Home | History | Annotate | Download | only in gatt
      1 /******************************************************************************
      2  *
      3  *  Copyright (C) 2009-2012 Broadcom Corporation
      4  *
      5  *  Licensed under the Apache License, Version 2.0 (the "License");
      6  *  you may not use this file except in compliance with the License.
      7  *  You may obtain a copy of the License at:
      8  *
      9  *  http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  *  Unless required by applicable law or agreed to in writing, software
     12  *  distributed under the License is distributed on an "AS IS" BASIS,
     13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  *  See the License for the specific language governing permissions and
     15  *  limitations under the License.
     16  *
     17  ******************************************************************************/
     18 
     19 /******************************************************************************
     20  *
     21  *  this file contains GATT utility functions
     22  *
     23  ******************************************************************************/
     24 #include "bt_target.h"
     25 #include "bt_utils.h"
     26 
     27 #if BLE_INCLUDED == TRUE
     28     #include <string.h>
     29     #include "stdio.h"
     30     #include "gki.h"
     31 
     32     #include "l2cdefs.h"
     33     #include "gatt_int.h"
     34     #include "gatt_api.h"
     35     #include "gattdefs.h"
     36     #include "sdp_api.h"
     37     #include "btm_int.h"
     38 /* check if [x, y] and [a, b] have overlapping range */
     39     #define GATT_VALIDATE_HANDLE_RANGE(x, y, a, b)   (y >= a && x <= b)
     40 
     41     #define GATT_GET_NEXT_VALID_HANDLE(x)    (((x)/10 + 1) * 10)
     42 
     43 const char * const op_code_name[] =
     44 {
     45     "UNKNOWN",
     46     "ATT_RSP_ERROR",
     47     "ATT_REQ_MTU",
     48     "ATT_RSP_MTU",
     49     "ATT_REQ_READ_INFO",
     50     "ATT_RSP_READ_INFO",
     51     "ATT_REQ_FIND_TYPE_VALUE",
     52     "ATT_RSP_FIND_TYPE_VALUE",
     53     "ATT_REQ_READ_BY_TYPE",
     54     "ATT_RSP_READ_BY_TYPE",
     55     "ATT_REQ_READ",
     56     "ATT_RSP_READ",
     57     "ATT_REQ_READ_BLOB",
     58     "ATT_RSP_READ_BLOB",
     59     "GATT_REQ_READ_MULTI",
     60     "GATT_RSP_READ_MULTI",
     61     "GATT_REQ_READ_BY_GRP_TYPE",
     62     "GATT_RSP_READ_BY_GRP_TYPE",
     63     "ATT_REQ_WRITE",
     64     "ATT_RSP_WRITE",
     65     "ATT_CMD_WRITE",
     66     "ATT_SIGN_CMD_WRITE",
     67     "ATT_REQ_PREPARE_WRITE",
     68     "ATT_RSP_PREPARE_WRITE",
     69     "ATT_REQ_EXEC_WRITE",
     70     "ATT_RSP_EXEC_WRITE",
     71     "Reserved",
     72     "ATT_HANDLE_VALUE_NOTIF",
     73     "Reserved",
     74     "ATT_HANDLE_VALUE_IND",
     75     "ATT_HANDLE_VALUE_CONF",
     76     "ATT_OP_CODE_MAX"
     77 };
     78 
     79 static const UINT8  base_uuid[LEN_UUID_128] = {0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
     80     0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
     81 
     82 
     83 /*******************************************************************************
     84 **
     85 ** Function         gatt_free_pending_ind
     86 **
     87 ** Description    Free all pending indications
     88 **
     89 ** Returns       None
     90 **
     91 *******************************************************************************/
     92 void gatt_free_pending_ind(tGATT_TCB *p_tcb)
     93 {
     94     GATT_TRACE_DEBUG("gatt_free_pending_ind");
     95     /* release all queued indications */
     96     while (!GKI_queue_is_empty(&p_tcb->pending_ind_q))
     97         GKI_freebuf (GKI_dequeue (&p_tcb->pending_ind_q));
     98 }
     99 
    100 /*******************************************************************************
    101 **
    102 ** Function         gatt_free_pending_enc_queue
    103 **
    104 ** Description       Free all buffers in pending encyption queue
    105 **
    106 ** Returns       None
    107 **
    108 *******************************************************************************/
    109 void gatt_free_pending_enc_queue(tGATT_TCB *p_tcb)
    110 {
    111     GATT_TRACE_DEBUG("gatt_free_pending_enc_queue");
    112     /* release all queued indications */
    113     while (!GKI_queue_is_empty(&p_tcb->pending_enc_clcb))
    114         GKI_freebuf (GKI_dequeue (&p_tcb->pending_enc_clcb));
    115 }
    116 
    117 /*******************************************************************************
    118 **
    119 ** Function         gatt_delete_dev_from_srv_chg_clt_list
    120 **
    121 ** Description    Delete a device from the service changed client lit
    122 **
    123 ** Returns       None
    124 **
    125 *******************************************************************************/
    126 void gatt_delete_dev_from_srv_chg_clt_list(BD_ADDR bd_addr)
    127 {
    128     tGATTS_SRV_CHG     *p_buf;
    129     tGATTS_SRV_CHG_REQ  req;
    130 
    131     GATT_TRACE_DEBUG ("gatt_delete_dev_from_srv_chg_clt_list");
    132     if ((p_buf = gatt_is_bda_in_the_srv_chg_clt_list(bd_addr)) != NULL)
    133     {
    134         if (gatt_cb.cb_info.p_srv_chg_callback)
    135         {
    136             /* delete from NV */
    137             memcpy(req.srv_chg.bda, bd_addr, BD_ADDR_LEN);
    138             (*gatt_cb.cb_info.p_srv_chg_callback)(GATTS_SRV_CHG_CMD_REMOVE_CLIENT,&req, NULL);
    139         }
    140         GKI_freebuf (GKI_remove_from_queue (&gatt_cb.srv_chg_clt_q, p_buf));
    141     }
    142 
    143 }
    144 
    145 /*******************************************************************************
    146 **
    147 ** Function         gatt_set_srv_chg
    148 **
    149 ** Description      Set the service changed flag to TRUE
    150 **
    151 ** Returns        None
    152 **
    153 *******************************************************************************/
    154 void gatt_set_srv_chg(void)
    155 {
    156     tGATTS_SRV_CHG *p_buf = (tGATTS_SRV_CHG *)GKI_getfirst(&gatt_cb.srv_chg_clt_q);
    157     tGATTS_SRV_CHG_REQ req;
    158 
    159     GATT_TRACE_DEBUG ("gatt_set_srv_chg");
    160     while (p_buf)
    161     {
    162         GATT_TRACE_DEBUG ("found a srv_chg clt");
    163         if (!p_buf->srv_changed)
    164         {
    165             GATT_TRACE_DEBUG ("set srv_changed to TRUE");
    166             p_buf->srv_changed= TRUE;
    167             memcpy(&req.srv_chg, p_buf, sizeof(tGATTS_SRV_CHG));
    168             if (gatt_cb.cb_info.p_srv_chg_callback)
    169                 (*gatt_cb.cb_info.p_srv_chg_callback)(GATTS_SRV_CHG_CMD_UPDATE_CLIENT,&req, NULL);
    170         }
    171         p_buf = (tGATTS_SRV_CHG *)GKI_getnext(p_buf);
    172     }
    173 }
    174 
    175 /*******************************************************************************
    176 **
    177 ** Function         gatt_sr_is_new_srv_chg
    178 **
    179 ** Description     Find the app id in on the new service changed list
    180 **
    181 ** Returns     Pointer to the found new service changed item othwerwise NULL
    182 **
    183 *******************************************************************************/
    184 tGATTS_PENDING_NEW_SRV_START *gatt_sr_is_new_srv_chg(tBT_UUID *p_app_uuid128, tBT_UUID *p_svc_uuid, UINT16 svc_inst)
    185 {
    186     tGATTS_HNDL_RANGE *p;
    187     tGATTS_PENDING_NEW_SRV_START *p_buf = (tGATTS_PENDING_NEW_SRV_START *)GKI_getfirst(&gatt_cb.pending_new_srv_start_q);
    188 
    189     while (p_buf != NULL)
    190     {
    191         p = p_buf->p_new_srv_start;
    192         if (  gatt_uuid_compare (*p_app_uuid128, p->app_uuid128)
    193               &&  gatt_uuid_compare (*p_svc_uuid, p->svc_uuid)
    194               &&  (svc_inst == p->svc_inst) )
    195         {
    196             GATT_TRACE_DEBUG ("gatt_sr_is_new_srv_chg: Yes");
    197             break;
    198         }
    199         p_buf = (tGATTS_PENDING_NEW_SRV_START *)GKI_getnext(p_buf);
    200     }
    201 
    202     return p_buf;
    203 }
    204 
    205 
    206 /*******************************************************************************
    207 **
    208 ** Function     gatt_add_pending_ind
    209 **
    210 ** Description  Add a pending indication
    211 **
    212 ** Returns    Pointer to the current pending indication buffer, NULL no buffer available
    213 **
    214 *******************************************************************************/
    215 tGATT_VALUE *gatt_add_pending_ind(tGATT_TCB  *p_tcb, tGATT_VALUE *p_ind)
    216 {
    217     tGATT_VALUE   *p_buf;
    218     GATT_TRACE_DEBUG ("gatt_add_pending_ind");
    219     if ((p_buf = (tGATT_VALUE *)GKI_getbuf((UINT16)sizeof(tGATT_VALUE))) != NULL)
    220     {
    221         GATT_TRACE_DEBUG ("enqueue a pending indication");
    222         memcpy(p_buf, p_ind, sizeof(tGATT_VALUE));
    223         GKI_enqueue (&p_tcb->pending_ind_q, p_buf);
    224     }
    225     return p_buf;
    226 }
    227 
    228 
    229 /*******************************************************************************
    230 **
    231 ** Function     gatt_add_pending_new_srv_start
    232 **
    233 ** Description  Add a pending new srv start to the new service start queue
    234 **
    235 ** Returns    Pointer to the new service start buffer, NULL no buffer available
    236 **
    237 *******************************************************************************/
    238 tGATTS_PENDING_NEW_SRV_START *gatt_add_pending_new_srv_start(tGATTS_HNDL_RANGE *p_new_srv_start)
    239 {
    240     tGATTS_PENDING_NEW_SRV_START   *p_buf;
    241 
    242     GATT_TRACE_DEBUG ("gatt_add_pending_new_srv_start");
    243     if ((p_buf = (tGATTS_PENDING_NEW_SRV_START *)GKI_getbuf((UINT16)sizeof(tGATTS_PENDING_NEW_SRV_START))) != NULL)
    244     {
    245         GATT_TRACE_DEBUG ("enqueue a new pending new srv start");
    246         p_buf->p_new_srv_start = p_new_srv_start;
    247         GKI_enqueue (&gatt_cb.pending_new_srv_start_q, p_buf);
    248     }
    249     return p_buf;
    250 }
    251 
    252 
    253 /*******************************************************************************
    254 **
    255 ** Function     gatt_add_srv_chg_clt
    256 **
    257 ** Description  Add a service chnage client to the service change client queue
    258 **
    259 ** Returns    Pointer to the service change client buffer; Null no buffer available
    260 **
    261 *******************************************************************************/
    262 tGATTS_SRV_CHG *gatt_add_srv_chg_clt(tGATTS_SRV_CHG *p_srv_chg)
    263 {
    264     tGATTS_SRV_CHG *p_buf;
    265     GATT_TRACE_DEBUG ("gatt_add_srv_chg_clt");
    266     if ((p_buf = (tGATTS_SRV_CHG *)GKI_getbuf((UINT16)sizeof(tGATTS_SRV_CHG))) != NULL)
    267     {
    268         GATT_TRACE_DEBUG ("enqueue a srv chg client");
    269         memcpy(p_buf, p_srv_chg, sizeof(tGATTS_SRV_CHG));
    270         GKI_enqueue (&gatt_cb.srv_chg_clt_q, p_buf);
    271     }
    272 
    273     return p_buf;
    274 }
    275 
    276 
    277 /*******************************************************************************
    278 **
    279 ** Function     gatt_alloc_hdl_buffer
    280 **
    281 ** Description  Allocate a handle buufer
    282 **
    283 ** Returns    Pointer to the allocated buffer, NULL no buffer available
    284 **
    285 *******************************************************************************/
    286 tGATT_HDL_LIST_ELEM *gatt_alloc_hdl_buffer(void)
    287 {
    288     UINT8 i;
    289     tGATT_CB    *p_cb = &gatt_cb;
    290     tGATT_HDL_LIST_ELEM * p_elem= &p_cb->hdl_list[0];
    291 
    292     for (i = 0; i < GATT_MAX_SR_PROFILES; i++, p_elem ++)
    293     {
    294         if (!p_cb->hdl_list[i].in_use)
    295         {
    296             memset(p_elem, 0, sizeof(tGATT_HDL_LIST_ELEM));
    297             p_elem->in_use = TRUE;
    298             return p_elem;
    299         }
    300     }
    301 
    302     return NULL;
    303 }
    304 
    305 /*******************************************************************************
    306 **
    307 ** Function     gatt_find_hdl_buffer_by_handle
    308 **
    309 ** Description  Find handle range buffer by service handle.
    310 **
    311 ** Returns    Pointer to the buffer, NULL no buffer available
    312 **
    313 *******************************************************************************/
    314 tGATT_HDL_LIST_ELEM *gatt_find_hdl_buffer_by_handle(UINT16 handle)
    315 {
    316     tGATT_HDL_LIST_INFO *p_list_info= &gatt_cb.hdl_list_info;
    317     tGATT_HDL_LIST_ELEM      *p_list = NULL;
    318 
    319     p_list = p_list_info->p_first;
    320 
    321     while (p_list != NULL)
    322     {
    323         if (p_list->in_use && p_list->asgn_range.s_handle == handle)
    324         {
    325             return(p_list);
    326         }
    327         p_list = p_list->p_next;
    328     }
    329     return NULL;
    330 }
    331 /*******************************************************************************
    332 **
    333 ** Function     gatt_find_hdl_buffer_by_app_id
    334 **
    335 ** Description  Find handle range buffer by app ID, service and service instance ID.
