1 /******************************************************************************
3 * Copyright (C) 2000-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /*****************************************************************************
23 ** Description: This file contains functions that handle ACL connections.
24 ** This includes operations such as hold and sniff modes,
25 ** supported packet types.
27 ** This module contains both internal and external (API)
28 ** functions. External (API) functions are distinguishable
29 ** by their names beginning with uppercase BTM.
32 ******************************************************************************/
40 #include "bt_target.h"
41 #include "device/include/controller.h"
42 #include "bt_common.h"
52 extern fixed_queue_t *btu_general_alarm_queue;
54 static void btm_read_remote_features (uint16_t handle);
55 static void btm_read_remote_ext_features (uint16_t handle, uint8_t page_number);
56 static void btm_process_remote_ext_features (tACL_CONN *p_acl_cb, uint8_t num_read_pages);
58 /* 3 seconds timeout waiting for responses */
59 #define BTM_DEV_REPLY_TIMEOUT_MS (3 * 1000)
61 /*******************************************************************************
63 ** Function btm_acl_init
65 ** Description This function is called at BTM startup to initialize
69 *******************************************************************************/
70 void btm_acl_init (void)
72 BTM_TRACE_DEBUG ("btm_acl_init");
73 /* Initialize nonzero defaults */
74 btm_cb.btm_def_link_super_tout = HCI_DEFAULT_INACT_TOUT;
75 btm_cb.acl_disc_reason = 0xff ;
78 /*******************************************************************************
80 ** Function btm_bda_to_acl
82 ** Description This function returns the FIRST acl_db entry for the passed BDA.
84 ** Parameters bda : BD address of the remote device
85 ** transport : Physical transport used for ACL connection (BR/EDR or LE)
87 ** Returns Returns pointer to the ACL DB for the requested BDA if found.
90 *******************************************************************************/
91 tACL_CONN *btm_bda_to_acl (const BD_ADDR bda, tBT_TRANSPORT transport)
93 tACL_CONN *p = &btm_cb.acl_db[0];
97 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
99 if ((p->in_use) && (!memcmp (p->remote_addr, bda, BD_ADDR_LEN))
100 #if (BLE_INCLUDED == TRUE)
101 && p->transport == transport
105 BTM_TRACE_DEBUG ("btm_bda_to_acl found");
111 /* If here, no BD Addr found */
112 return((tACL_CONN *)NULL);
115 /*******************************************************************************
117 ** Function btm_handle_to_acl_index
119 ** Description This function returns the FIRST acl_db entry for the passed hci_handle.
121 ** Returns index to the acl_db or MAX_L2CAP_LINKS.
123 *******************************************************************************/
124 uint8_t btm_handle_to_acl_index (uint16_t hci_handle)
126 tACL_CONN *p = &btm_cb.acl_db[0];
128 BTM_TRACE_DEBUG ("btm_handle_to_acl_index");
129 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
131 if ((p->in_use) && (p->hci_handle == hci_handle))
137 /* If here, no BD Addr found */
141 #if (BLE_PRIVACY_SPT == TRUE)
142 /*******************************************************************************
144 ** Function btm_ble_get_acl_remote_addr
146 ** Description This function reads the active remote address used for the
149 ** Returns success return true, otherwise false.
151 *******************************************************************************/
152 bool btm_ble_get_acl_remote_addr(tBTM_SEC_DEV_REC *p_dev_rec, BD_ADDR conn_addr,
153 tBLE_ADDR_TYPE *p_addr_type)
155 #if (BLE_INCLUDED == TRUE)
158 if (p_dev_rec == NULL)
160 BTM_TRACE_ERROR("btm_ble_get_acl_remote_addr can not find device with matching address");
164 switch (p_dev_rec->ble.active_addr_type)
166 case BTM_BLE_ADDR_PSEUDO:
167 memcpy(conn_addr, p_dev_rec->bd_addr, BD_ADDR_LEN);
168 * p_addr_type = p_dev_rec->ble.ble_addr_type;
171 case BTM_BLE_ADDR_RRA:
172 memcpy(conn_addr, p_dev_rec->ble.cur_rand_addr, BD_ADDR_LEN);
173 * p_addr_type = BLE_ADDR_RANDOM;
176 case BTM_BLE_ADDR_STATIC:
177 memcpy(conn_addr, p_dev_rec->ble.static_addr, BD_ADDR_LEN);
178 * p_addr_type = p_dev_rec->ble.static_addr_type;
182 BTM_TRACE_ERROR("Unknown active address: %d", p_dev_rec->ble.active_addr_type);
196 /*******************************************************************************
198 ** Function btm_acl_created
200 ** Description This function is called by L2CAP when an ACL connection
205 *******************************************************************************/
206 void btm_acl_created (BD_ADDR bda, DEV_CLASS dc, BD_NAME bdn,
207 uint16_t hci_handle, uint8_t link_role, tBT_TRANSPORT transport)
209 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
213 BTM_TRACE_DEBUG ("btm_acl_created hci_handle=%d link_role=%d transport=%d",
214 hci_handle,link_role, transport);
215 /* Ensure we don't have duplicates */
216 p = btm_bda_to_acl(bda, transport);
217 if (p != (tACL_CONN *)NULL)
219 p->hci_handle = hci_handle;
220 p->link_role = link_role;
221 #if (BLE_INCLUDED == TRUE)
222 p->transport = transport;
224 BTM_TRACE_DEBUG ("Duplicate btm_acl_created: RemBdAddr: %02x%02x%02x%02x%02x%02x",
225 bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
226 BTM_SetLinkPolicy(p->remote_addr, &btm_cb.btm_def_link_policy);
230 /* Allocate acl_db entry */
231 for (xx = 0, p = &btm_cb.acl_db[0]; xx < MAX_L2CAP_LINKS; xx++, p++)
236 p->hci_handle = hci_handle;
237 p->link_role = link_role;
238 p->link_up_issued = false;
239 memcpy (p->remote_addr, bda, BD_ADDR_LEN);
241 #if (BLE_INCLUDED == TRUE)
242 p->transport = transport;
243 #if (BLE_PRIVACY_SPT == TRUE)
244 if (transport == BT_TRANSPORT_LE)
245 btm_ble_refresh_local_resolvable_private_addr(bda,
