1 /****************************************************************************** 2 * 3 * Copyright (C) 2003-2016 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /****************************************************************************** 20 * 21 * Interface to AVRCP mandatory commands 22 * 23 ******************************************************************************/ 24 #include <base/logging.h> 25 #include <string.h> 26 27 #include "avrc_api.h" 28 #include "avrc_int.h" 29 #include "bt_common.h" 30 #include "btu.h" 31 #include "osi/include/fixed_queue.h" 32 #include "osi/include/osi.h" 33 34 /***************************************************************************** 35 * Global data 36 ****************************************************************************/ 37 extern fixed_queue_t* btu_general_alarm_queue; 38 39 #define AVRC_MAX_RCV_CTRL_EVT AVCT_BROWSE_UNCONG_IND_EVT 40 41 #ifndef MAX 42 #define MAX(a, b) ((a) > (b) ? (a) : (b)) 43 #endif 44 45 static const uint8_t avrc_ctrl_event_map[] = { 46 AVRC_OPEN_IND_EVT, /* AVCT_CONNECT_CFM_EVT */ 47 AVRC_OPEN_IND_EVT, /* AVCT_CONNECT_IND_EVT */ 48 AVRC_CLOSE_IND_EVT, /* AVCT_DISCONNECT_CFM_EVT */ 49 AVRC_CLOSE_IND_EVT, /* AVCT_DISCONNECT_IND_EVT */ 50 AVRC_CONG_IND_EVT, /* AVCT_CONG_IND_EVT */ 51 AVRC_UNCONG_IND_EVT, /* AVCT_UNCONG_IND_EVT */ 52 AVRC_BROWSE_OPEN_IND_EVT, /* AVCT_BROWSE_CONN_CFM_EVT */ 53 AVRC_BROWSE_OPEN_IND_EVT, /* AVCT_BROWSE_CONN_IND_EVT */ 54 AVRC_BROWSE_CLOSE_IND_EVT, /* AVCT_BROWSE_DISCONN_CFM_EVT */ 55 AVRC_BROWSE_CLOSE_IND_EVT, /* AVCT_BROWSE_DISCONN_IND_EVT */ 56 AVRC_BROWSE_CONG_IND_EVT, /* AVCT_BROWSE_CONG_IND_EVT */ 57 AVRC_BROWSE_UNCONG_IND_EVT /* AVCT_BROWSE_UNCONG_IND_EVT */ 58 }; 59 60 /* use this unused opcode to indication no need to call the callback function */ 61 #define AVRC_OP_DROP 0xFE 62 /* use this unused opcode to indication no need to call the callback function & 63 * free buffer */ 64 #define AVRC_OP_DROP_N_FREE 0xFD 65 66 #define AVRC_OP_UNIT_INFO_RSP_LEN 8 67 #define AVRC_OP_SUB_UNIT_INFO_RSP_LEN 8 68 #define AVRC_OP_REJ_MSG_LEN 11 69 70 /* Flags definitions for AVRC_MsgReq */ 71 #define AVRC_MSG_MASK_IS_VENDOR_CMD 0x01 72 #define AVRC_MSG_MASK_IS_CONTINUATION_RSP 0x02 73 74 /****************************************************************************** 75 * 76 * Function avrc_ctrl_cback 77 * 78 * Description This is the callback function used by AVCTP to report 79 * received link events. 80 * 81 * Returns Nothing. 82 * 83 *****************************************************************************/ 84 static void avrc_ctrl_cback(uint8_t handle, uint8_t event, uint16_t result, 85 BD_ADDR peer_addr) { 86 uint8_t avrc_event; 87 88 if (event <= AVRC_MAX_RCV_CTRL_EVT && avrc_cb.ccb[handle].p_ctrl_cback) { 89 avrc_event = avrc_ctrl_event_map[event]; 90 if (event == AVCT_CONNECT_CFM_EVT) { 91 if (result != 0) /* failed */ 92 avrc_event = AVRC_CLOSE_IND_EVT; 93 } 94 (*avrc_cb.ccb[handle].p_ctrl_cback)(handle, avrc_event, result, peer_addr); 95 } 96 97 if ((event == AVCT_DISCONNECT_CFM_EVT) || 98 (event == AVCT_DISCONNECT_IND_EVT)) { 99 avrc_flush_cmd_q(handle); 100 alarm_free(avrc_cb.ccb_int[handle].tle); 101 avrc_cb.ccb_int[handle].tle = NULL; 102 } 103 } 104 105 /****************************************************************************** 106 * 107 * Function avrc_flush_cmd_q 108 * 109 * Description Flush command queue for the specified avrc handle 110 * 111 * Returns Nothing. 112 * 113 *****************************************************************************/ 114 void avrc_flush_cmd_q(uint8_t handle) { 115 AVRC_TRACE_DEBUG("AVRC: Flushing command queue for handle=0x%02x", handle); 116 avrc_cb.ccb_int[handle].flags &= ~AVRC_CB_FLAGS_RSP_PENDING; 117 118 alarm_cancel(avrc_cb.ccb_int[handle].tle); 119 fixed_queue_free(avrc_cb.ccb_int[handle].cmd_q, osi_free); 120 avrc_cb.ccb_int[handle].cmd_q = NULL; 121 } 122 123 /****************************************************************************** 124 * 125 * Function avrc_process_timeout 126 * 127 * Description Handle avrc command timeout 128 * 129 * Returns Nothing. 130 * 131 *****************************************************************************/ 132 void avrc_process_timeout(void* data) { 133 tAVRC_PARAM* param = (tAVRC_PARAM*)data; 134 135 AVRC_TRACE_DEBUG("AVRC: command timeout (handle=0x%02x, label=0x%02x)", 136 param->handle, param->label); 137 138 /* Notify app */ 139 if (avrc_cb.ccb[param->handle].p_ctrl_cback) { 140 (*avrc_cb.ccb[param->handle].p_ctrl_cback)( 141 param->handle, AVRC_CMD_TIMEOUT_EVT, param->label, NULL); 142 } 143 144 /* If vendor command timed-out, then send next command in the queue */ 145 if (param->msg_mask & AVRC_MSG_MASK_IS_VENDOR_CMD) { 146 avrc_send_next_vendor_cmd(param->handle); 147 } 148 osi_free(param); 149 } 150 151 /****************************************************************************** 152 * 153 * Function avrc_send_next_vendor_cmd 154 * 155 * Description Dequeue and send next vendor command for given handle 156 * 157 * Returns Nothing. 158 * 159 *****************************************************************************/ 160 void avrc_send_next_vendor_cmd(uint8_t handle) { 161 BT_HDR* p_next_cmd; 162 uint8_t next_label; 163 164 while ((p_next_cmd = (BT_HDR*)fixed_queue_try_dequeue( 165 avrc_cb.ccb_int[handle].cmd_q)) != NULL) { 166 p_next_cmd->event &= 0xFF; /* opcode */ 167 next_label = (p_next_cmd->layer_specific) >> 8; /* extract label */ 168 p_next_cmd->layer_specific &= 0xFF; /* AVCT_DATA_CTRL or AVCT_DATA_BROWSE */ 169 170 AVRC_TRACE_DEBUG( 171 "AVRC: Dequeuing command 0x%08x (handle=0x%02x, label=0x%02x)", 172 p_next_cmd, handle, next_label); 173 174 /* Send the message */ 175 if ((AVCT_MsgReq(handle, next_label, AVCT_CMD, p_next_cmd)) == 176 AVCT_SUCCESS) { 177 /* Start command timer to wait for response */ 178 avrc_start_cmd_timer(handle, next_label, AVRC_MSG_MASK_IS_VENDOR_CMD); 179 return; 180 } 181 } 182 183 if (p_next_cmd == NULL) { 184 /* cmd queue empty */ 185 avrc_cb.ccb_int[handle].flags &= ~AVRC_CB_FLAGS_RSP_PENDING; 186 } 187 } 188 189 /****************************************************************************** 190 * 191 * Function avrc_start_cmd_timer 192 * 193 * Description Start timer for waiting for responses 194 * 195 * Returns Nothing. 