/******************************************************************************
*
* Copyright (C) 2003-2012 Broadcom Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
******************************************************************************/
/******************************************************************************
*
* Interface to AVRCP mandatory commands
*
******************************************************************************/
#include <assert.h>
#include <string.h>
#include "bt_common.h"
#include "avrc_api.h"
#include "avrc_int.h"
/*****************************************************************************
** Global data
*****************************************************************************/
#define AVRC_MAX_RCV_CTRL_EVT AVCT_BROWSE_UNCONG_IND_EVT
#ifndef MAX
#define MAX(a, b) ((a) > (b) ? (a) : (b))
#endif
static const UINT8 avrc_ctrl_event_map[] =
{
AVRC_OPEN_IND_EVT, /* AVCT_CONNECT_CFM_EVT */
AVRC_OPEN_IND_EVT, /* AVCT_CONNECT_IND_EVT */
AVRC_CLOSE_IND_EVT, /* AVCT_DISCONNECT_CFM_EVT */
AVRC_CLOSE_IND_EVT, /* AVCT_DISCONNECT_IND_EVT */
AVRC_CONG_IND_EVT, /* AVCT_CONG_IND_EVT */
AVRC_UNCONG_IND_EVT,/* AVCT_UNCONG_IND_EVT */
AVRC_BROWSE_OPEN_IND_EVT, /* AVCT_BROWSE_CONN_CFM_EVT */
AVRC_BROWSE_OPEN_IND_EVT, /* AVCT_BROWSE_CONN_IND_EVT */
AVRC_BROWSE_CLOSE_IND_EVT, /* AVCT_BROWSE_DISCONN_CFM_EVT */
AVRC_BROWSE_CLOSE_IND_EVT, /* AVCT_BROWSE_DISCONN_IND_EVT */
AVRC_BROWSE_CONG_IND_EVT, /* AVCT_BROWSE_CONG_IND_EVT */
AVRC_BROWSE_UNCONG_IND_EVT /* AVCT_BROWSE_UNCONG_IND_EVT */
};
#define AVRC_OP_DROP 0xFE /* use this unused opcode to indication no need to call the callback function */
#define AVRC_OP_DROP_N_FREE 0xFD /* use this unused opcode to indication no need to call the callback function & free buffer */
#define AVRC_OP_UNIT_INFO_RSP_LEN 8
#define AVRC_OP_SUB_UNIT_INFO_RSP_LEN 8
#define AVRC_OP_REJ_MSG_LEN 11
/******************************************************************************
**
** Function avrc_ctrl_cback
**
** Description This is the callback function used by AVCTP to report
** received link events.
**
** Returns Nothing.
**
******************************************************************************/
static void avrc_ctrl_cback(UINT8 handle, UINT8 event, UINT16 result,
BD_ADDR peer_addr)
{
UINT8 avrc_event;
if (event <= AVRC_MAX_RCV_CTRL_EVT && avrc_cb.ccb[handle].p_ctrl_cback)
{
avrc_event = avrc_ctrl_event_map[event];
if (event == AVCT_CONNECT_CFM_EVT)
{
if (result != 0) /* failed */
avrc_event = AVRC_CLOSE_IND_EVT;
}
(*avrc_cb.ccb[handle].p_ctrl_cback)(handle, avrc_event, result, peer_addr);
}
/* else drop the unknown event*/
}
/******************************************************************************
**
** Function avrc_get_data_ptr
**
** Description Gets a pointer to the data payload in the packet.
**
** Returns A pointer to the data payload.
**
******************************************************************************/
static UINT8 * avrc_get_data_ptr(BT_HDR *p_pkt)
{
return (UINT8 *)(p_pkt + 1) + p_pkt->offset;
}
/******************************************************************************
**
** Function avrc_copy_packet
**
** Description Copies an AVRC packet to a new buffer. In the new buffer,
** the payload offset is at least AVCT_MSG_OFFSET octets.
**
** Returns The buffer with the copied data.
**
******************************************************************************/
static BT_HDR * avrc_copy_packet(BT_HDR *p_pkt, int rsp_pkt_len)
{
const int offset = MAX(AVCT_MSG_OFFSET, p_pkt->offset);
const int pkt_len = MAX(rsp_pkt_len, p_pkt->len);
BT_HDR *p_pkt_copy = (BT_HDR *)osi_malloc(BT_HDR_SIZE + offset + pkt_len);
/* Copy the packet header, set the new offset, and copy the payload */
memcpy(p_pkt_copy, p_pkt, BT_HDR_SIZE);
p_pkt_copy->offset = offset;
UINT8 *p_data = avrc_get_data_ptr(p_pkt);
UINT8 *p_data_copy = avrc_get_data_ptr(p_pkt_copy);
memcpy(p_data_copy, p_data, p_pkt->len);
return p_pkt_copy;
}
#if (AVRC_METADATA_INCLUDED == TRUE)
