1 /******************************************************************************
3 * Copyright (C) 2002-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * This module contains functions for parsing and building AVDTP signaling
22 * messages. It also contains functions called by the SCB or CCB state
23 * machines for sending command, response, and reject messages. It also
24 * contains a function that processes incoming messages and dispatches them
25 * to the appropriate SCB or CCB.
27 ******************************************************************************/
31 #include "bt_target.h"
34 #include "avdtc_api.h"
36 #include "bt_common.h"
39 /*****************************************************************************
41 *****************************************************************************/
43 /* mask of all psc values */
44 #define AVDT_MSG_PSC_MASK (AVDT_PSC_TRANS | AVDT_PSC_REPORT | AVDT_PSC_DELAY_RPT | \
45 AVDT_PSC_RECOV | AVDT_PSC_HDRCMP | AVDT_PSC_MUX)
46 #define AVDT_PSC_PROTECT (1<<4) /* Content Protection */
47 #define AVDT_PSC_CODEC (1<<7) /* codec */
50 /*****************************************************************************
52 *****************************************************************************/
54 /* type for message building functions */
55 typedef void (*tAVDT_MSG_BLD)(UINT8 **p, tAVDT_MSG *p_msg);
57 /* type for message parsing functions */
58 typedef UINT8 (*tAVDT_MSG_PRS)(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len);
61 /*****************************************************************************
62 ** local function declarations
63 *****************************************************************************/
65 static void avdt_msg_bld_none(UINT8 **p, tAVDT_MSG *p_msg);
66 static void avdt_msg_bld_single(UINT8 **p, tAVDT_MSG *p_msg);
67 static void avdt_msg_bld_setconfig_cmd(UINT8 **p, tAVDT_MSG *p_msg);
68 static void avdt_msg_bld_reconfig_cmd(UINT8 **p, tAVDT_MSG *p_msg);
69 static void avdt_msg_bld_multi(UINT8 **p, tAVDT_MSG *p_msg);
70 static void avdt_msg_bld_security_cmd(UINT8 **p, tAVDT_MSG *p_msg);
71 static void avdt_msg_bld_discover_rsp(UINT8 **p, tAVDT_MSG *p_msg);
72 static void avdt_msg_bld_svccap(UINT8 **p, tAVDT_MSG *p_msg);
73 static void avdt_msg_bld_security_rsp(UINT8 **p, tAVDT_MSG *p_msg);
74 static void avdt_msg_bld_all_svccap(UINT8 **p, tAVDT_MSG *p_msg);
75 static void avdt_msg_bld_delay_rpt(UINT8 **p, tAVDT_MSG *p_msg);
77 static UINT8 avdt_msg_prs_none(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len);
78 static UINT8 avdt_msg_prs_single(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len);
79 static UINT8 avdt_msg_prs_setconfig_cmd(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len);
80 static UINT8 avdt_msg_prs_reconfig_cmd(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len);
81 static UINT8 avdt_msg_prs_multi(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len);
82 static UINT8 avdt_msg_prs_security_cmd(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len);
83 static UINT8 avdt_msg_prs_discover_rsp(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len);
84 static UINT8 avdt_msg_prs_svccap(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len);
85 static UINT8 avdt_msg_prs_all_svccap(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len);
86 static UINT8 avdt_msg_prs_security_rsp(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len);
87 static UINT8 avdt_msg_prs_delay_rpt (tAVDT_MSG *p_msg, UINT8 *p, UINT16 len);
89 /*****************************************************************************
91 *****************************************************************************/
93 /* table of information element minimum lengths used for parsing */
94 const UINT8 avdt_msg_ie_len_min[] = {
96 AVDT_LEN_TRANS_MIN, /* media transport */
97 AVDT_LEN_REPORT_MIN, /* reporting */
98 AVDT_LEN_RECOV_MIN, /* recovery */
99 AVDT_LEN_PROTECT_MIN, /* content protection */
100 AVDT_LEN_HDRCMP_MIN, /* header compression */
101 AVDT_LEN_MUX_MIN, /* multiplexing */
102 AVDT_LEN_CODEC_MIN, /* codec */
103 AVDT_LEN_DELAY_RPT_MIN /* delay report */
106 /* table of information element minimum lengths used for parsing */
107 const UINT8 avdt_msg_ie_len_max[] = {
109 AVDT_LEN_TRANS_MAX, /* media transport */
110 AVDT_LEN_REPORT_MAX, /* reporting */
111 AVDT_LEN_RECOV_MAX, /* recovery */
112 AVDT_LEN_PROTECT_MAX, /* content protection */
113 AVDT_LEN_HDRCMP_MAX, /* header compression */
114 AVDT_LEN_MUX_MAX, /* multiplexing */
115 AVDT_LEN_CODEC_MAX, /* codec */
116 AVDT_LEN_DELAY_RPT_MAX /* delay report */
119 /* table of error codes used when decoding information elements */
120 const UINT8 avdt_msg_ie_err[] = {
122 AVDT_ERR_MEDIA_TRANS, /* media transport */
123 AVDT_ERR_LENGTH, /* reporting */
124 AVDT_ERR_RECOV_FMT, /* recovery */
125 AVDT_ERR_CP_FMT, /* content protection */
126 AVDT_ERR_ROHC_FMT, /* header compression */
127 AVDT_ERR_MUX_FMT, /* multiplexing */
128 AVDT_ERR_SERVICE, /* codec */
129 AVDT_ERR_SERVICE /* delay report ?? */
132 /* table of packet type minimum lengths */
133 static const UINT8 avdt_msg_pkt_type_len[] = {
134 AVDT_LEN_TYPE_SINGLE,
140 /* function table for building command messages */
141 const tAVDT_MSG_BLD avdt_msg_bld_cmd[] = {
142 avdt_msg_bld_none, /* discover */
143 avdt_msg_bld_single, /* get capabilities */
144 avdt_msg_bld_setconfig_cmd, /* set configuration */
145 avdt_msg_bld_single, /* get configuration */
146 avdt_msg_bld_reconfig_cmd, /* reconfigure */
147 avdt_msg_bld_single, /* open */
148 avdt_msg_bld_multi, /* start */
149 avdt_msg_bld_single, /* close */
150 avdt_msg_bld_multi, /* suspend */
151 avdt_msg_bld_single, /* abort */
152 avdt_msg_bld_security_cmd, /* security control */
153 avdt_msg_bld_single, /* get all capabilities */
154 avdt_msg_bld_delay_rpt /* delay report */
157 /* function table for building response messages */
158 const tAVDT_MSG_BLD avdt_msg_bld_rsp[] = {
159 avdt_msg_bld_discover_rsp, /* discover */
160 avdt_msg_bld_svccap, /* get capabilities */
161 avdt_msg_bld_none, /* set configuration */
162 avdt_msg_bld_all_svccap, /* get configuration */
163 avdt_msg_bld_none, /* reconfigure */
164 avdt_msg_bld_none, /* open */
165 avdt_msg_bld_none, /* start */
166 avdt_msg_bld_none, /* close */
167 avdt_msg_bld_none, /* suspend */
168 avdt_msg_bld_none, /* abort */
169 avdt_msg_bld_security_rsp, /* security control */