196 * 197 *****************************************************************************/ 198 void avrc_start_cmd_timer(uint8_t handle, uint8_t label, uint8_t msg_mask) { 199 tAVRC_PARAM* param = 200 static_cast<tAVRC_PARAM*>(osi_malloc(sizeof(tAVRC_PARAM))); 201 param->handle = handle; 202 param->label = label; 203 param->msg_mask = msg_mask; 204 205 AVRC_TRACE_DEBUG("AVRC: starting timer (handle=0x%02x, label=0x%02x)", handle, 206 label); 207 208 alarm_set_on_queue(avrc_cb.ccb_int[handle].tle, AVRC_CMD_TOUT_MS, 209 avrc_process_timeout, param, btu_general_alarm_queue); 210 } 211 212 /****************************************************************************** 213 * 214 * Function avrc_get_data_ptr 215 * 216 * Description Gets a pointer to the data payload in the packet. 217 * 218 * Returns A pointer to the data payload. 219 * 220 *****************************************************************************/ 221 static uint8_t* avrc_get_data_ptr(BT_HDR* p_pkt) { 222 return (uint8_t*)(p_pkt + 1) + p_pkt->offset; 223 } 224 225 /****************************************************************************** 226 * 227 * Function avrc_copy_packet 228 * 229 * Description Copies an AVRC packet to a new buffer. In the new buffer, 230 * the payload offset is at least AVCT_MSG_OFFSET octets. 231 * 232 * Returns The buffer with the copied data. 233 * 234 *****************************************************************************/ 235 static BT_HDR* avrc_copy_packet(BT_HDR* p_pkt, int rsp_pkt_len) { 236 const int offset = MAX(AVCT_MSG_OFFSET, p_pkt->offset); 237 const int pkt_len = MAX(rsp_pkt_len, p_pkt->len); 238 BT_HDR* p_pkt_copy = (BT_HDR*)osi_malloc(BT_HDR_SIZE + offset + pkt_len); 239 240 /* Copy the packet header, set the new offset, and copy the payload */ 241 memcpy(p_pkt_copy, p_pkt, BT_HDR_SIZE); 242 p_pkt_copy->offset = offset; 243 uint8_t* p_data = avrc_get_data_ptr(p_pkt); 244 uint8_t* p_data_copy = avrc_get_data_ptr(p_pkt_copy); 245 memcpy(p_data_copy, p_data, p_pkt->len); 246 247 return p_pkt_copy; 248 } 249 250 #if (AVRC_METADATA_INCLUDED == TRUE) 251 /****************************************************************************** 252 * 253 * Function avrc_prep_end_frag 254 * 255 * Description This function prepares an end response fragment 256 * 257 * Returns Nothing. 258 * 259 *****************************************************************************/ 260 static void avrc_prep_end_frag(uint8_t handle) { 261 tAVRC_FRAG_CB* p_fcb; 262 BT_HDR* p_pkt_new; 263 uint8_t *p_data, *p_orig_data; 264 uint8_t rsp_type; 265 266 AVRC_TRACE_DEBUG("%s", __func__); 267 p_fcb = &avrc_cb.fcb[handle]; 268 269 /* The response type of the end fragment should be the same as the the PDU of 270 *"End Fragment 271 ** Response" Errata: 272 *https://www.bluetooth.org/errata/errata_view.cfm?errata_id=4383 273 */ 274 p_orig_data = ((uint8_t*)(p_fcb->p_fmsg + 1) + p_fcb->p_fmsg->offset); 275 rsp_type = ((*p_orig_data) & AVRC_CTYPE_MASK); 276 277 p_pkt_new = p_fcb->p_fmsg; 278 p_pkt_new->len -= 279 (AVRC_MAX_CTRL_DATA_LEN - AVRC_VENDOR_HDR_SIZE - AVRC_MIN_META_HDR_SIZE); 280 p_pkt_new->offset += 281 (AVRC_MAX_CTRL_DATA_LEN - AVRC_VENDOR_HDR_SIZE - AVRC_MIN_META_HDR_SIZE); 282 p_data = (uint8_t*)(p_pkt_new + 1) + p_pkt_new->offset; 283 *p_data++ = rsp_type; 284 *p_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT); 285 *p_data++ = AVRC_OP_VENDOR; 286 AVRC_CO_ID_TO_BE_STREAM(p_data, AVRC_CO_METADATA); 287 *p_data++ = p_fcb->frag_pdu; 288 *p_data++ = AVRC_PKT_END; 289 290 /* 4=pdu, pkt_type & len */ 291 UINT16_TO_BE_STREAM( 292 p_data, (p_pkt_new->len - AVRC_VENDOR_HDR_SIZE - AVRC_MIN_META_HDR_SIZE)); 293 } 294 295 /****************************************************************************** 296 * 297 * Function avrc_send_continue_frag 298 * 299 * Description This function sends a continue response fragment 300 * 301 * Returns AVRC_SUCCESS if successful. 302 * AVRC_BAD_HANDLE if handle is invalid. 303 * 304 *****************************************************************************/ 305 static uint16_t avrc_send_continue_frag(uint8_t handle, uint8_t label) { 306 tAVRC_FRAG_CB* p_fcb; 307 BT_HDR *p_pkt_old, *p_pkt; 308 uint8_t *p_old, *p_data; 309 uint8_t cr = AVCT_RSP; 310 311 p_fcb = &avrc_cb.fcb[handle]; 312 p_pkt = p_fcb->p_fmsg; 313 314 AVRC_TRACE_DEBUG("%s handle = %u label = %u len = %d", __func__, handle, 315 label, p_pkt->len); 316 if (p_pkt->len > AVRC_MAX_CTRL_DATA_LEN) { 317 int offset_len = MAX(AVCT_MSG_OFFSET, p_pkt->offset); 318 p_pkt_old = p_fcb->p_fmsg; 319 p_pkt = (BT_HDR*)osi_malloc(AVRC_PACKET_LEN + offset_len + BT_HDR_SIZE); 320 p_pkt->len = AVRC_MAX_CTRL_DATA_LEN; 321 p_pkt->offset = AVCT_MSG_OFFSET; 322 p_pkt->layer_specific = p_pkt_old->layer_specific; 323 p_pkt->event = p_pkt_old->event; 324 p_old = (uint8_t*)(p_pkt_old + 1) + p_pkt_old->offset; 325 p_data = (uint8_t*)(p_pkt + 1) + p_pkt->offset; 326 memcpy(p_data, p_old, AVRC_MAX_CTRL_DATA_LEN); 327 /* use AVRC continue packet type */ 328 p_data += AVRC_VENDOR_HDR_SIZE; 329 p_data++; /* pdu */ 330 *p_data++ = AVRC_PKT_CONTINUE; 331 /* 4=pdu, pkt_type & len */ 332 UINT16_TO_BE_STREAM(p_data, 333 (AVRC_MAX_CTRL_DATA_LEN - AVRC_VENDOR_HDR_SIZE - 4)); 334 335 /* prepare the left over for as an end fragment */ 336 avrc_prep_end_frag(handle); 337 } else { 338 /* end fragment. clean the control block */ 339 p_fcb->frag_enabled = false; 340 p_fcb->p_fmsg = NULL; 341 } 342 return AVCT_MsgReq(handle, label, cr, p_pkt); 343 } 344 345 /****************************************************************************** 346 * 347 * Function avrc_proc_vendor_command 348 * 349 * Description This function processes received vendor command. 