246 btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr);
248 p->conn_addr_type = BLE_ADDR_PUBLIC;
249 memcpy(p->conn_addr, &controller_get_interface()->get_address()->address, BD_ADDR_LEN);
253 p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
259 memcpy (p->remote_dc, dc, DEV_CLASS_LEN);
262 memcpy (p->remote_name, bdn, BTM_MAX_REM_BD_NAME_LEN);
264 /* if BR/EDR do something more */
265 if (transport == BT_TRANSPORT_BR_EDR)
267 btsnd_hcic_read_rmt_clk_offset (p->hci_handle);
268 btsnd_hcic_rmt_ver_req (p->hci_handle);
270 p_dev_rec = btm_find_dev_by_handle (hci_handle);
272 #if (BLE_INCLUDED == TRUE)
275 BTM_TRACE_DEBUG ("device_type=0x%x", p_dev_rec->device_type);
279 if (p_dev_rec && !(transport == BT_TRANSPORT_LE))
281 /* If remote features already known, copy them and continue connection setup */
282 if ((p_dev_rec->num_read_pages) &&
283 (p_dev_rec->num_read_pages <= (HCI_EXT_FEATURES_PAGE_MAX + 1)))
285 memcpy (p->peer_lmp_features, p_dev_rec->features,
286 (HCI_FEATURE_BYTES_PER_PAGE * p_dev_rec->num_read_pages));
287 p->num_read_pages = p_dev_rec->num_read_pages;
289 const uint8_t req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND);
291 /* Store the Peer Security Capabilites (in SM4 and rmt_sec_caps) */
292 btm_sec_set_peer_sec_caps(p, p_dev_rec);
294 BTM_TRACE_API("%s: pend:%d", __func__, req_pend);
297 /* Request for remaining Security Features (if any) */
298 l2cu_resubmit_pending_sec_req (p_dev_rec->bd_addr);
300 btm_establish_continue (p);
305 #if (BLE_INCLUDED == TRUE)
306 /* If here, features are not known yet */
307 if (p_dev_rec && transport == BT_TRANSPORT_LE)
309 #if (BLE_PRIVACY_SPT == TRUE)
310 btm_ble_get_acl_remote_addr (p_dev_rec, p->active_remote_addr,
311 &p->active_remote_addr_type);
314 if (HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(controller_get_interface()->get_features_ble()->as_array)
315 || link_role == HCI_ROLE_MASTER)
317 btsnd_hcic_ble_read_remote_feat(p->hci_handle);
321 btm_establish_continue(p);
327 btm_read_remote_features (p->hci_handle);
330 /* read page 1 - on rmt feature event for buffer reasons */
336 void btm_acl_update_conn_addr(uint8_t conn_handle, BD_ADDR address) {
337 uint8_t idx = btm_handle_to_acl_index(conn_handle);
338 if (idx != MAX_L2CAP_LINKS) {
339 memcpy(btm_cb.acl_db[idx].conn_addr, address, BD_ADDR_LEN);
343 /*******************************************************************************
345 ** Function btm_acl_report_role_change
347 ** Description This function is called when the local device is deemed
348 ** to be down. It notifies L2CAP of the failure.
352 *******************************************************************************/
353 void btm_acl_report_role_change (uint8_t hci_status, BD_ADDR bda)
355 tBTM_ROLE_SWITCH_CMPL ref_data;
356 BTM_TRACE_DEBUG ("btm_acl_report_role_change");
357 if (btm_cb.devcb.p_switch_role_cb
358 && (bda && (0 == memcmp(btm_cb.devcb.switch_role_ref_data.remote_bd_addr, bda, BD_ADDR_LEN))))
360 memcpy (&ref_data, &btm_cb.devcb.switch_role_ref_data, sizeof(tBTM_ROLE_SWITCH_CMPL));
361 ref_data.hci_status = hci_status;
362 (*btm_cb.devcb.p_switch_role_cb)(&ref_data);
363 memset (&btm_cb.devcb.switch_role_ref_data, 0, sizeof(tBTM_ROLE_SWITCH_CMPL));
364 btm_cb.devcb.p_switch_role_cb = NULL;
368 /*******************************************************************************
370 ** Function btm_acl_removed
372 ** Description This function is called by L2CAP when an ACL connection
373 ** is removed. Since only L2CAP creates ACL links, we use
374 ** the L2CAP link index as our index into the control blocks.
378 *******************************************************************************/
379 void btm_acl_removed (BD_ADDR bda, tBT_TRANSPORT transport)
382 tBTM_BL_EVENT_DATA evt_data;
383 #if (BLE_INCLUDED == TRUE)
384 tBTM_SEC_DEV_REC *p_dev_rec=NULL;
386 BTM_TRACE_DEBUG ("btm_acl_removed");
387 p = btm_bda_to_acl(bda, transport);
388 if (p != (tACL_CONN *)NULL)
392 /* if the disconnected channel has a pending role switch, clear it now */
393 btm_acl_report_role_change(HCI_ERR_NO_CONNECTION, bda);
395 /* Only notify if link up has had a chance to be issued */
396 if (p->link_up_issued)
398 p->link_up_issued = false;
400 /* If anyone cares, tell him database changed */
401 if (btm_cb.p_bl_changed_cb)
403 evt_data.event = BTM_BL_DISCN_EVT;
404 evt_data.discn.p_bda = bda;
405 #if (BLE_INCLUDED == TRUE)
406 evt_data.discn.handle = p->hci_handle;
407 evt_data.discn.transport = p->transport;
409 (*btm_cb.p_bl_changed_cb)(&evt_data);
412 btm_acl_update_busy_level (BTM_BLI_ACL_DOWN_EVT);
415 #if (BLE_INCLUDED == TRUE)
417 BTM_TRACE_DEBUG ("acl hci_handle=%d transport=%d connectable_mode=0x%0x link_role=%d",
420 btm_cb.ble_ctr_cb.inq_var.connectable_mode,
423 p_dev_rec = btm_find_dev(bda);
426 BTM_TRACE_DEBUG("before update p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
427 if (p->transport == BT_TRANSPORT_LE)
429 BTM_TRACE_DEBUG("LE link down");
430 p_dev_rec->sec_flags &= ~(BTM_SEC_LE_ENCRYPTED | BTM_SEC_ROLE_SWITCHED);
431 if ( (p_dev_rec->sec_flags & BTM_SEC_LE_LINK_KEY_KNOWN) == 0)
433 BTM_TRACE_DEBUG("Not Bonded");
434 p_dev_rec->sec_flags &= ~(BTM_SEC_LE_LINK_KEY_AUTHED | BTM_SEC_LE_AUTHENTICATED);
438 BTM_TRACE_DEBUG("Bonded");
443 BTM_TRACE_DEBUG("Bletooth link down");
444 p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED
445 | BTM_SEC_ENCRYPTED | BTM_SEC_ROLE_SWITCHED);
447 BTM_TRACE_DEBUG("after update p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
451 BTM_TRACE_ERROR("Device not found");
456 /* Clear the ACL connection data */
457 memset(p, 0, sizeof(tACL_CONN));
462 /*******************************************************************************
464 ** Function btm_acl_device_down
466 ** Description This function is called when the local device is deemed
467 ** to be down. It notifies L2CAP of the failure.