170 avdt_msg_bld_all_svccap, /* get all capabilities */
171 avdt_msg_bld_none /* delay report */
174 /* function table for parsing command messages */
175 const tAVDT_MSG_PRS avdt_msg_prs_cmd[] = {
176 avdt_msg_prs_none, /* discover */
177 avdt_msg_prs_single, /* get capabilities */
178 avdt_msg_prs_setconfig_cmd, /* set configuration */
179 avdt_msg_prs_single, /* get configuration */
180 avdt_msg_prs_reconfig_cmd, /* reconfigure */
181 avdt_msg_prs_single, /* open */
182 avdt_msg_prs_multi, /* start */
183 avdt_msg_prs_single, /* close */
184 avdt_msg_prs_multi, /* suspend */
185 avdt_msg_prs_single, /* abort */
186 avdt_msg_prs_security_cmd, /* security control */
187 avdt_msg_prs_single, /* get all capabilities */
188 avdt_msg_prs_delay_rpt /* delay report */
191 /* function table for parsing response messages */
192 const tAVDT_MSG_PRS avdt_msg_prs_rsp[] = {
193 avdt_msg_prs_discover_rsp, /* discover */
194 avdt_msg_prs_svccap, /* get capabilities */
195 avdt_msg_prs_none, /* set configuration */
196 avdt_msg_prs_all_svccap, /* get configuration */
197 avdt_msg_prs_none, /* reconfigure */
198 avdt_msg_prs_none, /* open */
199 avdt_msg_prs_none, /* start */
200 avdt_msg_prs_none, /* close */
201 avdt_msg_prs_none, /* suspend */
202 avdt_msg_prs_none, /* abort */
203 avdt_msg_prs_security_rsp, /* security control */
204 avdt_msg_prs_all_svccap, /* get all capabilities */
205 avdt_msg_prs_none /* delay report */
208 /* command message-to-event lookup table */
209 const UINT8 avdt_msg_cmd_2_evt[] = {
210 AVDT_CCB_MSG_DISCOVER_CMD_EVT + AVDT_CCB_MKR, /* discover */
211 AVDT_CCB_MSG_GETCAP_CMD_EVT + AVDT_CCB_MKR, /* get capabilities */
212 AVDT_SCB_MSG_SETCONFIG_CMD_EVT, /* set configuration */
213 AVDT_SCB_MSG_GETCONFIG_CMD_EVT, /* get configuration */
214 AVDT_SCB_MSG_RECONFIG_CMD_EVT, /* reconfigure */
215 AVDT_SCB_MSG_OPEN_CMD_EVT, /* open */
216 AVDT_CCB_MSG_START_CMD_EVT + AVDT_CCB_MKR, /* start */
217 AVDT_SCB_MSG_CLOSE_CMD_EVT, /* close */
218 AVDT_CCB_MSG_SUSPEND_CMD_EVT + AVDT_CCB_MKR, /* suspend */
219 AVDT_SCB_MSG_ABORT_CMD_EVT, /* abort */
220 AVDT_SCB_MSG_SECURITY_CMD_EVT, /* security control */
221 AVDT_CCB_MSG_GETCAP_CMD_EVT + AVDT_CCB_MKR, /* get all capabilities */
222 AVDT_SCB_MSG_DELAY_RPT_CMD_EVT /* delay report */
225 /* response message-to-event lookup table */
226 const UINT8 avdt_msg_rsp_2_evt[] = {
227 AVDT_CCB_MSG_DISCOVER_RSP_EVT + AVDT_CCB_MKR, /* discover */
228 AVDT_CCB_MSG_GETCAP_RSP_EVT + AVDT_CCB_MKR, /* get capabilities */
229 AVDT_SCB_MSG_SETCONFIG_RSP_EVT, /* set configuration */
230 AVDT_SCB_MSG_GETCONFIG_RSP_EVT, /* get configuration */
231 AVDT_SCB_MSG_RECONFIG_RSP_EVT, /* reconfigure */
232 AVDT_SCB_MSG_OPEN_RSP_EVT, /* open */
233 AVDT_CCB_MSG_START_RSP_EVT + AVDT_CCB_MKR, /* start */
234 AVDT_SCB_MSG_CLOSE_RSP_EVT, /* close */
235 AVDT_CCB_MSG_SUSPEND_RSP_EVT + AVDT_CCB_MKR, /* suspend */
236 AVDT_SCB_MSG_ABORT_RSP_EVT, /* abort */
237 AVDT_SCB_MSG_SECURITY_RSP_EVT, /* security control */
238 AVDT_CCB_MSG_GETCAP_RSP_EVT + AVDT_CCB_MKR, /* get all capabilities */
239 AVDT_SCB_MSG_DELAY_RPT_RSP_EVT /* delay report */
242 /* reject message-to-event lookup table */
243 const UINT8 avdt_msg_rej_2_evt[] = {
244 AVDT_CCB_MSG_DISCOVER_RSP_EVT + AVDT_CCB_MKR, /* discover */
245 AVDT_CCB_MSG_GETCAP_RSP_EVT + AVDT_CCB_MKR, /* get capabilities */
246 AVDT_SCB_MSG_SETCONFIG_REJ_EVT, /* set configuration */
247 AVDT_SCB_MSG_GETCONFIG_RSP_EVT, /* get configuration */
248 AVDT_SCB_MSG_RECONFIG_RSP_EVT, /* reconfigure */
249 AVDT_SCB_MSG_OPEN_REJ_EVT, /* open */
250 AVDT_CCB_MSG_START_RSP_EVT + AVDT_CCB_MKR, /* start */
251 AVDT_SCB_MSG_CLOSE_RSP_EVT, /* close */
252 AVDT_CCB_MSG_SUSPEND_RSP_EVT + AVDT_CCB_MKR, /* suspend */
253 AVDT_SCB_MSG_ABORT_RSP_EVT, /* abort */
254 AVDT_SCB_MSG_SECURITY_RSP_EVT, /* security control */
255 AVDT_CCB_MSG_GETCAP_RSP_EVT + AVDT_CCB_MKR, /* get all capabilities */
259 /*******************************************************************************
261 ** Function avdt_msg_bld_cfg
263 ** Description This function builds the configuration parameters contained
264 ** in a command or response message.
269 *******************************************************************************/
270 static void avdt_msg_bld_cfg(UINT8 **p, tAVDT_CFG *p_cfg)
274 /* for now, just build media transport, codec, and content protection, and multiplexing */
276 /* media transport */
277 if (p_cfg->psc_mask & AVDT_PSC_TRANS)
279 *(*p)++ = AVDT_CAT_TRANS;
280 *(*p)++ = 0; /* length */
283 #if AVDT_REPORTING == TRUE
284 /* reporting transport */
285 if (p_cfg->psc_mask & AVDT_PSC_REPORT)
287 *(*p)++ = AVDT_CAT_REPORT;
288 *(*p)++ = 0; /* length */
293 if (p_cfg->num_codec != 0)
295 *(*p)++ = AVDT_CAT_CODEC;
296 len = p_cfg->codec_info[0] + 1;
297 if( len > AVDT_CODEC_SIZE )
298 len = AVDT_CODEC_SIZE;
300 memcpy(*p, p_cfg->codec_info, len);
304 /* content protection */
305 if (p_cfg->num_protect != 0)
307 *(*p)++ = AVDT_CAT_PROTECT;
308 len = p_cfg->protect_info[0] + 1;
309 if( len > AVDT_PROTECT_SIZE )
310 len = AVDT_PROTECT_SIZE;
312 memcpy(*p, p_cfg->protect_info, len);
316 #if AVDT_MULTIPLEXING == TRUE
318 if (p_cfg->psc_mask & AVDT_PSC_MUX)
320 *(*p)++ = AVDT_CAT_MUX;
322 if (p_cfg->psc_mask & AVDT_PSC_RECOV)
323 *(*p)++ = 7; /* frag (1) + media + report + recovery */
324 else if (p_cfg->psc_mask & AVDT_PSC_REPORT)
325 *(*p)++ = 5; /* frag (1) + media + report */
327 *(*p)++ = 3; /* frag (1) + media */
329 /* allow fragmentation */
330 if(p_cfg->mux_mask & AVDT_MUX_FRAG)
335 /* media transport session */
336 *(*p)++ = p_cfg->mux_tsid_media<<3; /* TSID */
337 *(*p)++ = p_cfg->mux_tcid_media<<3; /* TCID */
339 if (p_cfg->psc_mask & AVDT_PSC_RECOV)
341 /* reporting transport session */
342 *(*p)++ = p_cfg->mux_tsid_report<<3; /* TSID */
343 *(*p)++ = p_cfg->mux_tcid_report<<3; /* TCID */
344 /* recovery transport session */
345 *(*p)++ = p_cfg->mux_tsid_recov<<3; /* TSID */
346 *(*p)++ = p_cfg->mux_tcid_recov<<3; /* TCID */
348 else if (p_cfg->psc_mask & AVDT_PSC_REPORT)
350 /* reporting transport session */
351 *(*p)++ = p_cfg->mux_tsid_report<<3; /* TSID */
352 *(*p)++ = p_cfg->mux_tcid_report<<3; /* TCID */
358 if (p_cfg->psc_mask & AVDT_PSC_DELAY_RPT)
360 *(*p)++ = AVDT_CAT_DELAY_RPT;
361 *(*p)++ = 0; /* length */
365 /*******************************************************************************
367 ** Function avdt_msg_bld_none
369 ** Description This message building function builds an empty message.
