772 **
773 ** Returns          TRUE connection initiated, FALSE otherwise.
774 **
775 *******************************************************************************/
l2cble_init_direct_conn(tL2C_LCB * p_lcb)776 BOOLEAN l2cble_init_direct_conn (tL2C_LCB *p_lcb)
777 {
778 #if ( (defined BLE_PRIVACY_SPT) && (BLE_PRIVACY_SPT == TRUE) && (!CONTROLLER_RPA_LIST_ENABLE))
779     //check for security device information in the cache
780     bool dev_rec_exist = true;
781     tBTM_SEC_DEV_REC *find_dev_rec = btm_find_dev (p_lcb->remote_bd_addr);
782     if(find_dev_rec == NULL) {
783         dev_rec_exist = false;
784     }
785 
786 #endif // ( (defined BLE_PRIVACY_SPT) && (BLE_PRIVACY_SPT == TRUE) && (!CONTROLLER_RPA_LIST_ENABLE))
787     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_or_alloc_dev (p_lcb->remote_bd_addr);
788     tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb;
789     UINT16 scan_int;
790     UINT16 scan_win;
791     BD_ADDR peer_addr;
792     UINT8 peer_addr_type = BLE_ADDR_PUBLIC;
793     UINT8 own_addr_type = BLE_ADDR_PUBLIC;
794 
795     /* There can be only one BLE connection request outstanding at a time */
796     if (p_dev_rec == NULL) {
797         L2CAP_TRACE_WARNING ("unknown device, can not initate connection");
798         return (FALSE);
799     }
800 
801     scan_int = (p_cb->scan_int == BTM_BLE_SCAN_PARAM_UNDEF) ? BTM_BLE_SCAN_FAST_INT : p_cb->scan_int;
802     scan_win = (p_cb->scan_win == BTM_BLE_SCAN_PARAM_UNDEF) ? BTM_BLE_SCAN_FAST_WIN : p_cb->scan_win;
803 
804     peer_addr_type = p_lcb->ble_addr_type;
805     memcpy(peer_addr, p_lcb->remote_bd_addr, BD_ADDR_LEN);
806 
807 #if ( (defined BLE_PRIVACY_SPT) && (BLE_PRIVACY_SPT == TRUE))
808     own_addr_type = btm_cb.ble_ctr_cb.addr_mgnt_cb.own_addr_type;
809 #if (!CONTROLLER_RPA_LIST_ENABLE)
810     if(dev_rec_exist) {
811         // if the current address information is valid, get the real address information
812         if(p_dev_rec->ble.current_addr_valid) {
813             peer_addr_type = p_dev_rec->ble.current_addr_type;
814             memcpy(peer_addr, p_dev_rec->ble.current_addr, 6);
815         } else {
816             /* find security device information but not find the real address information
817              * This state may be directly open without scanning. In this case, you must
818              * use the current adv address of the device to open*/
819         }
820     } else {
821         //not find security device information, We think this is a new device, connect directly
822     }
823 
824     /* It will cause that scanner doesn't send scan request to advertiser
825     * which has sent IRK to us and we have stored the IRK in controller.
826     * It is a hardware limitation. The preliminary solution is not to
827     * send key to the controller, but to resolve the random address in host.
828     * so we need send the real address information to controller. */
829 
830 #endif // (!CONTROLLER_RPA_LIST_ENABLE)
831 
832 #if (CONTROLLER_RPA_LIST_ENABLE && CONFIG_BT_CTRL_ESP32)
833 
834     if (p_dev_rec->ble.in_controller_list & BTM_RESOLVING_LIST_BIT) {
835         if (btm_cb.ble_ctr_cb.privacy_mode >=  BTM_PRIVACY_1_2) {
836             own_addr_type |= BLE_ADDR_TYPE_ID_BIT;
837         }
838 
839         //btm_ble_enable_resolving_list(BTM_BLE_RL_INIT);
840         btm_random_pseudo_to_identity_addr(peer_addr, &peer_addr_type);
841     } else {
842         btm_ble_disable_resolving_list(BTM_BLE_RL_INIT, TRUE);
843     }
844 
845 #endif // CONTROLLER_RPA_LIST_ENABLE
846 #endif // (defined BLE_PRIVACY_SPT) && (BLE_PRIVACY_SPT == TRUE)
847 
848     if (!btm_ble_topology_check(BTM_BLE_STATE_INIT)) {
849         l2cu_release_lcb (p_lcb);
850         L2CAP_TRACE_ERROR("initate direct connection fail, topology limitation");
851         return FALSE;
852     }
853     uint32_t link_timeout = L2CAP_BLE_LINK_CONNECT_TOUT;
854     if(GATTC_CONNECT_RETRY_COUNT) {
855         if(!p_lcb->retry_create_con) {
856             p_lcb->start_time_s = (esp_system_get_time()/1000);
857         }
858         uint32_t current_time = (esp_system_get_time()/1000);
859         link_timeout = (L2CAP_BLE_LINK_CONNECT_TOUT*1000 - (current_time - p_lcb->start_time_s))/1000;
860 
861         if(link_timeout == 0 || link_timeout > L2CAP_BLE_LINK_CONNECT_TOUT) {
862             link_timeout = L2CAP_BLE_LINK_CONNECT_TOUT;
863         }
864     }
865 
866     if (!p_lcb->is_aux) {
867         if (!btsnd_hcic_ble_create_ll_conn (scan_int,/* UINT16 scan_int      */
868                                             scan_win, /* UINT16 scan_win      */
869                                             FALSE,                   /* UINT8 white_list     */
870                                             peer_addr_type,          /* UINT8 addr_type_peer */
871                                             peer_addr,               /* BD_ADDR bda_peer     */
872                                             own_addr_type,         /* UINT8 addr_type_own  */
873                                             (UINT16) ((p_dev_rec->conn_params.min_conn_int != BTM_BLE_CONN_PARAM_UNDEF) ?