471 *******************************************************************************/
472 void btm_acl_device_down (void)
474 tACL_CONN *p = &btm_cb.acl_db[0];
476 BTM_TRACE_DEBUG ("btm_acl_device_down");
477 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
481 BTM_TRACE_DEBUG ("hci_handle=%d HCI_ERR_HW_FAILURE ",p->hci_handle );
482 l2c_link_hci_disc_comp (p->hci_handle, HCI_ERR_HW_FAILURE);
487 /*******************************************************************************
489 ** Function btm_acl_update_busy_level
491 ** Description This function is called to update the busy level of the system
496 *******************************************************************************/
497 void btm_acl_update_busy_level (tBTM_BLI_EVENT event)
499 bool old_inquiry_state = btm_cb.is_inquiry;
500 tBTM_BL_UPDATE_DATA evt;
501 evt.busy_level_flags = 0;
504 case BTM_BLI_ACL_UP_EVT:
505 BTM_TRACE_DEBUG ("BTM_BLI_ACL_UP_EVT");
507 case BTM_BLI_ACL_DOWN_EVT:
508 BTM_TRACE_DEBUG ("BTM_BLI_ACL_DOWN_EVT");
510 case BTM_BLI_PAGE_EVT:
511 BTM_TRACE_DEBUG ("BTM_BLI_PAGE_EVT");
512 btm_cb.is_paging = true;
513 evt.busy_level_flags= BTM_BL_PAGING_STARTED;
515 case BTM_BLI_PAGE_DONE_EVT:
516 BTM_TRACE_DEBUG ("BTM_BLI_PAGE_DONE_EVT");
517 btm_cb.is_paging = false;
518 evt.busy_level_flags = BTM_BL_PAGING_COMPLETE;
520 case BTM_BLI_INQ_EVT:
521 BTM_TRACE_DEBUG ("BTM_BLI_INQ_EVT");
522 btm_cb.is_inquiry = true;
523 evt.busy_level_flags = BTM_BL_INQUIRY_STARTED;
525 case BTM_BLI_INQ_CANCEL_EVT:
526 BTM_TRACE_DEBUG ("BTM_BLI_INQ_CANCEL_EVT");
527 btm_cb.is_inquiry = false;
528 evt.busy_level_flags = BTM_BL_INQUIRY_CANCELLED;
530 case BTM_BLI_INQ_DONE_EVT:
531 BTM_TRACE_DEBUG ("BTM_BLI_INQ_DONE_EVT");
532 btm_cb.is_inquiry = false;
533 evt.busy_level_flags = BTM_BL_INQUIRY_COMPLETE;
538 if (btm_cb.is_paging || btm_cb.is_inquiry)
541 busy_level = BTM_GetNumAclLinks();
543 if ((busy_level != btm_cb.busy_level) ||(old_inquiry_state != btm_cb.is_inquiry))
545 evt.event = BTM_BL_UPDATE_EVT;
546 evt.busy_level = busy_level;
547 btm_cb.busy_level = busy_level;
548 if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_UPDATE_MASK))
550 (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt);
555 /*******************************************************************************
557 ** Function BTM_GetRole
559 ** Description This function is called to get the role of the local device
560 ** for the ACL connection with the specified remote device
562 ** Returns BTM_SUCCESS if connection exists.
563 ** BTM_UNKNOWN_ADDR if no active link with bd addr specified
565 *******************************************************************************/
566 tBTM_STATUS BTM_GetRole (BD_ADDR remote_bd_addr, uint8_t *p_role)
569 BTM_TRACE_DEBUG ("BTM_GetRole");
570 if ((p = btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR)) == NULL)
572 *p_role = BTM_ROLE_UNDEFINED;
573 return(BTM_UNKNOWN_ADDR);
576 /* Get the current role */
577 *p_role = p->link_role;
582 /*******************************************************************************
584 ** Function BTM_SwitchRole
586 ** Description This function is called to switch role between master and
587 ** slave. If role is already set it will do nothing. If the
588 ** command was initiated, the callback function is called upon
591 ** Returns BTM_SUCCESS if already in specified role.
592 ** BTM_CMD_STARTED if command issued to controller.