374 *******************************************************************************/
375 static void avdt_msg_bld_none(UINT8 **p, tAVDT_MSG *p_msg)
382 /*******************************************************************************
384 ** Function avdt_msg_bld_single
386 ** Description This message building function builds a message containing
392 *******************************************************************************/
393 static void avdt_msg_bld_single(UINT8 **p, tAVDT_MSG *p_msg)
395 AVDT_MSG_BLD_SEID(*p, p_msg->single.seid);
398 /*******************************************************************************
400 ** Function avdt_msg_bld_setconfig_cmd
402 ** Description This message building function builds a set configuration
408 *******************************************************************************/
409 static void avdt_msg_bld_setconfig_cmd(UINT8 **p, tAVDT_MSG *p_msg)
411 AVDT_MSG_BLD_SEID(*p, p_msg->config_cmd.hdr.seid);
412 AVDT_MSG_BLD_SEID(*p, p_msg->config_cmd.int_seid);
413 avdt_msg_bld_cfg(p, p_msg->config_cmd.p_cfg);
416 /*******************************************************************************
418 ** Function avdt_msg_bld_reconfig_cmd
420 ** Description This message building function builds a reconfiguration
426 *******************************************************************************/
427 static void avdt_msg_bld_reconfig_cmd(UINT8 **p, tAVDT_MSG *p_msg)
429 AVDT_MSG_BLD_SEID(*p, p_msg->reconfig_cmd.hdr.seid);
431 /* force psc mask zero to build only codec and security */
432 p_msg->reconfig_cmd.p_cfg->psc_mask = 0;
433 avdt_msg_bld_cfg(p, p_msg->reconfig_cmd.p_cfg);
436 /*******************************************************************************
438 ** Function avdt_msg_bld_multi
440 ** Description This message building function builds a message containing
446 *******************************************************************************/
447 static void avdt_msg_bld_multi(UINT8 **p, tAVDT_MSG *p_msg)
451 for (i = 0; i < p_msg->multi.num_seps; i++)
453 AVDT_MSG_BLD_SEID(*p, p_msg->multi.seid_list[i]);
457 /*******************************************************************************
459 ** Function avdt_msg_bld_security_cmd
461 ** Description This message building function builds a security
466 *******************************************************************************/
467 static void avdt_msg_bld_security_cmd(UINT8 **p, tAVDT_MSG *p_msg)
469 AVDT_MSG_BLD_SEID(*p, p_msg->security_cmd.hdr.seid);
470 memcpy(*p, p_msg->security_cmd.p_data, p_msg->security_cmd.len);
471 *p += p_msg->security_cmd.len;
474 /*******************************************************************************
476 ** Function avdt_msg_bld_delay_rpt
478 ** Description This message building function builds a delay report
483 *******************************************************************************/
484 static void avdt_msg_bld_delay_rpt(UINT8 **p, tAVDT_MSG *p_msg)
486 AVDT_MSG_BLD_SEID(*p, p_msg->delay_rpt_cmd.hdr.seid);
487 UINT16_TO_BE_STREAM(*p, p_msg->delay_rpt_cmd.delay);
490 /*******************************************************************************
492 ** Function avdt_msg_bld_discover_rsp
494 ** Description This message building function builds a discover
500 *******************************************************************************/
501 static void avdt_msg_bld_discover_rsp(UINT8 **p, tAVDT_MSG *p_msg)
505 for (i = 0; i < p_msg->discover_rsp.num_seps; i++)
507 /* build discover rsp info */
508 AVDT_MSG_BLD_DISC(*p, p_msg->discover_rsp.p_sep_info[i].seid,
509 p_msg->discover_rsp.p_sep_info[i].in_use,
510 p_msg->discover_rsp.p_sep_info[i].media_type,
511 p_msg->discover_rsp.p_sep_info[i].tsep);
515 /*******************************************************************************
517 ** Function avdt_msg_bld_svccap
519 ** Description This message building function builds a message containing
520 ** service capabilities parameters.
525 *******************************************************************************/
526 static void avdt_msg_bld_svccap(UINT8 **p, tAVDT_MSG *p_msg)
530 /* make sure the delay report category is not reported */
531 memcpy (&cfg, p_msg->svccap.p_cfg, sizeof(tAVDT_CFG));
532 cfg.psc_mask &= ~AVDT_PSC_DELAY_RPT;
533 avdt_msg_bld_cfg(p, &cfg);
536 /*******************************************************************************
538 ** Function avdt_msg_bld_all_svccap
540 ** Description This message building function builds a message containing
541 ** service capabilities parameters.
546 *******************************************************************************/
547 static void avdt_msg_bld_all_svccap(UINT8 **p, tAVDT_MSG *p_msg)
549 avdt_msg_bld_cfg(p, p_msg->svccap.p_cfg);
552 /*******************************************************************************
554 ** Function avdt_msg_bld_security_rsp
556 ** Description This message building function builds a security
562 *******************************************************************************/
563 static void avdt_msg_bld_security_rsp(UINT8 **p, tAVDT_MSG *p_msg)
565 memcpy(*p, p_msg->security_rsp.p_data, p_msg->security_rsp.len);
566 *p += p_msg->security_rsp.len;
569 /*******************************************************************************
571 ** Function avdt_msg_prs_cfg
573 ** Description This message parsing function parses the configuration
574 ** parameters field of a message.
577 ** Returns Error code or zero if no error, and element that failed
580 *******************************************************************************/
581 static UINT8 avdt_msg_prs_cfg(tAVDT_CFG *p_cfg, UINT8 *p, UINT16 len, UINT8* p_elem, UINT8 sig_id)
588 UINT8 protect_offset = 0;
592 AVDT_TRACE_ERROR ("not expecting this cfg");
593 return AVDT_ERR_BAD_STATE;
597 p_cfg->num_codec = 0;
598 p_cfg->num_protect = 0;
599 #if AVDT_MULTIPLEXING == TRUE
603 /* while there is still data to parse */
605 while ((p < p_end) && (err == 0))
607 /* verify overall length */
608 if ((p_end - p) < AVDT_LEN_CFG_MIN)
610 err = AVDT_ERR_PAYLOAD;
614 /* get and verify info elem id, length */
618 if ((elem == 0) || (elem > AVDT_CAT_MAX_CUR))
620 /* this may not be really bad.
621 * It may be a service category that is too new for us.
622 * allow these to be parsed without reporting an error.
623 * If this is a "capability" (as in GetCapRsp & GetConfigRsp), this is filtered out.
