1 /******************************************************************************
3 * Copyright (C) 2003-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * Interface to AVRCP mandatory commands
23 ******************************************************************************/
27 #include "bt_common.h"
31 /*****************************************************************************
33 *****************************************************************************/
36 #define AVRC_MAX_RCV_CTRL_EVT AVCT_BROWSE_UNCONG_IND_EVT
39 #define MAX(a, b) ((a) > (b) ? (a) : (b))
42 static const UINT8 avrc_ctrl_event_map[] =
44 AVRC_OPEN_IND_EVT, /* AVCT_CONNECT_CFM_EVT */
45 AVRC_OPEN_IND_EVT, /* AVCT_CONNECT_IND_EVT */
46 AVRC_CLOSE_IND_EVT, /* AVCT_DISCONNECT_CFM_EVT */
47 AVRC_CLOSE_IND_EVT, /* AVCT_DISCONNECT_IND_EVT */
48 AVRC_CONG_IND_EVT, /* AVCT_CONG_IND_EVT */
49 AVRC_UNCONG_IND_EVT,/* AVCT_UNCONG_IND_EVT */
50 AVRC_BROWSE_OPEN_IND_EVT, /* AVCT_BROWSE_CONN_CFM_EVT */
51 AVRC_BROWSE_OPEN_IND_EVT, /* AVCT_BROWSE_CONN_IND_EVT */
52 AVRC_BROWSE_CLOSE_IND_EVT, /* AVCT_BROWSE_DISCONN_CFM_EVT */
53 AVRC_BROWSE_CLOSE_IND_EVT, /* AVCT_BROWSE_DISCONN_IND_EVT */
54 AVRC_BROWSE_CONG_IND_EVT, /* AVCT_BROWSE_CONG_IND_EVT */
55 AVRC_BROWSE_UNCONG_IND_EVT /* AVCT_BROWSE_UNCONG_IND_EVT */
58 #define AVRC_OP_DROP 0xFE /* use this unused opcode to indication no need to call the callback function */
59 #define AVRC_OP_DROP_N_FREE 0xFD /* use this unused opcode to indication no need to call the callback function & free buffer */
61 #define AVRC_OP_UNIT_INFO_RSP_LEN 8
62 #define AVRC_OP_SUB_UNIT_INFO_RSP_LEN 8
63 #define AVRC_OP_REJ_MSG_LEN 11
65 /******************************************************************************
67 ** Function avrc_ctrl_cback
69 ** Description This is the callback function used by AVCTP to report
70 ** received link events.
74 ******************************************************************************/
75 static void avrc_ctrl_cback(UINT8 handle, UINT8 event, UINT16 result,
80 if (event <= AVRC_MAX_RCV_CTRL_EVT && avrc_cb.ccb[handle].p_ctrl_cback)
82 avrc_event = avrc_ctrl_event_map[event];
83 if (event == AVCT_CONNECT_CFM_EVT)
85 if (result != 0) /* failed */
86 avrc_event = AVRC_CLOSE_IND_EVT;
88 (*avrc_cb.ccb[handle].p_ctrl_cback)(handle, avrc_event, result, peer_addr);
90 /* else drop the unknown event*/
93 /******************************************************************************
95 ** Function avrc_get_data_ptr
97 ** Description Gets a pointer to the data payload in the packet.
99 ** Returns A pointer to the data payload.
101 ******************************************************************************/
102 static UINT8 * avrc_get_data_ptr(BT_HDR *p_pkt)
104 return (UINT8 *)(p_pkt + 1) + p_pkt->offset;
107 /******************************************************************************
109 ** Function avrc_copy_packet
111 ** Description Copies an AVRC packet to a new buffer. In the new buffer,
112 ** the payload offset is at least AVCT_MSG_OFFSET octets.
114 ** Returns The buffer with the copied data.