874                                                     p_dev_rec->conn_params.min_conn_int : BTM_BLE_CONN_INT_MIN_DEF),  /* UINT16 conn_int_min  */
875                                             (UINT16) ((p_dev_rec->conn_params.max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) ?
876                                                     p_dev_rec->conn_params.max_conn_int : BTM_BLE_CONN_INT_MAX_DEF),  /* UINT16 conn_int_max  */
877                                             (UINT16) ((p_dev_rec->conn_params.slave_latency != BTM_BLE_CONN_PARAM_UNDEF) ?
878                                                     p_dev_rec->conn_params.slave_latency : BTM_BLE_CONN_SLAVE_LATENCY_DEF), /* UINT16 conn_latency  */
879                                             (UINT16) ((p_dev_rec->conn_params.supervision_tout != BTM_BLE_CONN_PARAM_UNDEF) ?
880                                                     p_dev_rec->conn_params.supervision_tout : BTM_BLE_CONN_TIMEOUT_DEF), /* conn_timeout */
881                                             BLE_CE_LEN_MIN,                       /* UINT16 min_len       */
882                                             BLE_CE_LEN_MIN)) {                    /* UINT16 max_len       */
883             l2cu_release_lcb (p_lcb);
884             L2CAP_TRACE_ERROR("initate direct connection fail, no resources");
885             return (FALSE);
886         } else {
887             p_lcb->link_state = LST_CONNECTING;
888             l2cb.is_ble_connecting = TRUE;
889             memcpy (l2cb.ble_connecting_bda, p_lcb->remote_bd_addr, BD_ADDR_LEN);
890             btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, link_timeout);
891             btm_ble_set_conn_st (BLE_DIR_CONN);
892 
893             return (TRUE);
894         }
895     } else {
896 #if (BLE_50_FEATURE_SUPPORT == TRUE)
897 
898         /*
899         * 0x00 Public Device Address
900         * 0x01 Random Device Address
901         * 0x02 Public Identity Address (corresponds to Resolved Private Address)
902         * 0x03 Random (static) Identity Address (corresponds to Resolved Private Address)
903         * 0xFF No address provided (anonymous advertisement)
904         */
905 
906         if ((peer_addr_type & BLE_ADDR_RANDOM) == BLE_ADDR_RANDOM) {
907             peer_addr_type = BLE_ADDR_RANDOM;
908         } else {
909             peer_addr_type = BLE_ADDR_PUBLIC;
910         }
911 
912         tHCI_CreatExtConn aux_conn = {0};
913         aux_conn.filter_policy = FALSE;
914         aux_conn.own_addr_type = own_addr_type;
915         aux_conn.peer_addr_type = peer_addr_type;
916         memcpy(aux_conn.peer_addr, peer_addr, sizeof(BD_ADDR));
917         if (p_dev_rec->ext_conn_params.phy_mask == BLE_PHY_NO_PREF) {
918             L2CAP_TRACE_WARNING("No extend connection parameters set, use default parameters");
919             aux_conn.init_phy_mask = BLE_PHY_PREF_MASK;
920             memcpy(&aux_conn.params[0], &ext_conn_params, sizeof(tHCI_ExtConnParams));
921             memcpy(&aux_conn.params[1], &ext_conn_params, sizeof(tHCI_ExtConnParams));
922             memcpy(&aux_conn.params[2], &ext_conn_params, sizeof(tHCI_ExtConnParams));
923         } else {
924             aux_conn.init_phy_mask = p_dev_rec->ext_conn_params.phy_mask;
925             memcpy(&aux_conn.params[0], &p_dev_rec->ext_conn_params.phy_1m_conn_params, sizeof(tHCI_ExtConnParams));
926             memcpy(&aux_conn.params[1], &p_dev_rec->ext_conn_params.phy_2m_conn_params, sizeof(tHCI_ExtConnParams));
927             memcpy(&aux_conn.params[2], &p_dev_rec->ext_conn_params.phy_coded_conn_params, sizeof(tHCI_ExtConnParams));
928         }
929         p_lcb->link_state = LST_CONNECTING;
930         l2cb.is_ble_connecting = TRUE;
931         memcpy (l2cb.ble_connecting_bda, p_lcb->remote_bd_addr, BD_ADDR_LEN);
932         btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, link_timeout);
933         btm_ble_set_conn_st (BLE_DIR_CONN);
934         if(!btsnd_hcic_ble_create_ext_conn(&aux_conn)) {
935             l2cu_release_lcb (p_lcb);
936             L2CAP_TRACE_ERROR("initate Aux connection failed, no resources");
937         }
938 #else
939     L2CAP_TRACE_ERROR("BLE 5.0 not support!\n");
940 #endif // #if (BLE_50_FEATURE_SUPPORT == TRUE)
941         return (TRUE);
942     }
943 }
944 
945 /*******************************************************************************
946 **
947 ** Function         l2cble_create_conn
948 **
949 ** Description      This function initiates an acl connection via HCI
950 **
951 ** Returns          TRUE if successful, FALSE if connection not started.