350 * 351 * Returns if not NULL, the response to send right away. 352 * 353 *****************************************************************************/ 354 static BT_HDR* avrc_proc_vendor_command(uint8_t handle, uint8_t label, 355 BT_HDR* p_pkt, 356 tAVRC_MSG_VENDOR* p_msg) { 357 BT_HDR* p_rsp = NULL; 358 uint8_t* p_data; 359 uint8_t* p_begin; 360 uint8_t pkt_type; 361 bool abort_frag = false; 362 tAVRC_STS status = AVRC_STS_NO_ERROR; 363 tAVRC_FRAG_CB* p_fcb; 364 365 p_begin = (uint8_t*)(p_pkt + 1) + p_pkt->offset; 366 p_data = p_begin + AVRC_VENDOR_HDR_SIZE; 367 pkt_type = *(p_data + 1) & AVRC_PKT_TYPE_MASK; 368 369 if (pkt_type != AVRC_PKT_SINGLE) { 370 /* reject - commands can only be in single packets at AVRCP level */ 371 AVRC_TRACE_ERROR("commands must be in single packet pdu:0x%x", *p_data); 372 /* use the current GKI buffer to send the reject */ 373 status = AVRC_STS_BAD_CMD; 374 } 375 /* check if there are fragments waiting to be sent */ 376 else if (avrc_cb.fcb[handle].frag_enabled) { 377 p_fcb = &avrc_cb.fcb[handle]; 378 if (p_msg->company_id == AVRC_CO_METADATA) { 379 switch (*p_data) { 380 case AVRC_PDU_ABORT_CONTINUATION_RSP: 381 /* aborted by CT - send accept response */ 382 abort_frag = true; 383 p_begin = (uint8_t*)(p_pkt + 1) + p_pkt->offset; 384 *p_begin = (AVRC_RSP_ACCEPT & AVRC_CTYPE_MASK); 385 if (*(p_data + 4) != p_fcb->frag_pdu) { 386 *p_begin = (AVRC_RSP_REJ & AVRC_CTYPE_MASK); 387 *(p_data + 4) = AVRC_STS_BAD_PARAM; 388 } else { 389 p_data = (p_begin + AVRC_VENDOR_HDR_SIZE + 2); 390 UINT16_TO_BE_STREAM(p_data, 0); 391 p_pkt->len = (p_data - p_begin); 392 } 393 AVCT_MsgReq(handle, label, AVCT_RSP, p_pkt); 394 p_msg->hdr.opcode = 395 AVRC_OP_DROP; /* used the p_pkt to send response */ 396 break; 397 398 case AVRC_PDU_REQUEST_CONTINUATION_RSP: 399 if (*(p_data + 4) == p_fcb->frag_pdu) { 400 avrc_send_continue_frag(handle, label); 401 p_msg->hdr.opcode = AVRC_OP_DROP_N_FREE; 402 } else { 403 /* the pdu id does not match - reject the command using the current 404 * GKI buffer */ 405 AVRC_TRACE_ERROR( 406 "%s continue pdu: 0x%x does not match the current pdu: 0x%x", 407 __func__, *(p_data + 4), p_fcb->frag_pdu); 408 status = AVRC_STS_BAD_PARAM; 409 abort_frag = true; 410 } 411 break; 412 413 default: 414 /* implicit abort */ 415 abort_frag = true; 416 } 417 } else { 418 abort_frag = true; 419 /* implicit abort */ 420 } 421 422 if (abort_frag) { 423 osi_free_and_reset((void**)&p_fcb->p_fmsg); 424 p_fcb->frag_enabled = false; 425 } 426 } 427 428 if (status != AVRC_STS_NO_ERROR) { 429 /* use the current GKI buffer to build/send the reject message */ 430 p_data = (uint8_t*)(p_pkt + 1) + p_pkt->offset; 431 *p_data++ = AVRC_RSP_REJ; 432 p_data += AVRC_VENDOR_HDR_SIZE; /* pdu */ 433 *p_data++ = 0; /* pkt_type */ 434 UINT16_TO_BE_STREAM(p_data, 1); /* len */ 435 *p_data++ = status; /* error code */ 436 p_pkt->len = AVRC_VENDOR_HDR_SIZE + 5; 437 p_rsp = p_pkt; 438 } 439 440 return p_rsp; 441 } 442 443 /****************************************************************************** 444 * 445 * Function avrc_proc_far_msg 446 * 447 * Description This function processes metadata fragmenation 448 * and reassembly 449 * 450 * Returns 0, to report the message with msg_cback . 451 * 452 *****************************************************************************/ 453 static uint8_t avrc_proc_far_msg(uint8_t handle, uint8_t label, uint8_t cr, 454 BT_HDR** pp_pkt, tAVRC_MSG_VENDOR* p_msg) { 455 BT_HDR* p_pkt = *pp_pkt; 456 uint8_t* p_data; 457 uint8_t drop_code = 0; 458 bool buf_overflow = false; 459 BT_HDR* p_rsp = NULL; 460 BT_HDR* p_cmd = NULL; 461 bool req_continue = false; 462 BT_HDR* p_pkt_new = NULL; 463 uint8_t pkt_type; 464 tAVRC_RASM_CB* p_rcb; 465 tAVRC_NEXT_CMD avrc_cmd; 466 tAVRC_STS status; 467 468 p_data = (uint8_t*)(p_pkt + 1) + p_pkt->offset; 469 470 /* Skip over vendor header (ctype, subunit*, opcode, CO_ID) */ 471 p_data += AVRC_VENDOR_HDR_SIZE; 472 473 pkt_type = *(p_data + 1) & AVRC_PKT_TYPE_MASK; 474 AVRC_TRACE_DEBUG("pkt_type %d", pkt_type); 475 p_rcb = &avrc_cb.rcb[handle]; 476 477 /* check if the message needs to be re-assembled */ 478 if (pkt_type == AVRC_PKT_SINGLE || pkt_type == AVRC_PKT_START) { 479 /* previous fragments need to be dropped, when received another new message 480 */ 481 p_rcb->rasm_offset = 0; 482 osi_free_and_reset((void**)&p_rcb->p_rmsg); 483 } 484 485 if (pkt_type != AVRC_PKT_SINGLE && cr == AVCT_RSP) { 486 /* not a single response packet - need to re-assemble metadata messages */ 487 if (pkt_type == AVRC_PKT_START) { 488 /* Allocate buffer for re-assembly */ 489 p_rcb->rasm_pdu = *p_data; 490 p_rcb->p_rmsg = (BT_HDR*)osi_malloc(BT_DEFAULT_BUFFER_SIZE); 491 /* Copy START packet to buffer for re-assembling fragments */ 492 memcpy(p_rcb->p_rmsg, p_pkt, sizeof(BT_HDR)); /* Copy bt hdr */ 493 494 /* Copy metadata message */ 495 memcpy((uint8_t*)(p_rcb->p_rmsg + 1), 496 (uint8_t*)(p_pkt + 1) + p_pkt->offset, p_pkt->len); 497 498 /* offset of start of metadata response in reassembly buffer */ 499 p_rcb->p_rmsg->offset = p_rcb->rasm_offset = 0; 500 501 /* 502 * Free original START packet, replace with pointer to 503 * reassembly buffer. 