593 ** BTM_NO_RESOURCES if couldn't allocate memory to issue command
594 ** BTM_UNKNOWN_ADDR if no active link with bd addr specified
595 ** BTM_MODE_UNSUPPORTED if local device does not support role switching
596 ** BTM_BUSY if the previous command is not completed
598 *******************************************************************************/
599 tBTM_STATUS BTM_SwitchRole (BD_ADDR remote_bd_addr, uint8_t new_role, tBTM_CMPL_CB *p_cb)
602 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
603 #if (BTM_SCO_INCLUDED == TRUE)
607 tBTM_PM_MODE pwr_mode;
608 tBTM_PM_PWR_MD settings;
610 BTM_TRACE_API ("BTM_SwitchRole BDA: %02x-%02x-%02x-%02x-%02x-%02x",
611 remote_bd_addr[0], remote_bd_addr[1], remote_bd_addr[2],
612 remote_bd_addr[3], remote_bd_addr[4], remote_bd_addr[5]);
614 /* Make sure the local device supports switching */
615 if (!controller_get_interface()->supports_master_slave_role_switch())
616 return(BTM_MODE_UNSUPPORTED);
618 if (btm_cb.devcb.p_switch_role_cb && p_cb)
620 p_bda = btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
621 BTM_TRACE_DEBUG ("Role switch on other device is in progress 0x%02x%02x%02x%02x%02x%02x",
622 p_bda[0], p_bda[1], p_bda[2],
623 p_bda[3], p_bda[4], p_bda[5]);
627 if ((p = btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR)) == NULL)
628 return(BTM_UNKNOWN_ADDR);
630 /* Finished if already in desired role */
631 if (p->link_role == new_role)
634 #if (BTM_SCO_INCLUDED == TRUE)
635 /* Check if there is any SCO Active on this BD Address */
636 is_sco_active = btm_is_sco_active_by_bdaddr(remote_bd_addr);
638 if (is_sco_active == true)
639 return(BTM_NO_RESOURCES);
642 /* Ignore role switch request if the previous request was not completed */
643 if (p->switch_role_state != BTM_ACL_SWKEY_STATE_IDLE)
645 BTM_TRACE_DEBUG ("BTM_SwitchRole busy: %d",
646 p->switch_role_state);
650 if ((status = BTM_ReadPowerMode(p->remote_addr, &pwr_mode)) != BTM_SUCCESS)
653 /* Wake up the link if in sniff or park before attempting switch */
654 if (pwr_mode == BTM_PM_MD_PARK || pwr_mode == BTM_PM_MD_SNIFF)
656 memset( (void*)&settings, 0, sizeof(settings));
657 settings.mode = BTM_PM_MD_ACTIVE;
658 status = BTM_SetPowerMode (BTM_PM_SET_ONLY_ID, p->remote_addr, &settings);
659 if (status != BTM_CMD_STARTED)
660 return(BTM_WRONG_MODE);
662 p->switch_role_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE;
664 /* some devices do not support switch while encryption is on */
667 p_dev_rec = btm_find_dev (remote_bd_addr);
668 if ((p_dev_rec != NULL)
669 && ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0)
670 && !BTM_EPR_AVAILABLE(p))
672 /* bypass turning off encryption if change link key is already doing it */
673 if (p->encrypt_state != BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF)
675 btsnd_hcic_set_conn_encrypt (p->hci_handle, false);
676 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
679 p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
683 btsnd_hcic_switch_role (remote_bd_addr, new_role);
684 p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
686 #if (BTM_DISC_DURING_RS == TRUE)
688 p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
693 /* Initialize return structure in case request fails */
696 memcpy (btm_cb.devcb.switch_role_ref_data.remote_bd_addr, remote_bd_addr,
698 btm_cb.devcb.switch_role_ref_data.role = new_role;
699 /* initialized to an error code */
700 btm_cb.devcb.switch_role_ref_data.hci_status = HCI_ERR_UNSUPPORTED_VALUE;
701 btm_cb.devcb.p_switch_role_cb = p_cb;
703 return(BTM_CMD_STARTED);
706 /*******************************************************************************
708 ** Function btm_acl_encrypt_change
710 ** Description This function is when encryption of the connection is
711 ** completed by the LM. Checks to see if a role switch or
712 ** change of link key was active and initiates or continues
713 ** process if needed.
717 *******************************************************************************/
718 void btm_acl_encrypt_change (uint16_t handle, uint8_t status, uint8_t encr_enable)
722 tBTM_SEC_DEV_REC *p_dev_rec;
723 tBTM_BL_ROLE_CHG_DATA evt;
725 BTM_TRACE_DEBUG ("btm_acl_encrypt_change handle=%d status=%d encr_enabl=%d",
726 handle, status, encr_enable);
727 xx = btm_handle_to_acl_index(handle);
728 /* don't assume that we can never get a bad hci_handle */
729 if (xx < MAX_L2CAP_LINKS)
730 p = &btm_cb.acl_db[xx];
734 /* Process Role Switch if active */
735 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF)
737 /* if encryption turn off failed we still will try to switch role */
740 p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
741 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
745 p->switch_role_state = BTM_ACL_SWKEY_STATE_SWITCHING;
746 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_TEMP_FUNC;
749 btsnd_hcic_switch_role(p->remote_addr, (uint8_t)!p->link_role);
750 #if (BTM_DISC_DURING_RS == TRUE)
751 if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL)
752 p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
756 /* Finished enabling Encryption after role switch */
757 else if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_ON)
759 p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
760 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
761 btm_acl_report_role_change(btm_cb.devcb.switch_role_ref_data.hci_status, p->remote_addr);
763 /* if role change event is registered, report it now */
764 if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK))
766 evt.event = BTM_BL_ROLE_CHG_EVT;
767 evt.new_role = btm_cb.devcb.switch_role_ref_data.role;
768 evt.p_bda = btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
769 evt.hci_status = btm_cb.devcb.switch_role_ref_data.hci_status;
770 (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt);
772 BTM_TRACE_DEBUG("Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d",
773 evt.new_role, evt.hci_status, p->switch_role_state);
776 #if (BTM_DISC_DURING_RS == TRUE)
777 /* If a disconnect is pending, issue it now that role switch has completed */
778 if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL)
780 if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING)
782 BTM_TRACE_WARNING("btm_acl_encrypt_change -> Issuing delayed HCI_Disconnect!!!");
783 btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER);
785 BTM_TRACE_ERROR("btm_acl_encrypt_change: tBTM_SEC_DEV:0x%x rs_disc_pending=%d",
786 PTR_TO_UINT(p_dev_rec), p_dev_rec->rs_disc_pending);
787 p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */
792 /*******************************************************************************
794 ** Function BTM_SetLinkPolicy
796 ** Description Create and send HCI "Write Policy Set" command
798 ** Returns status of the operation
800 *******************************************************************************/
801 tBTM_STATUS BTM_SetLinkPolicy (BD_ADDR remote_bda, uint16_t *settings)
804 uint8_t *localFeatures = BTM_ReadLocalFeatures();
805 BTM_TRACE_DEBUG ("BTM_SetLinkPolicy");
806 /* BTM_TRACE_API ("BTM_SetLinkPolicy: requested settings: 0x%04x", *settings ); */
808 /* First, check if hold mode is supported */
809 if (*settings != HCI_DISABLE_ALL_LM_MODES)
811 if ( (*settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) && (!HCI_SWITCH_SUPPORTED(localFeatures)) )
813 *settings &= (~HCI_ENABLE_MASTER_SLAVE_SWITCH);
814 BTM_TRACE_API ("BTM_SetLinkPolicy switch not supported (settings: 0x%04x)", *settings );
816 if ( (*settings & HCI_ENABLE_HOLD_MODE) && (!HCI_HOLD_MODE_SUPPORTED(localFeatures)) )
818 *settings &= (~HCI_ENABLE_HOLD_MODE);
819 BTM_TRACE_API ("BTM_SetLinkPolicy hold not supported (settings: 0x%04x)", *settings );
821 if ( (*settings & HCI_ENABLE_SNIFF_MODE) && (!HCI_SNIFF_MODE_SUPPORTED(localFeatures)) )
823 *settings &= (~HCI_ENABLE_SNIFF_MODE);
824 BTM_TRACE_API ("BTM_SetLinkPolicy sniff not supported (settings: 0x%04x)", *settings );
826 if ( (*settings & HCI_ENABLE_PARK_MODE) && (!HCI_PARK_MODE_SUPPORTED(localFeatures)) )
828 *settings &= (~HCI_ENABLE_PARK_MODE);
829 BTM_TRACE_API ("BTM_SetLinkPolicy park not supported (settings: 0x%04x)", *settings );
833 if ((p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR)) != NULL) {
834 btsnd_hcic_write_policy_set(p->hci_handle, *settings);
835 return BTM_CMD_STARTED;
838 /* If here, no BD Addr found */
839 return(BTM_UNKNOWN_ADDR);
842 /*******************************************************************************
844 ** Function BTM_SetDefaultLinkPolicy
846 ** Description Set the default value for HCI "Write Policy Set" command
847 ** to use when an ACL link is created.