952 **
953 *******************************************************************************/
l2cble_create_conn(tL2C_LCB * p_lcb)954 BOOLEAN l2cble_create_conn (tL2C_LCB *p_lcb)
955 {
956     tBTM_BLE_CONN_ST     conn_st = btm_ble_get_conn_st();
957     BOOLEAN         rt = FALSE;
958 
959     /* There can be only one BLE connection request outstanding at a time */
960     if (conn_st == BLE_CONN_IDLE) {
961         rt = l2cble_init_direct_conn(p_lcb);
962     } else {
963         L2CAP_TRACE_WARNING ("L2CAP - LE - cannot start new connection at conn st: %d", conn_st);
964 
965         btm_ble_enqueue_direct_conn_req(p_lcb);
966 
967         if (conn_st == BLE_BG_CONN) {
968             btm_ble_suspend_bg_conn();
969         }
970 
971         rt = TRUE;
972     }
973     return rt;
974 }
975 
976 /*******************************************************************************
977 **
978 ** Function         l2c_link_processs_ble_num_bufs
979 **
980 ** Description      This function is called when a "controller buffer size"
981 **                  event is first received from the controller. It updates
982 **                  the L2CAP values.
983 **
984 ** Returns          void
985 **
986 *******************************************************************************/
l2c_link_processs_ble_num_bufs(UINT16 num_lm_ble_bufs)987 void l2c_link_processs_ble_num_bufs (UINT16 num_lm_ble_bufs)
988 {
989     if (num_lm_ble_bufs == 0) {
990         num_lm_ble_bufs = L2C_DEF_NUM_BLE_BUF_SHARED;
991         l2cb.num_lm_acl_bufs -= L2C_DEF_NUM_BLE_BUF_SHARED;
992     }
993     L2CAP_TRACE_DEBUG("num_lm_ble_bufs = %d",num_lm_ble_bufs);
994     l2cb.num_lm_ble_bufs = l2cb.controller_le_xmit_window = num_lm_ble_bufs;
995 }
996 
997 /*******************************************************************************
998 **
999 ** Function         l2c_ble_link_adjust_allocation
1000 **
1001 ** Description      This function is called when a link is created or removed
1002 **                  to calculate the amount of packets each link may send to
1003 **                  the HCI without an ack coming back.
1004 **
1005 **                  Currently, this is a simple allocation, dividing the
1006 **                  number of Controller Packets by the number of links. In
1007 **                  the future, QOS configuration should be examined.