    336 **
    337 ** Returns    Pointer to the buffer, NULL no buffer available
    338 **
    339 *******************************************************************************/
    340 tGATT_HDL_LIST_ELEM *gatt_find_hdl_buffer_by_app_id (tBT_UUID *p_app_uuid128,
    341                                                      tBT_UUID *p_svc_uuid,
    342                                                      UINT16 svc_inst)
    343 {
    344     tGATT_HDL_LIST_INFO *p_list_info= &gatt_cb.hdl_list_info;
    345     tGATT_HDL_LIST_ELEM      *p_list = NULL;
    346 
    347     p_list = p_list_info->p_first;
    348 
    349     while (p_list != NULL)
    350     {
    351         if ( gatt_uuid_compare (*p_app_uuid128, p_list->asgn_range.app_uuid128)
    352              &&  gatt_uuid_compare (*p_svc_uuid,    p_list->asgn_range.svc_uuid)
    353              &&  (svc_inst == p_list->asgn_range.svc_inst) )
    354         {
    355             GATT_TRACE_DEBUG ("Already allocated handles for this service before!!");
    356             return(p_list);
    357         }
    358         p_list = p_list->p_next;
    359     }
    360     return NULL;
    361 }
    362 /*******************************************************************************
    363 **
    364 ** Function         gatt_free_hdl_buffer
    365 **
    366 ** Description     free a handle buffer
    367 **
    368 ** Returns       None
    369 **
    370 *******************************************************************************/
    371 void gatt_free_hdl_buffer(tGATT_HDL_LIST_ELEM *p)
    372 {
    373 
    374     if (p)
    375     {
    376         while (!GKI_queue_is_empty(&p->svc_db.svc_buffer))
    377             GKI_freebuf (GKI_dequeue (&p->svc_db.svc_buffer));
    378         memset(p, 0, sizeof(tGATT_HDL_LIST_ELEM));
    379     }
    380 }
    381 /*******************************************************************************
    382 **
    383 ** Function         gatt_free_srvc_db_buffer_app_id
    384 **
    385 ** Description      free the service attribute database buffers by the owner of the
    386 **                  service app ID.
    387 **
    388 ** Returns       None
    389 **
    390 *******************************************************************************/
    391 void gatt_free_srvc_db_buffer_app_id(tBT_UUID *p_app_id)
    392 {
    393     tGATT_HDL_LIST_ELEM *p_elem =  &gatt_cb.hdl_list[0];
    394     UINT8   i;
    395 
    396     for (i = 0; i < GATT_MAX_SR_PROFILES; i ++, p_elem ++)
    397     {
    398         if (memcmp(p_app_id, &p_elem->asgn_range.app_uuid128, sizeof(tBT_UUID)) == 0)
    399         {
    400             while (!GKI_queue_is_empty(&p_elem->svc_db.svc_buffer))
    401                 GKI_freebuf (GKI_dequeue (&p_elem->svc_db.svc_buffer));
    402 
    403             p_elem->svc_db.mem_free = 0;
    404             p_elem->svc_db.p_attr_list = p_elem->svc_db.p_free_mem = NULL;
    405         }
    406     }
    407 }
    408 /*******************************************************************************
    409 **
    410 ** Function         gatt_is_last_attribute
    411 **
    412 ** Description     Check this is the last attribute of the specified value or not
    413 **
    414 ** Returns       TRUE - yes this is the last attribute
    415 **
    416 *******************************************************************************/
    417 BOOLEAN gatt_is_last_attribute(tGATT_SRV_LIST_INFO *p_list, tGATT_SRV_LIST_ELEM *p_start, tBT_UUID value)
    418 {
    419     tGATT_SRV_LIST_ELEM *p_srv= p_start->p_next;
    420     BOOLEAN              is_last_attribute = TRUE;
    421     tGATT_SR_REG        *p_rcb = NULL;
    422     tBT_UUID            *p_svc_uuid;
    423 
    424     p_list->p_last_primary = NULL;
    425 
    426     while (p_srv)
    427     {
    428         p_rcb = GATT_GET_SR_REG_PTR(p_srv->i_sreg);
    429 
    430         p_svc_uuid = gatts_get_service_uuid (p_rcb->p_db);
    431 
    432         if (gatt_uuid_compare(value, *p_svc_uuid))
    433         {
    434             is_last_attribute = FALSE;
    435             break;
    436 
    437         }
    438         p_srv = p_srv->p_next;
    439     }
    440 
    441     return is_last_attribute;
    442 
    443 }
    444 
    445 /*******************************************************************************
    446 **
    447 ** Function         gatt_update_last_pri_srv_info
    448 **
    449 ** Description     Update the the last primary info for the service list info
    450 **
    451 ** Returns       None
    452 **
    453 *******************************************************************************/
    454 void gatt_update_last_pri_srv_info(tGATT_SRV_LIST_INFO *p_list)
    455 {
    456     tGATT_SRV_LIST_ELEM *p_srv= p_list->p_first;
    457 
    458     p_list->p_last_primary = NULL;
    459 
    460     while (p_srv)
    461     {
    462         if (p_srv->is_primary)
    463         {
    464             p_list->p_last_primary = p_srv;
    465         }
    466         p_srv = p_srv->p_next;
    467     }
    468 
    469 }
    470 /*******************************************************************************
    471 **
    472 ** Function         gatts_update_srv_list_elem
    473 **
    474 ** Description      update an element in the service list.
    475 **
    476 ** Returns          None.
    477 **
    478 *******************************************************************************/
    479 void gatts_update_srv_list_elem(UINT8 i_sreg, UINT16 handle, BOOLEAN is_primary)
    480 {
    481     UNUSED(handle);
    482 
    483     gatt_cb.srv_list[i_sreg].in_use         = TRUE;
    484     gatt_cb.srv_list[i_sreg].i_sreg    = i_sreg;
    485     gatt_cb.srv_list[i_sreg].s_hdl          = gatt_cb.sr_reg[i_sreg].s_hdl;
    486     gatt_cb.srv_list[i_sreg].is_primary     = is_primary;
    487 
    488     return;
    489 }
    490 /*******************************************************************************
    491 **
    492 ** Function  gatt_add_a_srv_to_list
    493 **
    494 ** Description  add an service to the list in ascending
    495 **              order of the start handle
    496 **
    497 ** Returns   BOOLEAN TRUE-if add is successful
    498 **
    499 *******************************************************************************/
    500 BOOLEAN gatt_add_a_srv_to_list(tGATT_SRV_LIST_INFO *p_list, tGATT_SRV_LIST_ELEM *p_new)
    501 {
    502     tGATT_SRV_LIST_ELEM *p_old;
    503 
    504     if (!p_new)
    505     {
    506         GATT_TRACE_DEBUG("p_new==NULL");
    507         return FALSE;
    508     }
    509 
    510     if (!p_list->p_first)
    511     {
    512         /* this is an empty list */
    513         p_list->p_first =
    514         p_list->p_last  = p_new;
    515         p_new->p_next   =
    516         p_new->p_prev   = NULL;
    517     }
    518     else
    519     {
    520         p_old = p_list->p_first;
    521         while (1)
    522         {
    523             if (p_old == NULL)
    524             {
    525                 p_list->p_last->p_next      = p_new;
    526                 p_new->p_prev               = p_list->p_last;
    527                 p_new->p_next               = NULL;
    528                 p_list->p_last              = p_new;
    529                 break;
    530             }
    531             else
    532             {
    533                 if (p_new->s_hdl <  p_old->s_hdl)
    534                 {
    535                     /* if not the first in list */
    536                     if (p_old->p_prev != NULL)
    537                         p_old->p_prev->p_next   = p_new;
    538                     else
    539                         p_list->p_first = p_new;
    540 
    541                     p_new->p_prev           = p_old->p_prev;
    542                     p_new->p_next           = p_old;
    543                     p_old->p_prev           = p_new;
    544                     break;
    545                 }
    546             }
    547             p_old = p_old->p_next;
    548         }
    549     }
    550     p_list->count++;
    551 
    552     gatt_update_last_pri_srv_info(p_list);
    553     return TRUE;
    554 
    555 }
    556 
    557 /*******************************************************************************
    558 **
    559 ** Function  gatt_remove_a_srv_from_list
    560 **
    561 ** Description  Remove a service from the list
    562 **
    563 ** Returns   BOOLEAN TRUE-if remove is successful
    564 **
    565 *******************************************************************************/
    566 BOOLEAN gatt_remove_a_srv_from_list(tGATT_SRV_LIST_INFO *p_list, tGATT_SRV_LIST_ELEM *p_remove)
    567 {
    568     if (!p_remove || !p_list->p_first)
    569     {
    570         GATT_TRACE_DEBUG("p_remove==NULL || p_list->p_first==NULL");
    571         return FALSE;
    572     }
    573 
    574     if (p_remove->p_prev == NULL)
    575     {
    576         p_list->p_first             = p_remove->p_next;
    577         if (p_remove->p_next)
    578             p_remove->p_next->p_prev    = NULL;
    579     }
    580     else if (p_remove->p_next == NULL)
    581     {
    582         p_list->p_last              = p_remove->p_prev;
    583         p_remove->p_prev->p_next    = NULL;
    584     }
    585     else
    586     {
    587         p_remove->p_next->p_prev = p_remove->p_prev;
    588         p_remove->p_prev->p_next = p_remove->p_next;
    589     }
    590     p_list->count--;
    591     gatt_update_last_pri_srv_info(p_list);
    592     return TRUE;
    593 
    594 }
    595 
    596 /*******************************************************************************
    597 **
    598 ** Function  gatt_add_an_item_to_list
    599 **
    600 ** Description  add an service handle range to the list in decending
    601 **              order of the start handle
    602 **
    603 ** Returns   BOOLEAN TRUE-if add is successful
    604 **
    605 *******************************************************************************/
    606 BOOLEAN gatt_add_an_item_to_list(tGATT_HDL_LIST_INFO *p_list, tGATT_HDL_LIST_ELEM *p_new)
    607 {
    608     tGATT_HDL_LIST_ELEM *p_old;
    609     if (!p_new)
    610     {
    611         GATT_TRACE_DEBUG("p_new==NULL");
    612         return FALSE;
    613     }
    614 
    615     if (!p_list->p_first)
    616     {
    617         /* this is an empty list */
    618         p_list->p_first =
    619         p_list->p_last  = p_new;
    620         p_new->p_next   =
    621         p_new->p_prev   = NULL;
    622     }
    623     else
    624     {
    625         p_old = p_list->p_first;
    626         while (1)
    627         {
    628             if (p_old == NULL)
    629             {
    630                 p_list->p_last->p_next      = p_new;
    631                 p_new->p_prev               = p_list->p_last;
    632                 p_new->p_next               = NULL;
    633                 p_list->p_last              = p_new;
    634 
    635                 break;
    636 
    637             }
    638             else
    639             {
    640                 if (p_new->asgn_range.s_handle >  p_old->asgn_range.s_handle)
    641                 {
    642                     if (p_old == p_list->p_first)
    643                         p_list->p_first = p_new;
    644 
    645                     p_new->p_prev    = p_old->p_prev;
    646                     p_new->p_next    = p_old;
    647 
    648 
    649                     p_old->p_prev    = p_new;
    650                     break;
    651                 }
    652             }
    653             p_old = p_old->p_next;
    654         }
    655     }
    656     p_list->count++;
    657     return TRUE;
    658 
    659 }
    660 
    661 /*******************************************************************************
    662 **
    663 ** Function  gatt_remove_an_item_from_list
    664 **
    665 ** Description  Remove an service handle range from the list
    666 **
    667 ** Returns   BOOLEAN TRUE-if remove is successful
    668 **
    669 *******************************************************************************/
    670 BOOLEAN gatt_remove_an_item_from_list(tGATT_HDL_LIST_INFO *p_list, tGATT_HDL_LIST_ELEM *p_remove)
    671 {
    672     if (!p_remove || !p_list->p_first)
    673     {
    674         GATT_TRACE_DEBUG("p_remove==NULL || p_list->p_first==NULL");
    675         return FALSE;
    676     }
    677 
    678     if (p_remove->p_prev == NULL)
    679     {
    680         p_list->p_first             = p_remove->p_next;
    681         if (p_remove->p_next)
    682             p_remove->p_next->p_prev    = NULL;
    683     }
    684     else if (p_remove->p_next == NULL)
    685     {
    686         p_list->p_last              = p_remove->p_prev;
    687         p_remove->p_prev->p_next    = NULL;
    688     }
    689     else
    690     {
    691         p_remove->p_next->p_prev = p_remove->p_prev;
    692         p_remove->p_prev->p_next = p_remove->p_next;
    693     }
    694     p_list->count--;
    695     return TRUE;
    696 
    697 }
    698 
    699 /*******************************************************************************
    700 **
    701 ** Function         gatt_find_the_connected_bda
    702 **
    703 ** Description      This function find the connected bda
    704 **
    705 ** Returns           TRUE if found
    706 **
    707 *******************************************************************************/
    708 BOOLEAN gatt_find_the_connected_bda(UINT8 start_idx, BD_ADDR bda, UINT8 *p_found_idx,
    709                                     tBT_TRANSPORT *p_transport)
    710 {
    711     UINT8 i;
    712     BOOLEAN found = FALSE;
    713     GATT_TRACE_DEBUG("gatt_find_the_connected_bda start_idx=%d",start_idx);
    714 
    715     for (i = start_idx ; i < GATT_MAX_PHY_CHANNEL; i ++)
    716     {
    717         if (gatt_cb.tcb[i].in_use && gatt_cb.tcb[i].ch_state == GATT_CH_OPEN)
    718         {
    719             memcpy( bda, gatt_cb.tcb[i].peer_bda, BD_ADDR_LEN);
    720             *p_found_idx = i;
    721             *p_transport = gatt_cb.tcb[i].transport;
    722             found = TRUE;
    723             GATT_TRACE_DEBUG("gatt_find_the_connected_bda bda :%02x-%02x-%02x-%02x-%02x-%02x",
    724                               bda[0],  bda[1], bda[2],  bda[3], bda[4],  bda[5]);
    725             break;
    726         }
    727     }
    728     GATT_TRACE_DEBUG("gatt_find_the_connected_bda found=%d found_idx=%d", found, i);
    729     return found;
    730 }
    731 
    732 
    733 
    734 /*******************************************************************************
    735 **
    736 ** Function         gatt_is_srv_chg_ind_pending
    737 **
    738 ** Description      Check whether a service chnaged is in the indication pending queue
    739 **                  or waiting for an Ack already
    740 **
    741 ** Returns         BOOLEAN
    742 **
    743 *******************************************************************************/
    744 BOOLEAN gatt_is_srv_chg_ind_pending (tGATT_TCB *p_tcb)
    745 {
    746     tGATT_VALUE *p_buf = (tGATT_VALUE *)GKI_getfirst(&p_tcb->pending_ind_q);
    747     BOOLEAN srv_chg_ind_pending = FALSE;
    748 
    749     GATT_TRACE_DEBUG("gatt_is_srv_chg_ind_pending is_queue_empty=%d", GKI_queue_is_empty(&p_tcb->pending_ind_q) );
    750 
    751     if (p_tcb->indicate_handle == gatt_cb.handle_of_h_r)
    752     {
    753         srv_chg_ind_pending = TRUE;
    754     }
    755     else
    756     {
    757         while (p_buf)
    758         {
    759             if (p_buf->handle == gatt_cb.handle_of_h_r)
    760             {
    761                 srv_chg_ind_pending = TRUE;
    762                 break;
    763             }
    764             p_buf = (tGATT_VALUE *)GKI_getnext(p_buf);
    765         }
    766     }
    767 
    768     GATT_TRACE_DEBUG("srv_chg_ind_pending = %d", srv_chg_ind_pending);
    769     return srv_chg_ind_pending;
    770 }
    771 
    772 
    773 /*******************************************************************************
    774 **
    775 ** Function         gatt_is_bda_in_the_srv_chg_clt_list
    776 **
    777 ** Description      This function check the specified bda is in the srv chg clinet list or not
    778 **
    779 ** Returns         pointer to the found elemenet otherwise NULL
    780 **
    781 *******************************************************************************/
    782 tGATTS_SRV_CHG *gatt_is_bda_in_the_srv_chg_clt_list (BD_ADDR bda)
    783 {
    784     tGATTS_SRV_CHG *p_buf = (tGATTS_SRV_CHG *)GKI_getfirst(&gatt_cb.srv_chg_clt_q);
    785 
    786     GATT_TRACE_DEBUG("gatt_is_bda_in_the_srv_chg_clt_list :%02x-%02x-%02x-%02x-%02x-%02x",
    787                       bda[0],  bda[1], bda[2],  bda[3], bda[4],  bda[5]);
    788 
    789     while (p_buf != NULL)
    790     {
    791         if (!memcmp( bda, p_buf->bda, BD_ADDR_LEN))
    792         {
    793             GATT_TRACE_DEBUG("bda is in the srv chg clt list");
    794             break;
    795         }
    796         p_buf = (tGATTS_SRV_CHG *)GKI_getnext(p_buf);
    797     }
    798 
    799     return p_buf;
    800 }
    801 
    802 
    803 /*******************************************************************************
    804 **
    805 ** Function         gatt_is_bda_connected
    806 **
    807 ** Description
    808 **
    809 ** Returns           GATT_INDEX_INVALID if not found. Otherwise index to the tcb.