/******************************************************************************
**
** Function avrc_prep_end_frag
**
** Description This function prepares an end response fragment
**
** Returns Nothing.
**
******************************************************************************/
static void avrc_prep_end_frag(UINT8 handle)
{
tAVRC_FRAG_CB *p_fcb;
BT_HDR *p_pkt_new;
UINT8 *p_data, *p_orig_data;
UINT8 rsp_type;
AVRC_TRACE_DEBUG ("avrc_prep_end_frag" );
p_fcb = &avrc_cb.fcb[handle];
/* The response type of the end fragment should be the same as the the PDU of "End Fragment
** Response" Errata: https://www.bluetooth.org/errata/errata_view.cfm?errata_id=4383
*/
p_orig_data = ((UINT8 *)(p_fcb->p_fmsg + 1) + p_fcb->p_fmsg->offset);
rsp_type = ((*p_orig_data) & AVRC_CTYPE_MASK);
p_pkt_new = p_fcb->p_fmsg;
p_pkt_new->len -= (AVRC_MAX_CTRL_DATA_LEN - AVRC_VENDOR_HDR_SIZE - AVRC_MIN_META_HDR_SIZE);
p_pkt_new->offset += (AVRC_MAX_CTRL_DATA_LEN - AVRC_VENDOR_HDR_SIZE - AVRC_MIN_META_HDR_SIZE);
p_data = (UINT8 *)(p_pkt_new+1) + p_pkt_new->offset;
*p_data++ = rsp_type;
*p_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT);
*p_data++ = AVRC_OP_VENDOR;
AVRC_CO_ID_TO_BE_STREAM(p_data, AVRC_CO_METADATA);
*p_data++ = p_fcb->frag_pdu;
*p_data++ = AVRC_PKT_END;
/* 4=pdu, pkt_type & len */
UINT16_TO_BE_STREAM(p_data, (p_pkt_new->len - AVRC_VENDOR_HDR_SIZE - AVRC_MIN_META_HDR_SIZE));
}
/******************************************************************************
**
** Function avrc_send_continue_frag
**
** Description This function sends a continue response fragment
**
** Returns Nothing.
**
******************************************************************************/
static void avrc_send_continue_frag(UINT8 handle, UINT8 label)
{
tAVRC_FRAG_CB *p_fcb;
BT_HDR *p_pkt_old, *p_pkt;
UINT8 *p_old, *p_data;
UINT8 cr = AVCT_RSP;
p_fcb = &avrc_cb.fcb[handle];
p_pkt = p_fcb->p_fmsg;
AVRC_TRACE_DEBUG("%s handle = %u label = %u len = %d",
__func__, handle, label, p_pkt->len);
if (p_pkt->len > AVRC_MAX_CTRL_DATA_LEN) {
int offset_len = MAX(AVCT_MSG_OFFSET, p_pkt->offset);
p_pkt_old = p_fcb->p_fmsg;
p_pkt = (BT_HDR *)osi_malloc(AVRC_PACKET_LEN + offset_len + BT_HDR_SIZE);
p_pkt->len = AVRC_MAX_CTRL_DATA_LEN;
p_pkt->offset = AVCT_MSG_OFFSET;
p_pkt->layer_specific = p_pkt_old->layer_specific;
p_pkt->event = p_pkt_old->event;
p_old = (UINT8 *)(p_pkt_old + 1) + p_pkt_old->offset;
p_data = (UINT8 *)(p_pkt + 1) + p_pkt->offset;
memcpy (p_data, p_old, AVRC_MAX_CTRL_DATA_LEN);
/* use AVRC continue packet type */
p_data += AVRC_VENDOR_HDR_SIZE;
p_data++; /* pdu */
*p_data++ = AVRC_PKT_CONTINUE;
/* 4=pdu, pkt_type & len */
UINT16_TO_BE_STREAM(p_data, (AVRC_MAX_CTRL_DATA_LEN - AVRC_VENDOR_HDR_SIZE - 4));
/* prepare the left over for as an end fragment */
avrc_prep_end_frag (handle);
} else {
/* end fragment. clean the control block */
p_fcb->frag_enabled = FALSE;
p_fcb->p_fmsg = NULL;
}
AVCT_MsgReq( handle, label, cr, p_pkt);
}
/******************************************************************************
**
** Function avrc_proc_vendor_command
**
** Description This function processes received vendor command.
**
** Returns if not NULL, the response to send right away.
**
******************************************************************************/
static BT_HDR * avrc_proc_vendor_command(UINT8 handle, UINT8 label,
BT_HDR *p_pkt, tAVRC_MSG_VENDOR *p_msg)
{
BT_HDR *p_rsp = NULL;
UINT8 *p_data;
UINT8 *p_begin;
UINT8 pkt_type;
BOOLEAN abort_frag = FALSE;
tAVRC_STS status = AVRC_STS_NO_ERROR;
tAVRC_FRAG_CB *p_fcb;
p_begin = (UINT8 *)(p_pkt+1) + p_pkt->offset;
p_data = p_begin + AVRC_VENDOR_HDR_SIZE;
pkt_type = *(p_data + 1) & AVRC_PKT_TYPE_MASK;
if (pkt_type != AVRC_PKT_SINGLE)
{
/* reject - commands can only be in single packets at AVRCP level */
AVRC_TRACE_ERROR ("commands must be in single packet pdu:0x%x", *p_data );
/* use the current GKI buffer to send the reject */
status = AVRC_STS_BAD_CMD;
}
/* check if there are fragments waiting to be sent */
else if (avrc_cb.fcb[handle].frag_enabled)
{
p_fcb = &avrc_cb.fcb[handle];
if (p_msg->company_id == AVRC_CO_METADATA)
{
switch (*p_data)
{
case AVRC_PDU_ABORT_CONTINUATION_RSP:
/* aborted by CT - send accept response */