851 *******************************************************************************/
852 void BTM_SetDefaultLinkPolicy (uint16_t settings)
854 uint8_t *localFeatures = BTM_ReadLocalFeatures();
856 BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy setting:0x%04x", settings);
858 if((settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) && (!HCI_SWITCH_SUPPORTED(localFeatures)))
860 settings &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH;
861 BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy switch not supported (settings: 0x%04x)", settings);
863 if ((settings & HCI_ENABLE_HOLD_MODE) && (!HCI_HOLD_MODE_SUPPORTED(localFeatures)))
865 settings &= ~HCI_ENABLE_HOLD_MODE;
866 BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy hold not supported (settings: 0x%04x)", settings);
868 if ((settings & HCI_ENABLE_SNIFF_MODE) && (!HCI_SNIFF_MODE_SUPPORTED(localFeatures)))
870 settings &= ~HCI_ENABLE_SNIFF_MODE;
871 BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy sniff not supported (settings: 0x%04x)", settings);
873 if ((settings & HCI_ENABLE_PARK_MODE) && (!HCI_PARK_MODE_SUPPORTED(localFeatures)))
875 settings &= ~HCI_ENABLE_PARK_MODE;
876 BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy park not supported (settings: 0x%04x)", settings);
878 BTM_TRACE_DEBUG("Set DefaultLinkPolicy:0x%04x", settings);
880 btm_cb.btm_def_link_policy = settings;
882 /* Set the default Link Policy of the controller */
883 btsnd_hcic_write_def_policy_set(settings);
886 /*******************************************************************************
888 ** Function btm_read_remote_version_complete
890 ** Description This function is called when the command complete message
891 ** is received from the HCI for the remote version info.
895 *******************************************************************************/
896 void btm_read_remote_version_complete (uint8_t *p)
898 tACL_CONN *p_acl_cb = &btm_cb.acl_db[0];
902 BTM_TRACE_DEBUG ("btm_read_remote_version_complete");
904 STREAM_TO_UINT8 (status, p);
905 STREAM_TO_UINT16 (handle, p);
907 /* Look up the connection by handle and copy features */
908 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl_cb++)
910 if ((p_acl_cb->in_use) && (p_acl_cb->hci_handle == handle))
912 if (status == HCI_SUCCESS)
914 STREAM_TO_UINT8 (p_acl_cb->lmp_version, p);
915 STREAM_TO_UINT16 (p_acl_cb->manufacturer, p);
916 STREAM_TO_UINT16 (p_acl_cb->lmp_subversion, p);
919 #if (BLE_INCLUDED == TRUE)
920 if (p_acl_cb->transport == BT_TRANSPORT_LE)
921 l2cble_notify_le_connection (p_acl_cb->remote_addr);
922 #endif // (defined(BLE_INCLUDED) && (BLE_INCLUDED == true))
929 /*******************************************************************************
931 ** Function btm_process_remote_ext_features
933 ** Description Local function called to process all extended features pages
934 ** read from a remote device.
938 *******************************************************************************/
939 void btm_process_remote_ext_features (tACL_CONN *p_acl_cb, uint8_t num_read_pages)
941 uint16_t handle = p_acl_cb->hci_handle;
942 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle);
945 BTM_TRACE_DEBUG ("btm_process_remote_ext_features");
947 /* Make sure we have the record to save remote features information */
948 if (p_dev_rec == NULL)
950 /* Get a new device; might be doing dedicated bonding */
951 p_dev_rec = btm_find_or_alloc_dev (p_acl_cb->remote_addr);
954 p_acl_cb->num_read_pages = num_read_pages;
955 p_dev_rec->num_read_pages = num_read_pages;
957 /* Move the pages to placeholder */
958 for (page_idx = 0; page_idx < num_read_pages; page_idx++)
960 if (page_idx > HCI_EXT_FEATURES_PAGE_MAX)
962 BTM_TRACE_ERROR("%s: page=%d unexpected", __func__, page_idx);
965 memcpy (p_dev_rec->features[page_idx], p_acl_cb->peer_lmp_features[page_idx],
966 HCI_FEATURE_BYTES_PER_PAGE);
969 const uint8_t req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND);
971 /* Store the Peer Security Capabilites (in SM4 and rmt_sec_caps) */
972 btm_sec_set_peer_sec_caps(p_acl_cb, p_dev_rec);
974 BTM_TRACE_API("%s: pend:%d", __func__, req_pend);
977 /* Request for remaining Security Features (if any) */
978 l2cu_resubmit_pending_sec_req (p_dev_rec->bd_addr);
983 /*******************************************************************************
985 ** Function btm_read_remote_features
987 ** Description Local function called to send a read remote supported features/
988 ** remote extended features page[0].