    810 **
    811 *******************************************************************************/
    812 BOOLEAN gatt_is_bda_connected(BD_ADDR bda)
    813 {
    814     UINT8 i = 0;
    815     BOOLEAN connected=FALSE;
    816 
    817     for ( i=0; i < GATT_MAX_PHY_CHANNEL; i ++)
    818     {
    819         if (gatt_cb.tcb[i].in_use &&
    820             !memcmp(gatt_cb.tcb[i].peer_bda, bda, BD_ADDR_LEN))
    821         {
    822             connected = TRUE;
    823             break;
    824         }
    825     }
    826     return connected;
    827 }
    828 
    829 /*******************************************************************************
    830 **
    831 ** Function         gatt_find_i_tcb_by_addr
    832 **
    833 ** Description      The function searches for an empty tcb entry, and return the index.
    834 **
    835 ** Returns           GATT_INDEX_INVALID if not found. Otherwise index to the tcb.
    836 **
    837 *******************************************************************************/
    838 UINT8 gatt_find_i_tcb_by_addr(BD_ADDR bda, tBT_TRANSPORT transport)
    839 {
    840     UINT8 i = 0;
    841 
    842     for ( ; i < GATT_MAX_PHY_CHANNEL; i ++)
    843     {
    844         if (!memcmp(gatt_cb.tcb[i].peer_bda, bda, BD_ADDR_LEN) &&
    845             gatt_cb.tcb[i].transport == transport)
    846         {
    847             return i;
    848         }
    849     }
    850     return GATT_INDEX_INVALID;
    851 }
    852 
    853 
    854 /*******************************************************************************
    855 **
    856 ** Function         gatt_get_tcb_by_idx
    857 **
    858 ** Description      The function get TCB using the TCB index
    859 **
    860 ** Returns           NULL if not found. Otherwise index to the tcb.
    861 **
    862 *******************************************************************************/
    863 tGATT_TCB * gatt_get_tcb_by_idx(UINT8 tcb_idx)
    864 {
    865     tGATT_TCB   *p_tcb = NULL;
    866 
    867     if ( (tcb_idx < GATT_MAX_PHY_CHANNEL) && gatt_cb.tcb[tcb_idx].in_use)
    868         p_tcb = &gatt_cb.tcb[tcb_idx];
    869 
    870     return p_tcb;
    871 }
    872 
    873 /*******************************************************************************
    874 **
    875 ** Function         gatt_find_tcb_by_addr
    876 **
    877 ** Description      The function searches for an empty tcb entry, and return pointer.
    878 **
    879 ** Returns           NULL if not found. Otherwise index to the tcb.
    880 **
    881 *******************************************************************************/
    882 tGATT_TCB * gatt_find_tcb_by_addr(BD_ADDR bda, tBT_TRANSPORT transport)
    883 {
    884     tGATT_TCB   *p_tcb = NULL;
    885     UINT8 i = 0;
    886 
    887     if ((i = gatt_find_i_tcb_by_addr(bda, transport)) != GATT_INDEX_INVALID)
    888         p_tcb = &gatt_cb.tcb[i];
    889 
    890     return p_tcb;
    891 }
    892 /*******************************************************************************
    893 **
    894 ** Function         gatt_find_i_tcb_free
    895 **
    896 ** Description      The function searches for an empty tcb entry, and return the index.
    897 **
    898 ** Returns           GATT_INDEX_INVALID if not found. Otherwise index to the tcb.
    899 **
    900 *******************************************************************************/
    901 UINT8 gatt_find_i_tcb_free(void)
    902 {
    903     UINT8 i = 0, j = GATT_INDEX_INVALID;
    904 
    905     for (i = 0; i < GATT_MAX_PHY_CHANNEL; i ++)
    906     {
    907         if (!gatt_cb.tcb[i].in_use)
    908         {
    909             j = i;
    910             break;
    911         }
    912     }
    913     return j;
    914 }
    915 /*******************************************************************************
    916 **
    917 ** Function         gatt_allocate_tcb_by_bdaddr
    918 **
    919 ** Description      The function locate or allocate new tcb entry for matching bda.
    920 **
    921 ** Returns           GATT_INDEX_INVALID if not found. Otherwise index to the tcb.
    922 **
    923 *******************************************************************************/
    924 tGATT_TCB * gatt_allocate_tcb_by_bdaddr(BD_ADDR bda, tBT_TRANSPORT transport)
    925 {
    926     UINT8 i = 0;
    927     BOOLEAN allocated = FALSE;
    928     tGATT_TCB    *p_tcb = NULL;
    929 
    930     /* search for existing tcb with matching bda    */
    931     i = gatt_find_i_tcb_by_addr(bda, transport);
    932     /* find free tcb */
    933     if (i == GATT_INDEX_INVALID)
    934     {
    935         i = gatt_find_i_tcb_free();
    936         allocated = TRUE;
    937     }
    938     if (i != GATT_INDEX_INVALID)
    939     {
    940         p_tcb = &gatt_cb.tcb[i];
    941 
    942         if (allocated)
    943         {
    944             memset(p_tcb, 0, sizeof(tGATT_TCB));
    945             GKI_init_q (&p_tcb->pending_enc_clcb);
    946             GKI_init_q (&p_tcb->pending_ind_q);
    947             p_tcb->in_use = TRUE;
    948             p_tcb->tcb_idx = i;
    949             p_tcb->transport = transport;
    950         }
    951         memcpy(p_tcb->peer_bda, bda, BD_ADDR_LEN);
    952     }
    953     return p_tcb;
    954 }
    955 
    956 /*******************************************************************************
    957 **
    958 ** Function         gatt_convert_uuid16_to_uuid128
    959 **
    960 ** Description      Convert a 16 bits UUID to be an standard 128 bits one.
    961 **
    962 ** Returns          TRUE if two uuid match; FALSE otherwise.
    963 **
    964 *******************************************************************************/
    965 void gatt_convert_uuid16_to_uuid128(UINT8 uuid_128[LEN_UUID_128], UINT16 uuid_16)
    966 {
    967     UINT8   *p = &uuid_128[LEN_UUID_128 - 4];
    968 
    969     memcpy (uuid_128, base_uuid, LEN_UUID_128);
    970 
    971     UINT16_TO_STREAM(p, uuid_16);
    972 }
    973 
    974 /*******************************************************************************
    975 **
    976 ** Function         gatt_convert_uuid32_to_uuid128
    977 **
    978 ** Description      Convert a 32 bits UUID to be an standard 128 bits one.
    979 **
    980 ** Returns          TRUE if two uuid match; FALSE otherwise.
    981 **
    982 *******************************************************************************/
    983 void gatt_convert_uuid32_to_uuid128(UINT8 uuid_128[LEN_UUID_128], UINT32 uuid_32)
    984 {
    985     UINT8   *p = &uuid_128[LEN_UUID_128 - 4];
    986 
    987     memcpy (uuid_128, base_uuid, LEN_UUID_128);
    988 
    989     UINT32_TO_STREAM(p, uuid_32);
    990 }
    991 /*******************************************************************************
    992 **
    993 ** Function         gatt_uuid_compare
    994 **
    995 ** Description      Compare two UUID to see if they are the same.
    996 **
    997 ** Returns          TRUE if two uuid match; FALSE otherwise.
    998 **
    999 *******************************************************************************/
   1000 BOOLEAN gatt_uuid_compare (tBT_UUID src, tBT_UUID tar)
   1001 {
   1002     UINT8  su[LEN_UUID_128], tu[LEN_UUID_128];
   1003     UINT8  *ps, *pt;
   1004 
   1005     /* any of the UUID is unspecified */
   1006     if (src.len == 0 || tar.len == 0)
   1007     {
   1008         return TRUE;
   1009     }
   1010 
   1011     /* If both are 16-bit, we can do a simple compare */
   1012     if (src.len == LEN_UUID_16 && tar.len == LEN_UUID_16)
   1013     {
   1014         return src.uu.uuid16 == tar.uu.uuid16;
   1015     }
   1016 
   1017     /* If both are 32-bit, we can do a simple compare */
   1018     if (src.len == LEN_UUID_32 && tar.len == LEN_UUID_32)
   1019     {
   1020         return src.uu.uuid32 == tar.uu.uuid32;
   1021     }
   1022 
   1023     /* One or both of the UUIDs is 128-bit */
   1024     if (src.len == LEN_UUID_16)
   1025     {
   1026         /* convert a 16 bits UUID to 128 bits value */
   1027         gatt_convert_uuid16_to_uuid128(su, src.uu.uuid16);
   1028         ps = su;
   1029     }
   1030     else if (src.len == LEN_UUID_32)
   1031     {
   1032         gatt_convert_uuid32_to_uuid128(su, src.uu.uuid32);
   1033         ps = su;
   1034     }
   1035     else
   1036         ps = src.uu.uuid128;
   1037 
   1038     if (tar.len == LEN_UUID_16)
   1039     {
   1040         /* convert a 16 bits UUID to 128 bits value */
   1041         gatt_convert_uuid16_to_uuid128(tu, tar.uu.uuid16);
   1042         pt = tu;
   1043     }
   1044     else if (tar.len == LEN_UUID_32)
   1045     {
   1046         /* convert a 32 bits UUID to 128 bits value */
   1047         gatt_convert_uuid32_to_uuid128(tu, tar.uu.uuid32);
   1048         pt = tu;
   1049     }
   1050     else
   1051         pt = tar.uu.uuid128;
   1052 
   1053     return(memcmp(ps, pt, LEN_UUID_128) == 0);
   1054 }
   1055 
   1056 /*******************************************************************************
   1057 **
   1058 ** Function         gatt_build_uuid_to_stream
   1059 **
   1060 ** Description      Add UUID into stream.
   1061 **
   1062 ** Returns          UUID length.
   1063 **
   1064 *******************************************************************************/
   1065 UINT8 gatt_build_uuid_to_stream(UINT8 **p_dst, tBT_UUID uuid)
   1066 {
   1067     UINT8   *p = *p_dst;
   1068     UINT8   len = 0;
   1069 
   1070     if (uuid.len == LEN_UUID_16)
   1071     {
   1072         UINT16_TO_STREAM (p, uuid.uu.uuid16);
   1073         len = LEN_UUID_16;
   1074     }
   1075     else if (uuid.len == LEN_UUID_32) /* always convert 32 bits into 128 bits as alwats */
   1076     {
   1077         gatt_convert_uuid32_to_uuid128(p, uuid.uu.uuid32);
   1078         p += LEN_UUID_128;
   1079         len = LEN_UUID_128;
   1080     }
   1081     else if (uuid.len == LEN_UUID_128)
   1082     {
   1083         ARRAY_TO_STREAM (p, uuid.uu.uuid128, LEN_UUID_128);
   1084         len = LEN_UUID_128;
   1085     }
   1086 
   1087     *p_dst = p;
   1088     return len;
   1089 }
   1090 
   1091 /*******************************************************************************
   1092 **
   1093 ** Function         gatt_parse_uuid_from_cmd
   1094 **
   1095 ** Description      Convert a 128 bits UUID into a 16 bits UUID.