116 ******************************************************************************/
117 static BT_HDR * avrc_copy_packet(BT_HDR *p_pkt, int rsp_pkt_len)
119 const int offset = MAX(AVCT_MSG_OFFSET, p_pkt->offset);
120 const int pkt_len = MAX(rsp_pkt_len, p_pkt->len);
121 BT_HDR *p_pkt_copy = (BT_HDR *)osi_malloc(BT_HDR_SIZE + offset + pkt_len);
123 /* Copy the packet header, set the new offset, and copy the payload */
124 memcpy(p_pkt_copy, p_pkt, BT_HDR_SIZE);
125 p_pkt_copy->offset = offset;
126 UINT8 *p_data = avrc_get_data_ptr(p_pkt);
127 UINT8 *p_data_copy = avrc_get_data_ptr(p_pkt_copy);
128 memcpy(p_data_copy, p_data, p_pkt->len);
133 #if (AVRC_METADATA_INCLUDED == TRUE)
134 /******************************************************************************
136 ** Function avrc_prep_end_frag
138 ** Description This function prepares an end response fragment
142 ******************************************************************************/
143 static void avrc_prep_end_frag(UINT8 handle)
145 tAVRC_FRAG_CB *p_fcb;
147 UINT8 *p_data, *p_orig_data;
150 AVRC_TRACE_DEBUG ("avrc_prep_end_frag" );
151 p_fcb = &avrc_cb.fcb[handle];
153 /* The response type of the end fragment should be the same as the the PDU of "End Fragment
154 ** Response" Errata: https://www.bluetooth.org/errata/errata_view.cfm?errata_id=4383
156 p_orig_data = ((UINT8 *)(p_fcb->p_fmsg + 1) + p_fcb->p_fmsg->offset);
157 rsp_type = ((*p_orig_data) & AVRC_CTYPE_MASK);
159 p_pkt_new = p_fcb->p_fmsg;
160 p_pkt_new->len -= (AVRC_MAX_CTRL_DATA_LEN - AVRC_VENDOR_HDR_SIZE - AVRC_MIN_META_HDR_SIZE);
161 p_pkt_new->offset += (AVRC_MAX_CTRL_DATA_LEN - AVRC_VENDOR_HDR_SIZE - AVRC_MIN_META_HDR_SIZE);
162 p_data = (UINT8 *)(p_pkt_new+1) + p_pkt_new->offset;
163 *p_data++ = rsp_type;
164 *p_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT);
165 *p_data++ = AVRC_OP_VENDOR;
166 AVRC_CO_ID_TO_BE_STREAM(p_data, AVRC_CO_METADATA);
167 *p_data++ = p_fcb->frag_pdu;
168 *p_data++ = AVRC_PKT_END;
170 /* 4=pdu, pkt_type & len */
171 UINT16_TO_BE_STREAM(p_data, (p_pkt_new->len - AVRC_VENDOR_HDR_SIZE - AVRC_MIN_META_HDR_SIZE));
174 /******************************************************************************
176 ** Function avrc_send_continue_frag
178 ** Description This function sends a continue response fragment
182 ******************************************************************************/
183 static void avrc_send_continue_frag(UINT8 handle, UINT8 label)
185 tAVRC_FRAG_CB *p_fcb;
186 BT_HDR *p_pkt_old, *p_pkt;
187 UINT8 *p_old, *p_data;
190 p_fcb = &avrc_cb.fcb[handle];
191 p_pkt = p_fcb->p_fmsg;
193 AVRC_TRACE_DEBUG("%s handle = %u label = %u len = %d",
194 __func__, handle, label, p_pkt->len);
195 if (p_pkt->len > AVRC_MAX_CTRL_DATA_LEN) {
196 int offset_len = MAX(AVCT_MSG_OFFSET, p_pkt->offset);
197 p_pkt_old = p_fcb->p_fmsg;
198 p_pkt = (BT_HDR *)osi_malloc(AVRC_PACKET_LEN + offset_len + BT_HDR_SIZE);
199 p_pkt->len = AVRC_MAX_CTRL_DATA_LEN;
200 p_pkt->offset = AVCT_MSG_OFFSET;
201 p_pkt->layer_specific = p_pkt_old->layer_specific;
202 p_pkt->event = p_pkt_old->event;
203 p_old = (UINT8 *)(p_pkt_old + 1) + p_pkt_old->offset;
204 p_data = (UINT8 *)(p_pkt + 1) + p_pkt->offset;
205 memcpy (p_data, p_old, AVRC_MAX_CTRL_DATA_LEN);
206 /* use AVRC continue packet type */
207 p_data += AVRC_VENDOR_HDR_SIZE;
209 *p_data++ = AVRC_PKT_CONTINUE;
210 /* 4=pdu, pkt_type & len */
211 UINT16_TO_BE_STREAM(p_data, (AVRC_MAX_CTRL_DATA_LEN - AVRC_VENDOR_HDR_SIZE - 4));
213 /* prepare the left over for as an end fragment */
214 avrc_prep_end_frag (handle);
216 /* end fragment. clean the control block */
217 p_fcb->frag_enabled = FALSE;
218 p_fcb->p_fmsg = NULL;
220 AVCT_MsgReq( handle, label, cr, p_pkt);
223 /******************************************************************************
225 ** Function avrc_proc_vendor_command
227 ** Description This function processes received vendor command.
229 ** Returns if not NULL, the response to send right away.