abort_frag = TRUE;
p_begin = (UINT8 *)(p_pkt+1) + p_pkt->offset;
*p_begin = (AVRC_RSP_ACCEPT & AVRC_CTYPE_MASK);
if (*(p_data + 4) != p_fcb->frag_pdu)
{
*p_begin = (AVRC_RSP_REJ & AVRC_CTYPE_MASK);
*(p_data + 4) = AVRC_STS_BAD_PARAM;
}
else
{
p_data = (p_begin + AVRC_VENDOR_HDR_SIZE + 2);
UINT16_TO_BE_STREAM(p_data, 0);
p_pkt->len = (p_data - p_begin);
}
AVCT_MsgReq( handle, label, AVCT_RSP, p_pkt);
p_msg->hdr.opcode = AVRC_OP_DROP; /* used the p_pkt to send response */
break;
case AVRC_PDU_REQUEST_CONTINUATION_RSP:
if (*(p_data + 4) == p_fcb->frag_pdu)
{
avrc_send_continue_frag(handle, label);
p_msg->hdr.opcode = AVRC_OP_DROP_N_FREE;
}
else
{
/* the pdu id does not match - reject the command using the current GKI buffer */
AVRC_TRACE_ERROR("avrc_proc_vendor_command continue pdu: 0x%x does not match \
current re-assembly pdu: 0x%x",
*(p_data + 4), p_fcb->frag_pdu);
status = AVRC_STS_BAD_PARAM;
abort_frag = TRUE;
}
break;
default:
/* implicit abort */
abort_frag = TRUE;
}
}
else
{
abort_frag = TRUE;
/* implicit abort */
}
if (abort_frag)
{
osi_free_and_reset((void **)&p_fcb->p_fmsg);
p_fcb->frag_enabled = FALSE;
}
}
if (status != AVRC_STS_NO_ERROR)
{
/* use the current GKI buffer to build/send the reject message */
p_data = (UINT8 *)(p_pkt+1) + p_pkt->offset;
*p_data++ = AVRC_RSP_REJ;
p_data += AVRC_VENDOR_HDR_SIZE; /* pdu */
*p_data++ = 0; /* pkt_type */
UINT16_TO_BE_STREAM(p_data, 1); /* len */
*p_data++ = status; /* error code */
p_pkt->len = AVRC_VENDOR_HDR_SIZE + 5;
p_rsp = p_pkt;
}
return p_rsp;
}
/******************************************************************************
**
** Function avrc_proc_far_msg
**
** Description This function processes metadata fragmenation
** and reassembly
**
** Returns 0, to report the message with msg_cback .
**
******************************************************************************/
static UINT8 avrc_proc_far_msg(UINT8 handle, UINT8 label, UINT8 cr, BT_HDR **pp_pkt,
tAVRC_MSG_VENDOR *p_msg)
{
BT_HDR *p_pkt = *pp_pkt;
UINT8 *p_data;
UINT8 drop_code = 0;
BOOLEAN buf_overflow = FALSE;
BT_HDR *p_rsp = NULL;
BT_HDR *p_cmd = NULL;
BOOLEAN req_continue = FALSE;
BT_HDR *p_pkt_new = NULL;
UINT8 pkt_type;
tAVRC_RASM_CB *p_rcb;
tAVRC_NEXT_CMD avrc_cmd;
p_data = (UINT8 *)(p_pkt+1) + p_pkt->offset;
/* Skip over vendor header (ctype, subunit*, opcode, CO_ID) */
p_data += AVRC_VENDOR_HDR_SIZE;
pkt_type = *(p_data + 1) & AVRC_PKT_TYPE_MASK;
AVRC_TRACE_DEBUG ("pkt_type %d", pkt_type );
p_rcb = &avrc_cb.rcb[handle];
if (p_msg->company_id == AVRC_CO_METADATA)
{
/* check if the message needs to be re-assembled */
if (pkt_type == AVRC_PKT_SINGLE || pkt_type == AVRC_PKT_START)
{
/* previous fragments need to be dropped, when received another new message */
p_rcb->rasm_offset = 0;
osi_free_and_reset((void **)&p_rcb->p_rmsg);
}
if (pkt_type != AVRC_PKT_SINGLE && cr == AVCT_RSP)
{
/* not a single response packet - need to re-assemble metadata messages */
if (pkt_type == AVRC_PKT_START) {
/* Allocate buffer for re-assembly */
p_rcb->rasm_pdu = *p_data;
p_rcb->p_rmsg = (BT_HDR *)osi_malloc(BT_DEFAULT_BUFFER_SIZE);
/* Copy START packet to buffer for re-assembling fragments */
memcpy(p_rcb->p_rmsg, p_pkt, sizeof(BT_HDR)); /* Copy bt hdr */
/* Copy metadata message */
memcpy((UINT8 *)(p_rcb->p_rmsg + 1),
(UINT8 *)(p_pkt+1) + p_pkt->offset, p_pkt->len);
/* offset of start of metadata response in reassembly buffer */
p_rcb->p_rmsg->offset = p_rcb->rasm_offset = 0;
/*
* Free original START packet, replace with pointer to
* reassembly buffer.
*/
osi_free(p_pkt);
*pp_pkt = p_rcb->p_rmsg;
/*
* Set offset to point to where to copy next - use the same
* reassembly logic as AVCT.
*/
p_rcb->p_rmsg->offset += p_rcb->p_rmsg->len;
req_continue = TRUE;
} else if (p_rcb->p_rmsg == NULL) {
/* Received a CONTINUE/END, but no corresponding START
(or previous fragmented response was dropped) */
AVRC_TRACE_DEBUG ("Received a CONTINUE/END without no corresponding START \
(or previous fragmented response was dropped)");
drop_code = 5;
osi_free(p_pkt);
*pp_pkt = NULL;
}
else
{
/* get size of buffer holding assembled message */
/*
* NOTE: The buffer is allocated above at the beginning of the
* reassembly, and is always of size BT_DEFAULT_BUFFER_SIZE.