   1096 **
   1097 ** Returns          TRUE if command sent, otherwise FALSE.
   1098 **
   1099 *******************************************************************************/
   1100 BOOLEAN gatt_parse_uuid_from_cmd(tBT_UUID *p_uuid_rec, UINT16 uuid_size, UINT8 **p_data)
   1101 {
   1102     BOOLEAN is_base_uuid, ret = TRUE;
   1103     UINT8  xx;
   1104     UINT8 *p_uuid = *p_data;
   1105 
   1106     memset(p_uuid_rec, 0, sizeof(tBT_UUID));
   1107 
   1108     switch (uuid_size)
   1109     {
   1110         case LEN_UUID_16:
   1111             p_uuid_rec->len = uuid_size;
   1112             STREAM_TO_UINT16 (p_uuid_rec->uu.uuid16, p_uuid);
   1113             *p_data += LEN_UUID_16;
   1114             break;
   1115 
   1116         case LEN_UUID_128:
   1117             /* See if we can compress his UUID down to 16 or 32bit UUIDs */
   1118             is_base_uuid = TRUE;
   1119             for (xx = 0; xx < LEN_UUID_128 - 4; xx++)
   1120             {
   1121                 if (p_uuid[xx] != base_uuid[xx])
   1122                 {
   1123                     is_base_uuid = FALSE;
   1124                     break;
   1125                 }
   1126             }
   1127             if (is_base_uuid)
   1128             {
   1129                 if ((p_uuid[LEN_UUID_128 - 1] == 0) && (p_uuid[LEN_UUID_128 - 2] == 0))
   1130                 {
   1131                     p_uuid += (LEN_UUID_128 - 4);
   1132                     p_uuid_rec->len = LEN_UUID_16;
   1133                     STREAM_TO_UINT16(p_uuid_rec->uu.uuid16, p_uuid);
   1134                 }
   1135                 else
   1136                 {
   1137                     p_uuid += (LEN_UUID_128 - LEN_UUID_32);
   1138                     p_uuid_rec->len = LEN_UUID_32;
   1139                     STREAM_TO_UINT32(p_uuid_rec->uu.uuid32, p_uuid);
   1140                 }
   1141             }
   1142             if (!is_base_uuid)
   1143             {
   1144                 p_uuid_rec->len = LEN_UUID_128;
   1145                 memcpy(p_uuid_rec->uu.uuid128, p_uuid, LEN_UUID_128);
   1146             }
   1147             *p_data += LEN_UUID_128;
   1148             break;
   1149 
   1150         /* do not allow 32 bits UUID in ATT PDU now */
   1151         case LEN_UUID_32:
   1152             GATT_TRACE_ERROR("DO NOT ALLOW 32 BITS UUID IN ATT PDU");
   1153         case 0:
   1154         default:
   1155             if (uuid_size != 0) ret = FALSE;
   1156             GATT_TRACE_WARNING("gatt_parse_uuid_from_cmd invalid uuid size");
   1157             break;
   1158     }
   1159 
   1160     return( ret);
   1161 }
   1162 
   1163 /*******************************************************************************
   1164 **
   1165 ** Function         gatt_start_rsp_timer
   1166 **
   1167 ** Description      Start a wait_for_response timer.
   1168 **
   1169 ** Returns          TRUE if command sent, otherwise FALSE.
   1170 **
   1171 *******************************************************************************/
   1172 void gatt_start_rsp_timer(UINT16 clcb_idx)
   1173 {
   1174     tGATT_CLCB *p_clcb = &gatt_cb.clcb[clcb_idx];
   1175     UINT32 timeout = GATT_WAIT_FOR_RSP_TOUT;
   1176     p_clcb->rsp_timer_ent.param  = (TIMER_PARAM_TYPE)p_clcb;
   1177     if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY &&
   1178         p_clcb->op_subtype == GATT_DISC_SRVC_ALL)
   1179     {
   1180         timeout = GATT_WAIT_FOR_DISC_RSP_TOUT;
   1181     }
   1182     btu_start_timer (&p_clcb->rsp_timer_ent, BTU_TTYPE_ATT_WAIT_FOR_RSP,
   1183                      timeout);
   1184 }
   1185 /*******************************************************************************
   1186 **
   1187 ** Function         gatt_start_conf_timer
   1188 **
   1189 ** Description      Start a wait_for_confirmation timer.
   1190 **
   1191 ** Returns          TRUE if command sent, otherwise FALSE.
   1192 **
   1193 *******************************************************************************/
   1194 void gatt_start_conf_timer(tGATT_TCB    *p_tcb)
   1195 {
   1196     p_tcb->conf_timer_ent.param  = (TIMER_PARAM_TYPE)p_tcb;
   1197     btu_start_timer (&p_tcb->conf_timer_ent, BTU_TTYPE_ATT_WAIT_FOR_RSP,
   1198                      GATT_WAIT_FOR_RSP_TOUT);
   1199 }
   1200 /*******************************************************************************
   1201 **
   1202 ** Function         gatt_start_ind_ack_timer
   1203 **
   1204 ** Description      start the application ack timer
   1205 **
   1206 ** Returns          void
   1207 **
   1208 *******************************************************************************/
   1209 void gatt_start_ind_ack_timer(tGATT_TCB *p_tcb)
   1210 {
   1211     p_tcb->ind_ack_timer_ent.param  = (TIMER_PARAM_TYPE)p_tcb;
   1212     /* start notification cache timer */
   1213     btu_start_timer (&p_tcb->ind_ack_timer_ent, BTU_TTYPE_ATT_WAIT_FOR_IND_ACK,
   1214                      GATT_WAIT_FOR_RSP_TOUT);
   1215 
   1216 }
   1217 /*******************************************************************************
   1218 **
   1219 ** Function         gatt_rsp_timeout
   1220 **
   1221 ** Description      Called when GATT wait for ATT command response timer expires
   1222 **
   1223 ** Returns          void
   1224 **
   1225 *******************************************************************************/
   1226 void gatt_rsp_timeout(TIMER_LIST_ENT *p_tle)
   1227 {
   1228     tGATT_CLCB *p_clcb = (tGATT_CLCB *)p_tle->param;
   1229     if (p_clcb == NULL || p_clcb->p_tcb == NULL)
   1230     {
   1231         GATT_TRACE_WARNING("gatt_rsp_timeout clcb is already deleted");
   1232         return;
   1233     }
   1234     if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY &&
   1235         p_clcb->op_subtype == GATT_DISC_SRVC_ALL &&
   1236         p_clcb->retry_count < GATT_REQ_RETRY_LIMIT)
   1237     {
   1238         UINT8 rsp_code;
   1239         GATT_TRACE_WARNING("gatt_rsp_timeout retry discovery primary service");
   1240         if (p_clcb != gatt_cmd_dequeue(p_clcb->p_tcb, &rsp_code))
   1241         {
   1242             GATT_TRACE_ERROR("gatt_rsp_timeout command queue out of sync, disconnect");
   1243         }
   1244         else
   1245         {
   1246             p_clcb->retry_count++;
   1247             gatt_act_discovery(p_clcb);
   1248             return;
   1249         }
   1250     }
   1251 
   1252     GATT_TRACE_WARNING("gatt_rsp_timeout disconnecting...");
   1253     gatt_disconnect (p_clcb->p_tcb);
   1254 }
   1255 
   1256 /*******************************************************************************
   1257 **
   1258 ** Function         gatt_ind_ack_timeout
   1259 **
   1260 ** Description      Called when GATT wait for ATT handle confirmation timeout
   1261 **
   1262 ** Returns          void
   1263 **
   1264 *******************************************************************************/
   1265 void gatt_ind_ack_timeout(TIMER_LIST_ENT *p_tle)
   1266 {
   1267     tGATT_TCB * p_tcb = (tGATT_TCB *)p_tle->param;
   1268 
   1269     GATT_TRACE_WARNING("gatt_ind_ack_timeout send ack now");
   1270 
   1271     if (p_tcb != NULL)
   1272         p_tcb->ind_count = 0;
   1273 
   1274     attp_send_cl_msg(((tGATT_TCB *)p_tle->param), 0, GATT_HANDLE_VALUE_CONF, NULL);
   1275 }
   1276 /*******************************************************************************
   1277 **
   1278 ** Function         gatt_sr_find_i_rcb_by_handle
   1279 **
   1280 ** Description      The function searches for a service that owns a specific handle.
   1281 **
   1282 ** Returns          GATT_MAX_SR_PROFILES if not found. Otherwise index of th eservice.
   1283 **
   1284 *******************************************************************************/
   1285 UINT8 gatt_sr_find_i_rcb_by_handle(UINT16 handle)
   1286 {
   1287     UINT8  i_rcb = 0;
   1288 
   1289     for ( ; i_rcb < GATT_MAX_SR_PROFILES; i_rcb++)
   1290     {
   1291         if (gatt_cb.sr_reg[i_rcb].in_use &&
   1292             gatt_cb.sr_reg[i_rcb].s_hdl <= handle &&
   1293             gatt_cb.sr_reg[i_rcb].e_hdl >= handle )
   1294         {
   1295             break;
   1296         }
   1297     }
   1298     return i_rcb;
   1299 }
   1300 
   1301 /*******************************************************************************
   1302 **
   1303 ** Function         gatt_sr_find_i_rcb_by_handle
   1304 **
   1305 ** Description      The function searches for a service that owns a specific handle.
   1306 **
   1307 ** Returns          0 if not found. Otherwise index of th eservice.
   1308 **
   1309 *******************************************************************************/
   1310 UINT8 gatt_sr_find_i_rcb_by_app_id(tBT_UUID *p_app_uuid128, tBT_UUID *p_svc_uuid, UINT16 svc_inst)
   1311 {
   1312     UINT8           i_rcb = 0;
   1313     tGATT_SR_REG    *p_sreg;
   1314     tBT_UUID        *p_this_uuid;
   1315 
   1316     for (i_rcb = 0, p_sreg = gatt_cb.sr_reg; i_rcb < GATT_MAX_SR_PROFILES; i_rcb++, p_sreg++)
   1317     {
   1318         if ( p_sreg->in_use )
   1319         {
   1320             p_this_uuid = gatts_get_service_uuid (p_sreg->p_db);
   1321 
   1322             if (p_this_uuid &&
   1323                 gatt_uuid_compare (*p_app_uuid128, p_sreg->app_uuid ) &&
   1324                 gatt_uuid_compare (*p_svc_uuid, *p_this_uuid) &&
   1325                 (svc_inst == p_sreg->service_instance))
   1326             {
   1327                 GATT_TRACE_ERROR ("Active Service Found ");
   1328                 gatt_dbg_display_uuid(*p_svc_uuid);
   1329 
   1330                 break;
   1331             }
   1332         }
   1333     }
   1334     return i_rcb;
   1335 }
   1336 /*******************************************************************************
   1337 **
   1338 ** Function         gatt_sr_find_i_rcb_by_handle
   1339 **
   1340 ** Description      The function searches for a service that owns a specific handle.
   1341 **
   1342 ** Returns          0 if not found. Otherwise index of th eservice.
   1343 **
   1344 *******************************************************************************/
   1345 UINT8 gatt_sr_alloc_rcb(tGATT_HDL_LIST_ELEM *p_list )
   1346 {
   1347     UINT8   ii = 0;
   1348     tGATT_SR_REG    *p_sreg = NULL;
   1349 
   1350     /*this is a new application servoce start */
   1351     for (ii = 0, p_sreg = gatt_cb.sr_reg; ii < GATT_MAX_SR_PROFILES; ii++, p_sreg++)
   1352     {
   1353         if (!p_sreg->in_use)
   1354         {
   1355             memset (p_sreg, 0, sizeof(tGATT_SR_REG));
   1356 
   1357             p_sreg->in_use = TRUE;
   1358             memcpy (&p_sreg->app_uuid, &p_list->asgn_range.app_uuid128, sizeof(tBT_UUID));
   1359 
   1360             p_sreg->service_instance    = p_list->asgn_range.svc_inst;
   1361             p_sreg->type                = p_list->asgn_range.is_primary ? GATT_UUID_PRI_SERVICE: GATT_UUID_SEC_SERVICE;
   1362             p_sreg->s_hdl               = p_list->asgn_range.s_handle;
   1363             p_sreg->e_hdl               = p_list->asgn_range.e_handle;
   1364             p_sreg->p_db                = &p_list->svc_db;
   1365 
   1366             GATT_TRACE_DEBUG ("total GKI buffer in db [%d]",GKI_queue_length(&p_sreg->p_db->svc_buffer));
   1367             break;
   1368         }
   1369     }
   1370 
   1371     return ii;
   1372 }
   1373 /*******************************************************************************
   1374 **
   1375 ** Function         gatt_sr_get_sec_info
   1376 **
   1377 ** Description      Get the security flag and key size information for the peer
   1378 **                  device.