231 ******************************************************************************/
232 static BT_HDR * avrc_proc_vendor_command(UINT8 handle, UINT8 label,
233 BT_HDR *p_pkt, tAVRC_MSG_VENDOR *p_msg)
235 BT_HDR *p_rsp = NULL;
239 BOOLEAN abort_frag = FALSE;
240 tAVRC_STS status = AVRC_STS_NO_ERROR;
241 tAVRC_FRAG_CB *p_fcb;
243 p_begin = (UINT8 *)(p_pkt+1) + p_pkt->offset;
244 p_data = p_begin + AVRC_VENDOR_HDR_SIZE;
245 pkt_type = *(p_data + 1) & AVRC_PKT_TYPE_MASK;
247 if (pkt_type != AVRC_PKT_SINGLE)
249 /* reject - commands can only be in single packets at AVRCP level */
250 AVRC_TRACE_ERROR ("commands must be in single packet pdu:0x%x", *p_data );
251 /* use the current GKI buffer to send the reject */
252 status = AVRC_STS_BAD_CMD;
254 /* check if there are fragments waiting to be sent */
255 else if (avrc_cb.fcb[handle].frag_enabled)
257 p_fcb = &avrc_cb.fcb[handle];
258 if (p_msg->company_id == AVRC_CO_METADATA)
262 case AVRC_PDU_ABORT_CONTINUATION_RSP:
263 /* aborted by CT - send accept response */
265 p_begin = (UINT8 *)(p_pkt+1) + p_pkt->offset;
266 *p_begin = (AVRC_RSP_ACCEPT & AVRC_CTYPE_MASK);
267 if (*(p_data + 4) != p_fcb->frag_pdu)
269 *p_begin = (AVRC_RSP_REJ & AVRC_CTYPE_MASK);
270 *(p_data + 4) = AVRC_STS_BAD_PARAM;
274 p_data = (p_begin + AVRC_VENDOR_HDR_SIZE + 2);
275 UINT16_TO_BE_STREAM(p_data, 0);
276 p_pkt->len = (p_data - p_begin);
278 AVCT_MsgReq( handle, label, AVCT_RSP, p_pkt);
279 p_msg->hdr.opcode = AVRC_OP_DROP; /* used the p_pkt to send response */
282 case AVRC_PDU_REQUEST_CONTINUATION_RSP:
283 if (*(p_data + 4) == p_fcb->frag_pdu)
285 avrc_send_continue_frag(handle, label);
286 p_msg->hdr.opcode = AVRC_OP_DROP_N_FREE;
290 /* the pdu id does not match - reject the command using the current GKI buffer */
291 AVRC_TRACE_ERROR("avrc_proc_vendor_command continue pdu: 0x%x does not match \
292 current re-assembly pdu: 0x%x",
293 *(p_data + 4), p_fcb->frag_pdu);
294 status = AVRC_STS_BAD_PARAM;
312 osi_free_and_reset((void **)&p_fcb->p_fmsg);
313 p_fcb->frag_enabled = FALSE;
317 if (status != AVRC_STS_NO_ERROR)
319 /* use the current GKI buffer to build/send the reject message */
320 p_data = (UINT8 *)(p_pkt+1) + p_pkt->offset;
321 *p_data++ = AVRC_RSP_REJ;
322 p_data += AVRC_VENDOR_HDR_SIZE; /* pdu */
323 *p_data++ = 0; /* pkt_type */
324 UINT16_TO_BE_STREAM(p_data, 1); /* len */
325 *p_data++ = status; /* error code */
326 p_pkt->len = AVRC_VENDOR_HDR_SIZE + 5;
333 /******************************************************************************
335 ** Function avrc_proc_far_msg
337 ** Description This function processes metadata fragmenation
340 ** Returns 0, to report the message with msg_cback .
342 ******************************************************************************/
343 static UINT8 avrc_proc_far_msg(UINT8 handle, UINT8 label, UINT8 cr, BT_HDR **pp_pkt,
344 tAVRC_MSG_VENDOR *p_msg)
346 BT_HDR *p_pkt = *pp_pkt;
349 BOOLEAN buf_overflow = FALSE;
350 BT_HDR *p_rsp = NULL;
351 BT_HDR *p_cmd = NULL;
352 BOOLEAN req_continue = FALSE;
353 BT_HDR *p_pkt_new = NULL;
355 tAVRC_RASM_CB *p_rcb;
356 tAVRC_NEXT_CMD avrc_cmd;
358 p_data = (UINT8 *)(p_pkt+1) + p_pkt->offset;
360 /* Skip over vendor header (ctype, subunit*, opcode, CO_ID) */
361 p_data += AVRC_VENDOR_HDR_SIZE;
363 pkt_type = *(p_data + 1) & AVRC_PKT_TYPE_MASK;
364 AVRC_TRACE_DEBUG ("pkt_type %d", pkt_type );
365 p_rcb = &avrc_cb.rcb[handle];
366 if (p_msg->company_id == AVRC_CO_METADATA)
368 /* check if the message needs to be re-assembled */
369 if (pkt_type == AVRC_PKT_SINGLE || pkt_type == AVRC_PKT_START)
371 /* previous fragments need to be dropped, when received another new message */
372 p_rcb->rasm_offset = 0;
373 osi_free_and_reset((void **)&p_rcb->p_rmsg);
376 if (pkt_type != AVRC_PKT_SINGLE && cr == AVCT_RSP)
378 /* not a single response packet - need to re-assemble metadata messages */
379 if (pkt_type == AVRC_PKT_START) {
380 /* Allocate buffer for re-assembly */
381 p_rcb->rasm_pdu = *p_data;
382 p_rcb->p_rmsg = (BT_HDR *)osi_malloc(BT_DEFAULT_BUFFER_SIZE);
383 /* Copy START packet to buffer for re-assembling fragments */
384 memcpy(p_rcb->p_rmsg, p_pkt, sizeof(BT_HDR)); /* Copy bt hdr */
386 /* Copy metadata message */
387 memcpy((UINT8 *)(p_rcb->p_rmsg + 1),
388 (UINT8 *)(p_pkt+1) + p_pkt->offset, p_pkt->len);
390 /* offset of start of metadata response in reassembly buffer */
391 p_rcb->p_rmsg->offset = p_rcb->rasm_offset = 0;
394 * Free original START packet, replace with pointer to
398 *pp_pkt = p_rcb->p_rmsg;
401 * Set offset to point to where to copy next - use the same
402 * reassembly logic as AVCT.