1008 **
1009 ** Returns          void
1010 **
1011 *******************************************************************************/
l2c_ble_link_adjust_allocation(void)1012 void l2c_ble_link_adjust_allocation (void)
1013 {
1014     UINT16      qq, yy = 0, qq_remainder;
1015     tL2C_LCB    *p_lcb;
1016     UINT16      hi_quota, low_quota;
1017     UINT16      num_lowpri_links = 0;
1018     UINT16      num_hipri_links  = 0;
1019     UINT16      controller_xmit_quota = l2cb.num_lm_ble_bufs;
1020     UINT16      high_pri_link_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA_A;
1021     list_node_t *p_node = NULL;
1022 
1023     /* If no links active, reset buffer quotas and controller buffers */
1024     if (l2cb.num_ble_links_active == 0) {
1025         l2cb.controller_le_xmit_window = l2cb.num_lm_ble_bufs;
1026         l2cb.ble_round_robin_quota = l2cb.ble_round_robin_unacked = 0;
1027         return;
1028     }
1029 
1030     /* First, count the links */
1031     for (p_node = list_begin(l2cb.p_lcb_pool); p_node; p_node = list_next(p_node)) {
1032         p_lcb = list_node(p_node);
1033         if (p_lcb->in_use && p_lcb->transport == BT_TRANSPORT_LE) {
1034             if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) {
1035                 num_hipri_links++;
1036             } else {
1037                 num_lowpri_links++;
1038             }
1039         }
1040     }
1041 
1042     /* now adjust high priority link quota */
1043     low_quota = num_lowpri_links ? 1 : 0;
1044     while ( (num_hipri_links * high_pri_link_quota + low_quota) > controller_xmit_quota ) {
1045         high_pri_link_quota--;
1046     }
1047 
1048 
1049     /* Work out the xmit quota and buffer quota high and low priorities */
1050     hi_quota  = num_hipri_links * high_pri_link_quota;
1051     low_quota = (hi_quota < controller_xmit_quota) ? controller_xmit_quota - hi_quota : 1;
1052 
1053     /* Work out and save the HCI xmit quota for each low priority link */
1054 
1055     /* If each low priority link cannot have at least one buffer */
1056     if (num_lowpri_links > low_quota) {
1057         l2cb.ble_round_robin_quota = low_quota;
1058         qq = qq_remainder = 0;
1059     }
1060     /* If each low priority link can have at least one buffer */
1061     else if (num_lowpri_links > 0) {
1062         l2cb.ble_round_robin_quota = 0;
1063         l2cb.ble_round_robin_unacked = 0;
1064         qq = low_quota / num_lowpri_links;
1065         qq_remainder = low_quota % num_lowpri_links;
1066     }
1067     /* If no low priority link */
1068     else {
1069         l2cb.ble_round_robin_quota = 0;
1070         l2cb.ble_round_robin_unacked = 0;
1071         qq = qq_remainder = 0;
1072     }
1073     L2CAP_TRACE_EVENT ("l2c_ble_link_adjust_allocation  num_hipri: %u  num_lowpri: %u  low_quota: %u  round_robin_quota: %u  qq: %u",
1074                        num_hipri_links, num_lowpri_links, low_quota,
1075                        l2cb.ble_round_robin_quota, qq);
1076 
1077     /* Now, assign the quotas to each link */
1078     p_node = NULL;
1079     for (p_node = list_begin(l2cb.p_lcb_pool); p_node; p_node = list_next(p_node)) {
1080         p_lcb = list_node(p_node);
1081         if (p_lcb->in_use && p_lcb->transport == BT_TRANSPORT_LE) {
1082             if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) {
1083                 p_lcb->link_xmit_quota   = high_pri_link_quota;
1084             } else {
1085                 /* Safety check in case we switched to round-robin with something outstanding */
1086                 /* if sent_not_acked is added into round_robin_unacked then don't add it again */
1087                 /* l2cap keeps updating sent_not_acked for exiting from round robin */
1088                 if (( p_lcb->link_xmit_quota > 0 ) && ( qq == 0 )) {
1089                     l2cb.ble_round_robin_unacked += p_lcb->sent_not_acked;
1090                 }
1091 
1092                 p_lcb->link_xmit_quota   = qq;
1093                 if (qq_remainder > 0) {
1094                     p_lcb->link_xmit_quota++;
1095                     qq_remainder--;
1096                 }
1097             }
1098 
1099             L2CAP_TRACE_EVENT("l2c_ble_link_adjust_allocation LCB %d   Priority: %d  XmitQuota: %d",
1100                               yy, p_lcb->acl_priority, p_lcb->link_xmit_quota);
1101 
1102             L2CAP_TRACE_EVENT("        SentNotAcked: %d  RRUnacked: %d",
1103                               p_lcb->sent_not_acked, l2cb.round_robin_unacked);
1104 
1105             /* There is a special case where we have readjusted the link quotas and  */
1106             /* this link may have sent anything but some other link sent packets so  */
1107             /* so we may need a timer to kick off this link's transmissions.         */
1108             if ( (p_lcb->link_state == LST_CONNECTED)
1109                     && (!list_is_empty(p_lcb->link_xmit_data_q))
1110                     && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota) ) {
1111                 btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_LINK_FLOW_CONTROL_TOUT);
1112             }
1113         }
1114     }
1115 }
1116 
1117 #if (defined BLE_LLT_INCLUDED) && (BLE_LLT_INCLUDED == TRUE)
1118 /*******************************************************************************
1119 **
1120 ** Function         l2cble_process_rc_param_request_evt
1121 **
1122 ** Description      process LE Remote Connection Parameter Request Event.