624 * If this is a Configuration (as in SetConfigCmd & ReconfigCmd),
625 * this will be marked as an error in the caller of this function */
626 if ((sig_id == AVDT_SIG_SETCONFIG) || (sig_id == AVDT_SIG_RECONFIG))
628 /* Cannot accept unknown category. */
629 err = AVDT_ERR_CATEGORY;
632 else /* GETCAP or GET_ALLCAP */
634 /* Skip unknown categories. */
636 AVDT_TRACE_DEBUG("skipping unknown service category=%d len: %d", elem, elem_len);
641 if ((elem_len > avdt_msg_ie_len_max[elem]) ||
642 (elem_len < avdt_msg_ie_len_min[elem]))
644 err = avdt_msg_ie_err[elem];
648 /* add element to psc mask, but mask out codec or protect */
649 p_cfg->psc_mask |= (1 << elem);
650 AVDT_TRACE_DEBUG("elem=%d elem_len: %d psc_mask=0x%x", elem, elem_len, p_cfg->psc_mask);
652 /* parse individual information elements with additional parameters */
656 p_cfg->recov_type = *p++;
657 p_cfg->recov_mrws = *p++;
658 p_cfg->recov_mnmp = *p++;
659 if (p_cfg->recov_type != AVDT_RECOV_RFC2733)
661 err = AVDT_ERR_RECOV_TYPE;
663 else if ((p_cfg->recov_mrws < AVDT_RECOV_MRWS_MIN) ||
664 (p_cfg->recov_mrws > AVDT_RECOV_MRWS_MAX) ||
665 (p_cfg->recov_mnmp < AVDT_RECOV_MNMP_MIN) ||
666 (p_cfg->recov_mnmp > AVDT_RECOV_MNMP_MAX))
668 err = AVDT_ERR_RECOV_FMT;
672 case AVDT_CAT_PROTECT:
673 p_cfg->psc_mask &= ~AVDT_PSC_PROTECT;
674 if ((elem_len + protect_offset) < AVDT_PROTECT_SIZE)
676 p_cfg->num_protect++;
677 p_cfg->protect_info[protect_offset] = elem_len;
679 memcpy(&p_cfg->protect_info[protect_offset], p, elem_len);
680 protect_offset += elem_len;
685 case AVDT_CAT_HDRCMP:
686 p_cfg->hdrcmp_mask = *p++;
689 #if AVDT_MULTIPLEXING == TRUE
692 AVDT_TRACE_WARNING("psc_mask=0x%x elem_len=%d", p_cfg->psc_mask, elem_len);
693 if( ((0 == (p_cfg->psc_mask & (AVDT_PSC_RECOV|AVDT_PSC_REPORT))) && (elem_len != 3))
694 || (((p_cfg->psc_mask & AVDT_PSC_REPORT) && !(p_cfg->psc_mask & AVDT_PSC_RECOV))
696 || ((!(p_cfg->psc_mask & AVDT_PSC_REPORT) && (p_cfg->psc_mask & AVDT_PSC_RECOV))
698 || (((p_cfg->psc_mask & AVDT_PSC_REPORT) && (p_cfg->psc_mask & AVDT_PSC_RECOV))
699 && (elem_len != 7)) )
701 err = AVDT_ERR_MUX_FMT;
705 /* parse fragmentation */
706 p_cfg->mux_mask = *p++ & (UINT8)AVDT_MUX_FRAG;
708 /* parse TSIDs and TCIDs */
710 p_cfg->mux_tsid_media = (*p++)>>3;
715 p_cfg->mux_tcid_media = (*p++)>>3;
720 p_cfg->mux_tsid_report = (*p++)>>3;
725 p_cfg->mux_tcid_report = (*p++)>>3;
730 p_cfg->mux_tsid_recov = (*p++)>>3;
735 p_cfg->mux_tcid_recov = (*p++)>>3;
742 p_cfg->psc_mask &= ~AVDT_PSC_CODEC;
744 if (elem_len >= AVDT_CODEC_SIZE)
746 tmp = AVDT_CODEC_SIZE - 1;
749 p_cfg->codec_info[0] = elem_len;
750 memcpy(&p_cfg->codec_info[1], p, tmp);
754 case AVDT_CAT_DELAY_RPT:
761 } /* while ! err, !end*/
763 AVDT_TRACE_DEBUG("err=0x%x, elem:0x%x psc_mask=0x%x", err, elem, p_cfg->psc_mask);
768 /*******************************************************************************
770 ** Function avdt_msg_prs_none
772 ** Description This message parsing function parses a message with no parameters.
776 ** Returns Error code or zero if no error.
778 *******************************************************************************/
779 static UINT8 avdt_msg_prs_none(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len)
787 /*******************************************************************************
789 ** Function avdt_msg_prs_single
791 ** Description This message parsing function parses a message with a
795 ** Returns Error code or zero if no error.
797 *******************************************************************************/
798 static UINT8 avdt_msg_prs_single(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len)
803 if (len != AVDT_LEN_SINGLE)
805 err = AVDT_ERR_LENGTH;
809 AVDT_MSG_PRS_SEID(p, p_msg->single.seid);
811 if (avdt_scb_by_hdl(p_msg->single.seid) == NULL)
819 /*******************************************************************************
821 ** Function avdt_msg_prs_setconfig_cmd
823 ** Description This message parsing function parses a set configuration
827 ** Returns Error code or zero if no error.
829 *******************************************************************************/
830 static UINT8 avdt_msg_prs_setconfig_cmd(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len)
834 p_msg->hdr.err_param = 0;
837 if (len < AVDT_LEN_SETCONFIG_MIN)
839 err = AVDT_ERR_LENGTH;
844 AVDT_MSG_PRS_SEID(p, p_msg->config_cmd.hdr.seid);
845 if (avdt_scb_by_hdl(p_msg->config_cmd.hdr.seid) == NULL)
850 AVDT_MSG_PRS_SEID(p, p_msg->config_cmd.int_seid);
851 if ((p_msg->config_cmd.int_seid < AVDT_SEID_MIN) ||
852 (p_msg->config_cmd.int_seid > AVDT_SEID_MAX))
860 /* parse configuration parameters */
862 err = avdt_msg_prs_cfg(p_msg->config_cmd.p_cfg, p, len, &p_msg->hdr.err_param, AVDT_SIG_SETCONFIG);
866 /* verify protocol service capabilities are supported */
867 if (((p_msg->config_cmd.p_cfg->psc_mask & (~AVDT_PSC)) != 0) ||
868 (p_msg->config_cmd.p_cfg->num_codec == 0))
870 err = AVDT_ERR_INVALID_CAP;
878 /*******************************************************************************
880 ** Function avdt_msg_prs_reconfig_cmd
882 ** Description This message parsing function parses a reconfiguration
886 ** Returns Error code or zero if no error.
888 *******************************************************************************/
889 static UINT8 avdt_msg_prs_reconfig_cmd(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len)
893 p_msg->hdr.err_param = 0;
896 if (len < AVDT_LEN_RECONFIG_MIN)
898 err = AVDT_ERR_LENGTH;
903 AVDT_MSG_PRS_SEID(p, p_msg->reconfig_cmd.hdr.seid);
904 if (avdt_scb_by_hdl(p_msg->reconfig_cmd.hdr.seid) == NULL)
910 /* parse config parameters */
912 err = avdt_msg_prs_cfg(p_msg->config_cmd.p_cfg, p, len, &p_msg->hdr.err_param, AVDT_SIG_RECONFIG);
914 /* verify no protocol service capabilities in parameters */
917 AVDT_TRACE_DEBUG("avdt_msg_prs_reconfig_cmd psc_mask=0x%x/0x%x", p_msg->config_cmd.p_cfg->psc_mask, AVDT_MSG_PSC_MASK);
918 if ((p_msg->config_cmd.p_cfg->psc_mask != 0) ||
919 (p_msg->config_cmd.p_cfg->num_codec == 0 && p_msg->config_cmd.p_cfg->num_protect == 0))
921 err = AVDT_ERR_INVALID_CAP;
929 /*******************************************************************************
931 ** Function avdt_msg_prs_multi
933 ** Description This message parsing function parses a message containing
937 ** Returns Error code or zero if no error.