404 p_rcb->p_rmsg->offset += p_rcb->p_rmsg->len;
406 } else if (p_rcb->p_rmsg == NULL) {
407 /* Received a CONTINUE/END, but no corresponding START
408 (or previous fragmented response was dropped) */
409 AVRC_TRACE_DEBUG ("Received a CONTINUE/END without no corresponding START \
410 (or previous fragmented response was dropped)");
417 /* get size of buffer holding assembled message */
419 * NOTE: The buffer is allocated above at the beginning of the
420 * reassembly, and is always of size BT_DEFAULT_BUFFER_SIZE.
422 UINT16 buf_len = BT_DEFAULT_BUFFER_SIZE - sizeof(BT_HDR);
423 /* adjust offset and len of fragment for header byte */
424 p_pkt->offset += (AVRC_VENDOR_HDR_SIZE + AVRC_MIN_META_HDR_SIZE);
425 p_pkt->len -= (AVRC_VENDOR_HDR_SIZE + AVRC_MIN_META_HDR_SIZE);
427 if ((p_rcb->p_rmsg->offset + p_pkt->len) > buf_len)
429 AVRC_TRACE_WARNING("Fragmented message too big! - report the partial message");
430 p_pkt->len = buf_len - p_rcb->p_rmsg->offset;
431 pkt_type = AVRC_PKT_END;
435 /* copy contents of p_pkt to p_rx_msg */
436 memcpy((UINT8 *)(p_rcb->p_rmsg + 1) + p_rcb->p_rmsg->offset,
437 (UINT8 *)(p_pkt + 1) + p_pkt->offset, p_pkt->len);
439 if (pkt_type == AVRC_PKT_END)
441 p_rcb->p_rmsg->offset = p_rcb->rasm_offset;
442 p_rcb->p_rmsg->len += p_pkt->len;
443 p_pkt_new = p_rcb->p_rmsg;
444 p_rcb->rasm_offset = 0;
445 p_rcb->p_rmsg = NULL;
446 p_msg->p_vendor_data = (UINT8 *)(p_pkt_new+1) + p_pkt_new->offset;
447 p_msg->hdr.ctype = p_msg->p_vendor_data[0] & AVRC_CTYPE_MASK;
448 /* 6 = ctype, subunit*, opcode & CO_ID */
449 p_msg->p_vendor_data += AVRC_VENDOR_HDR_SIZE;
450 p_msg->vendor_len = p_pkt_new->len - AVRC_VENDOR_HDR_SIZE;
451 p_data = p_msg->p_vendor_data + 1; /* skip pdu */
452 *p_data++ = AVRC_PKT_SINGLE;
453 UINT16_TO_BE_STREAM(p_data, (p_msg->vendor_len - AVRC_MIN_META_HDR_SIZE));
454 AVRC_TRACE_DEBUG("end frag:%d, total len:%d, offset:%d", p_pkt->len,
455 p_pkt_new->len, p_pkt_new->offset);
459 p_rcb->p_rmsg->offset += p_pkt->len;
460 p_rcb->p_rmsg->len += p_pkt->len;
471 p_rsp = avrc_proc_vendor_command(handle, label, *pp_pkt, p_msg);
474 AVCT_MsgReq( handle, label, AVCT_RSP, p_rsp);
477 else if (p_msg->hdr.opcode == AVRC_OP_DROP)
481 else if (p_msg->hdr.opcode == AVRC_OP_DROP_N_FREE)
485 else if (cr == AVCT_RSP && req_continue == TRUE)
487 avrc_cmd.pdu = AVRC_PDU_REQUEST_CONTINUATION_RSP;
488 avrc_cmd.status = AVRC_STS_NO_ERROR;
489 avrc_cmd.target_pdu = p_rcb->rasm_pdu;
490 if (AVRC_BldCommand ((tAVRC_COMMAND *)&avrc_cmd, &p_cmd) == AVRC_STS_NO_ERROR)
493 AVRC_MsgReq (handle, (UINT8)(label), AVRC_CMD_CTRL, p_cmd);
497 * Drop it if we are out of buffer
499 else if (cr == AVCT_RSP && req_continue == FALSE && buf_overflow == TRUE)
501 avrc_cmd.pdu = AVRC_PDU_ABORT_CONTINUATION_RSP;
502 avrc_cmd.status = AVRC_STS_NO_ERROR;
503 avrc_cmd.target_pdu = p_rcb->rasm_pdu;
504 if (AVRC_BldCommand ((tAVRC_COMMAND *)&avrc_cmd, &p_cmd) == AVRC_STS_NO_ERROR)
507 AVRC_MsgReq (handle, (UINT8)(label), AVRC_CMD_CTRL, p_cmd);
514 #endif /* (AVRC_METADATA_INCLUDED == TRUE) */
516 /******************************************************************************
518 ** Function avrc_msg_cback
520 ** Description This is the callback function used by AVCTP to report
521 ** received AV control messages.