992 *******************************************************************************/
993 void btm_read_remote_features (uint16_t handle)
998 BTM_TRACE_DEBUG("btm_read_remote_features() handle: %d", handle);
1000 if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1002 BTM_TRACE_ERROR("btm_read_remote_features handle=%d invalid", handle);
1006 p_acl_cb = &btm_cb.acl_db[acl_idx];
1007 p_acl_cb->num_read_pages = 0;
1008 memset (p_acl_cb->peer_lmp_features, 0, sizeof(p_acl_cb->peer_lmp_features));
1010 /* first send read remote supported features HCI command */
1011 /* because we don't know whether the remote support extended feature command */
1012 btsnd_hcic_rmt_features_req (handle);
1016 /*******************************************************************************
1018 ** Function btm_read_remote_ext_features
1020 ** Description Local function called to send a read remote extended features
1024 *******************************************************************************/
1025 void btm_read_remote_ext_features (uint16_t handle, uint8_t page_number)
1027 BTM_TRACE_DEBUG("btm_read_remote_ext_features() handle: %d page: %d", handle, page_number);
1029 btsnd_hcic_rmt_ext_features(handle, page_number);
1033 /*******************************************************************************
1035 ** Function btm_read_remote_features_complete
1037 ** Description This function is called when the remote supported features
1038 ** complete event is received from the HCI.
1042 *******************************************************************************/
1043 void btm_read_remote_features_complete (uint8_t *p)
1045 tACL_CONN *p_acl_cb;
1050 BTM_TRACE_DEBUG ("btm_read_remote_features_complete");
1051 STREAM_TO_UINT8 (status, p);
1053 if (status != HCI_SUCCESS)
1055 BTM_TRACE_ERROR ("btm_read_remote_features_complete failed (status 0x%02x)", status);
1059 STREAM_TO_UINT16 (handle, p);
1061 if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1063 BTM_TRACE_ERROR("btm_read_remote_features_complete handle=%d invalid", handle);
1067 p_acl_cb = &btm_cb.acl_db[acl_idx];
1069 /* Copy the received features page */
1070 STREAM_TO_ARRAY(p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0], p,
1071 HCI_FEATURE_BYTES_PER_PAGE);
1073 if ((HCI_LMP_EXTENDED_SUPPORTED(p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0])) &&
1074 (controller_get_interface()->supports_reading_remote_extended_features()))
1076 /* if the remote controller has extended features and local controller supports
1077 ** HCI_Read_Remote_Extended_Features command then start reading these feature starting
1078 ** with extended features page 1 */
1079 BTM_TRACE_DEBUG ("Start reading remote extended features");
1080 btm_read_remote_ext_features(handle, HCI_EXT_FEATURES_PAGE_1);
1084 /* Remote controller has no extended features. Process remote controller supported features
1085 (features page HCI_EXT_FEATURES_PAGE_0). */
1086 btm_process_remote_ext_features (p_acl_cb, 1);
1088 /* Continue with HCI connection establishment */
1089 btm_establish_continue (p_acl_cb);
1092 /*******************************************************************************
1094 ** Function btm_read_remote_ext_features_complete
1096 ** Description This function is called when the remote extended features
1097 ** complete event is received from the HCI.
1101 *******************************************************************************/
1102 void btm_read_remote_ext_features_complete (uint8_t *p)
1104 tACL_CONN *p_acl_cb;
1105 uint8_t page_num, max_page;
1109 BTM_TRACE_DEBUG ("btm_read_remote_ext_features_complete");
1112 STREAM_TO_UINT16 (handle, p);
1113 STREAM_TO_UINT8 (page_num, p);
1114 STREAM_TO_UINT8 (max_page, p);
1116 /* Validate parameters */
1117 if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1119 BTM_TRACE_ERROR("btm_read_remote_ext_features_complete handle=%d invalid", handle);
1123 if (max_page > HCI_EXT_FEATURES_PAGE_MAX)
1125 BTM_TRACE_ERROR("btm_read_remote_ext_features_complete page=%d unknown", max_page);
1129 p_acl_cb = &btm_cb.acl_db[acl_idx];
1131 /* Copy the received features page */
1132 STREAM_TO_ARRAY(p_acl_cb->peer_lmp_features[page_num], p, HCI_FEATURE_BYTES_PER_PAGE);
1134 /* If there is the next remote features page and
1135 * we have space to keep this page data - read this page */
1136 if ((page_num < max_page) && (page_num < HCI_EXT_FEATURES_PAGE_MAX))
1139 BTM_TRACE_DEBUG("BTM reads next remote extended features page (%d)", page_num);
1140 btm_read_remote_ext_features (handle, page_num);
1144 /* Reading of remote feature pages is complete */
1145 BTM_TRACE_DEBUG("BTM reached last remote extended features page (%d)", page_num);
1147 /* Process the pages */
1148 btm_process_remote_ext_features (p_acl_cb, (uint8_t) (page_num + 1));
1150 /* Continue with HCI connection establishment */
1151 btm_establish_continue (p_acl_cb);
1154 /*******************************************************************************
1156 ** Function btm_read_remote_ext_features_failed
1158 ** Description This function is called when the remote extended features
1159 ** complete event returns a failed status.
1163 *******************************************************************************/
1164 void btm_read_remote_ext_features_failed (uint8_t status, uint16_t handle)
1166 tACL_CONN *p_acl_cb;
1169 BTM_TRACE_WARNING ("btm_read_remote_ext_features_failed (status 0x%02x) for handle %d",
1172 if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1174 BTM_TRACE_ERROR("btm_read_remote_ext_features_failed handle=%d invalid", handle);
1178 p_acl_cb = &btm_cb.acl_db[acl_idx];
1180 /* Process supported features only */
1181 btm_process_remote_ext_features (p_acl_cb, 1);
1183 /* Continue HCI connection establishment */
1184 btm_establish_continue (p_acl_cb);
1187 /*******************************************************************************
1189 ** Function btm_establish_continue
1191 ** Description This function is called when the command complete message
1192 ** is received from the HCI for the read local link policy request.