*/
UINT16 buf_len = BT_DEFAULT_BUFFER_SIZE - sizeof(BT_HDR);
/* adjust offset and len of fragment for header byte */
p_pkt->offset += (AVRC_VENDOR_HDR_SIZE + AVRC_MIN_META_HDR_SIZE);
p_pkt->len -= (AVRC_VENDOR_HDR_SIZE + AVRC_MIN_META_HDR_SIZE);
/* verify length */
if ((p_rcb->p_rmsg->offset + p_pkt->len) > buf_len)
{
AVRC_TRACE_WARNING("Fragmented message too big! - report the partial message");
p_pkt->len = buf_len - p_rcb->p_rmsg->offset;
pkt_type = AVRC_PKT_END;
buf_overflow = true;
}
/* copy contents of p_pkt to p_rx_msg */
memcpy((UINT8 *)(p_rcb->p_rmsg + 1) + p_rcb->p_rmsg->offset,
(UINT8 *)(p_pkt + 1) + p_pkt->offset, p_pkt->len);
if (pkt_type == AVRC_PKT_END)
{
p_rcb->p_rmsg->offset = p_rcb->rasm_offset;
p_rcb->p_rmsg->len += p_pkt->len;
p_pkt_new = p_rcb->p_rmsg;
p_rcb->rasm_offset = 0;
p_rcb->p_rmsg = NULL;
p_msg->p_vendor_data = (UINT8 *)(p_pkt_new+1) + p_pkt_new->offset;
p_msg->hdr.ctype = p_msg->p_vendor_data[0] & AVRC_CTYPE_MASK;
/* 6 = ctype, subunit*, opcode & CO_ID */
p_msg->p_vendor_data += AVRC_VENDOR_HDR_SIZE;
p_msg->vendor_len = p_pkt_new->len - AVRC_VENDOR_HDR_SIZE;
p_data = p_msg->p_vendor_data + 1; /* skip pdu */
*p_data++ = AVRC_PKT_SINGLE;
UINT16_TO_BE_STREAM(p_data, (p_msg->vendor_len - AVRC_MIN_META_HDR_SIZE));
AVRC_TRACE_DEBUG("end frag:%d, total len:%d, offset:%d", p_pkt->len,
p_pkt_new->len, p_pkt_new->offset);
}
else
{
p_rcb->p_rmsg->offset += p_pkt->len;
p_rcb->p_rmsg->len += p_pkt->len;
p_pkt_new = NULL;
req_continue = TRUE;
}
osi_free(p_pkt);
*pp_pkt = p_pkt_new;
}
}
if (cr == AVCT_CMD)
{
p_rsp = avrc_proc_vendor_command(handle, label, *pp_pkt, p_msg);
if (p_rsp)
{
AVCT_MsgReq( handle, label, AVCT_RSP, p_rsp);
drop_code = 3;
}
else if (p_msg->hdr.opcode == AVRC_OP_DROP)
{
drop_code = 1;
}
else if (p_msg->hdr.opcode == AVRC_OP_DROP_N_FREE)
drop_code = 4;
}
else if (cr == AVCT_RSP && req_continue == TRUE)
{
avrc_cmd.pdu = AVRC_PDU_REQUEST_CONTINUATION_RSP;
avrc_cmd.status = AVRC_STS_NO_ERROR;
avrc_cmd.target_pdu = p_rcb->rasm_pdu;
if (AVRC_BldCommand ((tAVRC_COMMAND *)&avrc_cmd, &p_cmd) == AVRC_STS_NO_ERROR)
{
drop_code = 2;
AVRC_MsgReq (handle, (UINT8)(label), AVRC_CMD_CTRL, p_cmd);
}
}
/*
* Drop it if we are out of buffer
*/
else if (cr == AVCT_RSP && req_continue == FALSE && buf_overflow == TRUE)
{
avrc_cmd.pdu = AVRC_PDU_ABORT_CONTINUATION_RSP;
avrc_cmd.status = AVRC_STS_NO_ERROR;
avrc_cmd.target_pdu = p_rcb->rasm_pdu;
if (AVRC_BldCommand ((tAVRC_COMMAND *)&avrc_cmd, &p_cmd) == AVRC_STS_NO_ERROR)
{
drop_code = 4;
AVRC_MsgReq (handle, (UINT8)(label), AVRC_CMD_CTRL, p_cmd);
}
}
}
return drop_code;