525 ******************************************************************************/
526 static void avrc_msg_cback(UINT8 handle, UINT8 label, UINT8 cr,
533 BOOLEAN drop = FALSE;
534 BOOLEAN do_free = TRUE;
535 BT_HDR *p_rsp = NULL;
538 BOOLEAN reject = FALSE;
539 #if (BT_USE_TRACES == TRUE)
540 char *p_drop_msg = "dropped";
542 tAVRC_MSG_VENDOR *p_msg = &msg.vendor;
544 if (cr == AVCT_CMD &&
545 (p_pkt->layer_specific & AVCT_DATA_CTRL && AVRC_PACKET_LEN < sizeof(p_pkt->len)))
547 /* Ignore the invalid AV/C command frame */
548 #if (BT_USE_TRACES == TRUE)
549 p_drop_msg = "dropped - too long AV/C cmd frame size";
557 /* The peer thinks that this PID is no longer open - remove this handle */
560 AVCT_RemoveConn(handle);
564 p_data = (UINT8 *)(p_pkt+1) + p_pkt->offset;
565 memset(&msg, 0, sizeof(tAVRC_MSG) );
567 msg.hdr.ctype = p_data[0] & AVRC_CTYPE_MASK;
568 AVRC_TRACE_DEBUG("avrc_msg_cback handle:%d, ctype:%d, offset:%d, len: %d",
569 handle, msg.hdr.ctype, p_pkt->offset, p_pkt->len);
570 msg.hdr.subunit_type = (p_data[1] & AVRC_SUBTYPE_MASK) >> AVRC_SUBTYPE_SHIFT;
571 msg.hdr.subunit_id = p_data[1] & AVRC_SUBID_MASK;
575 if ( ((avrc_cb.ccb[handle].control & AVRC_CT_TARGET) && (cr == AVCT_CMD)) ||
576 ((avrc_cb.ccb[handle].control & AVRC_CT_CONTROL) && (cr == AVCT_RSP)) )
581 case AVRC_OP_UNIT_INFO:
584 /* send the response to the peer */
585 p_rsp = avrc_copy_packet(p_pkt, AVRC_OP_UNIT_INFO_RSP_LEN);
586 p_rsp_data = avrc_get_data_ptr(p_rsp);
587 *p_rsp_data = AVRC_RSP_IMPL_STBL;
588 /* check & set the offset. set response code, set subunit_type & subunit_id,
589 set AVRC_OP_UNIT_INFO */
590 /* 3 bytes: ctype, subunit*, opcode */
591 p_rsp_data += AVRC_AVC_HDR_SIZE;
593 /* Panel subunit & id=0 */
594 *p_rsp_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT);
595 AVRC_CO_ID_TO_BE_STREAM(p_rsp_data, avrc_cb.ccb[handle].company_id);
596 p_rsp->len = (UINT16) (p_rsp_data - (UINT8 *)(p_rsp + 1) - p_rsp->offset);
598 #if (BT_USE_TRACES == TRUE)
599 p_drop_msg = "auto respond";
605 p_data += 4; /* 3 bytes: ctype, subunit*, opcode + octet 3 (is 7)*/
606 msg.unit.unit_type = (*p_data & AVRC_SUBTYPE_MASK) >> AVRC_SUBTYPE_SHIFT;
607 msg.unit.unit = *p_data & AVRC_SUBID_MASK;
609 AVRC_BE_STREAM_TO_CO_ID(msg.unit.company_id, p_data);
613 case AVRC_OP_SUB_INFO:
616 /* send the response to the peer */
617 p_rsp = avrc_copy_packet(p_pkt, AVRC_OP_SUB_UNIT_INFO_RSP_LEN);
618 p_rsp_data = avrc_get_data_ptr(p_rsp);
619 *p_rsp_data = AVRC_RSP_IMPL_STBL;
620 /* check & set the offset. set response code, set (subunit_type & subunit_id),
621 set AVRC_OP_SUB_INFO, set (page & extention code) */
623 /* Panel subunit & id=0 */
624 *p_rsp_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT);
625 memset(p_rsp_data, AVRC_CMD_OPRND_PAD, AVRC_SUBRSP_OPRND_BYTES);
626 p_rsp_data += AVRC_SUBRSP_OPRND_BYTES;
627 p_rsp->len = (UINT16) (p_rsp_data - (UINT8 *)(p_rsp + 1) - p_rsp->offset);
629 #if (BT_USE_TRACES == TRUE)
630 p_drop_msg = "auto responded";
636 p_data += AVRC_AVC_HDR_SIZE; /* 3 bytes: ctype, subunit*, opcode */
637 msg.sub.page = (*p_data++ >> AVRC_SUB_PAGE_SHIFT) & AVRC_SUB_PAGE_MASK;
639 while (*p_data != AVRC_CMD_OPRND_PAD && xx<AVRC_SUB_TYPE_LEN)
641 msg.sub.subunit_type[xx] = *p_data++ >> AVRC_SUBTYPE_SHIFT;
642 if (msg.sub.subunit_type[xx] == AVRC_SUB_PANEL)
643 msg.sub.panel = TRUE;
650 p_data = (UINT8 *)(p_pkt+1) + p_pkt->offset;
652 if (p_pkt->len < AVRC_VENDOR_HDR_SIZE) /* 6 = ctype, subunit*, opcode & CO_ID */
660 p_data += AVRC_AVC_HDR_SIZE; /* skip the first 3 bytes: ctype, subunit*, opcode */
661 AVRC_BE_STREAM_TO_CO_ID(p_msg->company_id, p_data);
662 p_msg->p_vendor_data = p_data;
663 p_msg->vendor_len = p_pkt->len - (p_data - p_begin);
665 #if (AVRC_METADATA_INCLUDED == TRUE)
667 if (p_msg->company_id == AVRC_CO_METADATA)
669 /* Validate length for metadata message */
670 if (p_pkt->len < (AVRC_VENDOR_HDR_SIZE + AVRC_MIN_META_HDR_SIZE))
679 /* Check+handle fragmented messages */