1196 *******************************************************************************/
1197 void btm_establish_continue (tACL_CONN *p_acl_cb)
1199 tBTM_BL_EVENT_DATA evt_data;
1200 BTM_TRACE_DEBUG ("btm_establish_continue");
1201 #if (BTM_BYPASS_EXTRA_ACL_SETUP == FALSE)
1202 #if (BLE_INCLUDED == TRUE)
1203 if (p_acl_cb->transport == BT_TRANSPORT_BR_EDR)
1206 /* For now there are a some devices that do not like sending */
1207 /* commands events and data at the same time. */
1208 /* Set the packet types to the default allowed by the device */
1209 btm_set_packet_types (p_acl_cb, btm_cb.btm_acl_pkt_types_supported);
1211 if (btm_cb.btm_def_link_policy)
1212 BTM_SetLinkPolicy (p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy);
1215 p_acl_cb->link_up_issued = true;
1217 /* If anyone cares, tell him database changed */
1218 if (btm_cb.p_bl_changed_cb)
1220 evt_data.event = BTM_BL_CONN_EVT;
1221 evt_data.conn.p_bda = p_acl_cb->remote_addr;
1222 evt_data.conn.p_bdn = p_acl_cb->remote_name;
1223 evt_data.conn.p_dc = p_acl_cb->remote_dc;
1224 evt_data.conn.p_features = p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0];
1225 #if (BLE_INCLUDED == TRUE)
1226 evt_data.conn.handle = p_acl_cb->hci_handle;
1227 evt_data.conn.transport = p_acl_cb->transport;
1230 (*btm_cb.p_bl_changed_cb)(&evt_data);
1232 btm_acl_update_busy_level (BTM_BLI_ACL_UP_EVT);
1236 /*******************************************************************************
1238 ** Function BTM_SetDefaultLinkSuperTout
1240 ** Description Set the default value for HCI "Write Link Supervision Timeout"
1241 ** command to use when an ACL link is created.
1245 *******************************************************************************/
1246 void BTM_SetDefaultLinkSuperTout (uint16_t timeout)
1248 BTM_TRACE_DEBUG ("BTM_SetDefaultLinkSuperTout");
1249 btm_cb.btm_def_link_super_tout = timeout;
1252 /*******************************************************************************
1254 ** Function BTM_GetLinkSuperTout
1256 ** Description Read the link supervision timeout value of the connection
1258 ** Returns status of the operation
1260 *******************************************************************************/
1261 tBTM_STATUS BTM_GetLinkSuperTout (BD_ADDR remote_bda, uint16_t *p_timeout)
1263 tACL_CONN *p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1265 BTM_TRACE_DEBUG ("BTM_GetLinkSuperTout");
1266 if (p != (tACL_CONN *)NULL)
1268 *p_timeout = p->link_super_tout;
1269 return(BTM_SUCCESS);
1271 /* If here, no BD Addr found */
1272 return(BTM_UNKNOWN_ADDR);
1276 /*******************************************************************************
1278 ** Function BTM_SetLinkSuperTout
1280 ** Description Create and send HCI "Write Link Supervision Timeout" command
1282 ** Returns status of the operation
1284 *******************************************************************************/
1285 tBTM_STATUS BTM_SetLinkSuperTout (BD_ADDR remote_bda, uint16_t timeout)
1287 tACL_CONN *p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1289 BTM_TRACE_DEBUG ("BTM_SetLinkSuperTout");
1290 if (p != (tACL_CONN *)NULL)
1292 p->link_super_tout = timeout;
1294 /* Only send if current role is Master; 2.0 spec requires this */
1295 if (p->link_role == BTM_ROLE_MASTER)
1297 btsnd_hcic_write_link_super_tout(LOCAL_BR_EDR_CONTROLLER_ID,
1298 p->hci_handle, timeout);
1299 return(BTM_CMD_STARTED);
1302 return(BTM_SUCCESS);
1305 /* If here, no BD Addr found */
1306 return(BTM_UNKNOWN_ADDR);
1309 /*******************************************************************************
1311 ** Function BTM_IsAclConnectionUp
1313 ** Description This function is called to check if an ACL connection exists
1314 ** to a specific remote BD Address.
1316 ** Returns true if connection is up, else false.
1318 *******************************************************************************/
1319 bool BTM_IsAclConnectionUp (BD_ADDR remote_bda, tBT_TRANSPORT transport)
1323 BTM_TRACE_API ("BTM_IsAclConnectionUp: RemBdAddr: %02x%02x%02x%02x%02x%02x",
1324 remote_bda[0], remote_bda[1], remote_bda[2],
1325 remote_bda[3], remote_bda[4], remote_bda[5]);
1327 p = btm_bda_to_acl(remote_bda, transport);
1328 if (p != (tACL_CONN *)NULL)
1333 /* If here, no BD Addr found */
1337 /*******************************************************************************
1339 ** Function BTM_GetNumAclLinks
1341 ** Description This function is called to count the number of
1342 ** ACL links that are active.
1344 ** Returns uint16_t Number of active ACL links
1346 *******************************************************************************/
1347 uint16_t BTM_GetNumAclLinks (void)
1349 uint16_t num_acl = 0;
1351 for (uint16_t i = 0; i < MAX_L2CAP_LINKS; ++i)
1353 if (btm_cb.acl_db[i].in_use)
1360 /*******************************************************************************
1362 ** Function btm_get_acl_disc_reason_code
1364 ** Description This function is called to get the disconnection reason code
1365 ** returned by the HCI at disconnection complete event.
1367 ** Returns true if connection is up, else false.
1369 *******************************************************************************/
1370 uint16_t btm_get_acl_disc_reason_code (void)
1372 uint8_t res = btm_cb.acl_disc_reason;
1373 BTM_TRACE_DEBUG ("btm_get_acl_disc_reason_code");
1378 /*******************************************************************************
1380 ** Function BTM_GetHCIConnHandle
1382 ** Description This function is called to get the handle for an ACL connection
1383 ** to a specific remote BD Address.
1385 ** Returns the handle of the connection, or 0xFFFF if none.
1387 *******************************************************************************/
1388 uint16_t BTM_GetHCIConnHandle (BD_ADDR remote_bda, tBT_TRANSPORT transport)
1391 BTM_TRACE_DEBUG ("BTM_GetHCIConnHandle");
1392 p = btm_bda_to_acl(remote_bda, transport);
1393 if (p != (tACL_CONN *)NULL)
1395 return(p->hci_handle);
1398 /* If here, no BD Addr found */
1402 /*******************************************************************************
1404 ** Function btm_process_clk_off_comp_evt
1406 ** Description This function is called when clock offset command completes.