939 *******************************************************************************/
940 static UINT8 avdt_msg_prs_multi(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len)
945 p_msg->hdr.err_param = 0;
948 if (len < AVDT_LEN_MULTI_MIN || (len > AVDT_NUM_SEPS))
950 err = AVDT_ERR_LENGTH;
954 /* get and verify all seps */
955 for (i = 0; i < len; i++)
957 AVDT_MSG_PRS_SEID(p, p_msg->multi.seid_list[i]);
958 if (avdt_scb_by_hdl(p_msg->multi.seid_list[i]) == NULL)
961 p_msg->hdr.err_param = p_msg->multi.seid_list[i];
965 p_msg->multi.num_seps = (UINT8)i;
971 /*******************************************************************************
973 ** Function avdt_msg_prs_security_cmd
975 ** Description This message parsing function parses a security
979 ** Returns Error code or zero if no error.
981 *******************************************************************************/
982 static UINT8 avdt_msg_prs_security_cmd(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len)
987 if (len < AVDT_LEN_SECURITY_MIN)
989 err = AVDT_ERR_LENGTH;
994 AVDT_MSG_PRS_SEID(p, p_msg->security_cmd.hdr.seid);
995 if (avdt_scb_by_hdl(p_msg->security_cmd.hdr.seid) == NULL)
1001 p_msg->security_cmd.p_data = p;
1002 p_msg->security_cmd.len = len - 1;
1008 /*******************************************************************************
1010 ** Function avdt_msg_prs_discover_rsp
1012 ** Description This message parsing function parses a discover
1013 ** response message.
1016 ** Returns Error code or zero if no error.
1018 *******************************************************************************/
1019 static UINT8 avdt_msg_prs_discover_rsp(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len)
1024 /* determine number of seps; seps in msg is len/2, but set to minimum
1025 ** of seps app has supplied memory for and seps in msg
1027 if (p_msg->discover_rsp.num_seps > (len / 2))
1029 p_msg->discover_rsp.num_seps = (len / 2);
1032 /* parse out sep info */
1033 for (i = 0; i < p_msg->discover_rsp.num_seps; i++)
1035 /* parse discover rsp info */
1036 AVDT_MSG_PRS_DISC(p, p_msg->discover_rsp.p_sep_info[i].seid,
1037 p_msg->discover_rsp.p_sep_info[i].in_use,
1038 p_msg->discover_rsp.p_sep_info[i].media_type,
1039 p_msg->discover_rsp.p_sep_info[i].tsep);
1041 /* verify that seid is valid */
1042 if ((p_msg->discover_rsp.p_sep_info[i].seid < AVDT_SEID_MIN) ||
1043 (p_msg->discover_rsp.p_sep_info[i].seid > AVDT_SEID_MAX))
1045 err = AVDT_ERR_SEID;
1053 /*******************************************************************************
1055 ** Function avdt_msg_prs_svccap
1057 ** Description This message parsing function parses a message containing
1058 ** service capabilities parameters.
1061 ** Returns Error code or zero if no error.
1063 *******************************************************************************/
1064 static UINT8 avdt_msg_prs_svccap(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len)
1066 /* parse parameters */
1067 UINT8 err = avdt_msg_prs_cfg(p_msg->svccap.p_cfg, p, len, &p_msg->hdr.err_param, AVDT_SIG_GETCAP);
1068 if (p_msg->svccap.p_cfg)
1070 p_msg->svccap.p_cfg->psc_mask &= AVDT_LEG_PSC;
1076 /*******************************************************************************
1078 ** Function avdt_msg_prs_all_svccap
1080 ** Description This message parsing function parses a message containing
1081 ** service capabilities parameters.
1084 ** Returns Error code or zero if no error.
1086 *******************************************************************************/
1087 static UINT8 avdt_msg_prs_all_svccap(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len)
1089 UINT8 err = avdt_msg_prs_cfg(p_msg->svccap.p_cfg, p, len, &p_msg->hdr.err_param, AVDT_SIG_GET_ALLCAP);
1090 if (p_msg->svccap.p_cfg)
1092 p_msg->svccap.p_cfg->psc_mask &= AVDT_MSG_PSC_MASK;
1097 /*******************************************************************************
1099 ** Function avdt_msg_prs_security_rsp
1101 ** Description This message parsing function parsing a security
1102 ** response message.
1105 ** Returns Error code or zero if no error.
1107 *******************************************************************************/
1108 static UINT8 avdt_msg_prs_security_rsp(tAVDT_MSG *p_msg, UINT8 *p, UINT16 len)
1110 p_msg->security_rsp.p_data = p;
1111 p_msg->security_rsp.len = len;
1116 /*******************************************************************************
1118 ** Function avdt_msg_prs_rej
1123 ** Returns Error code or zero if no error.
1125 *******************************************************************************/
1126 static UINT8 avdt_msg_prs_rej(tAVDT_MSG *p_msg, UINT8 *p, UINT8 sig)
1128 if ((sig == AVDT_SIG_SETCONFIG) || (sig == AVDT_SIG_RECONFIG))
1130 p_msg->hdr.err_param = *p++;
1131 p_msg->hdr.err_code = *p;
1133 else if ((sig == AVDT_SIG_START) || (sig == AVDT_SIG_SUSPEND))
1135 AVDT_MSG_PRS_SEID(p, p_msg->hdr.err_param);
1136 p_msg->hdr.err_code = *p;
1140 p_msg->hdr.err_code = *p;
1146 /*******************************************************************************
1148 ** Function avdt_msg_prs_delay_rpt
1150 ** Description This message parsing function parses a security
1154 ** Returns Error code or zero if no error.
1156 *******************************************************************************/
1157 static UINT8 avdt_msg_prs_delay_rpt (tAVDT_MSG *p_msg, UINT8 *p, UINT16 len)
1162 if (len != AVDT_LEN_DELAY_RPT)
1164 AVDT_TRACE_WARNING("avdt_msg_prs_delay_rpt expected len: %u got: %u", AVDT_LEN_DELAY_RPT, len);
1165 err = AVDT_ERR_LENGTH;
1170 AVDT_MSG_PRS_SEID (p, p_msg->delay_rpt_cmd.hdr.seid);
1172 if (avdt_scb_by_hdl(p_msg->delay_rpt_cmd.hdr.seid) == NULL)
1174 err = AVDT_ERR_SEID;
1178 BE_STREAM_TO_UINT16 (p_msg->delay_rpt_cmd.delay, p);
1179 AVDT_TRACE_DEBUG("avdt_msg_prs_delay_rpt delay: %u", p_msg->delay_rpt_cmd.delay);
1186 /*******************************************************************************
1188 ** Function avdt_msg_send
1190 ** Description Send, and if necessary fragment the next message.
1193 ** Returns Congested state; TRUE if CCB congested, FALSE if not.