504 */ 505 osi_free(p_pkt); 506 *pp_pkt = p_rcb->p_rmsg; 507 508 /* 509 * Set offset to point to where to copy next - use the same 510 * reassembly logic as AVCT. 511 */ 512 p_rcb->p_rmsg->offset += p_rcb->p_rmsg->len; 513 req_continue = true; 514 } else if (p_rcb->p_rmsg == NULL) { 515 /* Received a CONTINUE/END, but no corresponding START 516 (or previous fragmented response was dropped) */ 517 AVRC_TRACE_DEBUG( 518 "Received a CONTINUE/END without no corresponding START \ 519 (or previous fragmented response was dropped)"); 520 drop_code = 5; 521 osi_free(p_pkt); 522 *pp_pkt = NULL; 523 } else { 524 /* get size of buffer holding assembled message */ 525 /* 526 * NOTE: The buffer is allocated above at the beginning of the 527 * reassembly, and is always of size BT_DEFAULT_BUFFER_SIZE. 528 */ 529 uint16_t buf_len = BT_DEFAULT_BUFFER_SIZE - sizeof(BT_HDR); 530 /* adjust offset and len of fragment for header byte */ 531 p_pkt->offset += (AVRC_VENDOR_HDR_SIZE + AVRC_MIN_META_HDR_SIZE); 532 p_pkt->len -= (AVRC_VENDOR_HDR_SIZE + AVRC_MIN_META_HDR_SIZE); 533 /* verify length */ 534 if ((p_rcb->p_rmsg->offset + p_pkt->len) > buf_len) { 535 AVRC_TRACE_WARNING( 536 "Fragmented message too big! - report the partial message"); 537 p_pkt->len = buf_len - p_rcb->p_rmsg->offset; 538 pkt_type = AVRC_PKT_END; 539 buf_overflow = true; 540 } 541 542 /* copy contents of p_pkt to p_rx_msg */ 543 memcpy((uint8_t*)(p_rcb->p_rmsg + 1) + p_rcb->p_rmsg->offset, 544 (uint8_t*)(p_pkt + 1) + p_pkt->offset, p_pkt->len); 545 546 if (pkt_type == AVRC_PKT_END) { 547 p_rcb->p_rmsg->offset = p_rcb->rasm_offset; 548 p_rcb->p_rmsg->len += p_pkt->len; 549 p_pkt_new = p_rcb->p_rmsg; 550 p_rcb->rasm_offset = 0; 551 p_rcb->p_rmsg = NULL; 552 p_msg->p_vendor_data = (uint8_t*)(p_pkt_new + 1) + p_pkt_new->offset; 553 p_msg->hdr.ctype = p_msg->p_vendor_data[0] & AVRC_CTYPE_MASK; 554 /* 6 = ctype, subunit*, opcode & CO_ID */ 555 p_msg->p_vendor_data += AVRC_VENDOR_HDR_SIZE; 556 p_msg->vendor_len = p_pkt_new->len - AVRC_VENDOR_HDR_SIZE; 557 p_data = p_msg->p_vendor_data + 1; /* skip pdu */ 558 *p_data++ = AVRC_PKT_SINGLE; 559 UINT16_TO_BE_STREAM(p_data, 560 (p_msg->vendor_len - AVRC_MIN_META_HDR_SIZE)); 561 AVRC_TRACE_DEBUG("end frag:%d, total len:%d, offset:%d", p_pkt->len, 562 p_pkt_new->len, p_pkt_new->offset); 563 } else { 564 p_rcb->p_rmsg->offset += p_pkt->len; 565 p_rcb->p_rmsg->len += p_pkt->len; 566 p_pkt_new = NULL; 567 req_continue = true; 568 } 569 osi_free(p_pkt); 570 *pp_pkt = p_pkt_new; 571 } 572 } 573 574 if (cr == AVCT_CMD) { 575 p_rsp = avrc_proc_vendor_command(handle, label, *pp_pkt, p_msg); 576 if (p_rsp) { 577 AVCT_MsgReq(handle, label, AVCT_RSP, p_rsp); 578 drop_code = 3; 579 } else if (p_msg->hdr.opcode == AVRC_OP_DROP) { 580 drop_code = 1; 581 } else if (p_msg->hdr.opcode == AVRC_OP_DROP_N_FREE) 582 drop_code = 4; 583 584 } else if (cr == AVCT_RSP) { 585 if (req_continue == true) { 586 avrc_cmd.pdu = AVRC_PDU_REQUEST_CONTINUATION_RSP; 587 drop_code = 2; 588 } else if (buf_overflow == true) { 589 /* Incoming message too big to fit in BT_DEFAULT_BUFFER_SIZE. Send abort 590 * to peer */ 591 avrc_cmd.pdu = AVRC_PDU_ABORT_CONTINUATION_RSP; 592 drop_code = 4; 593 } else { 594 return drop_code; 595 } 596 avrc_cmd.status = AVRC_STS_NO_ERROR; 597 avrc_cmd.target_pdu = p_rcb->rasm_pdu; 598 status = AVRC_BldCommand((tAVRC_COMMAND*)&avrc_cmd, &p_cmd); 599 if (status == AVRC_STS_NO_ERROR) { 600 AVRC_MsgReq(handle, (uint8_t)(label), AVRC_CMD_CTRL, p_cmd); 601 } 602 } 603 604 return drop_code; 605 } 606 #endif /* (AVRC_METADATA_INCLUDED == TRUE) */ 607 608 /****************************************************************************** 609 * 610 * Function avrc_msg_cback 611 * 612 * Description This is the callback function used by AVCTP to report 613 * received AV control messages. 614 * 615 * Returns Nothing. 616 * 617 *****************************************************************************/ 618 static void avrc_msg_cback(uint8_t handle, uint8_t label, uint8_t cr, 619 BT_HDR* p_pkt) { 620 uint8_t opcode; 621 tAVRC_MSG msg; 622 uint8_t* p_data; 623 uint8_t* p_begin; 624 bool drop = false; 625 bool do_free = true; 626 BT_HDR* p_rsp = NULL; 627 uint8_t* p_rsp_data; 628 int xx; 629 bool reject = false; 630 const char* p_drop_msg = "dropped"; 631 tAVRC_MSG_VENDOR* p_msg = &msg.vendor; 632 633 if (cr == AVCT_CMD && (p_pkt->layer_specific & AVCT_DATA_CTRL && 634 AVRC_PACKET_LEN < sizeof(p_pkt->len))) { 635 /* Ignore the invalid AV/C command frame */ 636 p_drop_msg = "dropped - too long AV/C cmd frame size"; 637 osi_free(p_pkt); 638 return; 639 } 640 641 if (cr == AVCT_REJ) { 642 /* The peer thinks that this PID is no longer open - remove this handle */ 643 /* */ 644 osi_free(p_pkt); 645 AVCT_RemoveConn(handle); 646 return; 647 } else if (cr == AVCT_RSP) { 648 /* Received response. Stop command timeout timer */ 649 AVRC_TRACE_DEBUG("AVRC: stopping timer (handle=0x%02x)", handle); 650 alarm_cancel(avrc_cb.ccb_int[handle].tle); 651 } 652 653 p_data = (uint8_t*)(p_pkt + 1) + p_pkt->offset; 654 memset(&msg, 0, sizeof(tAVRC_MSG)); 655 656 if (p_pkt->layer_specific == AVCT_DATA_BROWSE) { 657 opcode = AVRC_OP_BROWSE; 658 msg.browse.hdr.ctype = cr; 659 msg.browse.p_browse_data = p_data; 660 msg.browse.browse_len = p_pkt->len; 661 msg.browse.p_browse_pkt = p_pkt; 662 } else { 663 msg.hdr.ctype = p_data[0] & AVRC_CTYPE_MASK; 664 AVRC_TRACE_DEBUG("%s handle:%d, ctype:%d, offset:%d, len: %d", __func__, 665 handle, msg.hdr.ctype, p_pkt->offset, p_pkt->len); 666 msg.hdr.subunit_type = 667 (p_data[1] & AVRC_SUBTYPE_MASK) >> AVRC_SUBTYPE_SHIFT; 668 msg.hdr.subunit_id = p_data[1] & AVRC_SUBID_MASK; 669 opcode = p_data[2]; 670 } 671 672 if (((avrc_cb.ccb[handle].control & AVRC_CT_TARGET) && (cr == AVCT_CMD)) || 673 ((avrc_cb.ccb[handle].control & AVRC_CT_CONTROL) && (cr == AVCT_RSP))) { 674 switch (opcode) { 675 case AVRC_OP_UNIT_INFO: 676 if (cr == AVCT_CMD) { 677 /* send the response to the peer */ 678 p_rsp = avrc_copy_packet(p_pkt, AVRC_OP_UNIT_INFO_RSP_LEN); 679 p_rsp_data = avrc_get_data_ptr(p_rsp); 680 *p_rsp_data = AVRC_RSP_IMPL_STBL; 681 /* check & set the offset. set response code, set subunit_type & 682 subunit_id, 683 set AVRC_OP_UNIT_INFO */ 684 /* 3 bytes: ctype, subunit*, opcode */ 685 p_rsp_data += AVRC_AVC_HDR_SIZE; 686 *p_rsp_data++ = 7; 687 /* Panel