680 drop_code = avrc_proc_far_msg(handle, label, cr, &p_pkt, p_msg);
688 #if (BT_USE_TRACES == TRUE)
692 p_drop_msg = "sent_frag";
695 p_drop_msg = "req_cont";
698 p_drop_msg = "sent_frag3";
701 p_drop_msg = "sent_frag_free";
704 p_drop_msg = "sent_fragd";
708 #endif /* (AVRC_METADATA_INCLUDED == TRUE) */
711 case AVRC_OP_PASS_THRU:
712 if (p_pkt->len < 5) /* 3 bytes: ctype, subunit*, opcode & op_id & len */
720 p_data += AVRC_AVC_HDR_SIZE; /* skip the first 3 bytes: ctype, subunit*, opcode */
721 msg.pass.op_id = (AVRC_PASS_OP_ID_MASK & *p_data);
722 if (AVRC_PASS_STATE_MASK & *p_data)
723 msg.pass.state = TRUE;
725 msg.pass.state = FALSE;
727 msg.pass.pass_len = *p_data++;
728 if (msg.pass.pass_len != p_pkt->len - 5)
729 msg.pass.pass_len = p_pkt->len - 5;
730 if (msg.pass.pass_len)
731 msg.pass.p_pass_data = p_data;
733 msg.pass.p_pass_data = NULL;
738 if ((avrc_cb.ccb[handle].control & AVRC_CT_TARGET) && (cr == AVCT_CMD))
740 /* reject unsupported opcode */
747 else /* drop the event */
754 /* reject unsupported opcode */
755 p_rsp = avrc_copy_packet(p_pkt, AVRC_OP_REJ_MSG_LEN);
756 p_rsp_data = avrc_get_data_ptr(p_rsp);
757 *p_rsp_data = AVRC_RSP_REJ;
758 #if (BT_USE_TRACES == TRUE)
759 p_drop_msg = "rejected";
767 /* set to send response right away */
768 AVCT_MsgReq( handle, label, cr, p_rsp);
774 msg.hdr.opcode = opcode;
775 (*avrc_cb.ccb[handle].p_msg_cback)(handle, label, opcode, &msg);
777 #if (BT_USE_TRACES == TRUE)
780 AVRC_TRACE_WARNING("avrc_msg_cback %s msg handle:%d, control:%d, cr:%d, opcode:x%x",
782 handle, avrc_cb.ccb[handle].control, cr, opcode);
794 /******************************************************************************
796 ** Function avrc_pass_msg
798 ** Description Compose a PASS THROUGH command according to p_msg
801 ** p_msg: Pointer to PASS THROUGH message structure.
803 ** Output Parameters:
806 ** Returns pointer to a valid GKI buffer if successful.
807 ** NULL if p_msg is NULL.
809 ******************************************************************************/
810 static BT_HDR * avrc_pass_msg(tAVRC_MSG_PASS *p_msg)
812 assert(p_msg != NULL);
813 assert(AVRC_CMD_BUF_SIZE > (AVRC_MIN_CMD_LEN+p_msg->pass_len));
815 BT_HDR *p_cmd = (BT_HDR *)osi_malloc(AVRC_CMD_BUF_SIZE);
816 p_cmd->offset = AVCT_MSG_OFFSET;
817 p_cmd->layer_specific = AVCT_DATA_CTRL;
819 UINT8 *p_data = (UINT8 *)(p_cmd + 1) + p_cmd->offset;
820 *p_data++ = (p_msg->hdr.ctype & AVRC_CTYPE_MASK);
821 *p_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT); /* Panel subunit & id=0 */
822 *p_data++ = AVRC_OP_PASS_THRU;
823 *p_data = (AVRC_PASS_OP_ID_MASK&p_msg->op_id);
825 *p_data |= AVRC_PASS_STATE_MASK;
828 if (p_msg->op_id == AVRC_ID_VENDOR) {
829 *p_data++ = p_msg->pass_len;
830 if (p_msg->pass_len && p_msg->p_pass_data) {
831 memcpy(p_data, p_msg->p_pass_data, p_msg->pass_len);
832 p_data += p_msg->pass_len;
835 /* set msg len to 0 for other op_id */
838 p_cmd->len = (UINT16) (p_data - (UINT8 *)(p_cmd + 1) - p_cmd->offset);
843 /******************************************************************************
845 ** Function AVRC_Open
847 ** Description This function is called to open a connection to AVCTP.
848 ** The connection can be either an initiator or acceptor, as
849 ** determined by the p_ccb->stream parameter.
850 ** The connection can be a target, a controller or for both role,
851 ** as determined by the p_ccb->control parameter.
852 ** By definition, a target connection is an acceptor connection
853 ** that waits for an incoming AVCTP connection from the peer.
854 ** The connection remains available to the application until
855 ** the application closes it by calling AVRC_Close(). The
856 ** application does not need to reopen the connection after an
857 ** AVRC_CLOSE_IND_EVT is received.
860 ** p_ccb->company_id: Company Identifier.
862 ** p_ccb->p_ctrl_cback: Pointer to control callback function.
864 ** p_ccb->p_msg_cback: Pointer to message callback function.