1195 *******************************************************************************/
1196 BOOLEAN avdt_msg_send(tAVDT_CCB *p_ccb, BT_HDR *p_msg)
1198 UINT16 curr_msg_len;
1201 tAVDT_TC_TBL *p_tbl;
1207 UINT8 nosp = 0; /* number of subsequent packets */
1209 /* look up transport channel table entry to get peer mtu */
1210 p_tbl = avdt_ad_tc_tbl_by_type(AVDT_CHAN_SIG, p_ccb, NULL);
1212 /* set the current message if there is a message passed in */
1215 p_ccb->p_curr_msg = p_msg;
1218 /* store copy of curr_msg->len */
1219 curr_msg_len = p_ccb->p_curr_msg->len;
1221 /* while not congested and we haven't sent it all */
1222 while ((!p_ccb->cong) && (p_ccb->p_curr_msg != NULL))
1224 /* check what kind of message we've got here; we are using the offset
1225 ** to indicate that a message is being fragmented
1228 /* if message isn't being fragmented and it fits in mtu */
1229 if ((p_ccb->p_curr_msg->offset == AVDT_MSG_OFFSET) &&
1230 (p_ccb->p_curr_msg->len <= p_tbl->peer_mtu - AVDT_LEN_TYPE_SINGLE))
1232 pkt_type = AVDT_PKT_TYPE_SINGLE;
1233 hdr_len = AVDT_LEN_TYPE_SINGLE;
1234 p_buf = p_ccb->p_curr_msg;
1236 /* if message isn't being fragmented and it doesn't fit in mtu */
1237 else if ((p_ccb->p_curr_msg->offset == AVDT_MSG_OFFSET) &&
1238 (p_ccb->p_curr_msg->len > p_tbl->peer_mtu - AVDT_LEN_TYPE_SINGLE))
1240 pkt_type = AVDT_PKT_TYPE_START;
1241 hdr_len = AVDT_LEN_TYPE_START;
1242 nosp = (p_ccb->p_curr_msg->len + AVDT_LEN_TYPE_START - p_tbl->peer_mtu) /
1243 (p_tbl->peer_mtu - 1) + 2;
1245 /* get a new buffer for fragment we are sending */
1246 p_buf = (BT_HDR *) osi_getbuf(AVDT_CMD_BUF_SIZE);
1249 /* do we even want to try and recover from this? could do so
1250 by setting retransmission timer */
1254 /* copy portion of data from current message to new buffer */
1255 p_buf->offset = L2CAP_MIN_OFFSET + hdr_len;
1256 p_buf->len = p_tbl->peer_mtu - hdr_len;
1257 memcpy((UINT8 *)(p_buf + 1) + p_buf->offset,
1258 (UINT8 *)(p_ccb->p_curr_msg + 1) + p_ccb->p_curr_msg->offset, p_buf->len);
1260 /* if message is being fragmented and remaining bytes don't fit in mtu */
1261 else if ((p_ccb->p_curr_msg->offset > AVDT_MSG_OFFSET) &&
1262 (p_ccb->p_curr_msg->len > (p_tbl->peer_mtu - AVDT_LEN_TYPE_CONT)))
1264 pkt_type = AVDT_PKT_TYPE_CONT;
1265 hdr_len = AVDT_LEN_TYPE_CONT;
1267 /* get a new buffer for fragment we are sending */
1268 p_buf = (BT_HDR *) osi_getbuf(AVDT_CMD_BUF_SIZE);
1271 /* do we even want to try and recover from this? could do so
1272 by setting retransmission timer */
1276 /* copy portion of data from current message to new buffer */
1277 p_buf->offset = L2CAP_MIN_OFFSET + hdr_len;
1278 p_buf->len = p_tbl->peer_mtu - hdr_len;
1279 memcpy((UINT8 *)(p_buf + 1) + p_buf->offset,
1280 (UINT8 *)(p_ccb->p_curr_msg + 1) + p_ccb->p_curr_msg->offset, p_buf->len);
1282 /* if message is being fragmented and remaining bytes do fit in mtu */
1285 pkt_type = AVDT_PKT_TYPE_END;
1286 hdr_len = AVDT_LEN_TYPE_END;
1287 p_buf = p_ccb->p_curr_msg;
1290 /* label, sig id, msg type are in hdr of p_curr_msg */
1291 label = AVDT_LAYERSPEC_LABEL(p_ccb->p_curr_msg->layer_specific);
1292 msg = AVDT_LAYERSPEC_MSG(p_ccb->p_curr_msg->layer_specific);
1293 sig = (UINT8) p_ccb->p_curr_msg->event;
1294 AVDT_TRACE_DEBUG("avdt_msg_send label:%d, msg:%d, sig:%d", label, msg, sig);
1296 /* keep track of how much of msg we've sent */
1297 curr_msg_len -= p_buf->len;
1298 if (curr_msg_len == 0)
1300 /* entire message sent; mark as finished */
1301 p_ccb->p_curr_msg = NULL;
1303 /* start timer here for commands */
1304 if (msg == AVDT_MSG_TYPE_CMD)
1306 /* if retransmit timeout set to zero, sig doesn't use retransmit */
1307 if ((sig == AVDT_SIG_DISCOVER) || (sig == AVDT_SIG_GETCAP) ||
1308 (sig == AVDT_SIG_SECURITY) || (avdt_cb.rcb.ret_tout == 0))
1310 btu_start_timer(&p_ccb->timer_entry, BTU_TTYPE_AVDT_CCB_RSP, avdt_cb.rcb.sig_tout);
1312 else if (sig != AVDT_SIG_DELAY_RPT)
1314 btu_start_timer(&p_ccb->timer_entry, BTU_TTYPE_AVDT_CCB_RET, avdt_cb.rcb.ret_tout);
1320 /* message being fragmented and not completely sent */
1321 p_ccb->p_curr_msg->len -= p_buf->len;
1322 p_ccb->p_curr_msg->offset += p_buf->len;
1325 /* set up to build header */
1326 p_buf->len += hdr_len;
1327 p_buf->offset -= hdr_len;
1328 p = (UINT8 *)(p_buf + 1) + p_buf->offset;
1331 AVDT_MSG_BLD_HDR(p, label, pkt_type, msg);
1332 if (pkt_type == AVDT_PKT_TYPE_START)
1334 AVDT_MSG_BLD_NOSP(p, nosp);
1336 if ((pkt_type == AVDT_PKT_TYPE_START) || (pkt_type == AVDT_PKT_TYPE_SINGLE))
1338 AVDT_MSG_BLD_SIG(p, sig);
1341 /* send msg buffer down */
1342 avdt_ad_write_req(AVDT_CHAN_SIG, p_ccb, NULL, p_buf);
1344 return (p_ccb->cong);
1347 /*******************************************************************************
1349 ** Function avdt_msg_asmbl
1351 ** Description Reassemble incoming message.
1354 ** Returns Pointer to reassembled message; NULL if no message
1357 *******************************************************************************/
1358 BT_HDR *avdt_msg_asmbl(tAVDT_CCB *p_ccb, BT_HDR *p_buf)
1365 /* parse the message header */
1366 p = (UINT8 *)(p_buf + 1) + p_buf->offset;
1367 AVDT_MSG_PRS_PKT_TYPE(p, pkt_type);
1369 /* quick sanity check on length */
1370 if (p_buf->len < avdt_msg_pkt_type_len[pkt_type])
1373 AVDT_TRACE_WARNING("Bad length during reassembly");
1377 else if (pkt_type == AVDT_PKT_TYPE_SINGLE)
1379 /* if reassembly in progress drop message and process new single */
1380 if (p_ccb->p_rx_msg != NULL)
1382 osi_freebuf(p_ccb->p_rx_msg);
1383 p_ccb->p_rx_msg = NULL;
1384 AVDT_TRACE_WARNING("Got single during reassembly");
1389 else if (pkt_type == AVDT_PKT_TYPE_START)
1391 /* if reassembly in progress drop message and process new single */
1392 if (p_ccb->p_rx_msg != NULL)
1394 osi_freebuf(p_ccb->p_rx_msg);
1395 AVDT_TRACE_WARNING("Got start during reassembly");
1397 p_ccb->p_rx_msg = p_buf;
1399 /* copy first header byte over nosp */
1402 /* set offset to point to where to copy next */
1403 p_ccb->p_rx_msg->offset += p_ccb->p_rx_msg->len;
1405 /* adjust length for packet header */
1406 p_ccb->p_rx_msg->len -= 1;
1410 /* continue or end */
1413 /* if no reassembly in progress drop message */
1414 if (p_ccb->p_rx_msg == NULL)
1417 AVDT_TRACE_WARNING("Pkt type=%d out of order", pkt_type);
1422 /* get size of buffer holding assembled message */
1423 buf_len = osi_get_buf_size(p_ccb->p_rx_msg) - sizeof(BT_HDR);
1425 /* adjust offset and len of fragment for header byte */
1426 p_buf->offset += AVDT_LEN_TYPE_CONT;
1427 p_buf->len -= AVDT_LEN_TYPE_CONT;
1430 if ((p_ccb->p_rx_msg->offset + p_buf->len) > buf_len)
1432 /* won't fit; free everything */
1433 osi_freebuf(p_ccb->p_rx_msg);
1434 p_ccb->p_rx_msg = NULL;
1440 /* copy contents of p_buf to p_rx_msg */
1441 memcpy((UINT8 *)(p_ccb->p_rx_msg + 1) + p_ccb->p_rx_msg->offset,
1442 (UINT8 *)(p_buf + 1) + p_buf->offset, p_buf->len);
1444 if (pkt_type == AVDT_PKT_TYPE_END)
1446 p_ccb->p_rx_msg->offset -= p_ccb->p_rx_msg->len;
1447 p_ccb->p_rx_msg->len += p_buf->len;
1448 p_ret = p_ccb->p_rx_msg;
1449 p_ccb->p_rx_msg = NULL;
1453 p_ccb->p_rx_msg->offset += p_buf->len;
1454 p_ccb->p_rx_msg->len += p_buf->len;
1464 /*******************************************************************************
1466 ** Function avdt_msg_send_cmd
1468 ** Description This function is called to send a command message. The
1469 ** sig_id parameter indicates the message type, p_params
1470 ** points to the message parameters, if any. It gets a buffer
1471 ** from the AVDTP command pool, executes the message building
1472 ** function for this message type. It then queues the message
1473 ** in the command queue for this CCB.