   1379 **
   1380 ** Returns          void
   1381 **
   1382 *******************************************************************************/
   1383 void gatt_sr_get_sec_info(BD_ADDR rem_bda, tBT_TRANSPORT transport, UINT8 *p_sec_flag, UINT8 *p_key_size)
   1384 {
   1385     UINT8           sec_flag = 0;
   1386 
   1387     BTM_GetSecurityFlagsByTransport(rem_bda, &sec_flag, transport);
   1388 
   1389     sec_flag &= (GATT_SEC_FLAG_LKEY_UNAUTHED | GATT_SEC_FLAG_LKEY_AUTHED | GATT_SEC_FLAG_ENCRYPTED);
   1390 
   1391     *p_key_size = btm_ble_read_sec_key_size(rem_bda);
   1392     *p_sec_flag = sec_flag;
   1393 }
   1394 /*******************************************************************************
   1395 **
   1396 ** Function         gatt_sr_send_req_callback
   1397 **
   1398 ** Description
   1399 **
   1400 **
   1401 ** Returns          void
   1402 **
   1403 *******************************************************************************/
   1404 void gatt_sr_send_req_callback(UINT16 conn_id,
   1405                                UINT32 trans_id,
   1406                                tGATTS_REQ_TYPE type, tGATTS_DATA *p_data)
   1407 {
   1408     tGATT_IF        gatt_if = GATT_GET_GATT_IF(conn_id);
   1409     tGATT_REG       *p_reg = gatt_get_regcb(gatt_if);
   1410 
   1411     if (!p_reg )
   1412     {
   1413         GATT_TRACE_ERROR ("p_reg not found discard request");
   1414         return;
   1415     }
   1416 
   1417     if ( p_reg->in_use &&
   1418          p_reg->app_cb.p_req_cb)
   1419     {
   1420         (*p_reg->app_cb.p_req_cb)(conn_id, trans_id, type, p_data);
   1421     }
   1422     else
   1423     {
   1424         GATT_TRACE_WARNING("Call back not found for application conn_id=%d", conn_id);
   1425     }
   1426 
   1427 }
   1428 
   1429 /*******************************************************************************
   1430 **
   1431 ** Function         gatt_send_error_rsp
   1432 **
   1433 ** Description      This function sends an error response.
   1434 **
   1435 ** Returns          void
   1436 **
   1437 *******************************************************************************/
   1438 tGATT_STATUS gatt_send_error_rsp (tGATT_TCB *p_tcb, UINT8 err_code, UINT8 op_code,
   1439                                   UINT16 handle, BOOLEAN deq)
   1440 {
   1441     tGATT_ERROR      error;
   1442     tGATT_STATUS     status;
   1443     BT_HDR           *p_buf;
   1444 
   1445     error.cmd_code = op_code;
   1446     error.reason = err_code;
   1447     error.handle =handle;
   1448 
   1449     if ((p_buf = attp_build_sr_msg(p_tcb, GATT_RSP_ERROR, (tGATT_SR_MSG *)&error)) != NULL)
   1450     {
   1451         status = attp_send_sr_msg (p_tcb, p_buf);
   1452     }
   1453     else
   1454         status = GATT_INSUF_RESOURCE;
   1455 
   1456     if (deq)
   1457         gatt_dequeue_sr_cmd(p_tcb);
   1458 
   1459     return status;
   1460 }
   1461 
   1462 
   1463 /*******************************************************************************
   1464 **
   1465 ** Function         gatt_add_sdp_record
   1466 **
   1467 ** Description      This function add a SDP record for a GATT primary service
   1468 **
   1469 ** Returns          0 if error else sdp handle for the record.
   1470 **
   1471 *******************************************************************************/
   1472 UINT32 gatt_add_sdp_record (tBT_UUID *p_uuid, UINT16 start_hdl, UINT16 end_hdl)
   1473 {
   1474     tSDP_PROTOCOL_ELEM  proto_elem_list[2];
   1475     UINT32              sdp_handle;
   1476     UINT16              list = UUID_SERVCLASS_PUBLIC_BROWSE_GROUP;
   1477     UINT8               buff[60];
   1478     UINT8               *p = buff;
   1479 
   1480     GATT_TRACE_DEBUG("gatt_add_sdp_record s_hdl=0x%x  s_hdl=0x%x",start_hdl, end_hdl);
   1481 
   1482     if ((sdp_handle = SDP_CreateRecord()) == 0)
   1483         return 0;
   1484 
   1485     switch (p_uuid->len)
   1486     {
   1487         case LEN_UUID_16:
   1488             SDP_AddServiceClassIdList(sdp_handle, 1, &p_uuid->uu.uuid16);
   1489             break;
   1490 
   1491         case LEN_UUID_32:
   1492             UINT8_TO_BE_STREAM (p, (UUID_DESC_TYPE << 3) | SIZE_FOUR_BYTES);
   1493             UINT32_TO_BE_STREAM (p, p_uuid->uu.uuid32);
   1494             SDP_AddAttribute (sdp_handle, ATTR_ID_SERVICE_CLASS_ID_LIST, DATA_ELE_SEQ_DESC_TYPE,
   1495                               (UINT32) (p - buff), buff);
   1496             break;
   1497 
   1498         case LEN_UUID_128:
   1499             UINT8_TO_BE_STREAM (p, (UUID_DESC_TYPE << 3) | SIZE_SIXTEEN_BYTES);
   1500             ARRAY_TO_BE_STREAM (p, p_uuid->uu.uuid128, LEN_UUID_128);
   1501             SDP_AddAttribute (sdp_handle, ATTR_ID_SERVICE_CLASS_ID_LIST, DATA_ELE_SEQ_DESC_TYPE,
   1502                               (UINT32) (p - buff), buff);
   1503             break;
   1504 
   1505         default:
   1506             GATT_TRACE_ERROR("inavlid UUID len=%d", p_uuid->len);
   1507             SDP_DeleteRecord(sdp_handle);
   1508             return 0;
   1509             break;
   1510     }
   1511 
   1512     /*** Fill out the protocol element sequence for SDP ***/
   1513     proto_elem_list[0].protocol_uuid = UUID_PROTOCOL_L2CAP;
   1514     proto_elem_list[0].num_params    = 1;
   1515     proto_elem_list[0].params[0]     = BT_PSM_ATT;
   1516     proto_elem_list[1].protocol_uuid = UUID_PROTOCOL_ATT;
   1517     proto_elem_list[1].num_params    = 2;
   1518     proto_elem_list[1].params[0]     = start_hdl;
   1519     proto_elem_list[1].params[1]     = end_hdl;
   1520 
   1521     SDP_AddProtocolList(sdp_handle, 2, proto_elem_list);
   1522 
   1523     /* Make the service browseable */
   1524     SDP_AddUuidSequence (sdp_handle, ATTR_ID_BROWSE_GROUP_LIST, 1, &list);
   1525 
   1526     return(sdp_handle);
   1527 }
   1528 
   1529 
   1530     #if GATT_CONFORMANCE_TESTING == TRUE
   1531 /*******************************************************************************
   1532 **
   1533 ** Function         gatt_set_err_rsp
   1534 **
   1535 ** Description      This function is called to set the test confirm value
   1536 **
   1537 ** Returns          void
   1538 **
   1539 *******************************************************************************/
   1540 void gatt_set_err_rsp(BOOLEAN enable, UINT8 req_op_code, UINT8 err_status)
   1541 {
   1542     GATT_TRACE_DEBUG("gatt_set_err_rsp enable=%d op_code=%d, err_status=%d", enable, req_op_code, err_status);
   1543     gatt_cb.enable_err_rsp  = enable;
   1544     gatt_cb.req_op_code     = req_op_code;
   1545     gatt_cb.err_status      = err_status;
   1546 }
   1547     #endif
   1548 
   1549 
   1550 
   1551 /*******************************************************************************
   1552 **
   1553 ** Function         gatt_get_regcb
   1554 **
   1555 ** Description      The function returns the registration control block.
   1556 **
   1557 ** Returns          pointer to the registration control block or NULL
   1558 **
   1559 *******************************************************************************/
   1560 tGATT_REG *gatt_get_regcb (tGATT_IF gatt_if)
   1561 {
   1562     UINT8           ii = (UINT8)gatt_if;
   1563     tGATT_REG       *p_reg = NULL;
   1564 
   1565     if (ii < 1 || ii > GATT_MAX_APPS) {
   1566         GATT_TRACE_WARNING("gatt_if out of range [ = %d]", ii);
   1567         return NULL;
   1568     }
   1569 
   1570     // Index for cl_rcb is always 1 less than gatt_if.
   1571     p_reg = &gatt_cb.cl_rcb[ii - 1];
   1572 
   1573     if (!p_reg->in_use) {
   1574         GATT_TRACE_WARNING("gatt_if found but not in use.");
   1575         return NULL;
   1576     }
   1577 
   1578     return p_reg;
   1579 }
   1580 
   1581 
   1582 /*******************************************************************************
   1583 **
   1584 ** Function         gatt_is_clcb_allocated
   1585 **
   1586 ** Description      The function check clcb for conn_id is allocated or not
   1587 **
   1588 ** Returns           True already allocated
   1589 **
   1590 *******************************************************************************/
   1591 
   1592 BOOLEAN gatt_is_clcb_allocated (UINT16 conn_id)
   1593 {
   1594     UINT8         i = 0;
   1595     BOOLEAN       is_allocated= FALSE;
   1596 
   1597     for (i = 0; i < GATT_CL_MAX_LCB; i++)
   1598     {
   1599         if (gatt_cb.clcb[i].in_use && (gatt_cb.clcb[i].conn_id == conn_id))
   1600         {
   1601             is_allocated = TRUE;
   1602             break;
   1603         }
   1604     }
   1605 
   1606     return is_allocated;
   1607 }
   1608 
   1609 /*******************************************************************************
   1610 **
   1611 ** Function         gatt_clcb_alloc
   1612 **
   1613 ** Description      The function allocates a GATT  connection link control block
   1614 **
   1615 ** Returns           NULL if not found. Otherwise pointer to the connection link block.
   1616 **
   1617 *******************************************************************************/
   1618 tGATT_CLCB *gatt_clcb_alloc (UINT16 conn_id)
   1619 {
   1620     UINT8           i = 0;
   1621     tGATT_CLCB      *p_clcb = NULL;
   1622     tGATT_IF        gatt_if=GATT_GET_GATT_IF(conn_id);
   1623     UINT8           tcb_idx = GATT_GET_TCB_IDX(conn_id);
   1624     tGATT_TCB       *p_tcb = gatt_get_tcb_by_idx(tcb_idx);
   1625     tGATT_REG       *p_reg = gatt_get_regcb(gatt_if);
   1626 
   1627     for (i = 0; i < GATT_CL_MAX_LCB; i++)
   1628     {
   1629         if (!gatt_cb.clcb[i].in_use)
   1630         {
   1631             p_clcb = &gatt_cb.clcb[i];
   1632 
   1633             p_clcb->in_use      = TRUE;
   1634             p_clcb->conn_id     = conn_id;
   1635             p_clcb->clcb_idx    = i;
   1636             p_clcb->p_reg       = p_reg;
   1637             p_clcb->p_tcb       = p_tcb;
   1638             break;
   1639         }
   1640     }
   1641     return p_clcb;
   1642 }
   1643 
   1644 /*******************************************************************************
   1645 **
   1646 ** Function         gatt_clcb_dealloc
   1647 **
   1648 ** Description      The function de allocates a GATT  connection link control block
   1649 **
   1650 ** Returns         None
   1651 **
   1652 *******************************************************************************/
   1653 void gatt_clcb_dealloc (tGATT_CLCB *p_clcb)
   1654 {
   1655     if (p_clcb && p_clcb->in_use)
   1656     {
   1657         memset(p_clcb, 0, sizeof(tGATT_CLCB));
   1658     }
   1659 }
   1660 
   1661 
   1662 
   1663 /*******************************************************************************
   1664 **
   1665 ** Function         gatt_find_tcb_by_cid
   1666 **
   1667 ** Description      The function searches for an empty entry
   1668 **                   in registration info table for GATT client
   1669 **
   1670 ** Returns           NULL if not found. Otherwise pointer to the rcb.
   1671 **
   1672 *******************************************************************************/
   1673 tGATT_TCB * gatt_find_tcb_by_cid (UINT16 lcid)
   1674 {
   1675     UINT16       xx = 0;
   1676     tGATT_TCB    *p_tcb = NULL;
   1677 
   1678     for (xx = 0; xx < GATT_MAX_PHY_CHANNEL; xx++)
   1679     {
   1680         if (gatt_cb.tcb[xx].in_use && gatt_cb.tcb[xx].att_lcid == lcid)
   1681         {
   1682             p_tcb = &gatt_cb.tcb[xx];
   1683             break;
   1684         }
   1685     }
   1686     return p_tcb;
   1687 }
   1688 
   1689 
   1690 /*******************************************************************************
   1691 **
   1692 ** Function         gatt_num_apps_hold_link
   1693 **
   1694 ** Description      The function find the number of applcaitions is holding the link
   1695 **
   1696 ** Returns          total number of applications holding this acl link.
   1697 **
   1698 *******************************************************************************/
   1699 UINT8 gatt_num_apps_hold_link(tGATT_TCB *p_tcb)
   1700 {
   1701     UINT8 i, num = 0;
   1702 
   1703     for (i = 0; i < GATT_MAX_APPS; i ++)
   1704     {
   1705         if (p_tcb->app_hold_link[i])
   1706             num ++;
   1707     }
   1708 
   1709     GATT_TRACE_DEBUG("gatt_num_apps_hold_link   num=%d",  num);
   1710     return num;
   1711 }
   1712 
   1713 
   1714 /*******************************************************************************
   1715 **
   1716 ** Function         gatt_num_clcb_by_bd_addr
   1717 **
   1718 ** Description      The function searches all LCB with macthing bd address
   1719 **
   1720 ** Returns          total number of clcb found.
   1721 **
   1722 *******************************************************************************/
   1723 UINT8 gatt_num_clcb_by_bd_addr(BD_ADDR bda)
   1724 {
   1725     UINT8 i, num = 0;
   1726 
   1727     for (i = 0; i < GATT_CL_MAX_LCB; i ++)
   1728     {
   1729         if (gatt_cb.clcb[i].in_use && memcmp(gatt_cb.clcb[i].p_tcb->peer_bda, bda, BD_ADDR_LEN) == 0)
   1730             num ++;
   1731     }
   1732     return num;
   1733 }
   1734 
   1735 /*******************************************************************************
   1736 **
   1737 ** Function         gatt_sr_update_cback_cnt
   1738 **
   1739 ** Description      The function searches all LCB with macthing bd address
   1740 **
   1741 ** Returns          total number of clcb found.