866 ** p_ccb->conn: AVCTP connection role. This is set to
867 ** AVCTP_INT for initiator connections and AVCTP_ACP
868 ** for acceptor connections.
870 ** p_ccb->control: Control role. This is set to
871 ** AVRC_CT_TARGET for target connections, AVRC_CT_CONTROL
872 ** for control connections or (AVRC_CT_TARGET|AVRC_CT_CONTROL)
873 ** for connections that support both roles.
875 ** peer_addr: BD address of peer device. This value is
876 ** only used for initiator connections; for acceptor
877 ** connections it can be set to NULL.
879 ** Output Parameters:
880 ** p_handle: Pointer to handle. This parameter is only
881 ** valid if AVRC_SUCCESS is returned.
883 ** Returns AVRC_SUCCESS if successful.
884 ** AVRC_NO_RESOURCES if there are not enough resources to open
887 ******************************************************************************/
888 UINT16 AVRC_Open(UINT8 *p_handle, tAVRC_CONN_CB *p_ccb, BD_ADDR_PTR peer_addr)
893 cc.p_ctrl_cback = avrc_ctrl_cback; /* Control callback */
894 cc.p_msg_cback = avrc_msg_cback; /* Message callback */
895 cc.pid = UUID_SERVCLASS_AV_REMOTE_CONTROL; /* Profile ID */
896 cc.role = p_ccb->conn; /* Initiator/acceptor role */
897 cc.control = p_ccb->control; /* Control role (Control/Target) */
899 status = AVCT_CreateConn(p_handle, &cc, peer_addr);
900 if (status == AVCT_SUCCESS)
902 memcpy(&avrc_cb.ccb[*p_handle], p_ccb, sizeof(tAVRC_CONN_CB));
903 #if (AVRC_METADATA_INCLUDED == TRUE)
904 memset(&avrc_cb.fcb[*p_handle], 0, sizeof(tAVRC_FRAG_CB));
905 memset(&avrc_cb.rcb[*p_handle], 0, sizeof(tAVRC_RASM_CB));
908 AVRC_TRACE_DEBUG("AVRC_Open role: %d, control:%d status:%d, handle:%d", cc.role, cc.control,
914 /******************************************************************************
916 ** Function AVRC_Close
918 ** Description Close a connection opened with AVRC_Open().
919 ** This function is called when the
920 ** application is no longer using a connection.
923 ** handle: Handle of this connection.
925 ** Output Parameters:
928 ** Returns AVRC_SUCCESS if successful.
929 ** AVRC_BAD_HANDLE if handle is invalid.
931 ******************************************************************************/
932 UINT16 AVRC_Close(UINT8 handle)
934 AVRC_TRACE_DEBUG("AVRC_Close handle:%d", handle);
935 return AVCT_RemoveConn(handle);
939 /******************************************************************************
941 ** Function AVRC_MsgReq
943 ** Description This function is used to send the AVRCP byte stream in p_pkt
946 ** It is expected that p_pkt->offset is at least AVCT_MSG_OFFSET
947 ** p_pkt->layer_specific is AVCT_DATA_CTRL or AVCT_DATA_BROWSE
948 ** p_pkt->event is AVRC_OP_VENDOR, AVRC_OP_PASS_THRU or AVRC_OP_BROWSE
949 ** The above BT_HDR settings are set by the AVRC_Bld* functions.
951 ** Returns AVRC_SUCCESS if successful.
952 ** AVRC_BAD_HANDLE if handle is invalid.
954 ******************************************************************************/
955 UINT16 AVRC_MsgReq (UINT8 handle, UINT8 label, UINT8 ctype, BT_HDR *p_pkt)
957 #if (AVRC_METADATA_INCLUDED == TRUE)
960 BOOLEAN chk_frag = TRUE;
961 UINT8 *p_start = NULL;
962 tAVRC_FRAG_CB *p_fcb;
966 return AVRC_BAD_PARAM;
968 AVRC_TRACE_DEBUG("%s handle = %u label = %u ctype = %u len = %d",
969 __func__, handle, label, ctype, p_pkt->len);
971 if (ctype >= AVRC_RSP_NOT_IMPL)
974 if (p_pkt->event == AVRC_OP_VENDOR)
976 /* add AVRCP Vendor Dependent headers */
977 p_start = ((UINT8 *)(p_pkt + 1) + p_pkt->offset);
978 p_pkt->offset -= AVRC_VENDOR_HDR_SIZE;
979 p_pkt->len += AVRC_VENDOR_HDR_SIZE;
980 p_data = (UINT8 *)(p_pkt + 1) + p_pkt->offset;
981 *p_data++ = (ctype & AVRC_CTYPE_MASK);
982 *p_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT);
983 *p_data++ = AVRC_OP_VENDOR;
984 AVRC_CO_ID_TO_BE_STREAM(p_data, AVRC_CO_METADATA);
986 else if (p_pkt->event == AVRC_OP_PASS_THRU)
988 /* add AVRCP Pass Through headers */
989 p_start = ((UINT8 *)(p_pkt + 1) + p_pkt->offset);
990 p_pkt->offset -= AVRC_PASS_THRU_SIZE;
991 p_pkt->len += AVRC_PASS_THRU_SIZE;
992 p_data = (UINT8 *)(p_pkt + 1) + p_pkt->offset;
993 *p_data++ = (ctype & AVRC_CTYPE_MASK);