1478 *******************************************************************************/
1479 void avdt_msg_send_cmd(tAVDT_CCB *p_ccb, void *p_scb, UINT8 sig_id, tAVDT_MSG *p_params)
1486 p_buf = (BT_HDR *) osi_getbuf(AVDT_CMD_BUF_SIZE);
1489 AVDT_TRACE_ERROR("avdt_msg_send_cmd out of buffer!!");
1493 /* set up buf pointer and offset */
1494 p_buf->offset = AVDT_MSG_OFFSET;
1495 p_start = p = (UINT8 *)(p_buf + 1) + p_buf->offset;
1497 /* execute parameter building function to build message */
1498 (*avdt_msg_bld_cmd[sig_id - 1])(&p, p_params);
1501 p_buf->len = (UINT16) (p - p_start);
1503 /* now store scb hdls, if any, in buf */
1506 p = (UINT8 *)(p_buf + 1);
1508 /* for start and suspend, p_scb points to array of handles */
1509 if ((sig_id == AVDT_SIG_START) || (sig_id == AVDT_SIG_SUSPEND))
1511 memcpy(p, (UINT8 *) p_scb, p_buf->len);
1513 /* for all others, p_scb points to scb as usual */
1516 *p = avdt_scb_to_hdl((tAVDT_SCB *) p_scb);
1520 /* stash sig, label, and message type in buf */
1521 p_buf->event = sig_id;
1522 AVDT_BLD_LAYERSPEC(p_buf->layer_specific, AVDT_MSG_TYPE_CMD, p_ccb->label);
1524 /* increment label */
1525 p_ccb->label = (p_ccb->label + 1) % 16;
1527 /* queue message and trigger ccb to send it */
1528 fixed_queue_enqueue(p_ccb->cmd_q, p_buf);
1529 avdt_ccb_event(p_ccb, AVDT_CCB_SENDMSG_EVT, NULL);
1533 /*******************************************************************************
1535 ** Function avdt_msg_send_rsp
1537 ** Description This function is called to send a response message. The
1538 ** sig_id parameter indicates the message type, p_params
1539 ** points to the message parameters, if any. It gets a buffer
1540 ** from the AVDTP command pool, executes the message building
1541 ** function for this message type. It then queues the message
1542 ** in the response queue for this CCB.
1547 *******************************************************************************/
1548 void avdt_msg_send_rsp(tAVDT_CCB *p_ccb, UINT8 sig_id, tAVDT_MSG *p_params)
1555 p_buf = (BT_HDR *) osi_getbuf(AVDT_CMD_BUF_SIZE);
1556 if (p_buf == NULL) return;
1558 /* set up buf pointer and offset */
1559 p_buf->offset = AVDT_MSG_OFFSET;
1560 p_start = p = (UINT8 *)(p_buf + 1) + p_buf->offset;
1562 /* execute parameter building function to build message */
1563 (*avdt_msg_bld_rsp[sig_id - 1])(&p, p_params);
1566 p_buf->len = (UINT16) (p - p_start);
1568 /* stash sig, label, and message type in buf */
1569 p_buf->event = sig_id;
1570 AVDT_BLD_LAYERSPEC(p_buf->layer_specific, AVDT_MSG_TYPE_RSP, p_params->hdr.label);
1572 /* queue message and trigger ccb to send it */
1573 fixed_queue_enqueue(p_ccb->rsp_q, p_buf);
1574 avdt_ccb_event(p_ccb, AVDT_CCB_SENDMSG_EVT, NULL);
1578 /*******************************************************************************
1580 ** Function avdt_msg_send_rej
1582 ** Description This function is called to send a reject message. The
1583 ** sig_id parameter indicates the message type. It gets
1584 ** a buffer from the AVDTP command pool and builds the
1585 ** message based on the message type and the error code.
1586 ** It then queues the message in the response queue for
1592 *******************************************************************************/
1593 void avdt_msg_send_rej(tAVDT_CCB *p_ccb, UINT8 sig_id, tAVDT_MSG *p_params)
1600 p_buf = (BT_HDR *) osi_getbuf(AVDT_CMD_BUF_SIZE);
1601 if (p_buf == NULL) return;
1603 /* set up buf pointer and offset */
1604 p_buf->offset = AVDT_MSG_OFFSET;
1605 p_start = p = (UINT8 *)(p_buf + 1) + p_buf->offset;
1607 /* if sig id included, build into message */
1608 if (sig_id != AVDT_SIG_NONE)
1610 /* if this sig has a parameter, add the parameter */
1611 if ((sig_id == AVDT_SIG_SETCONFIG) ||
1612 (sig_id == AVDT_SIG_RECONFIG))
1614 AVDT_MSG_BLD_PARAM(p, p_params->hdr.err_param);
1616 else if ((sig_id == AVDT_SIG_START) ||
1617 (sig_id == AVDT_SIG_SUSPEND))
1619 AVDT_MSG_BLD_SEID(p, p_params->hdr.err_param);
1622 /* add the error code */
1623 AVDT_MSG_BLD_ERR(p, p_params->hdr.err_code);
1625 AVDT_TRACE_DEBUG("avdt_msg_send_rej");
1627 /* calculate length */
1628 p_buf->len = (UINT16) (p - p_start);
1630 /* stash sig, label, and message type in buf */
1631 p_buf->event = sig_id;
1632 AVDT_BLD_LAYERSPEC(p_buf->layer_specific, AVDT_MSG_TYPE_REJ, p_params->hdr.label);
1634 /* queue message and trigger ccb to send it */
1635 fixed_queue_enqueue(p_ccb->rsp_q, p_buf);
1636 avdt_ccb_event(p_ccb, AVDT_CCB_SENDMSG_EVT, NULL);
1639 /*******************************************************************************
1641 ** Function avdt_msg_send_grej
1643 ** Description This function is called to send a general reject message. The
1644 ** sig_id parameter indicates the message type. It gets
1645 ** a buffer from the AVDTP command pool and builds the
1646 ** message based on the message type and the error code.
1647 ** It then queues the message in the response queue for
1653 *******************************************************************************/
1654 void avdt_msg_send_grej(tAVDT_CCB *p_ccb, UINT8 sig_id, tAVDT_MSG *p_params)
1661 p_buf = (BT_HDR *) osi_getbuf(AVDT_CMD_BUF_SIZE);
1662 if (p_buf == NULL) return;
1664 /* set up buf pointer and offset */
1665 p_buf->offset = AVDT_MSG_OFFSET;
1666 p_start = p = (UINT8 *)(p_buf + 1) + p_buf->offset;
1668 /* calculate length */
1669 p_buf->len = (UINT16) (p - p_start);
1671 /* stash sig, label, and message type in buf */
1673 AVDT_BLD_LAYERSPEC(p_buf->layer_specific, 0, p_params->hdr.label);
1674 AVDT_TRACE_DEBUG("avdt_msg_send_grej");
1676 /* queue message and trigger ccb to send it */
1677 fixed_queue_enqueue(p_ccb->rsp_q, p_buf);
1678 avdt_ccb_event(p_ccb, AVDT_CCB_SENDMSG_EVT, NULL);
1681 /*******************************************************************************
1683 ** Function avdt_msg_ind
1685 ** Description This function is called by the adaption layer when an
1686 ** incoming message is received on the signaling channel.