}
#endif /* (AVRC_METADATA_INCLUDED == TRUE) */
/******************************************************************************
**
** Function avrc_msg_cback
**
** Description This is the callback function used by AVCTP to report
** received AV control messages.
**
** Returns Nothing.
**
******************************************************************************/
static void avrc_msg_cback(UINT8 handle, UINT8 label, UINT8 cr,
BT_HDR *p_pkt)
{
UINT8 opcode;
tAVRC_MSG msg;
UINT8 *p_data;
UINT8 *p_begin;
BOOLEAN drop = FALSE;
BOOLEAN do_free = TRUE;
BT_HDR *p_rsp = NULL;
UINT8 *p_rsp_data;
int xx;
BOOLEAN reject = FALSE;
#if (BT_USE_TRACES == TRUE)
char *p_drop_msg = "dropped";
#endif
tAVRC_MSG_VENDOR *p_msg = &msg.vendor;
if (cr == AVCT_CMD &&
(p_pkt->layer_specific & AVCT_DATA_CTRL && AVRC_PACKET_LEN < sizeof(p_pkt->len)))
{
/* Ignore the invalid AV/C command frame */
#if (BT_USE_TRACES == TRUE)
p_drop_msg = "dropped - too long AV/C cmd frame size";
#endif
osi_free(p_pkt);
return;
}
if (cr == AVCT_REJ)
{
/* The peer thinks that this PID is no longer open - remove this handle */
/* */
osi_free(p_pkt);
AVCT_RemoveConn(handle);
return;
}
p_data = (UINT8 *)(p_pkt+1) + p_pkt->offset;
memset(&msg, 0, sizeof(tAVRC_MSG) );
{
msg.hdr.ctype = p_data[0] & AVRC_CTYPE_MASK;
AVRC_TRACE_DEBUG("avrc_msg_cback handle:%d, ctype:%d, offset:%d, len: %d",
handle, msg.hdr.ctype, p_pkt->offset, p_pkt->len);
msg.hdr.subunit_type = (p_data[1] & AVRC_SUBTYPE_MASK) >> AVRC_SUBTYPE_SHIFT;
msg.hdr.subunit_id = p_data[1] & AVRC_SUBID_MASK;
opcode = p_data[2];
}
if ( ((avrc_cb.ccb[handle].control & AVRC_CT_TARGET) && (cr == AVCT_CMD)) ||
((avrc_cb.ccb[handle].control & AVRC_CT_CONTROL) && (cr == AVCT_RSP)) )
{
switch(opcode)
{
case AVRC_OP_UNIT_INFO:
if (cr == AVCT_CMD)
{
/* send the response to the peer */
p_rsp = avrc_copy_packet(p_pkt, AVRC_OP_UNIT_INFO_RSP_LEN);
p_rsp_data = avrc_get_data_ptr(p_rsp);
*p_rsp_data = AVRC_RSP_IMPL_STBL;
/* check & set the offset. set response code, set subunit_type & subunit_id,
set AVRC_OP_UNIT_INFO */
/* 3 bytes: ctype, subunit*, opcode */
p_rsp_data += AVRC_AVC_HDR_SIZE;
*p_rsp_data++ = 7;
/* Panel subunit & id=0 */
*p_rsp_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT);
AVRC_CO_ID_TO_BE_STREAM(p_rsp_data, avrc_cb.ccb[handle].company_id);
p_rsp->len = (UINT16) (p_rsp_data - (UINT8 *)(p_rsp + 1) - p_rsp->offset);
cr = AVCT_RSP;
#if (BT_USE_TRACES == TRUE)
p_drop_msg = "auto respond";
#endif
}
else
{
/* parse response */
p_data += 4; /* 3 bytes: ctype, subunit*, opcode + octet 3 (is 7)*/
msg.unit.unit_type = (*p_data & AVRC_SUBTYPE_MASK) >> AVRC_SUBTYPE_SHIFT;
msg.unit.unit = *p_data & AVRC_SUBID_MASK;
p_data++;
AVRC_BE_STREAM_TO_CO_ID(msg.unit.company_id, p_data);
}
break;
case AVRC_OP_SUB_INFO:
if (cr == AVCT_CMD)
{
/* send the response to the peer */
p_rsp = avrc_copy_packet(p_pkt, AVRC_OP_SUB_UNIT_INFO_RSP_LEN);
p_rsp_data = avrc_get_data_ptr(p_rsp);
*p_rsp_data = AVRC_RSP_IMPL_STBL;
/* check & set the offset. set response code, set (subunit_type & subunit_id),
set AVRC_OP_SUB_INFO, set (page & extention code) */
p_rsp_data += 4;
/* Panel subunit & id=0 */
*p_rsp_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT);
memset(p_rsp_data, AVRC_CMD_OPRND_PAD, AVRC_SUBRSP_OPRND_BYTES);
p_rsp_data += AVRC_SUBRSP_OPRND_BYTES;
p_rsp->len = (UINT16) (p_rsp_data - (UINT8 *)(p_rsp + 1) - p_rsp->offset);
cr = AVCT_RSP;
#if (BT_USE_TRACES == TRUE)
p_drop_msg = "auto responded";
#endif
}
else
{
/* parse response */
p_data += AVRC_AVC_HDR_SIZE; /* 3 bytes: ctype, subunit*, opcode */
msg.sub.page = (*p_data++ >> AVRC_SUB_PAGE_SHIFT) & AVRC_SUB_PAGE_MASK;
xx = 0;
while (*p_data != AVRC_CMD_OPRND_PAD && xx<AVRC_SUB_TYPE_LEN)
{
msg.sub.subunit_type[xx] = *p_data++ >> AVRC_SUBTYPE_SHIFT;
if (msg.sub.subunit_type[xx] == AVRC_SUB_PANEL)
msg.sub.panel = TRUE;
xx++;
}
}
break;
case AVRC_OP_VENDOR:
p_data = (UINT8 *)(p_pkt+1) + p_pkt->offset;
p_begin = p_data;
if (p_pkt->len < AVRC_VENDOR_HDR_SIZE) /* 6 = ctype, subunit*, opcode & CO_ID */