1123 **
1124 ** Returns          void
1125 **
1126 *******************************************************************************/
l2cble_process_rc_param_request_evt(UINT16 handle,UINT16 int_min,UINT16 int_max,UINT16 latency,UINT16 timeout)1127 void l2cble_process_rc_param_request_evt(UINT16 handle, UINT16 int_min, UINT16 int_max,
1128         UINT16 latency, UINT16 timeout)
1129 {
1130     tL2C_LCB    *p_lcb = l2cu_find_lcb_by_handle (handle);
1131 
1132     if (p_lcb != NULL) {
1133 
1134         /* if update is enabled, always accept connection parameter update */
1135         if ((p_lcb->conn_update_mask & L2C_BLE_CONN_UPDATE_DISABLE) == 0) {
1136             p_lcb->conn_update_mask |= L2C_BLE_UPDATE_PENDING;
1137             btsnd_hcic_ble_rc_param_req_reply(handle, int_min, int_max, latency, timeout, BLE_CE_LEN_MIN, BLE_CE_LEN_MIN);
1138         }else {
1139             /* always accept connection parameters request which is sent by itself */
1140             if (int_max == BTM_BLE_CONN_INT_MIN) {
1141                 p_lcb->conn_update_mask |= L2C_BLE_UPDATE_PENDING;
1142                 btsnd_hcic_ble_rc_param_req_reply(handle, int_min, int_max, latency, timeout, BLE_CE_LEN_MIN, BLE_CE_LEN_MIN);
1143             }else {
1144                 L2CAP_TRACE_EVENT ("L2CAP - LE - update currently disabled");
1145                 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
1146                 btsnd_hcic_ble_rc_param_req_neg_reply (handle, HCI_ERR_UNACCEPT_CONN_INTERVAL);
1147             }
1148         }
1149 
1150     } else {
1151         L2CAP_TRACE_WARNING("No link to update connection parameter")
1152     }
1153 }
1154 #endif
1155 
1156 /*******************************************************************************
1157 **
1158 ** Function         l2cble_update_data_length
1159 **
1160 ** Description      This function update link tx data length if applicable
1161 **
1162 ** Returns          void
1163 **
1164 *******************************************************************************/
l2cble_update_data_length(tL2C_LCB * p_lcb)1165 void l2cble_update_data_length(tL2C_LCB *p_lcb)
1166 {
1167     UINT16 tx_mtu = 0;
1168     UINT16 i = 0;
1169 
1170     L2CAP_TRACE_DEBUG("%s", __FUNCTION__);
1171 
1172     /* See if we have a link control block for the connection */
1173     if (p_lcb == NULL) {
1174         return;
1175     }
1176 
1177     for (i = 0; i < L2CAP_NUM_FIXED_CHNLS; i++) {
1178         if (i + L2CAP_FIRST_FIXED_CHNL != L2CAP_BLE_SIGNALLING_CID) {
1179             if ((p_lcb->p_fixed_ccbs[i] != NULL) &&
1180                     (tx_mtu < (p_lcb->p_fixed_ccbs[i]->tx_data_len + L2CAP_PKT_OVERHEAD))) {
1181                 tx_mtu = p_lcb->p_fixed_ccbs[i]->tx_data_len + L2CAP_PKT_OVERHEAD;
1182             }
1183         }
1184     }
1185 
1186     if (tx_mtu > BTM_BLE_DATA_SIZE_MAX) {
1187         tx_mtu = BTM_BLE_DATA_SIZE_MAX;
1188     }
1189 
1190     /* update TX data length if changed */
1191     if (p_lcb->tx_data_len != tx_mtu) {
1192         BTM_SetBleDataLength(p_lcb->remote_bd_addr, tx_mtu);
1193     }
1194 
1195 }
1196 
1197 /*******************************************************************************
1198 **
1199 ** Function         l2cble_process_data_length_change_evt
1200 **
1201 ** Description      This function process the data length change event
1202 **
1203 ** Returns          void
1204 **
1205 *******************************************************************************/
l2cble_process_data_length_change_event(UINT16 handle,UINT16 tx_data_len,UINT16 rx_data_len)1206 void l2cble_process_data_length_change_event(UINT16 handle, UINT16 tx_data_len, UINT16 rx_data_len)
1207 {
1208     tL2C_LCB *p_lcb = l2cu_find_lcb_by_handle(handle);
1209 
1210     L2CAP_TRACE_DEBUG("%s TX data len = %d", __FUNCTION__, tx_data_len);
1211     if (p_lcb == NULL) {
1212         return;
1213     }
1214 
1215     if (tx_data_len > 0) {
1216         p_lcb->tx_data_len = tx_data_len;
1217     }
1218 
1219     tACL_CONN *p_acl = btm_handle_to_acl(handle);
1220     if (p_acl != NULL && p_acl->p_set_pkt_data_cback){
1221        tBTM_LE_SET_PKT_DATA_LENGTH_PARAMS data_length_params;
1222        data_length_params.rx_len = tx_data_len;
1223        data_length_params.tx_len = rx_data_len;
1224        p_acl->data_length_params = data_length_params;