994 *p_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT);
995 *p_data++ = AVRC_OP_PASS_THRU;/* opcode */
996 *p_data++ = AVRC_ID_VENDOR; /* operation id */
997 *p_data++ = 5; /* operation data len */
998 AVRC_CO_ID_TO_BE_STREAM(p_data, AVRC_CO_METADATA);
1001 /* abandon previous fragments */
1002 p_fcb = &avrc_cb.fcb[handle];
1003 if (p_fcb->frag_enabled)
1004 p_fcb->frag_enabled = FALSE;
1006 osi_free_and_reset((void **)&p_fcb->p_fmsg);
1008 /* AVRCP spec has not defined any control channel commands that needs fragmentation at this level
1009 * check for fragmentation only on the response */
1010 if ((cr == AVCT_RSP) && (chk_frag == TRUE))
1012 if (p_pkt->len > AVRC_MAX_CTRL_DATA_LEN)
1014 int offset_len = MAX(AVCT_MSG_OFFSET, p_pkt->offset);
1016 (BT_HDR *)osi_malloc(AVRC_PACKET_LEN + offset_len + BT_HDR_SIZE);
1017 if (p_start != NULL) {
1018 p_fcb->frag_enabled = TRUE;
1019 p_fcb->p_fmsg = p_pkt;
1020 p_fcb->frag_pdu = *p_start;
1022 p_pkt_new = p_fcb->p_fmsg;
1023 p_pkt->len = AVRC_MAX_CTRL_DATA_LEN;
1024 p_pkt->offset = p_pkt_new->offset;
1025 p_pkt->layer_specific = p_pkt_new->layer_specific;
1026 p_pkt->event = p_pkt_new->event;
1027 p_data = (UINT8 *)(p_pkt+1) + p_pkt->offset;
1028 p_start -= AVRC_VENDOR_HDR_SIZE;
1029 memcpy (p_data, p_start, AVRC_MAX_CTRL_DATA_LEN);
1030 /* use AVRC start packet type */
1031 p_data += AVRC_VENDOR_HDR_SIZE;
1033 *p_data++ = AVRC_PKT_START;
1034 /* 4 pdu, pkt_type & len */
1035 len = (AVRC_MAX_CTRL_DATA_LEN - AVRC_VENDOR_HDR_SIZE - AVRC_MIN_META_HDR_SIZE);
1036 UINT16_TO_BE_STREAM(p_data, len);
1038 /* prepare the left over for as an end fragment */
1039 avrc_prep_end_frag (handle);
1040 AVRC_TRACE_DEBUG ("%s p_pkt len:%d/%d, next len:%d", __func__,
1041 p_pkt->len, len, p_fcb->p_fmsg->len );
1043 /* TODO: Is this "else" block valid? Remove it? */
1044 AVRC_TRACE_ERROR ("AVRC_MsgReq no buffers for fragmentation" );
1046 return AVRC_NO_RESOURCES;
1051 return AVCT_MsgReq( handle, label, cr, p_pkt);
1053 return AVRC_NO_RESOURCES;
1058 /******************************************************************************
1060 ** Function AVRC_PassCmd
1062 ** Description Send a PASS THROUGH command to the peer device. This
1063 ** function can only be called for controller role connections.
1064 ** Any response message from the peer is passed back through
1065 ** the tAVRC_MSG_CBACK callback function.
1067 ** Input Parameters:
1068 ** handle: Handle of this connection.
1070 ** label: Transaction label.
1072 ** p_msg: Pointer to PASS THROUGH message structure.
1074 ** Output Parameters:
1077 ** Returns AVRC_SUCCESS if successful.
1078 ** AVRC_BAD_HANDLE if handle is invalid.
1080 ******************************************************************************/
1081 UINT16 AVRC_PassCmd(UINT8 handle, UINT8 label, tAVRC_MSG_PASS *p_msg)
1084 assert(p_msg != NULL);
1087 p_msg->hdr.ctype = AVRC_CMD_CTRL;
1088 p_buf = avrc_pass_msg(p_msg);
1090 return AVCT_MsgReq( handle, label, AVCT_CMD, p_buf);
1092 return AVRC_NO_RESOURCES;
1095 /******************************************************************************
1097 ** Function AVRC_PassRsp
1099 ** Description Send a PASS THROUGH response to the peer device. This
1100 ** function can only be called for target role connections.
1101 ** This function must be called when a PASS THROUGH command
1102 ** message is received from the peer through the
1103 ** tAVRC_MSG_CBACK callback function.
1105 ** Input Parameters:
1106 ** handle: Handle of this connection.
1108 ** label: Transaction label. Must be the same value as
1109 ** passed with the command message in the callback function.
1111 ** p_msg: Pointer to PASS THROUGH message structure.
1113 ** Output Parameters:
1116 ** Returns AVRC_SUCCESS if successful.
1117 ** AVRC_BAD_HANDLE if handle is invalid.
1119 ******************************************************************************/
1120 UINT16 AVRC_PassRsp(UINT8 handle, UINT8 label, tAVRC_MSG_PASS *p_msg)
1123 assert(p_msg != NULL);
1126 p_buf = avrc_pass_msg(p_msg);
1128 return AVCT_MsgReq( handle, label, AVCT_RSP, p_buf);
1130 return AVRC_NO_RESOURCES;