{
if (cr == AVCT_CMD)
reject = TRUE;
else
drop = TRUE;
break;
}
p_data += AVRC_AVC_HDR_SIZE; /* skip the first 3 bytes: ctype, subunit*, opcode */
AVRC_BE_STREAM_TO_CO_ID(p_msg->company_id, p_data);
p_msg->p_vendor_data = p_data;
p_msg->vendor_len = p_pkt->len - (p_data - p_begin);
#if (AVRC_METADATA_INCLUDED == TRUE)
UINT8 drop_code = 0;
if (p_msg->company_id == AVRC_CO_METADATA)
{
/* Validate length for metadata message */
if (p_pkt->len < (AVRC_VENDOR_HDR_SIZE + AVRC_MIN_META_HDR_SIZE))
{
if (cr == AVCT_CMD)
reject = TRUE;
else
drop = TRUE;
break;
}
/* Check+handle fragmented messages */
drop_code = avrc_proc_far_msg(handle, label, cr, &p_pkt, p_msg);
if (drop_code > 0)
drop = TRUE;
}
if (drop_code > 0)
{
if (drop_code != 4)
do_free = FALSE;
#if (BT_USE_TRACES == TRUE)
switch (drop_code)
{
case 1:
p_drop_msg = "sent_frag";
break;
case 2:
p_drop_msg = "req_cont";
break;
case 3:
p_drop_msg = "sent_frag3";
break;
case 4:
p_drop_msg = "sent_frag_free";
break;
default:
p_drop_msg = "sent_fragd";
}
#endif
}
#endif /* (AVRC_METADATA_INCLUDED == TRUE) */
break;
case AVRC_OP_PASS_THRU:
if (p_pkt->len < 5) /* 3 bytes: ctype, subunit*, opcode & op_id & len */
{
if (cr == AVCT_CMD)
reject = TRUE;
else
drop = TRUE;
break;
}
p_data += AVRC_AVC_HDR_SIZE; /* skip the first 3 bytes: ctype, subunit*, opcode */
msg.pass.op_id = (AVRC_PASS_OP_ID_MASK & *p_data);
if (AVRC_PASS_STATE_MASK & *p_data)
msg.pass.state = TRUE;
else
msg.pass.state = FALSE;
p_data++;
msg.pass.pass_len = *p_data++;
if (msg.pass.pass_len != p_pkt->len - 5)
msg.pass.pass_len = p_pkt->len - 5;
if (msg.pass.pass_len)
msg.pass.p_pass_data = p_data;
else
msg.pass.p_pass_data = NULL;
break;
default:
if ((avrc_cb.ccb[handle].control & AVRC_CT_TARGET) && (cr == AVCT_CMD))
{
/* reject unsupported opcode */
reject = TRUE;
}
drop = TRUE;
break;
}
}
else /* drop the event */
{
drop = TRUE;
}
if (reject)
{
/* reject unsupported opcode */
p_rsp = avrc_copy_packet(p_pkt, AVRC_OP_REJ_MSG_LEN);
p_rsp_data = avrc_get_data_ptr(p_rsp);
*p_rsp_data = AVRC_RSP_REJ;
#if (BT_USE_TRACES == TRUE)
p_drop_msg = "rejected";
#endif
cr = AVCT_RSP;
drop = TRUE;
}
if (p_rsp)
{
/* set to send response right away */
AVCT_MsgReq( handle, label, cr, p_rsp);
drop = TRUE;
}
if (drop == FALSE)
{
msg.hdr.opcode = opcode;
(*avrc_cb.ccb[handle].p_msg_cback)(handle, label, opcode, &msg);
}
#if (BT_USE_TRACES == TRUE)
else
{
AVRC_TRACE_WARNING("avrc_msg_cback %s msg handle:%d, control:%d, cr:%d, opcode:x%x",
p_drop_msg,
handle, avrc_cb.ccb[handle].control, cr, opcode);
}
#endif
if (do_free)
osi_free(p_pkt);
}
/******************************************************************************
**
** Function avrc_pass_msg
**
** Description Compose a PASS THROUGH command according to p_msg
**
** Input Parameters:
** p_msg: Pointer to PASS THROUGH message structure.
**
** Output Parameters:
** None.
**
** Returns pointer to a valid GKI buffer if successful.
** NULL if p_msg is NULL.
**
******************************************************************************/
static BT_HDR * avrc_pass_msg(tAVRC_MSG_PASS *p_msg)
{
assert(p_msg != NULL);
assert(AVRC_CMD_BUF_SIZE > (AVRC_MIN_CMD_LEN+p_msg->pass_len));
BT_HDR *p_cmd = (BT_HDR *)osi_malloc(AVRC_CMD_BUF_SIZE);
p_cmd->offset = AVCT_MSG_OFFSET;
p_cmd->layer_specific = AVCT_DATA_CTRL;
UINT8 *p_data = (UINT8 *)(p_cmd + 1) + p_cmd->offset;
*p_data++ = (p_msg->hdr.ctype & AVRC_CTYPE_MASK);
*p_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT); /* Panel subunit & id=0 */
*p_data++ = AVRC_OP_PASS_THRU;
*p_data = (AVRC_PASS_OP_ID_MASK&p_msg->op_id);
if (p_msg->state)
*p_data |= AVRC_PASS_STATE_MASK;
p_data++;
if (p_msg->op_id == AVRC_ID_VENDOR) {
*p_data++ = p_msg->pass_len;
if (p_msg->pass_len && p_msg->p_pass_data) {
memcpy(p_data, p_msg->p_pass_data, p_msg->pass_len);
p_data += p_msg->pass_len;
}
} else {
/* set msg len to 0 for other op_id */
*p_data++ = 0;
}
p_cmd->len = (UINT16) (p_data - (UINT8 *)(p_cmd + 1) - p_cmd->offset);
return p_cmd;