1225        (*p_acl->p_set_pkt_data_cback)(BTM_SUCCESS, &data_length_params);
1226     }
1227 }
1228 
1229 /*******************************************************************************
1230 **
1231 ** Function         l2cble_set_fixed_channel_tx_data_length
1232 **
1233 ** Description      This function update max fixed channel tx data length if applicable
1234 **
1235 ** Returns          void
1236 **
1237 *******************************************************************************/
l2cble_set_fixed_channel_tx_data_length(BD_ADDR remote_bda,UINT16 fix_cid,UINT16 tx_mtu)1238 void l2cble_set_fixed_channel_tx_data_length(BD_ADDR remote_bda, UINT16 fix_cid, UINT16 tx_mtu)
1239 {
1240     tL2C_LCB *p_lcb = l2cu_find_lcb_by_bd_addr(remote_bda, BT_TRANSPORT_LE);
1241     UINT16 cid = fix_cid - L2CAP_FIRST_FIXED_CHNL;
1242 
1243     L2CAP_TRACE_DEBUG("%s TX MTU = %d", __FUNCTION__, tx_mtu);
1244 
1245     if (!controller_get_interface()->supports_ble_packet_extension()) {
1246         L2CAP_TRACE_WARNING("%s, request not supported", __FUNCTION__);
1247         return;
1248     }
1249 
1250     /* See if we have a link control block for the connection */
1251     if (p_lcb == NULL) {
1252         return;
1253     }
1254 
1255     if (p_lcb->p_fixed_ccbs[cid] != NULL) {
1256         if (tx_mtu > BTM_BLE_DATA_SIZE_MAX) {
1257             tx_mtu = BTM_BLE_DATA_SIZE_MAX;
1258         }
1259 
1260         p_lcb->p_fixed_ccbs[cid]->tx_data_len = tx_mtu;
1261     }
1262 
1263     l2cble_update_data_length(p_lcb);
1264 }
1265 
1266 
1267 /*******************************************************************************
1268 **
1269 ** Function         l2c_send_update_conn_params_cb
1270 **
1271 ** Description      This function send the update connection parameter callback to the uplayer.
1272 **
1273 ** Returns          void
1274 **
1275 *******************************************************************************/
l2c_send_update_conn_params_cb(tL2C_LCB * p_lcb,UINT8 status)1276 void l2c_send_update_conn_params_cb(tL2C_LCB *p_lcb, UINT8 status)
1277 {
1278     if(conn_param_update_cb.update_conn_param_cb != NULL){
1279         tBTM_LE_UPDATE_CONN_PRAMS update_param;
1280         //if myself update the connection parameters
1281         if (p_lcb->updating_param_flag){
1282             update_param.max_conn_int = p_lcb->updating_conn_max_interval;
1283             update_param.min_conn_int = p_lcb->updating_conn_min_interval;
1284             p_lcb->updating_param_flag = false;
1285         }else{
1286             // remote device update the connection parameters
1287             update_param.max_conn_int = update_param.min_conn_int = 0;
1288         }
1289         // current connection parameters
1290         update_param.conn_int = p_lcb->current_used_conn_interval;
1291         update_param.slave_latency = p_lcb->current_used_conn_latency;
1292         update_param.supervision_tout = p_lcb->current_used_conn_timeout;
1293 
1294         (conn_param_update_cb.update_conn_param_cb)(status, p_lcb->remote_bd_addr, &update_param);
1295     }
1296 }
1297 
1298 /*******************************************************************************
1299 **
1300 ** Function         CalConnectParamTimeout
1301 **
1302 ** Description      This function is called to calculate the connection parameter timeout.
1303 **
1304 ** Returns          timeout
1305 **
1306 *******************************************************************************/
CalConnectParamTimeout(tL2C_LCB * p_lcb)1307 UINT32 CalConnectParamTimeout(tL2C_LCB *p_lcb)
1308 {
1309     UINT32 timeout = 6;
1310     if (p_lcb != NULL){
1311         //1.25 * conn_int *(1+ latency) *32
1312         timeout = (40 * ( 1 + p_lcb->current_used_conn_latency) * p_lcb->current_used_conn_interval + 1000) / 1000;
1313         if (timeout < 1){
1314             timeout = 1;
1315         }else if (timeout > 120){
1316             timeout = 120;
1317         }
1318     }
1319     return timeout;
1320 }
1321 
1322 /*******************************************************************************
1323 **
1324 ** Function         l2cble_credit_based_conn_req
1325 **
1326 ** Description      This function sends LE Credit Based Connection Request for
1327 **                  LE connection oriented channels.