subunit & id=0 */ 688 *p_rsp_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT); 689 AVRC_CO_ID_TO_BE_STREAM(p_rsp_data, avrc_cb.ccb[handle].company_id); 690 p_rsp->len = 691 (uint16_t)(p_rsp_data - (uint8_t*)(p_rsp + 1) - p_rsp->offset); 692 cr = AVCT_RSP; 693 p_drop_msg = "auto respond"; 694 } else { 695 /* parse response */ 696 p_data += 4; /* 3 bytes: ctype, subunit*, opcode + octet 3 (is 7)*/ 697 msg.unit.unit_type = 698 (*p_data & AVRC_SUBTYPE_MASK) >> AVRC_SUBTYPE_SHIFT; 699 msg.unit.unit = *p_data & AVRC_SUBID_MASK; 700 p_data++; 701 AVRC_BE_STREAM_TO_CO_ID(msg.unit.company_id, p_data); 702 } 703 break; 704 705 case AVRC_OP_SUB_INFO: 706 if (cr == AVCT_CMD) { 707 /* send the response to the peer */ 708 p_rsp = avrc_copy_packet(p_pkt, AVRC_OP_SUB_UNIT_INFO_RSP_LEN); 709 p_rsp_data = avrc_get_data_ptr(p_rsp); 710 *p_rsp_data = AVRC_RSP_IMPL_STBL; 711 /* check & set the offset. set response code, set (subunit_type & 712 subunit_id), 713 set AVRC_OP_SUB_INFO, set (page & extention code) */ 714 p_rsp_data += 4; 715 /* Panel subunit & id=0 */ 716 *p_rsp_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT); 717 memset(p_rsp_data, AVRC_CMD_OPRND_PAD, AVRC_SUBRSP_OPRND_BYTES); 718 p_rsp_data += AVRC_SUBRSP_OPRND_BYTES; 719 p_rsp->len = 720 (uint16_t)(p_rsp_data - (uint8_t*)(p_rsp + 1) - p_rsp->offset); 721 cr = AVCT_RSP; 722 p_drop_msg = "auto responded"; 723 } else { 724 /* parse response */ 725 p_data += AVRC_AVC_HDR_SIZE; /* 3 bytes: ctype, subunit*, opcode */ 726 msg.sub.page = 727 (*p_data++ >> AVRC_SUB_PAGE_SHIFT) & AVRC_SUB_PAGE_MASK; 728 xx = 0; 729 while (*p_data != AVRC_CMD_OPRND_PAD && xx < AVRC_SUB_TYPE_LEN) { 730 msg.sub.subunit_type[xx] = *p_data++ >> AVRC_SUBTYPE_SHIFT; 731 if (msg.sub.subunit_type[xx] == AVRC_SUB_PANEL) 732 msg.sub.panel = true; 733 xx++; 734 } 735 } 736 break; 737 738 case AVRC_OP_VENDOR: { 739 p_data = (uint8_t*)(p_pkt + 1) + p_pkt->offset; 740 p_begin = p_data; 741 if (p_pkt->len < 742 AVRC_VENDOR_HDR_SIZE) /* 6 = ctype, subunit*, opcode & CO_ID */ 743 { 744 if (cr == AVCT_CMD) 745 reject = true; 746 else 747 drop = true; 748 break; 749 } 750 p_data += AVRC_AVC_HDR_SIZE; /* skip the first 3 bytes: ctype, subunit*, 751 opcode */ 752 AVRC_BE_STREAM_TO_CO_ID(p_msg->company_id, p_data); 753 p_msg->p_vendor_data = p_data; 754 p_msg->vendor_len = p_pkt->len - (p_data - p_begin); 755 756 #if (AVRC_METADATA_INCLUDED == TRUE) 757 uint8_t drop_code = 0; 758 if (p_msg->company_id == AVRC_CO_METADATA) { 759 /* Validate length for metadata message */ 760 if (p_pkt->len < (AVRC_VENDOR_HDR_SIZE + AVRC_MIN_META_HDR_SIZE)) { 761 if (cr == AVCT_CMD) 762 reject = true; 763 else 764 drop = true; 765 break; 766 } 767 768 /* Check+handle fragmented messages */ 769 drop_code = avrc_proc_far_msg(handle, label, cr, &p_pkt, p_msg); 770 if (drop_code > 0) drop = true; 771 } 772 if (drop_code > 0) { 773 if (drop_code != 4) do_free = false; 774 switch (drop_code) { 775 case 1: 776 p_drop_msg = "sent_frag"; 777 break; 778 case 2: 779 p_drop_msg = "req_cont"; 780 break; 781 case 3: 782 p_drop_msg = "sent_frag3"; 783 break; 784 case 4: 785 p_drop_msg = "sent_frag_free"; 786 break; 787 default: 788 p_drop_msg = "sent_fragd"; 789 } 790 } 791 #endif /* (AVRC_METADATA_INCLUDED == TRUE) */ 792 /* If vendor response received, and did not ask for continuation */ 793 /* then check queue for addition commands to send */ 794 if ((cr == AVCT_RSP) && (drop_code != 2)) { 795 avrc_send_next_vendor_cmd(handle); 796 } 797 } break; 798 799 case AVRC_OP_PASS_THRU: 800 if (p_pkt->len < 5) /* 3 bytes: ctype, subunit*, opcode & op_id & len */ 801 { 802 if (cr == AVCT_CMD) 803 reject = true; 804 else 805 drop = true; 806 break; 807 } 808 p_data += AVRC_AVC_HDR_SIZE; /* skip the first 3 bytes: ctype, subunit*, 809 opcode */ 810 msg.pass.op_id = (AVRC_PASS_OP_ID_MASK & *p_data); 811 if (AVRC_PASS_STATE_MASK & *p_data) 812 msg.pass.state = true; 813 else 814 msg.pass.state = false; 815 p_data++; 816 msg.pass.pass_len = *p_data++; 817 if (msg.pass.pass_len != p_pkt->len - 5) 818 msg.pass.pass_len = p_pkt->len - 5; 819 if (msg.pass.pass_len) 820 msg.pass.p_pass_data = p_data; 821 else 822 msg.pass.p_pass_data = NULL; 823 break; 824 825 case AVRC_OP_BROWSE: 826 /* If browse response received, then check queue for addition commands 827 * to send */ 828 if (cr == AVCT_RSP) { 829 avrc_send_next_vendor_cmd(handle); 830 } 831 break; 832 833 default: 834 if ((avrc_cb.ccb[handle].control & AVRC_CT_TARGET) && 835 (cr == AVCT_CMD)) { 836 /* reject unsupported opcode */ 837 reject = true; 838 } 839 drop = true; 840 break; 841 } 842 } else /* drop the event */ 843 { 844 if (opcode != AVRC_OP_BROWSE) drop = true; 845 } 846 847 if (reject) { 848 /* reject unsupported opcode */ 849 p_rsp = avrc_copy_packet(p_pkt, AVRC_OP_REJ_MSG_LEN); 850 p_rsp_data = avrc_get_data_ptr(p_rsp); 851 *p_rsp_data = AVRC_RSP_REJ; 852 p_drop_msg = "rejected"; 853 cr = AVCT_RSP; 854 drop = true; 855 } 856 857 if (p_rsp) { 858 /* set to send response right away */ 859 AVCT_MsgReq(handle, label, cr, p_rsp); 860 drop = true; 861 } 862 863 if (drop == false) { 864 msg.hdr.opcode = opcode; 865 (*avrc_cb.ccb[handle].p_msg_cback)(handle, label, opcode, &msg); 866 } else { 867 AVRC_TRACE_WARNING("%s %s msg handle:%d, control:%d, cr:%d, opcode:x%x", 868 __func__, p_drop_msg, handle, 869 avrc_cb.ccb[handle].control, cr, opcode); 870 } 871 872 if (opcode == AVRC_OP_BROWSE && msg.browse.p_browse_pkt == NULL) { 873 do_free = false; 874 } 875 876 if (do_free) osi_free(p_pkt); 877 } 878 879 static void AVRC_build_empty_packet(BT_HDR* p_pkt) { 880 uint8_t* p_start = ((uint8_t*)(p_pkt + 1) + p_pkt->offset); 881 *p_start = AVRC_RSP_ACCEPT & AVRC_CTYPE_MASK; 882 p_start += AVRC_VENDOR_HDR_SIZE; 883 UINT8_TO_BE_STREAM(p_start, 0); 884 UINT8_TO_BE_STREAM(p_start, AVRC_PKT_SINGLE); 885 UINT16_TO_BE_STREAM(p_start, 0); 886 p_pkt->len = AVRC_VENDOR_HDR_SIZE + 4; 887 } 888 889 static void AVRC_build_error_packet(BT_HDR* p_pkt) { 890 uint8_t* p_start = ((uint8_t*)(p_pkt + 1) + p_pkt->offset); 891 *p_start = AVRC_RSP_REJ & AVRC_CTYPE_MASK; 892 p_start += AVRC_VENDOR_HDR_SIZE; 893 UINT8_TO_BE_STREAM(p_start, 0); 894 UINT8_TO_BE_STREAM(p_start, AVRC_PKT_SINGLE); 895 UINT16_TO_BE_STREAM(p_start, 1); 896 UINT8_TO_BE_STREAM(p_start, AVRC_STS_BAD_PARAM); 897 p_pkt->len = AVRC_VENDOR_HDR_SIZE + 5; 898 } 899 900 static uint16_t AVRC_HandleContinueRsp(uint8_t handle, uint8_t label, 901 BT_HDR* p_pkt) { 902 AVRC_TRACE_DEBUG("%s()", __func__); 903 904 uint8_t* p_data = 905 ((uint8_t*)(p_pkt + 1) + p_pkt->offset + AVRC_VENDOR_HDR_SIZE); 906 tAVRC_FRAG_CB* p_fcb = &avrc_cb.fcb[handle]; 907 908 uint8_t pdu, pkt_type, target_pdu; 909 uint16_t len; 910 911 BE_STREAM_TO_UINT8(pdu, p_data); 912 BE_STREAM_TO_UINT8(pkt_type, p_data); 913 BE_STREAM_TO_UINT16(len, p_data); 914 BE_STREAM_TO_UINT8(target_pdu, p_data); 915 916 if (pdu == AVRC_PDU_REQUEST_CONTINUATION_RSP && 917 target_pdu == p_fcb->frag_pdu) { 918 return avrc_send_continue_frag(handle, label); 919 } 920 921 if (pdu == AVRC_PDU_ABORT_CONTINUATION_RSP && target_pdu == p_fcb->frag_pdu) { 922 AVRC_build_empty_packet(p_pkt); 923 } else { 924 AVRC_TRACE_ERROR("%s() error: target_pdu: 0x%02x, frag_pdu: 0x%02x", 925 __func__, *(p_data + 4), p_fcb->frag_pdu); 926 AVRC_build_error_packet(p_pkt); 927 } 928 929 p_fcb->frag_enabled = false; 930 osi_free_and_reset((void**)&p_fcb->p_fmsg); 931 932 return AVCT_MsgReq(handle, label, AVCT_RSP, p_pkt); 933 } 934 935 /****************************************************************************** 936 * 937 * Function avrc_pass_msg 938 * 939 * Description Compose a PASS THROUGH command according to p_msg 940 * 941 * Input Parameters: 942 * p_msg: Pointer to PASS THROUGH message structure. 943 * 944 * Output Parameters: 945 * None. 946 * 947 * Returns pointer to a valid GKI buffer if successful. 948 * NULL if p_msg is NULL. 949 * 950 *****************************************************************************/ 951 static BT_HDR* avrc_pass_msg(tAVRC_MSG_PASS* p_msg) { 952 CHECK(p_msg != NULL); 953 CHECK(AVRC_CMD_BUF_SIZE > (AVRC_MIN_CMD_LEN + p_msg->pass_len)); 954 955 BT_HDR* p_cmd = (BT_HDR*)osi_malloc(AVRC_CMD_BUF_SIZE); 956 p_cmd->offset = AVCT_MSG_OFFSET; 957 p_cmd->layer_specific = AVCT_DATA_CTRL; 958 959 uint8_t* p_data = (uint8_t*)(p_cmd + 1) + p_cmd->offset; 960 *p_data++ = (p_msg->hdr.ctype & AVRC_CTYPE_MASK); 961 *p_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT); /* Panel subunit & id=0 */ 962 *p_data++ = AVRC_OP_PASS_THRU; 963 *p_data = (AVRC_PASS_OP_ID_MASK & p_msg->op_id); 964 if (p_msg->state) *p_data |= AVRC_PASS_STATE_MASK; 965 p_data++; 966 967 if (p_msg->op_id == AVRC_ID_VENDOR) { 968 *p_data++ = p_msg->pass_len; 969 if (p_msg->pass_len && p_msg->p_pass_data) { 970 memcpy(p_data, p_msg->p_pass_data, p_msg->pass_len); 971 p_data += p_msg->pass_len; 972 } 973 } else { 974 /* set msg len to 0 for other op_id */ 975 *p_data++ = 0; 976 } 977 p_cmd->len = (uint16_t)(p_data - (uint8_t*)(p_cmd + 1) - p_cmd->offset); 978 979 return p_cmd; 980 } 981 982 /****************************************************************************** 983 * 984 * Function AVRC_Open 985 * 986 * Description This function is called to open a connection to AVCTP. 987 * The connection can be either an initiator or acceptor, as 988 * determined by the p_ccb->stream parameter. 989 * The connection can be a target, a controller or for both 990 * role, as determined by the p_ccb->control parameter. 991 * By definition, a target connection is an acceptor connection 992 * that waits for an incoming AVCTP connection from the peer. 993 * The connection remains available to the application until 994 * the application closes it by calling AVRC_Close(). The 995 * application does not need to reopen the connection after an 996 * AVRC_CLOSE_IND_EVT is received. 997 * 998 * Input Parameters: 999 * p_ccb->company_id: Company Identifier. 1000 * 1001 * p_ccb->p_ctrl_cback: Pointer to control callback 1002 * function. 1003 * 1004 * p_ccb->p_msg_cback: Pointer to message callback 1005 * function. 1006 * 1007 * p_ccb->conn: AVCTP connection role. This is set to 1008 * AVCTP_INT for initiator connections and AVCTP_ACP 1009 * for acceptor connections. 1010 * 1011 * p_ccb->control: Control role. This is set to 1012 * AVRC_CT_TARGET for target connections, AVRC_CT_CONTROL 1013 * for control connections or 1014 * (AVRC_CT_TARGET|AVRC_CT_CONTROL) 1015 * for connections that support both roles. 1016 * 1017 * peer_addr: BD address of peer device. This value is 1018 * only used for initiator connections; for acceptor 1019 * connections it can be set to NULL. 1020 * 1021 * Output Parameters: 1022 * p_handle: Pointer to handle. This parameter is only 1023 * valid if AVRC_SUCCESS is returned. 1024 * 1025 * Returns AVRC_SUCCESS if successful. 1026 * AVRC_NO_RESOURCES if there are not enough resources to open 1027 * the connection. 1028 * 1029 *****************************************************************************/ 1030 uint16_t AVRC_Open(uint8_t* p_handle, tAVRC_CONN_CB* p_ccb, 1031 BD_ADDR_PTR peer_addr) { 1032 uint16_t status; 1033 tAVCT_CC cc; 1034 1035 cc.p_ctrl_cback = avrc_ctrl_cback; /* Control callback */ 1036 cc.p_msg_cback = avrc_msg_cback; /* Message callback */ 1037 cc.pid = UUID_SERVCLASS_AV_REMOTE_CONTROL; /* Profile ID */ 1038 cc.role = p_ccb->conn; /* Initiator/acceptor role */ 1039 cc.control = p_ccb->control; /* Control role (Control/Target) */ 1040 1041 status = AVCT_CreateConn(p_handle, &cc, peer_addr); 1042 if (status == AVCT_SUCCESS) { 1043 memcpy(&avrc_cb.ccb[*p_handle], p_ccb, sizeof(tAVRC_CONN_CB)); 1044 memset(&avrc_cb.ccb_int[*p_handle], 0, sizeof(tAVRC_CONN_INT_CB)); 1045 #if (AVRC_METADATA_INCLUDED == TRUE) 1046 memset(&avrc_cb.fcb[*p_handle], 0, sizeof(tAVRC_FRAG_CB)); 1047 memset(&avrc_cb.rcb[*p_handle], 0, sizeof(tAVRC_RASM_CB)); 1048 #endif 1049 avrc_cb.ccb_int[*p_handle].tle = alarm_new("avrcp.commandTimer"); 1050 avrc_cb.ccb_int[*p_handle].cmd_q = fixed_queue_new(SIZE_MAX); 1051 } 1052 AVRC_TRACE_DEBUG("%s role: %d, control:%d status:%d, handle:%d", __func__, 1053 cc.role, cc.control, status, *p_handle); 1054 1055 return status; 1056 } 1057 1058 /****************************************************************************** 1059 * 1060 * Function AVRC_Close 1061 * 1062 * Description Close a connection opened with AVRC_Open(). 