   1742 **
   1743 *******************************************************************************/
   1744 void gatt_sr_copy_prep_cnt_to_cback_cnt(tGATT_TCB *p_tcb )
   1745 {
   1746     UINT8 i;
   1747 
   1748     if (p_tcb)
   1749     {
   1750         for (i = 0; i < GATT_MAX_APPS; i ++)
   1751         {
   1752             if (p_tcb->prep_cnt[i])
   1753             {
   1754                 p_tcb->sr_cmd.cback_cnt[i]=1;
   1755             }
   1756         }
   1757     }
   1758 
   1759 }
   1760 
   1761 /*******************************************************************************
   1762 **
   1763 ** Function         gatt_sr_is_cback_cnt_zero
   1764 **
   1765 ** Description      The function searches all LCB with macthing bd address
   1766 **
   1767 ** Returns          True if thetotal application callback count is zero
   1768 **
   1769 *******************************************************************************/
   1770 BOOLEAN gatt_sr_is_cback_cnt_zero(tGATT_TCB *p_tcb )
   1771 {
   1772     BOOLEAN status = TRUE;
   1773     UINT8   i;
   1774 
   1775     if (p_tcb)
   1776     {
   1777         for (i = 0; i < GATT_MAX_APPS; i ++)
   1778         {
   1779             if (p_tcb->sr_cmd.cback_cnt[i])
   1780             {
   1781                 status = FALSE;
   1782                 break;
   1783             }
   1784         }
   1785     }
   1786     else
   1787     {
   1788         status = FALSE;
   1789     }
   1790     return status;
   1791 }
   1792 
   1793 /*******************************************************************************
   1794 **
   1795 ** Function         gatt_sr_is_prep_cnt_zero
   1796 **
   1797 ** Description      Check the prepare write request count is zero or not
   1798 **
   1799 ** Returns          True no prepare write request
   1800 **
   1801 *******************************************************************************/
   1802 BOOLEAN gatt_sr_is_prep_cnt_zero(tGATT_TCB *p_tcb)
   1803 {
   1804     BOOLEAN status = TRUE;
   1805     UINT8   i;
   1806 
   1807     if (p_tcb)
   1808     {
   1809         for (i = 0; i < GATT_MAX_APPS; i ++)
   1810         {
   1811             if (p_tcb->prep_cnt[i])
   1812             {
   1813                 status = FALSE;
   1814                 break;
   1815             }
   1816         }
   1817     }
   1818     else
   1819     {
   1820         status = FALSE;
   1821     }
   1822     return status;
   1823 }
   1824 
   1825 
   1826 /*******************************************************************************
   1827 **
   1828 ** Function         gatt_sr_reset_cback_cnt
   1829 **
   1830 ** Description      Reset the application callback count to zero
   1831 **
   1832 ** Returns         None
   1833 **
   1834 *******************************************************************************/
   1835 void gatt_sr_reset_cback_cnt(tGATT_TCB *p_tcb )
   1836 {
   1837     UINT8 i;
   1838 
   1839     if (p_tcb)
   1840     {
   1841         for (i = 0; i < GATT_MAX_APPS; i ++)
   1842         {
   1843             p_tcb->sr_cmd.cback_cnt[i]=0;
   1844         }
   1845     }
   1846 }
   1847 
   1848 /*******************************************************************************
   1849 **
   1850 ** Function         gatt_sr_reset_prep_cnt
   1851 **
   1852 ** Description     Reset the prep write count to zero
   1853 **
   1854 ** Returns        None
   1855 **
   1856 *******************************************************************************/
   1857 void gatt_sr_reset_prep_cnt(tGATT_TCB *p_tcb )
   1858 {
   1859     UINT8 i;
   1860     if (p_tcb)
   1861     {
   1862         for (i = 0; i < GATT_MAX_APPS; i ++)
   1863         {
   1864             p_tcb->prep_cnt[i]=0;
   1865         }
   1866     }
   1867 }
   1868 
   1869 
   1870 /*******************************************************************************
   1871 **
   1872 ** Function         gatt_sr_update_cback_cnt
   1873 **
   1874 ** Description    Update the teh applicaiton callback count
   1875 **
   1876 ** Returns           None
   1877 **
   1878 *******************************************************************************/
   1879 void gatt_sr_update_cback_cnt(tGATT_TCB *p_tcb, tGATT_IF gatt_if, BOOLEAN is_inc, BOOLEAN is_reset_first)
   1880 {
   1881 
   1882     UINT8 idx = ((UINT8) gatt_if) - 1 ;
   1883 
   1884     if (p_tcb)
   1885     {
   1886         if (is_reset_first)
   1887         {
   1888             gatt_sr_reset_cback_cnt(p_tcb);
   1889         }
   1890         if (is_inc)
   1891         {
   1892             p_tcb->sr_cmd.cback_cnt[idx]++;
   1893         }
   1894         else
   1895         {
   1896             if ( p_tcb->sr_cmd.cback_cnt[idx])
   1897             {
   1898                 p_tcb->sr_cmd.cback_cnt[idx]--;
   1899             }
   1900         }
   1901     }
   1902 }
   1903 
   1904 
   1905 /*******************************************************************************
   1906 **
   1907 ** Function         gatt_sr_update_prep_cnt
   1908 **
   1909 ** Description    Update the teh prepare write request count
   1910 **
   1911 ** Returns           None
   1912 **
   1913 *******************************************************************************/
   1914 void gatt_sr_update_prep_cnt(tGATT_TCB *p_tcb, tGATT_IF gatt_if, BOOLEAN is_inc, BOOLEAN is_reset_first)
   1915 {
   1916     UINT8 idx = ((UINT8) gatt_if) - 1 ;
   1917 
   1918     GATT_TRACE_DEBUG("gatt_sr_update_prep_cnt tcb idx=%d gatt_if=%d is_inc=%d is_reset_first=%d",
   1919                       p_tcb->tcb_idx, gatt_if, is_inc, is_reset_first);
   1920 
   1921     if (p_tcb)
   1922     {
   1923         if (is_reset_first)
   1924         {
   1925             gatt_sr_reset_prep_cnt(p_tcb);
   1926         }
   1927         if (is_inc)
   1928         {
   1929             p_tcb->prep_cnt[idx]++;
   1930         }
   1931         else
   1932         {
   1933             if (p_tcb->prep_cnt[idx])
   1934             {
   1935                 p_tcb->prep_cnt[idx]--;
   1936             }
   1937         }
   1938     }
   1939 }
   1940 /*******************************************************************************
   1941 **
   1942 ** Function         gatt_cancel_open
   1943 **
   1944 ** Description      Cancel open request
   1945 **
   1946 ** Returns         Boolean
   1947 **
   1948 *******************************************************************************/
   1949 BOOLEAN gatt_cancel_open(tGATT_IF gatt_if, BD_ADDR bda)
   1950 {
   1951     tGATT_TCB *p_tcb=NULL;
   1952     BOOLEAN status= TRUE;
   1953 
   1954     p_tcb = gatt_find_tcb_by_addr(bda, BT_TRANSPORT_LE);
   1955 
   1956     if (p_tcb)
   1957     {
   1958         if (gatt_get_ch_state(p_tcb) == GATT_CH_OPEN)
   1959         {
   1960             GATT_TRACE_ERROR("GATT_CancelConnect - link connected Too late to cancel");
   1961             status = FALSE;
   1962         }
   1963         else
   1964         {
   1965             gatt_update_app_use_link_flag(gatt_if, p_tcb, FALSE, FALSE);
   1966             if (!gatt_num_apps_hold_link(p_tcb))
   1967             {
   1968                 gatt_disconnect(p_tcb);
   1969             }
   1970         }
   1971     }
   1972 
   1973     return status;
   1974 }
   1975 
   1976 /*******************************************************************************
   1977 **
   1978 ** Function         gatt_find_app_hold_link
   1979 **
   1980 ** Description      find the applicaiton that is holding the specified link
   1981 **
   1982 ** Returns         Boolean
   1983 **
   1984 *******************************************************************************/
   1985 BOOLEAN gatt_find_app_hold_link(tGATT_TCB *p_tcb, UINT8 start_idx, UINT8 *p_found_idx, tGATT_IF *p_gatt_if)
   1986 {
   1987     UINT8 i;
   1988     BOOLEAN found= FALSE;
   1989 
   1990     for (i = start_idx; i < GATT_MAX_APPS; i ++)
   1991     {
   1992         if (p_tcb->app_hold_link[i])
   1993         {
   1994             *p_gatt_if = gatt_cb.clcb[i].p_reg->gatt_if;
   1995             *p_found_idx = i;
   1996             found = TRUE;
   1997             break;
   1998         }
   1999     }
   2000     return found;
   2001 }
   2002 
   2003 /*******************************************************************************
   2004 **
   2005 ** Function         gatt_cmd_enq
   2006 **
   2007 ** Description      Enqueue this command.
   2008 **
   2009 ** Returns          None.
   2010 **
   2011 *******************************************************************************/
   2012 BOOLEAN gatt_cmd_enq(tGATT_TCB *p_tcb, UINT16 clcb_idx, BOOLEAN to_send, UINT8 op_code, BT_HDR *p_buf)
   2013 {
   2014     tGATT_CMD_Q  *p_cmd = &p_tcb->cl_cmd_q[p_tcb->next_slot_inq];
   2015 
   2016     p_cmd->to_send = to_send; /* waiting to be sent */
   2017     p_cmd->op_code  = op_code;
   2018     p_cmd->p_cmd    = p_buf;
   2019     p_cmd->clcb_idx = clcb_idx;
   2020 
   2021     if (!to_send)
   2022     {
   2023         p_tcb->pending_cl_req = p_tcb->next_slot_inq;
   2024     }
   2025 
   2026     p_tcb->next_slot_inq ++;
   2027     p_tcb->next_slot_inq %= GATT_CL_MAX_LCB;
   2028 
   2029     return TRUE;
   2030 }
   2031 
   2032 /*******************************************************************************
   2033 **
   2034 ** Function         gatt_cmd_dequeue
   2035 **
   2036 ** Description      dequeue the command in the client CCB command queue.
   2037 **
   2038 ** Returns          total number of clcb found.
   2039 **
   2040 *******************************************************************************/
   2041 tGATT_CLCB * gatt_cmd_dequeue(tGATT_TCB *p_tcb, UINT8 *p_op_code)
   2042 {
   2043     tGATT_CMD_Q  *p_cmd = &p_tcb->cl_cmd_q[p_tcb->pending_cl_req];
   2044     tGATT_CLCB *p_clcb = NULL;
   2045 
   2046     if (p_tcb->pending_cl_req != p_tcb->next_slot_inq)
   2047     {
   2048         p_clcb = &gatt_cb.clcb[p_cmd->clcb_idx];
   2049 
   2050         *p_op_code = p_cmd->op_code;
   2051 
   2052         p_tcb->pending_cl_req ++;
   2053         p_tcb->pending_cl_req %= GATT_CL_MAX_LCB;
   2054     }
   2055 
   2056     return p_clcb;
   2057 }
   2058 
   2059 /*******************************************************************************
   2060 **
   2061 ** Function         gatt_send_write_msg
   2062 **
   2063 ** Description      This real function send out the ATT message for write.
   2064 **
   2065 ** Returns          status code
   2066 **
   2067 *******************************************************************************/
   2068 UINT8 gatt_send_write_msg (tGATT_TCB *p_tcb, UINT16 clcb_idx, UINT8 op_code,
   2069                            UINT16 handle, UINT16 len,
   2070                            UINT16 offset, UINT8 *p_data)
   2071 {
   2072     tGATT_CL_MSG     msg;
   2073 
   2074     msg.attr_value.handle = handle;
   2075     msg.attr_value.len = len;
   2076     msg.attr_value.offset = offset;
   2077 
   2078     memcpy (msg.attr_value.value, p_data, len);
   2079 
   2080     /* write by handle */
   2081     return attp_send_cl_msg(p_tcb, clcb_idx, op_code, &msg);
   2082 }
   2083 
   2084 /*******************************************************************************
   2085 **
   2086 ** Function         gatt_act_send_browse
   2087 **
   2088 ** Description      This function ends a browse command request, including read
   2089 **                  information request and read by type request.
   2090 **
   2091 ** Returns          status code
   2092 **
   2093 *******************************************************************************/
   2094 UINT8 gatt_act_send_browse(tGATT_TCB *p_tcb, UINT16 index, UINT8 op, UINT16 s_handle,
   2095                            UINT16 e_handle, tBT_UUID uuid)
   2096 {
   2097     tGATT_CL_MSG     msg;
   2098 
   2099     msg.browse.s_handle = s_handle;
   2100     msg.browse.e_handle   = e_handle;
   2101     memcpy(&msg.browse.uuid, &uuid, sizeof(tBT_UUID));
   2102 
   2103     /* write by handle */
   2104     return attp_send_cl_msg(p_tcb, index, op, &msg);
   2105 }
   2106 
   2107 /*******************************************************************************
   2108 **
   2109 ** Function         gatt_end_operation
   2110 **
   2111 ** Description      This function ends a discovery, send callback and finalize
   2112 **                  some control value.
   2113 **
   2114 ** Returns          16 bits uuid.