1328 **
1329 ** Returns          void
1330 **
1331 *******************************************************************************/
l2cble_credit_based_conn_req(tL2C_CCB * p_ccb)1332 void l2cble_credit_based_conn_req (tL2C_CCB *p_ccb)
1333 {
1334     if (!p_ccb) {
1335         return;
1336     }
1337 
1338     if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE)
1339     {
1340         L2CAP_TRACE_WARNING ("LE link doesn't exist");
1341         return;
1342     }
1343 
1344     l2cu_send_peer_ble_credit_based_conn_req (p_ccb);
1345     return;
1346 }
1347 
1348 /*******************************************************************************
1349 **
1350 ** Function         l2cble_credit_based_conn_res
1351 **
1352 ** Description      This function sends LE Credit Based Connection Response for
1353 **                  LE connection oriented channels.
1354 **
1355 ** Returns          void
1356 **
1357 *******************************************************************************/
l2cble_credit_based_conn_res(tL2C_CCB * p_ccb,UINT16 result)1358 void l2cble_credit_based_conn_res (tL2C_CCB *p_ccb, UINT16 result)
1359 {
1360     if (!p_ccb) {
1361         return;
1362     }
1363 
1364     if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE)
1365     {
1366         L2CAP_TRACE_WARNING ("LE link doesn't exist");
1367         return;
1368     }
1369 
1370     l2cu_send_peer_ble_credit_based_conn_res (p_ccb, result);
1371     return;
1372 }
1373 
1374 /*******************************************************************************
1375 **
1376 ** Function         l2cble_send_flow_control_credit
1377 **
1378 ** Description      This function sends flow control credits for
1379 **                  LE connection oriented channels.
1380 **
1381 ** Returns          void
1382 **
1383 *******************************************************************************/
l2cble_send_flow_control_credit(tL2C_CCB * p_ccb,UINT16 credit_value)1384 void l2cble_send_flow_control_credit(tL2C_CCB *p_ccb, UINT16 credit_value)
1385 {
1386     if (!p_ccb) {
1387         return;
1388     }
1389 
1390     if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE)
1391     {
1392         L2CAP_TRACE_WARNING ("LE link doesn't exist");
1393         return;
1394     }
1395 
1396     l2cu_send_peer_ble_flow_control_credit(p_ccb, credit_value);
1397     return;
1398 
1399 }
1400 
1401 /*******************************************************************************
1402 **
1403 ** Function         l2cble_send_peer_disc_req
1404 **
1405 ** Description      This function sends disconnect request
1406 **                  to the peer LE device
1407 **
1408 ** Returns          void
1409 **
1410 *******************************************************************************/
l2cble_send_peer_disc_req(tL2C_CCB * p_ccb)1411 void l2cble_send_peer_disc_req(tL2C_CCB *p_ccb)
1412 {
1413     L2CAP_TRACE_DEBUG ("%s",__func__);
1414     if (!p_ccb) {
1415         return;
1416     }
1417 
1418     if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE)
1419     {
1420         L2CAP_TRACE_WARNING ("LE link doesn't exist");
1421         return;
1422     }
1423 
1424     l2cu_send_peer_ble_credit_based_disconn_req(p_ccb);
1425     return;
1426 }
1427 
1428 #if (SMP_INCLUDED == TRUE)
1429 /*******************************************************************************
1430 **
1431 ** Function         l2cble_sec_comp
1432 **
1433 ** Description      This function is called when security procedure for an LE COC
1434 **                  link is done
1435 **
1436 ** Returns          void
1437 **
1438 *******************************************************************************/
l2cble_sec_comp(BD_ADDR p_bda,tBT_TRANSPORT transport,void * p_ref_data,UINT8 status)1439 void  l2cble_sec_comp(BD_ADDR p_bda, tBT_TRANSPORT transport, void *p_ref_data, UINT8 status)
1440 {
1441     tL2C_LCB *p_lcb = l2cu_find_lcb_by_bd_addr(p_bda, BT_TRANSPORT_LE);
1442     tL2CAP_SEC_DATA *p_buf = NULL;
1443     UINT8 sec_flag;
1444     UINT8 sec_act;
1445 
1446     if (!p_lcb)
1447     {
1448         L2CAP_TRACE_WARNING ("%s security complete for unknown device", __func__);
1449         return;
1450     }
1451 
1452     sec_act = p_lcb->sec_act;
1453     p_lcb->sec_act = 0;
1454 
1455     if (!fixed_queue_is_empty(p_lcb->le_sec_pending_q))
1456     {
1457         p_buf = (tL2CAP_SEC_DATA*) fixed_queue_dequeue(p_lcb->le_sec_pending_q, FIXED_QUEUE_MAX_TIMEOUT);
1458         if (!p_buf)
1459         {
1460             L2CAP_TRACE_WARNING ("%s Security complete for request not initiated from L2CAP",
1461                     __func__);
1462             return;
1463         }
1464 
1465         if (status != BTM_SUCCESS)
1466         {