1063 * This function is called when the 1064 * application is no longer using a connection. 1065 * 1066 * Input Parameters: 1067 * handle: Handle of this connection. 1068 * 1069 * Output Parameters: 1070 * None. 1071 * 1072 * Returns AVRC_SUCCESS if successful. 1073 * AVRC_BAD_HANDLE if handle is invalid. 1074 * 1075 *****************************************************************************/ 1076 uint16_t AVRC_Close(uint8_t handle) { 1077 AVRC_TRACE_DEBUG("%s handle:%d", __func__, handle); 1078 return AVCT_RemoveConn(handle); 1079 } 1080 1081 /****************************************************************************** 1082 * 1083 * Function AVRC_OpenBrowse 1084 * 1085 * Description This function is called to open a browsing connection to 1086 * AVCTP. The connection can be either an initiator or 1087 * acceptor, as determined by the p_conn_role. 1088 * The handle is returned by a previous call to AVRC_Open. 1089 * 1090 * Returns AVRC_SUCCESS if successful. 1091 * AVRC_NO_RESOURCES if there are not enough resources to open 1092 * the connection. 1093 * 1094 *****************************************************************************/ 1095 uint16_t AVRC_OpenBrowse(uint8_t handle, uint8_t conn_role) { 1096 return AVCT_CreateBrowse(handle, conn_role); 1097 } 1098 1099 /****************************************************************************** 1100 * 1101 * Function AVRC_CloseBrowse 1102 * 1103 * Description Close a connection opened with AVRC_OpenBrowse(). 1104 * This function is called when the 1105 * application is no longer using a connection. 1106 * 1107 * Returns AVRC_SUCCESS if successful. 1108 * AVRC_BAD_HANDLE if handle is invalid. 1109 * 1110 *****************************************************************************/ 1111 uint16_t AVRC_CloseBrowse(uint8_t handle) { return AVCT_RemoveBrowse(handle); } 1112 1113 /****************************************************************************** 1114 * 1115 * Function AVRC_MsgReq 1116 * 1117 * Description This function is used to send the AVRCP byte stream in p_pkt 1118 * down to AVCTP. 1119 * 1120 * It is expected that p_pkt->offset is at least 1121 * AVCT_MSG_OFFSET 1122 * p_pkt->layer_specific is AVCT_DATA_CTRL or AVCT_DATA_BROWSE 1123 * p_pkt->event is AVRC_OP_VENDOR, AVRC_OP_PASS_THRU or 1124 * AVRC_OP_BROWSE 1125 * The above BT_HDR settings are set by the AVRC_Bld* 1126 * functions. 1127 * 1128 * Returns AVRC_SUCCESS if successful. 1129 * AVRC_BAD_HANDLE if handle is invalid. 1130 * 1131 *****************************************************************************/ 1132 uint16_t AVRC_MsgReq(uint8_t handle, uint8_t label, uint8_t ctype, 1133 BT_HDR* p_pkt) { 1134 #if (AVRC_METADATA_INCLUDED == TRUE) 1135 uint8_t* p_data; 1136 uint8_t cr = AVCT_CMD; 1137 bool chk_frag = true; 1138 uint8_t* p_start = NULL; 1139 tAVRC_FRAG_CB* p_fcb; 1140 uint16_t len; 1141 uint16_t status; 1142 uint8_t msg_mask = 0; 1143 uint16_t peer_mtu; 1144 1145 if (!p_pkt) return AVRC_BAD_PARAM; 1146 1147 AVRC_TRACE_DEBUG("%s handle = %u label = %u ctype = %u len = %d", __func__, 1148 handle, label, ctype, p_pkt->len); 1149 1150 if (ctype >= AVRC_RSP_NOT_IMPL) cr = AVCT_RSP; 1151 1152 p_data = (uint8_t*)(p_pkt + 1) + p_pkt->offset; 1153 if (*p_data == AVRC_PDU_REQUEST_CONTINUATION_RSP || 1154 *p_data == AVRC_PDU_ABORT_CONTINUATION_RSP) { 1155 return AVRC_HandleContinueRsp(handle, label, p_pkt); 1156 } 1157 1158 if (p_pkt->event == AVRC_OP_VENDOR) { 1159 /* add AVRCP Vendor Dependent headers */ 1160 p_start = ((uint8_t*)(p_pkt + 1) + p_pkt->offset); 1161 p_pkt->offset -= AVRC_VENDOR_HDR_SIZE; 1162 p_pkt->len += AVRC_VENDOR_HDR_SIZE; 1163 p_data = (uint8_t*)(p_pkt + 1) + p_pkt->offset; 1164 *p_data++ = (ctype & AVRC_CTYPE_MASK); 1165 *p_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT); 1166 *p_data++ = AVRC_OP_VENDOR; 1167 AVRC_CO_ID_TO_BE_STREAM(p_data, AVRC_CO_METADATA); 1168 1169 /* Check if this is a AVRC_PDU_REQUEST_CONTINUATION_RSP */ 1170 if (cr == AVCT_CMD) { 1171 msg_mask |= AVRC_MSG_MASK_IS_VENDOR_CMD; 1172 1173 if ((*p_start == AVRC_PDU_REQUEST_CONTINUATION_RSP) || 1174 (*p_start == AVRC_PDU_ABORT_CONTINUATION_RSP)) { 1175 msg_mask |= AVRC_MSG_MASK_IS_CONTINUATION_RSP; 1176 } 1177 } 1178 } else if (p_pkt->event == AVRC_OP_PASS_THRU) { 1179 /* add AVRCP Pass Through headers */ 1180 p_start = ((uint8_t*)(p_pkt + 1) + p_pkt->offset); 1181 p_pkt->offset -= AVRC_PASS_THRU_SIZE; 1182 p_pkt->len += AVRC_PASS_THRU_SIZE; 1183 p_data = (uint8_t*)(p_pkt + 1) + p_pkt->offset; 1184 *p_data++ = (ctype & AVRC_CTYPE_MASK); 1185 *p_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT); 1186 *p_data++ = AVRC_OP_PASS_THRU; /* opcode */ 1187 *p_data++ = AVRC_ID_VENDOR; /* operation id */ 1188 *p_data++ = 5; /* operation data len */ 1189 AVRC_CO_ID_TO_BE_STREAM(p_data, AVRC_CO_METADATA); 1190 } else { 1191 chk_frag = false; 1192 peer_mtu = AVCT_GetBrowseMtu(handle); 1193 if (p_pkt->len > (peer_mtu - AVCT_HDR_LEN_SINGLE)) { 1194 AVRC_TRACE_ERROR( 1195 "%s bigger than peer mtu (p_pkt->len(%d) > peer_mtu(%d-%d))", 1196 __func__, p_pkt->len, peer_mtu, AVCT_HDR_LEN_SINGLE); 1197 osi_free(p_pkt); 1198 return AVRC_MSG_TOO_BIG; 1199 } 1200 } 1201 1202 /* abandon previous fragments */ 1203 p_fcb = &avrc_cb.fcb[handle]; 1204 1205 if (p_fcb == NULL) { 