   2115 **
   2116 *******************************************************************************/
   2117 void gatt_end_operation(tGATT_CLCB *p_clcb, tGATT_STATUS status, void *p_data)
   2118 {
   2119     tGATT_CL_COMPLETE   cb_data;
   2120     tGATT_CMPL_CBACK    *p_cmpl_cb = (p_clcb->p_reg) ? p_clcb->p_reg->app_cb.p_cmpl_cb : NULL;
   2121     UINT8               op = p_clcb->operation, disc_type=GATT_DISC_MAX;
   2122     tGATT_DISC_CMPL_CB  *p_disc_cmpl_cb = (p_clcb->p_reg) ? p_clcb->p_reg->app_cb.p_disc_cmpl_cb : NULL;
   2123     UINT16              conn_id;
   2124     UINT8               operation;
   2125 
   2126     GATT_TRACE_DEBUG ("gatt_end_operation status=%d op=%d subtype=%d",
   2127                        status, p_clcb->operation, p_clcb->op_subtype);
   2128     memset(&cb_data.att_value, 0, sizeof(tGATT_VALUE));
   2129 
   2130     if (p_cmpl_cb != NULL && p_clcb->operation != 0)
   2131     {
   2132         if (p_clcb->operation == GATTC_OPTYPE_READ)
   2133         {
   2134             cb_data.att_value.handle   = p_clcb->s_handle;
   2135             cb_data.att_value.len      = p_clcb->counter;
   2136 
   2137             if (p_data && p_clcb->counter)
   2138                 memcpy (cb_data.att_value.value, p_data, cb_data.att_value.len);
   2139         }
   2140 
   2141         if (p_clcb->operation == GATTC_OPTYPE_WRITE)
   2142         {
   2143             memset(&cb_data.att_value, 0, sizeof(tGATT_VALUE));
   2144             cb_data.handle           =
   2145             cb_data.att_value.handle = p_clcb->s_handle;
   2146             if (p_clcb->op_subtype == GATT_WRITE_PREPARE)
   2147             {
   2148                 if (p_data)
   2149                 {
   2150                     cb_data.att_value = *((tGATT_VALUE *) p_data);
   2151                 }
   2152                 else
   2153                 {
   2154                     GATT_TRACE_DEBUG("Rcv Prepare write rsp but no data");
   2155                 }
   2156             }
   2157         }
   2158 
   2159         if (p_clcb->operation == GATTC_OPTYPE_CONFIG)
   2160             cb_data.mtu = p_clcb->p_tcb->payload_size;
   2161 
   2162         if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY)
   2163         {
   2164             disc_type = p_clcb->op_subtype;
   2165         }
   2166     }
   2167 
   2168     if (p_clcb->p_attr_buf)
   2169     {
   2170         GKI_freebuf(p_clcb->p_attr_buf);
   2171     }
   2172 
   2173     operation =  p_clcb->operation;
   2174     conn_id = p_clcb->conn_id;
   2175     btu_stop_timer(&p_clcb->rsp_timer_ent);
   2176 
   2177     gatt_clcb_dealloc(p_clcb);
   2178 
   2179     if (p_disc_cmpl_cb && (op == GATTC_OPTYPE_DISCOVERY))
   2180         (*p_disc_cmpl_cb)(conn_id, disc_type, status);
   2181     else if (p_cmpl_cb && op)
   2182         (*p_cmpl_cb)(conn_id, op, status, &cb_data);
   2183     else
   2184         GATT_TRACE_WARNING ("gatt_end_operation not sent out op=%d p_disc_cmpl_cb:%p p_cmpl_cb:%p",
   2185                              operation, p_disc_cmpl_cb, p_cmpl_cb);
   2186 }
   2187 
   2188 /*******************************************************************************
   2189 **
   2190 ** Function         gatt_cleanup_upon_disc
   2191 **
   2192 ** Description      This function cleans up the control blocks when L2CAP channel
   2193 **                  disconnect.
   2194 **
   2195 ** Returns          16 bits uuid.
   2196 **
   2197 *******************************************************************************/
   2198 void gatt_cleanup_upon_disc(BD_ADDR bda, UINT16 reason, tBT_TRANSPORT transport)
   2199 {
   2200     tGATT_TCB       *p_tcb = NULL;
   2201     tGATT_CLCB      *p_clcb;
   2202     UINT8           i;
   2203     UINT16          conn_id;
   2204     tGATT_REG        *p_reg=NULL;
   2205 
   2206 
   2207     GATT_TRACE_DEBUG ("gatt_cleanup_upon_disc ");
   2208 
   2209     if ((p_tcb = gatt_find_tcb_by_addr(bda, transport)) != NULL)
   2210     {
   2211         GATT_TRACE_DEBUG ("found p_tcb ");
   2212         gatt_set_ch_state(p_tcb, GATT_CH_CLOSE);
   2213         for (i = 0; i < GATT_CL_MAX_LCB; i ++)
   2214         {
   2215             p_clcb = &gatt_cb.clcb[i];
   2216             if (p_clcb->in_use && p_clcb->p_tcb == p_tcb)
   2217             {
   2218                 btu_stop_timer(&p_clcb->rsp_timer_ent);
   2219                 GATT_TRACE_DEBUG ("found p_clcb conn_id=%d clcb_idx=%d", p_clcb->conn_id, p_clcb->clcb_idx);
   2220                 if (p_clcb->operation != GATTC_OPTYPE_NONE)
   2221                     gatt_end_operation(p_clcb, GATT_ERROR, NULL);
   2222 
   2223                 gatt_clcb_dealloc(p_clcb);
   2224 
   2225             }
   2226         }
   2227 
   2228         btu_stop_timer (&p_tcb->ind_ack_timer_ent);
   2229         btu_stop_timer (&p_tcb->conf_timer_ent);
   2230         gatt_free_pending_ind(p_tcb);
   2231         gatt_free_pending_enc_queue(p_tcb);
   2232 
   2233         for (i = 0; i < GATT_MAX_APPS; i ++)
   2234         {
   2235             p_reg = &gatt_cb.cl_rcb[i];
   2236             if (p_reg->in_use && p_reg->app_cb.p_conn_cb)
   2237             {
   2238                 conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_reg->gatt_if);
   2239                 GATT_TRACE_DEBUG ("found p_reg tcb_idx=%d gatt_if=%d  conn_id=0x%x", p_tcb->tcb_idx, p_reg->gatt_if, conn_id);
   2240                 (*p_reg->app_cb.p_conn_cb)(p_reg->gatt_if,  bda, conn_id, FALSE, reason, transport);
   2241             }
   2242         }
   2243         memset(p_tcb, 0, sizeof(tGATT_TCB));
   2244 
   2245     }
   2246     GATT_TRACE_DEBUG ("exit gatt_cleanup_upon_disc ");
   2247 }
   2248 /*******************************************************************************
   2249 **
   2250 ** Function         gatt_dbg_req_op_name
   2251 **
   2252 ** Description      Get op code description name, for debug information.
   2253 **
   2254 ** Returns          UINT8 *: name of the operation.
   2255 **
   2256 *******************************************************************************/
   2257 UINT8 * gatt_dbg_op_name(UINT8 op_code)
   2258 {
   2259     UINT8 pseduo_op_code_idx = op_code & (~GATT_WRITE_CMD_MASK);
   2260 
   2261     if (op_code == GATT_CMD_WRITE )
   2262     {
   2263         pseduo_op_code_idx = 0x14; /* just an index to op_code_name */
   2264 
   2265     }
   2266 
   2267     if (op_code == GATT_SIGN_CMD_WRITE)
   2268     {
   2269         pseduo_op_code_idx = 0x15; /* just an index to op_code_name */
   2270     }
   2271 
   2272     if (pseduo_op_code_idx <= GATT_OP_CODE_MAX)
   2273         return(UINT8*) op_code_name[pseduo_op_code_idx];
   2274     else
   2275         return(UINT8 *)"Op Code Exceed Max";
   2276 }
   2277 
   2278 /*******************************************************************************
   2279 **
   2280 ** Function         gatt_dbg_display_uuid
   2281 **
   2282 ** Description      Disaplay the UUID
   2283 **
   2284 ** Returns          None
   2285 **
   2286 *******************************************************************************/
   2287 void gatt_dbg_display_uuid(tBT_UUID bt_uuid)
   2288 {
   2289     char str_buf[50];
   2290     int x = 0;
   2291 
   2292     if (bt_uuid.len == LEN_UUID_16)
   2293     {
   2294         sprintf(str_buf, "0x%04x", bt_uuid.uu.uuid16);
   2295     }
   2296     else if (bt_uuid.len == LEN_UUID_32)
   2297     {
   2298         sprintf(str_buf, "0x%08x", (unsigned int)bt_uuid.uu.uuid32);
   2299     }
   2300     else if (bt_uuid.len == LEN_UUID_128)
   2301     {
   2302         x += sprintf(&str_buf[x], "0x%02x%02x%02x%02x%02x%02x%02x%02x",
   2303                      bt_uuid.uu.uuid128[15], bt_uuid.uu.uuid128[14],
   2304                      bt_uuid.uu.uuid128[13], bt_uuid.uu.uuid128[12],
   2305                      bt_uuid.uu.uuid128[11], bt_uuid.uu.uuid128[10],
   2306                      bt_uuid.uu.uuid128[9], bt_uuid.uu.uuid128[8]);
   2307         sprintf(&str_buf[x], "%02x%02x%02x%02x%02x%02x%02x%02x",
   2308                 bt_uuid.uu.uuid128[7], bt_uuid.uu.uuid128[6],
   2309                 bt_uuid.uu.uuid128[5], bt_uuid.uu.uuid128[4],
   2310                 bt_uuid.uu.uuid128[3], bt_uuid.uu.uuid128[2],
   2311                 bt_uuid.uu.uuid128[1], bt_uuid.uu.uuid128[0]);
   2312     }
   2313     else
   2314         BCM_STRNCPY_S(str_buf, sizeof(str_buf), "Unknown UUID 0", 15);
   2315 
   2316     GATT_TRACE_DEBUG ("UUID=[%s]", str_buf);
   2317 
   2318 }
   2319 
   2320 
   2321 /*******************************************************************************
   2322 **
   2323 ** Function         gatt_is_bg_dev_for_app
   2324 **
   2325 ** Description      find is this one of the background devices for the application
   2326 **
   2327 ** Returns          TRUE this is one of the background devices for the  application
   2328 **
   2329 *******************************************************************************/
   2330 BOOLEAN gatt_is_bg_dev_for_app(tGATT_BG_CONN_DEV *p_dev, tGATT_IF gatt_if)
   2331 {
   2332     UINT8   i;
   2333 
   2334     for (i = 0; i < GATT_MAX_APPS; i ++ )
   2335     {
   2336         if (p_dev->in_use && (p_dev->gatt_if[i] == gatt_if))
   2337         {
   2338             return TRUE;
   2339         }
   2340     }
   2341     return FALSE;
   2342 }
   2343 /*******************************************************************************
   2344 **
   2345 ** Function         gatt_find_bg_dev
   2346 **
   2347 ** Description      find background connection device from the list.
   2348 **
   2349 ** Returns          pointer to the device record
   2350 **
   2351 *******************************************************************************/
   2352 tGATT_BG_CONN_DEV * gatt_find_bg_dev(BD_ADDR remote_bda)
   2353 {
   2354     tGATT_BG_CONN_DEV    *p_dev_list = &gatt_cb.bgconn_dev[0];
   2355     UINT8   i;
   2356 
   2357     for (i = 0; i < GATT_MAX_BG_CONN_DEV; i ++, p_dev_list ++)
   2358     {
   2359         if (p_dev_list->in_use && !memcmp(p_dev_list->remote_bda, remote_bda, BD_ADDR_LEN))
   2360         {
   2361             return p_dev_list;
   2362         }
   2363     }
   2364     return NULL;
   2365 }
   2366 /*******************************************************************************
   2367 **
   2368 ** Function         gatt_alloc_bg_dev
   2369 **
   2370 ** Description      allocate a background connection device record
   2371 **
   2372 ** Returns          pointer to the device record
   2373 **
   2374 *******************************************************************************/
   2375 tGATT_BG_CONN_DEV * gatt_alloc_bg_dev(BD_ADDR remote_bda)
   2376 {
   2377     tGATT_BG_CONN_DEV    *p_dev_list = &gatt_cb.bgconn_dev[0];
   2378     UINT8   i;
   2379 
   2380     for (i = 0; i < GATT_MAX_BG_CONN_DEV; i ++, p_dev_list ++)
   2381     {
   2382         if (!p_dev_list->in_use)
   2383         {
   2384             p_dev_list->in_use = TRUE;
   2385             memcpy(p_dev_list->remote_bda, remote_bda, BD_ADDR_LEN);
   2386 
   2387             return p_dev_list;
   2388         }
   2389     }
   2390     return NULL;
   2391 }
   2392 
   2393 /*******************************************************************************
   2394 **
   2395 ** Function         gatt_add_bg_dev_list
   2396 **
   2397 ** Description      add/remove device from the back ground connection device list
   2398 **
   2399 ** Returns          TRUE if device added to the list; FALSE failed
   2400 **
   2401 *******************************************************************************/
   2402 BOOLEAN gatt_add_bg_dev_list(tGATT_REG *p_reg,  BD_ADDR bd_addr, BOOLEAN is_initator)
   2403 {
   2404     tGATT_IF gatt_if =  p_reg->gatt_if;
   2405     tGATT_BG_CONN_DEV   *p_dev = NULL;
   2406     UINT8       i;
   2407     BOOLEAN      ret = FALSE;
   2408 
   2409     if ((p_dev = gatt_find_bg_dev(bd_addr)) == NULL)
   2410     {
   2411         p_dev = gatt_alloc_bg_dev(bd_addr);
   2412     }
   2413 
   2414     if (p_dev)
   2415     {
   2416         for (i = 0; i < GATT_MAX_APPS; i ++)
   2417         {
   2418             if (is_initator)
   2419             {
   2420                 if (p_dev->gatt_if[i] == gatt_if)
   2421                 {
   2422                     GATT_TRACE_ERROR("device already in iniator white list");
   2423                     return TRUE;
   2424                 }
   2425                 else if (p_dev->gatt_if[i] == 0)
   2426                 {
   2427                     p_dev->gatt_if[i] = gatt_if;
   2428                     if (i == 0)
   2429                         ret = BTM_BleUpdateBgConnDev(TRUE, bd_addr);
   2430                     else
   2431                         ret = TRUE;
   2432                     break;
   2433                 }
   2434             }
   2435             else
   2436             {
   2437                 if (p_dev->listen_gif[i] == gatt_if)
   2438                 {
   2439                     GATT_TRACE_ERROR("device already in adv white list");
   2440                     return TRUE;
   2441                 }
   2442                 else if (p_dev->listen_gif[i] == 0)
   2443                 {
   2444                     if (p_reg->listening == GATT_LISTEN_TO_ALL)
   2445                         p_reg->listening = GATT_LISTEN_TO_NONE;
   2446 
   2447                     p_reg->listening ++;
   2448                     p_dev->listen_gif[i] = gatt_if;
   2449 
   2450                     if (i == 0)
   2451                         ret = BTM_BleUpdateAdvWhitelist(TRUE, bd_addr);
   2452                     else
   2453                         ret = TRUE;
   2454                     break;
   2455                 }
   2456             }
   2457         }
   2458     }
   2459     else
   2460     {
   2461         GATT_TRACE_ERROR("no device record available");
   2462     }
   2463 
   2464     return ret;
   2465 }
   2466 
   2467 /*******************************************************************************
   2468 **
   2469 ** Function         gatt_remove_bg_dev_for_app
   2470 **
   2471 ** Description      Remove the application interface for the specified background device
   2472 **
   2473 ** Returns          Boolean
   2474 **
   2475 *******************************************************************************/
   2476 BOOLEAN gatt_remove_bg_dev_for_app(tGATT_IF gatt_if, BD_ADDR bd_addr)
   2477 {
   2478     tGATT_TCB    *p_tcb = gatt_find_tcb_by_addr(bd_addr, BT_TRANSPORT_LE);
   2479     BOOLEAN       status;
   2480 
   2481     if (p_tcb)
   2482         gatt_update_app_use_link_flag(gatt_if, p_tcb, FALSE, FALSE);
   2483     status = gatt_update_auto_connect_dev(gatt_if, FALSE, bd_addr, TRUE);
   2484     return status;
   2485 }
   2486 
   2487 
   2488 /*******************************************************************************
   2489 **
   2490 ** Function         gatt_get_num_apps_for_bg_dev
   2491 **
   2492 ** Description      Gte the number of applciations for the specified background device
   2493 **
   2494 ** Returns          UINT8 total number fo applications
   2495 **
   2496 *******************************************************************************/
   2497 UINT8 gatt_get_num_apps_for_bg_dev(BD_ADDR bd_addr)
   2498 {
   2499     tGATT_BG_CONN_DEV   *p_dev = NULL;
   2500     UINT8   i;
   2501     UINT8   cnt = 0;
   2502 
   2503     if ((p_dev = gatt_find_bg_dev(bd_addr)) != NULL)
   2504     {
   2505         for (i = 0; i < GATT_MAX_APPS; i ++)
   2506         {
   2507             if (p_dev->gatt_if[i])
   2508                 cnt++;
   2509         }
   2510     }
   2511     return cnt;
   2512 }
   2513 
   2514 /*******************************************************************************
   2515 **
   2516 ** Function         gatt_find_app_for_bg_dev
   2517 **
   2518 ** Description      find the application interface for the specified background device
   2519 **
   2520 ** Returns          Boolean
   2521 **
   2522 *******************************************************************************/
   2523 BOOLEAN gatt_find_app_for_bg_dev(BD_ADDR bd_addr, tGATT_IF *p_gatt_if)
   2524 {
   2525     tGATT_BG_CONN_DEV   *p_dev = NULL;
   2526     UINT8   i;
   2527     BOOLEAN ret = FALSE;
   2528 
   2529     if ((p_dev = gatt_find_bg_dev(bd_addr)) == NULL)
   2530     {
   2531         return ret;
   2532     }
   2533 
   2534     for (i = 0; i < GATT_MAX_APPS; i ++)
   2535     {
   2536         if (p_dev->gatt_if[i] != 0 )
   2537         {
   2538             *p_gatt_if = p_dev->gatt_if[i];
   2539             ret = TRUE;
   2540             break;
   2541         }
   2542     }
   2543     return ret;
   2544 }
   2545 
   2546 
   2547 /*******************************************************************************
   2548 **
   2549 ** Function         gatt_remove_bg_dev_from_list
   2550 **
   2551 ** Description      add/remove device from the back ground connection device list or
   2552 **                  listening to advertising list.