1467             (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data, status);
1468         }
1469         else
1470         {
1471             if (sec_act == BTM_SEC_ENCRYPT_MITM)
1472             {
1473                 BTM_GetSecurityFlagsByTransport(p_bda, &sec_flag, transport);
1474                 if (sec_flag & BTM_SEC_FLAG_LKEY_AUTHED) {
1475                     (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data, status);
1476                 }
1477                 else
1478                 {
1479                     L2CAP_TRACE_DEBUG ("%s MITM Protection Not present", __func__);
1480                     (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data,
1481                             BTM_FAILED_ON_SECURITY);
1482                 }
1483             }
1484             else
1485             {
1486                 L2CAP_TRACE_DEBUG ("%s MITM Protection not required sec_act = %d",
1487                         __func__, p_lcb->sec_act);
1488 
1489                 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data, status);
1490             }
1491         }
1492     }
1493     else
1494     {
1495         L2CAP_TRACE_WARNING ("%s Security complete for request not initiated from L2CAP", __func__);
1496         return;
1497     }
1498     osi_free(p_buf);
1499 
1500     while (!fixed_queue_is_empty(p_lcb->le_sec_pending_q))
1501     {
1502         p_buf = (tL2CAP_SEC_DATA*) fixed_queue_dequeue(p_lcb->le_sec_pending_q, FIXED_QUEUE_MAX_TIMEOUT);
1503 
1504         if (status != BTM_SUCCESS) {
1505             (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data, status);
1506         } else {
1507             l2ble_sec_access_req(p_bda, p_buf->psm, p_buf->is_originator,
1508                     p_buf->p_callback, p_buf->p_ref_data);
1509         }
1510 
1511        osi_free(p_buf);
1512     }
1513 }
1514 
1515 /*******************************************************************************
1516 **
1517 ** Function         l2ble_sec_access_req
1518 **
1519 ** Description      This function is called by LE COC link to meet the
1520 **                  security requirement for the link
1521 **
1522 ** Returns          TRUE - security procedures are started
1523 **                  FALSE - failure
1524 **
1525 *******************************************************************************/
l2ble_sec_access_req(BD_ADDR bd_addr,UINT16 psm,BOOLEAN is_originator,tL2CAP_SEC_CBACK * p_callback,void * p_ref_data)1526 BOOLEAN l2ble_sec_access_req(BD_ADDR bd_addr, UINT16 psm, BOOLEAN is_originator, tL2CAP_SEC_CBACK *p_callback, void *p_ref_data)
1527 {
1528     L2CAP_TRACE_DEBUG ("%s", __func__);
1529     BOOLEAN status;
1530     tL2C_LCB *p_lcb = NULL;
1531 
1532     if (!p_callback)
1533     {
1534         L2CAP_TRACE_ERROR("%s No callback function", __func__);
1535         return FALSE;
1536     }
1537 
1538     p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE);
1539 
1540     if (!p_lcb)
1541     {
1542         L2CAP_TRACE_ERROR ("%s Security check for unknown device", __func__);
1543         p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_UNKNOWN_ADDR);
1544         return FALSE;
1545     }
1546 
1547     tL2CAP_SEC_DATA *p_buf = (tL2CAP_SEC_DATA*) osi_malloc((UINT16)sizeof(tL2CAP_SEC_DATA));
1548     if (!p_buf)
1549     {
1550         p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_NO_RESOURCES);
1551         return FALSE;
1552     }
1553 
1554     p_buf->psm = psm;
1555     p_buf->is_originator = is_originator;
1556     p_buf->p_callback = p_callback;
1557     p_buf->p_ref_data = p_ref_data;
1558     fixed_queue_enqueue(p_lcb->le_sec_pending_q, p_buf, FIXED_QUEUE_MAX_TIMEOUT);
1559     status = btm_ble_start_sec_check(bd_addr, psm, is_originator, &l2cble_sec_comp, p_ref_data);
1560 
1561     return status;
1562 }
1563 #endif /* #if (SMP_INCLUDED == TRUE) */
1564 #endif /* (BLE_INCLUDED == TRUE) */
1565 /*******************************************************************************
1566 **
1567 ** Function         L2CA_GetDisconnectReason
1568 **
1569 ** Description      This function returns the disconnect reason code.
1570 **
1571 ** Returns          disconnect reason
1572 **
1573 *******************************************************************************/
L2CA_GetDisconnectReason(BD_ADDR remote_bda,tBT_TRANSPORT transport)1574 UINT16 L2CA_GetDisconnectReason (BD_ADDR remote_bda, tBT_TRANSPORT transport)
1575 {
1576     tL2C_LCB            *p_lcb;
1577     UINT16              reason = 0;
1578 
1579     if ((p_lcb = l2cu_find_lcb_by_bd_addr (remote_bda, transport)) != NULL) {
1580         reason = p_lcb->disc_reason;
1581     }
1582 
1583     L2CAP_TRACE_DEBUG ("L2CA_GetDisconnectReason=%d ", reason);
1584 
1585     return reason;
1586 }
1587