}
/******************************************************************************
**
** Function AVRC_Open
**
** Description This function is called to open a connection to AVCTP.
** The connection can be either an initiator or acceptor, as
** determined by the p_ccb->stream parameter.
** The connection can be a target, a controller or for both role,
** as determined by the p_ccb->control parameter.
** By definition, a target connection is an acceptor connection
** that waits for an incoming AVCTP connection from the peer.
** The connection remains available to the application until
** the application closes it by calling AVRC_Close(). The
** application does not need to reopen the connection after an
** AVRC_CLOSE_IND_EVT is received.
**
** Input Parameters:
** p_ccb->company_id: Company Identifier.
**
** p_ccb->p_ctrl_cback: Pointer to control callback function.
**
** p_ccb->p_msg_cback: Pointer to message callback function.
**
** p_ccb->conn: AVCTP connection role. This is set to
** AVCTP_INT for initiator connections and AVCTP_ACP
** for acceptor connections.
**
** p_ccb->control: Control role. This is set to
** AVRC_CT_TARGET for target connections, AVRC_CT_CONTROL
** for control connections or (AVRC_CT_TARGET|AVRC_CT_CONTROL)
** for connections that support both roles.
**
** peer_addr: BD address of peer device. This value is
** only used for initiator connections; for acceptor
** connections it can be set to NULL.
**
** Output Parameters:
** p_handle: Pointer to handle. This parameter is only
** valid if AVRC_SUCCESS is returned.
**
** Returns AVRC_SUCCESS if successful.
** AVRC_NO_RESOURCES if there are not enough resources to open
** the connection.
**
******************************************************************************/
UINT16 AVRC_Open(UINT8 *p_handle, tAVRC_CONN_CB *p_ccb, BD_ADDR_PTR peer_addr)
{
UINT16 status;
tAVCT_CC cc;
cc.p_ctrl_cback = avrc_ctrl_cback; /* Control callback */
cc.p_msg_cback = avrc_msg_cback; /* Message callback */
cc.pid = UUID_SERVCLASS_AV_REMOTE_CONTROL; /* Profile ID */
cc.role = p_ccb->conn; /* Initiator/acceptor role */
cc.control = p_ccb->control; /* Control role (Control/Target) */
status = AVCT_CreateConn(p_handle, &cc, peer_addr);
if (status == AVCT_SUCCESS)
{
memcpy(&avrc_cb.ccb[*p_handle], p_ccb, sizeof(tAVRC_CONN_CB));
#if (AVRC_METADATA_INCLUDED == TRUE)
memset(&avrc_cb.fcb[*p_handle], 0, sizeof(tAVRC_FRAG_CB));
memset(&avrc_cb.rcb[*p_handle], 0, sizeof(tAVRC_RASM_CB));
#endif
}
AVRC_TRACE_DEBUG("AVRC_Open role: %d, control:%d status:%d, handle:%d", cc.role, cc.control,
status, *p_handle);
return status;
}
/******************************************************************************
**
** Function AVRC_Close
**
** Description Close a connection opened with AVRC_Open().
** This function is called when the
** application is no longer using a connection.
**
** Input Parameters:
** handle: Handle of this connection.
**
** Output Parameters:
** None.
**
** Returns AVRC_SUCCESS if successful.
** AVRC_BAD_HANDLE if handle is invalid.
**
******************************************************************************/
UINT16 AVRC_Close(UINT8 handle)
{
AVRC_TRACE_DEBUG("AVRC_Close handle:%d", handle);
return AVCT_RemoveConn(handle);