1206 AVRC_TRACE_ERROR("%s p_fcb is NULL", __func__); 1207 osi_free(p_pkt); 1208 return AVRC_NOT_OPEN; 1209 } 1210 1211 if (p_fcb->frag_enabled) p_fcb->frag_enabled = false; 1212 1213 osi_free_and_reset((void**)&p_fcb->p_fmsg); 1214 1215 /* AVRCP spec has not defined any control channel commands that needs 1216 * fragmentation at this level 1217 * check for fragmentation only on the response */ 1218 if ((cr == AVCT_RSP) && (chk_frag == true)) { 1219 if (p_pkt->len > AVRC_MAX_CTRL_DATA_LEN) { 1220 int offset_len = MAX(AVCT_MSG_OFFSET, p_pkt->offset); 1221 BT_HDR* p_pkt_new = 1222 (BT_HDR*)osi_malloc(AVRC_PACKET_LEN + offset_len + BT_HDR_SIZE); 1223 if (p_start != NULL) { 1224 p_fcb->frag_enabled = true; 1225 p_fcb->p_fmsg = p_pkt; 1226 p_fcb->frag_pdu = *p_start; 1227 p_pkt = p_pkt_new; 1228 p_pkt_new = p_fcb->p_fmsg; 1229 p_pkt->len = AVRC_MAX_CTRL_DATA_LEN; 1230 p_pkt->offset = p_pkt_new->offset; 1231 p_pkt->layer_specific = p_pkt_new->layer_specific; 1232 p_pkt->event = p_pkt_new->event; 1233 p_data = (uint8_t*)(p_pkt + 1) + p_pkt->offset; 1234 p_start -= AVRC_VENDOR_HDR_SIZE; 1235 memcpy(p_data, p_start, AVRC_MAX_CTRL_DATA_LEN); 1236 /* use AVRC start packet type */ 1237 p_data += AVRC_VENDOR_HDR_SIZE; 1238 p_data++; /* pdu */ 1239 *p_data++ = AVRC_PKT_START; 1240 1241 /* 4 pdu, pkt_type & len */ 1242 len = (AVRC_MAX_CTRL_DATA_LEN - AVRC_VENDOR_HDR_SIZE - 1243 AVRC_MIN_META_HDR_SIZE); 1244 UINT16_TO_BE_STREAM(p_data, len); 1245 1246 /* prepare the left over for as an end fragment */ 1247 avrc_prep_end_frag(handle); 1248 AVRC_TRACE_DEBUG("%s p_pkt len:%d/%d, next len:%d", __func__, 1249 p_pkt->len, len, p_fcb->p_fmsg->len); 1250 } else { 1251 /* TODO: Is this "else" block valid? Remove it? */ 1252 AVRC_TRACE_ERROR("%s no buffers for fragmentation", __func__); 1253 osi_free(p_pkt); 1254 return AVRC_NO_RESOURCES; 1255 } 1256 } 1257 } else if ((p_pkt->event == AVRC_OP_VENDOR) && (cr == AVCT_CMD) && 1258 (avrc_cb.ccb_int[handle].flags & AVRC_CB_FLAGS_RSP_PENDING) && 1259 !(msg_mask & AVRC_MSG_MASK_IS_CONTINUATION_RSP)) { 1260 /* If we are sending a vendor specific command, and a response is pending, 1261 * then enqueue the command until the response has been received. 1262 * This is to interop with TGs that abort sending responses whenever a new 1263 * command 1264 * is received (exception is continuation request command 1265 * must sent that to get additional response frags) */ 1266 AVRC_TRACE_DEBUG( 1267 "AVRC: Enqueuing command 0x%08x (handle=0x%02x, label=0x%02x)", p_pkt, 1268 handle, label); 1269 1270 /* label in BT_HDR (will need this later when the command is dequeued) */ 1271 p_pkt->layer_specific = (label << 8) | (p_pkt->layer_specific & 0xFF); 1272 1273 /* Enqueue the command */ 1274 fixed_queue_enqueue(avrc_cb.ccb_int[handle].cmd_q, p_pkt); 1275 return AVRC_SUCCESS; 1276 } 1277 1278 /* Send the message */ 1279 status = AVCT_MsgReq(handle, label, cr, p_pkt); 1280 if ((status == AVCT_SUCCESS) && (cr == AVCT_CMD)) { 1281 /* If a command was successfully sent, indicate that a response is pending 1282 */ 1283 avrc_cb.ccb_int[handle].flags |= AVRC_CB_FLAGS_RSP_PENDING; 1284 1285 /* Start command timer to wait for response */ 1286 avrc_start_cmd_timer(handle, label, msg_mask); 1287 } 1288 1289 return status; 1290 #else 1291 return AVRC_NO_RESOURCES; 1292 #endif 1293 } 1294 1295 /****************************************************************************** 1296 * 1297 * Function AVRC_PassCmd 1298 * 1299 * Description Send a PASS THROUGH command to the peer device. This 1300 * function can only be called for controller role connections. 1301 * Any response message from the peer is passed back through 1302 * the tAVRC_MSG_CBACK callback function. 1303 * 1304 * Input Parameters: 1305 * handle: Handle of this connection. 1306 * 1307 * label: Transaction label. 1308 * 1309 * p_msg: Pointer to PASS THROUGH message structure. 1310 * 1311 * Output Parameters: 1312 * None. 1313 * 1314 * Returns AVRC_SUCCESS if successful. 1315 * AVRC_BAD_HANDLE if handle is invalid. 1316 * 1317 *****************************************************************************/ 1318 uint16_t AVRC_PassCmd(uint8_t handle, uint8_t label, tAVRC_MSG_PASS* p_msg) { 1319 BT_HDR* p_buf; 1320 uint16_t status = AVRC_NO_RESOURCES; 1321 if (!p_msg) return AVRC_BAD_PARAM; 1322 1323 p_msg->hdr.ctype = AVRC_CMD_CTRL; 1324 p_buf = avrc_pass_msg(p_msg); 1325 if (p_buf) { 1326 status = AVCT_MsgReq(handle, label, AVCT_CMD, p_buf); 1327 if (status == AVCT_SUCCESS) { 1328 /* Start command timer to wait for response */ 1329 avrc_start_cmd_timer(handle, label, 0); 1330 } 1331 } 1332 return (status); 1333 } 1334 1335 /****************************************************************************** 1336 * 1337 * Function AVRC_PassRsp 1338 * 1339 * Description Send a PASS THROUGH response to the peer device. This 1340 * function can only be called for target role connections. 1341 * This function must be called when a PASS THROUGH command 1342 * message is received from the peer through the 1343 * tAVRC_MSG_CBACK callback function. 1344 * 1345 * Input Parameters: 1346 * handle: Handle of this connection. 1347 * 1348 * label: Transaction label. Must be the same value as 1349 * passed with the command message in the callback 1350 * function. 1351 * 1352 * p_msg: Pointer to PASS THROUGH message structure. 1353 * 1354 * Output Parameters: 1355 * None. 1356 * 1357 * Returns AVRC_SUCCESS if successful. 1358 * AVRC_BAD_HANDLE if handle is invalid. 1359 * 1360 *****************************************************************************/ 1361 uint16_t AVRC_PassRsp(uint8_t handle, uint8_t label, tAVRC_MSG_PASS* p_msg) { 1362 BT_HDR* p_buf; 1363 if (!p_msg) return AVRC_BAD_PARAM; 1364 1365 p_buf = avrc_pass_msg(p_msg); 1366 if (p_buf) return AVCT_MsgReq(handle, label, AVCT_RSP, p_buf); 1367 return AVRC_NO_RESOURCES; 1368 } 1369