   2553 **
   2554 ** Returns          pointer to the device record
   2555 **
   2556 *******************************************************************************/
   2557 BOOLEAN gatt_remove_bg_dev_from_list(tGATT_REG *p_reg, BD_ADDR bd_addr, BOOLEAN is_initiator)
   2558 {
   2559     tGATT_IF gatt_if = p_reg->gatt_if;
   2560     tGATT_BG_CONN_DEV   *p_dev = NULL;
   2561     UINT8   i, j;
   2562     BOOLEAN ret = FALSE;
   2563 
   2564     if ((p_dev = gatt_find_bg_dev(bd_addr)) == NULL)
   2565     {
   2566         return ret;
   2567     }
   2568 
   2569     for (i = 0; i < GATT_MAX_APPS && (p_dev->gatt_if[i] > 0 || p_dev->listen_gif[i]); i ++)
   2570     {
   2571         if (is_initiator)
   2572         {
   2573             if (p_dev->gatt_if[i] == gatt_if)
   2574             {
   2575                 p_dev->gatt_if[i] = 0;
   2576                 /* move all element behind one forward */
   2577                 for (j = i + 1; j < GATT_MAX_APPS; j ++)
   2578                     p_dev->gatt_if[j - 1] = p_dev->gatt_if[j];
   2579 
   2580                 if (p_dev->gatt_if[0] == 0)
   2581                     ret = BTM_BleUpdateBgConnDev(FALSE, p_dev->remote_bda);
   2582                 else
   2583                     ret = TRUE;
   2584 
   2585                 break;
   2586             }
   2587         }
   2588         else
   2589         {
   2590             if (p_dev->listen_gif[i] == gatt_if)
   2591             {
   2592                 p_dev->listen_gif[i] = 0;
   2593                 p_reg->listening --;
   2594                 /* move all element behind one forward */
   2595                 for (j = i + 1; j < GATT_MAX_APPS; j ++)
   2596                     p_dev->listen_gif[j - 1] = p_dev->listen_gif[j];
   2597 
   2598                 if (p_dev->listen_gif[0] == 0)
   2599                     ret = BTM_BleUpdateAdvWhitelist(FALSE, p_dev->remote_bda);
   2600                 else
   2601                     ret = TRUE;
   2602                 break;
   2603             }
   2604         }
   2605     }
   2606 
   2607     if (i != GATT_MAX_APPS && p_dev->gatt_if[0] == 0 && p_dev->listen_gif[0] == 0)
   2608     {
   2609         memset(p_dev, 0, sizeof(tGATT_BG_CONN_DEV));
   2610     }
   2611 
   2612     return ret;
   2613 }
   2614 /*******************************************************************************
   2615 **
   2616 ** Function         gatt_deregister_bgdev_list
   2617 **
   2618 ** Description      deregister all related back ground connetion device.
   2619 **
   2620 ** Returns          pointer to the device record
   2621 **
   2622 *******************************************************************************/
   2623 void gatt_deregister_bgdev_list(tGATT_IF gatt_if)
   2624 {
   2625     tGATT_BG_CONN_DEV    *p_dev_list = &gatt_cb.bgconn_dev[0];
   2626     UINT8 i , j, k;
   2627     tGATT_REG       *p_reg = gatt_get_regcb(gatt_if);
   2628 
   2629     /* update the BG conn device list */
   2630     for (i = 0 ; i <GATT_MAX_BG_CONN_DEV; i ++, p_dev_list ++ )
   2631     {
   2632         if (p_dev_list->in_use)
   2633         {
   2634             for (j = 0; j < GATT_MAX_APPS; j ++)
   2635             {
   2636                 if (p_dev_list->gatt_if[j] == 0 && p_dev_list->listen_gif[j] == 0)
   2637                     break;
   2638 
   2639                 if (p_dev_list->gatt_if[j] == gatt_if)
   2640                 {
   2641                     for (k = j + 1; k < GATT_MAX_APPS; k ++)
   2642                         p_dev_list->gatt_if[k - 1] = p_dev_list->gatt_if[k];
   2643 
   2644                     if (p_dev_list->gatt_if[0] == 0)
   2645                         BTM_BleUpdateBgConnDev(FALSE, p_dev_list->remote_bda);
   2646                 }
   2647 
   2648                 if (p_dev_list->listen_gif[j] == gatt_if)
   2649                 {
   2650                     p_dev_list->listen_gif[j] = 0;
   2651 
   2652                     if (p_reg != NULL && p_reg->listening > 0)
   2653                         p_reg->listening --;
   2654 
   2655                     /* move all element behind one forward */
   2656                     for (k = j + 1; k < GATT_MAX_APPS; k ++)
   2657                         p_dev_list->listen_gif[k - 1] = p_dev_list->listen_gif[k];
   2658 
   2659                     if (p_dev_list->listen_gif[0] == 0)
   2660                         BTM_BleUpdateAdvWhitelist(FALSE, p_dev_list->remote_bda);
   2661                 }
   2662             }
   2663         }
   2664     }
   2665 }
   2666 
   2667 
   2668 /*******************************************************************************
   2669 **
   2670 ** Function         gatt_reset_bgdev_list
   2671 **
   2672 ** Description      reset bg device list
   2673 **
   2674 ** Returns          pointer to the device record
   2675 **
   2676 *******************************************************************************/
   2677 void gatt_reset_bgdev_list(void)
   2678 {
   2679     memset(&gatt_cb.bgconn_dev, 0 , sizeof(tGATT_BG_CONN_DEV)*GATT_MAX_BG_CONN_DEV);
   2680 
   2681 }
   2682 /*******************************************************************************
   2683 **
   2684 ** Function         gatt_update_auto_connect_dev
   2685 **
   2686 ** Description      This function add or remove a device for background connection
   2687 **                  procedure.
   2688 **
   2689 ** Parameters       gatt_if: Application ID.
   2690 **                  add: add peer device
   2691 **                  bd_addr: peer device address.
   2692 **
   2693 ** Returns          TRUE if connection started; FALSE if connection start failure.
   2694 **
   2695 *******************************************************************************/
   2696 BOOLEAN gatt_update_auto_connect_dev (tGATT_IF gatt_if, BOOLEAN add, BD_ADDR bd_addr, BOOLEAN is_initator)
   2697 {
   2698     BOOLEAN         ret = FALSE;
   2699     tGATT_REG        *p_reg;
   2700     tGATT_TCB       *p_tcb = gatt_find_tcb_by_addr(bd_addr, BT_TRANSPORT_LE);
   2701 
   2702     GATT_TRACE_API ("gatt_update_auto_connect_dev ");
   2703     /* Make sure app is registered */
   2704     if ((p_reg = gatt_get_regcb(gatt_if)) == NULL)
   2705     {
   2706         GATT_TRACE_ERROR("gatt_update_auto_connect_dev - gatt_if is not registered", gatt_if);
   2707         return(FALSE);
   2708     }
   2709 
   2710     if (add)
   2711     {
   2712         ret = gatt_add_bg_dev_list(p_reg, bd_addr, is_initator);
   2713 
   2714         if (ret && p_tcb != NULL)
   2715         {
   2716             /* if a connected device, update the link holding number */
   2717             gatt_update_app_use_link_flag(gatt_if, p_tcb, TRUE, TRUE);
   2718         }
   2719     }
   2720     else
   2721     {
   2722         ret = gatt_remove_bg_dev_from_list(p_reg, bd_addr, is_initator);
   2723     }
   2724     return ret;
   2725 }
   2726 
   2727 
   2728 
   2729 /*******************************************************************************
   2730 **
   2731 ** Function     gatt_add_pending_new_srv_start
   2732 **
   2733 ** Description  Add a pending new srv start to the new service start queue
   2734 **
   2735 ** Returns    Pointer to the new service start buffer, NULL no buffer available
   2736 **
   2737 *******************************************************************************/
   2738 tGATT_PENDING_ENC_CLCB* gatt_add_pending_enc_channel_clcb(tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb )
   2739 {
   2740     tGATT_PENDING_ENC_CLCB   *p_buf;
   2741 
   2742     GATT_TRACE_DEBUG ("gatt_add_pending_new_srv_start");
   2743     if ((p_buf = (tGATT_PENDING_ENC_CLCB *)GKI_getbuf((UINT16)sizeof(tGATT_PENDING_ENC_CLCB))) != NULL)
   2744     {
   2745         GATT_TRACE_DEBUG ("enqueue a new pending encryption channel clcb");
   2746         p_buf->p_clcb = p_clcb;
   2747         GKI_enqueue (&p_tcb->pending_enc_clcb, p_buf);
   2748     }
   2749     return p_buf;
   2750 }
   2751 /*******************************************************************************
   2752 **
   2753 ** Function     gatt_update_listen_mode
   2754 **
   2755 ** Description  update peripheral role listening mode
   2756 **
   2757 ** Returns    Pointer to the new service start buffer, NULL no buffer available
   2758 **
   2759 *******************************************************************************/
   2760 BOOLEAN gatt_update_listen_mode(void)
   2761 {
   2762     UINT8           ii = 0;
   2763     tGATT_REG       *p_reg = &gatt_cb.cl_rcb[0];
   2764     UINT8           listening = 0;
   2765     UINT16          connectability, window, interval;
   2766     BOOLEAN         rt = TRUE;
   2767 
   2768     for (; ii < GATT_MAX_APPS; ii ++, p_reg ++)
   2769     {
   2770         if ( p_reg->in_use && p_reg->listening > listening)
   2771         {
   2772             listening = p_reg->listening;
   2773         }
   2774     }
   2775 
   2776     if (listening == GATT_LISTEN_TO_ALL ||
   2777         listening == GATT_LISTEN_TO_NONE)
   2778         BTM_BleUpdateAdvFilterPolicy (AP_SCAN_CONN_ALL);
   2779     else
   2780         BTM_BleUpdateAdvFilterPolicy (AP_SCAN_CONN_WL);
   2781 
   2782     if (rt)
   2783     {
   2784         connectability = BTM_ReadConnectability (&window, &interval);
   2785 
   2786         if (listening != GATT_LISTEN_TO_NONE)
   2787         {
   2788             connectability |= BTM_BLE_CONNECTABLE;
   2789         }
   2790         else
   2791         {
   2792             if ((connectability & BTM_BLE_CONNECTABLE) == 0)
   2793             connectability &= ~BTM_BLE_CONNECTABLE;
   2794         }
   2795         /* turning on the adv now */
   2796         btm_ble_set_connectability(connectability);
   2797     }
   2798 
   2799     return rt;
   2800 
   2801 }
   2802 #endif
   2803 
   2804 
   2805