1687 ** It parses the message and sends an event to the appropriate
1688 ** SCB or CCB for the message.
1693 *******************************************************************************/
1694 void avdt_msg_ind(tAVDT_CCB *p_ccb, BT_HDR *p_buf)
1699 BOOLEAN handle_rsp = FALSE;
1700 BOOLEAN gen_rej = FALSE;
1711 /* reassemble message; if no message available (we received a fragment) return */
1712 if ((p_buf = avdt_msg_asmbl(p_ccb, p_buf)) == NULL)
1717 p = (UINT8 *)(p_buf + 1) + p_buf->offset;
1719 /* parse the message header */
1720 AVDT_MSG_PRS_HDR(p, label, pkt_type, msg_type);
1724 AVDT_TRACE_DEBUG("msg_type=%d, sig=%d", msg_type, sig);
1725 /* set up label and ccb_idx in message hdr */
1726 msg.hdr.label = label;
1727 msg.hdr.ccb_idx = avdt_ccb_to_idx(p_ccb);
1729 /* verify msg type */
1730 if (msg_type == AVDT_MSG_TYPE_GRJ)
1732 AVDT_TRACE_WARNING("Dropping msg msg_type=%d", msg_type);
1735 /* check for general reject */
1736 else if ((msg_type == AVDT_MSG_TYPE_REJ) && (p_buf->len == AVDT_LEN_GEN_REJ))
1739 if (p_ccb->p_curr_cmd != NULL)
1741 msg.hdr.sig_id = sig = (UINT8) p_ccb->p_curr_cmd->event;
1742 evt = avdt_msg_rej_2_evt[sig - 1];
1743 msg.hdr.err_code = AVDT_ERR_NSC;
1744 msg.hdr.err_param = 0;
1747 else /* not a general reject */
1749 /* get and verify signal */
1750 AVDT_MSG_PRS_SIG(p, sig);
1751 msg.hdr.sig_id = sig;
1752 if ((sig == 0) || (sig > AVDT_SIG_MAX))
1754 AVDT_TRACE_WARNING("Dropping msg sig=%d msg_type:%d", sig, msg_type);
1757 /* send a general reject */
1758 if (msg_type == AVDT_MSG_TYPE_CMD)
1760 avdt_msg_send_grej(p_ccb, sig, &msg);
1767 /* skip over header (msg length already verified during reassembly) */
1768 p_buf->len -= AVDT_LEN_TYPE_SINGLE;
1770 /* set up to parse message */
1771 if ((msg_type == AVDT_MSG_TYPE_RSP) && (sig == AVDT_SIG_DISCOVER))
1773 /* parse discover rsp message to struct supplied by app */
1774 msg.discover_rsp.p_sep_info = (tAVDT_SEP_INFO *) p_ccb->p_proc_data;
1775 msg.discover_rsp.num_seps = p_ccb->proc_param;
1777 else if ((msg_type == AVDT_MSG_TYPE_RSP) &&
1778 ((sig == AVDT_SIG_GETCAP) || (sig == AVDT_SIG_GET_ALLCAP)))
1780 /* parse discover rsp message to struct supplied by app */
1781 msg.svccap.p_cfg = (tAVDT_CFG *) p_ccb->p_proc_data;
1783 else if ((msg_type == AVDT_MSG_TYPE_RSP) && (sig == AVDT_SIG_GETCONFIG))
1785 /* parse get config rsp message to struct allocated locally */
1786 msg.svccap.p_cfg = &cfg;
1788 else if ((msg_type == AVDT_MSG_TYPE_CMD) && (sig == AVDT_SIG_SETCONFIG))
1790 /* parse config cmd message to struct allocated locally */
1791 msg.config_cmd.p_cfg = &cfg;
1793 else if ((msg_type == AVDT_MSG_TYPE_CMD) && (sig == AVDT_SIG_RECONFIG))
1795 /* parse reconfig cmd message to struct allocated locally */
1796 msg.reconfig_cmd.p_cfg = &cfg;
1799 /* parse message; while we're at it map message sig to event */
1800 if (msg_type == AVDT_MSG_TYPE_CMD)
1802 msg.hdr.err_code = err = (*avdt_msg_prs_cmd[sig - 1])(&msg, p, p_buf->len);
1803 evt = avdt_msg_cmd_2_evt[sig - 1];
1805 else if (msg_type == AVDT_MSG_TYPE_RSP)
1807 msg.hdr.err_code = err = (*avdt_msg_prs_rsp[sig - 1])(&msg, p, p_buf->len);
1808 evt = avdt_msg_rsp_2_evt[sig - 1];
1810 else /* msg_type == AVDT_MSG_TYPE_REJ */
1812 err = avdt_msg_prs_rej(&msg, p, sig);
1813 evt = avdt_msg_rej_2_evt[sig - 1];
1816 /* if parsing failed */
1819 AVDT_TRACE_WARNING("Parsing failed sig=%d err=0x%x", sig, err);
1821 /* if its a rsp or rej, drop it; if its a cmd, send a rej;
1822 ** note special case for abort; never send abort reject
1825 if ((msg_type == AVDT_MSG_TYPE_CMD) && (sig != AVDT_SIG_ABORT))
1827 avdt_msg_send_rej(p_ccb, sig, &msg);
1832 /* if its a rsp or rej, check sent cmd to see if we're waiting for
1833 ** the rsp or rej. If we didn't send a cmd for it, drop it. If
1834 ** it does match a cmd, stop timer for the cmd.
1838 if ((msg_type == AVDT_MSG_TYPE_RSP) || (msg_type == AVDT_MSG_TYPE_REJ))
1840 if ((p_ccb->p_curr_cmd != NULL) &&
1841 (p_ccb->p_curr_cmd->event == sig) &&
1842 (AVDT_LAYERSPEC_LABEL(p_ccb->p_curr_cmd->layer_specific) == label))
1845 btu_stop_timer(&p_ccb->timer_entry);
1847 /* clear retransmission count */
1848 p_ccb->ret_count = 0;
1850 /* later in this function handle ccb event */
1856 AVDT_TRACE_WARNING("Cmd not found for rsp sig=%d label=%d", sig, label);
1863 /* if it's a ccb event send to ccb */
1864 if (evt & AVDT_CCB_MKR)
1866 avdt_ccb_event(p_ccb, (UINT8)(evt & ~AVDT_CCB_MKR), (tAVDT_CCB_EVT *) &msg);
1868 /* if it's a scb event */
1871 /* Scb events always have a single seid. For cmd, get seid from
1872 ** message. For rej and rsp, get seid from p_curr_cmd.
1874 if (msg_type == AVDT_MSG_TYPE_CMD)
1876 scb_hdl = msg.single.seid;
1880 scb_hdl = *((UINT8 *)(p_ccb->p_curr_cmd + 1));
1883 /* Map seid to the scb and send it the event. For cmd, seid has
1884 ** already been verified by parsing function.
1886 if (evt && (p_scb = avdt_scb_by_hdl(scb_hdl)) != NULL)
1888 avdt_scb_event(p_scb, evt, (tAVDT_SCB_EVT *) &msg);
1893 /* free message buffer */
1896 /* if its a rsp or rej, send event to ccb to free associated
1897 ** cmd msg buffer and handle cmd queue
1901 avdt_ccb_event(p_ccb, AVDT_CCB_RCVRSP_EVT, NULL);