}
/******************************************************************************
**
** Function AVRC_MsgReq
**
** Description This function is used to send the AVRCP byte stream in p_pkt
** down to AVCTP.
**
** It is expected that p_pkt->offset is at least AVCT_MSG_OFFSET
** p_pkt->layer_specific is AVCT_DATA_CTRL or AVCT_DATA_BROWSE
** p_pkt->event is AVRC_OP_VENDOR, AVRC_OP_PASS_THRU or AVRC_OP_BROWSE
** The above BT_HDR settings are set by the AVRC_Bld* functions.
**
** Returns AVRC_SUCCESS if successful.
** AVRC_BAD_HANDLE if handle is invalid.
**
******************************************************************************/
UINT16 AVRC_MsgReq (UINT8 handle, UINT8 label, UINT8 ctype, BT_HDR *p_pkt)
{
#if (AVRC_METADATA_INCLUDED == TRUE)
UINT8 *p_data;
UINT8 cr = AVCT_CMD;
BOOLEAN chk_frag = TRUE;
UINT8 *p_start = NULL;
tAVRC_FRAG_CB *p_fcb;
UINT16 len;
if (!p_pkt)
return AVRC_BAD_PARAM;
AVRC_TRACE_DEBUG("%s handle = %u label = %u ctype = %u len = %d",
__func__, handle, label, ctype, p_pkt->len);
if (ctype >= AVRC_RSP_NOT_IMPL)
cr = AVCT_RSP;
if (p_pkt->event == AVRC_OP_VENDOR)
{
/* add AVRCP Vendor Dependent headers */
p_start = ((UINT8 *)(p_pkt + 1) + p_pkt->offset);
p_pkt->offset -= AVRC_VENDOR_HDR_SIZE;
p_pkt->len += AVRC_VENDOR_HDR_SIZE;
p_data = (UINT8 *)(p_pkt + 1) + p_pkt->offset;
*p_data++ = (ctype & AVRC_CTYPE_MASK);
*p_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT);
*p_data++ = AVRC_OP_VENDOR;
AVRC_CO_ID_TO_BE_STREAM(p_data, AVRC_CO_METADATA);
}
else if (p_pkt->event == AVRC_OP_PASS_THRU)
{
/* add AVRCP Pass Through headers */
p_start = ((UINT8 *)(p_pkt + 1) + p_pkt->offset);
p_pkt->offset -= AVRC_PASS_THRU_SIZE;
p_pkt->len += AVRC_PASS_THRU_SIZE;
p_data = (UINT8 *)(p_pkt + 1) + p_pkt->offset;
*p_data++ = (ctype & AVRC_CTYPE_MASK);
*p_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT);
*p_data++ = AVRC_OP_PASS_THRU;/* opcode */
*p_data++ = AVRC_ID_VENDOR; /* operation id */
*p_data++ = 5; /* operation data len */
AVRC_CO_ID_TO_BE_STREAM(p_data, AVRC_CO_METADATA);
}
/* abandon previous fragments */
p_fcb = &avrc_cb.fcb[handle];
if (p_fcb->frag_enabled)
p_fcb->frag_enabled = FALSE;
osi_free_and_reset((void **)&p_fcb->p_fmsg);
/* AVRCP spec has not defined any control channel commands that needs fragmentation at this level
* check for fragmentation only on the response */
if ((cr == AVCT_RSP) && (chk_frag == TRUE))
{
if (p_pkt->len > AVRC_MAX_CTRL_DATA_LEN)
{
int offset_len = MAX(AVCT_MSG_OFFSET, p_pkt->offset);
BT_HDR *p_pkt_new =
(BT_HDR *)osi_malloc(AVRC_PACKET_LEN + offset_len + BT_HDR_SIZE);
if (p_start != NULL) {
p_fcb->frag_enabled = TRUE;
p_fcb->p_fmsg = p_pkt;
p_fcb->frag_pdu = *p_start;
p_pkt = p_pkt_new;
p_pkt_new = p_fcb->p_fmsg;
p_pkt->len = AVRC_MAX_CTRL_DATA_LEN;
p_pkt->offset = p_pkt_new->offset;
p_pkt->layer_specific = p_pkt_new->layer_specific;
p_pkt->event = p_pkt_new->event;
p_data = (UINT8 *)(p_pkt+1) + p_pkt->offset;
p_start -= AVRC_VENDOR_HDR_SIZE;
memcpy (p_data, p_start, AVRC_MAX_CTRL_DATA_LEN);
/* use AVRC start packet type */
p_data += AVRC_VENDOR_HDR_SIZE;
p_data++; /* pdu */
*p_data++ = AVRC_PKT_START;
/* 4 pdu, pkt_type & len */
len = (AVRC_MAX_CTRL_DATA_LEN - AVRC_VENDOR_HDR_SIZE - AVRC_MIN_META_HDR_SIZE);
UINT16_TO_BE_STREAM(p_data, len);
/* prepare the left over for as an end fragment */
avrc_prep_end_frag (handle);
AVRC_TRACE_DEBUG ("%s p_pkt len:%d/%d, next len:%d", __func__,
p_pkt->len, len, p_fcb->p_fmsg->len );
} else {
/* TODO: Is this "else" block valid? Remove it? */
AVRC_TRACE_ERROR ("AVRC_MsgReq no buffers for fragmentation" );
osi_free(p_pkt);
return AVRC_NO_RESOURCES;
}
}
}
return AVCT_MsgReq( handle, label, cr, p_pkt);
#else
return AVRC_NO_RESOURCES;
#endif
}
/******************************************************************************
**
** Function AVRC_PassCmd
**
** Description Send a PASS THROUGH command to the peer device. This
** function can only be called for controller role connections.
** Any response message from the peer is passed back through
** the tAVRC_MSG_CBACK callback function.
**
** Input Parameters:
** handle: Handle of this connection.
**
** label: Transaction label.
**
** p_msg: Pointer to PASS THROUGH message structure.
**
** Output Parameters:
** None.
**
** Returns AVRC_SUCCESS if successful.
** AVRC_BAD_HANDLE if handle is invalid.
**
******************************************************************************/
UINT16 AVRC_PassCmd(UINT8 handle, UINT8 label, tAVRC_MSG_PASS *p_msg)
{
BT_HDR *p_buf;
assert(p_msg != NULL);
if (p_msg)
{
p_msg->hdr.ctype = AVRC_CMD_CTRL;
p_buf = avrc_pass_msg(p_msg);
if (p_buf)
return AVCT_MsgReq( handle, label, AVCT_CMD, p_buf);
}
return AVRC_NO_RESOURCES;
}
/******************************************************************************
**
** Function AVRC_PassRsp
**
** Description Send a PASS THROUGH response to the peer device. This
** function can only be called for target role connections.
** This function must be called when a PASS THROUGH command
** message is received from the peer through the
** tAVRC_MSG_CBACK callback function.
**
** Input Parameters:
** handle: Handle of this connection.
**
** label: Transaction label. Must be the same value as
** passed with the command message in the callback function.
**
** p_msg: Pointer to PASS THROUGH message structure.
**
** Output Parameters:
** None.
**
** Returns AVRC_SUCCESS if successful.
** AVRC_BAD_HANDLE if handle is invalid.
**
******************************************************************************/
UINT16 AVRC_PassRsp(UINT8 handle, UINT8 label, tAVRC_MSG_PASS *p_msg)
{
BT_HDR *p_buf;
assert(p_msg != NULL);
if (p_msg)
{
p_buf = avrc_pass_msg(p_msg);
if (p_buf)
return AVCT_MsgReq( handle, label, AVCT_RSP, p_buf);
}
return AVRC_NO_RESOURCES;
}