1408 ** Input Parms hci_handle - connection handle associated with the change
1413 *******************************************************************************/
1414 void btm_process_clk_off_comp_evt (uint16_t hci_handle, uint16_t clock_offset)
1417 BTM_TRACE_DEBUG ("btm_process_clk_off_comp_evt");
1418 /* Look up the connection by handle and set the current mode */
1419 if ((xx = btm_handle_to_acl_index(hci_handle)) < MAX_L2CAP_LINKS)
1420 btm_cb.acl_db[xx].clock_offset = clock_offset;
1423 /*******************************************************************************
1425 ** Function btm_acl_role_changed
1427 ** Description This function is called whan a link's master/slave role change
1428 ** event or command status event (with error) is received.
1429 ** It updates the link control block, and calls
1430 ** the registered callback with status and role (if registered).
1434 *******************************************************************************/
1435 void btm_acl_role_changed (uint8_t hci_status, BD_ADDR bd_addr, uint8_t new_role)
1437 uint8_t *p_bda = (bd_addr) ? bd_addr :
1438 btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
1439 tACL_CONN *p = btm_bda_to_acl(p_bda, BT_TRANSPORT_BR_EDR);
1440 tBTM_ROLE_SWITCH_CMPL *p_data = &btm_cb.devcb.switch_role_ref_data;
1441 tBTM_SEC_DEV_REC *p_dev_rec;
1442 tBTM_BL_ROLE_CHG_DATA evt;
1444 BTM_TRACE_DEBUG ("btm_acl_role_changed");
1445 /* Ignore any stray events */
1448 /* it could be a failure */
1449 if (hci_status != HCI_SUCCESS)
1450 btm_acl_report_role_change(hci_status, bd_addr);
1454 p_data->hci_status = hci_status;
1456 if (hci_status == HCI_SUCCESS)
1458 p_data->role = new_role;
1459 memcpy(p_data->remote_bd_addr, p_bda, BD_ADDR_LEN);
1461 /* Update cached value */
1462 p->link_role = new_role;
1464 /* Reload LSTO: link supervision timeout is reset in the LM after a role switch */
1465 if (new_role == BTM_ROLE_MASTER)
1467 BTM_SetLinkSuperTout (p->remote_addr, p->link_super_tout);
1472 /* so the BTM_BL_ROLE_CHG_EVT uses the old role */
1473 new_role = p->link_role;
1476 /* Check if any SCO req is pending for role change */
1477 btm_sco_chk_pend_rolechange (p->hci_handle);
1479 /* if switching state is switching we need to turn encryption on */
1480 /* if idle, we did not change encryption */
1481 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_SWITCHING)
1483 btsnd_hcic_set_conn_encrypt (p->hci_handle, true);
1484 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_ON;
1485 p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON;
1489 /* Set the switch_role_state to IDLE since the reply received from HCI */
1490 /* regardless of its result either success or failed. */
1491 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_IN_PROGRESS)
1493 p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
1494 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
1497 /* if role switch complete is needed, report it now */
1498 btm_acl_report_role_change(hci_status, bd_addr);
1500 /* if role change event is registered, report it now */
1501 if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK))
1503 evt.event = BTM_BL_ROLE_CHG_EVT;
1504 evt.new_role = new_role;
1506 evt.hci_status = hci_status;
1507 (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt);
1510 BTM_TRACE_DEBUG("Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d",
1511 p_data->role, p_data->hci_status, p->switch_role_state);
1513 #if (BTM_DISC_DURING_RS == TRUE)
1514 /* If a disconnect is pending, issue it now that role switch has completed */
1515 if ((p_dev_rec = btm_find_dev (p_bda)) != NULL)
1517 if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING)
1519 BTM_TRACE_WARNING("btm_acl_role_changed -> Issuing delayed HCI_Disconnect!!!");
1520 btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER);
1522 BTM_TRACE_ERROR("tBTM_SEC_DEV:0x%x rs_disc_pending=%d",
1523 PTR_TO_UINT(p_dev_rec), p_dev_rec->rs_disc_pending);
1524 p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */
1531 /*******************************************************************************
1533 ** Function BTM_AllocateSCN
1535 ** Description Look through the Server Channel Numbers for a free one.
1537 ** Returns Allocated SCN number or 0 if none.
1539 *******************************************************************************/
1541 uint8_t BTM_AllocateSCN(void)
1544 BTM_TRACE_DEBUG ("BTM_AllocateSCN");
1546 // stack reserves scn 1 for HFP, HSP we still do the correct way
1547 for (x = 1; x < BTM_MAX_SCN; x++)
1549 if (!btm_cb.btm_scn[x])
1551 btm_cb.btm_scn[x] = true;
1556 return(0); /* No free ports */
1559 /*******************************************************************************
1561 ** Function BTM_TryAllocateSCN
1563 ** Description Try to allocate a fixed server channel
1565 ** Returns Returns true if server channel was available
1567 *******************************************************************************/
1569 bool BTM_TryAllocateSCN(uint8_t scn)
1571 /* Make sure we don't exceed max port range.
1572 * Stack reserves scn 1 for HFP, HSP we still do the correct way.
1574 if ( (scn>=BTM_MAX_SCN) || (scn == 1) )
1577 /* check if this port is available */
1578 if (!btm_cb.btm_scn[scn-1])
1580 btm_cb.btm_scn[scn-1] = true;
1584 return (false); /* Port was busy */
1587 /*******************************************************************************
1589 ** Function BTM_FreeSCN
1591 ** Description Free the specified SCN.
1593 ** Returns true or false
1595 *******************************************************************************/
1596 bool BTM_FreeSCN(uint8_t scn)
1598 BTM_TRACE_DEBUG ("BTM_FreeSCN ");
1599 if (scn <= BTM_MAX_SCN)
1601 btm_cb.btm_scn[scn-1] = false;
1605 return(false); /* Illegal SCN passed in */
1608 /*******************************************************************************
1610 ** Function btm_set_packet_types
1612 ** Description This function sets the packet types used for a specific
1613 ** ACL connection. It is called internally by btm_acl_created
1614 ** or by an application/profile by BTM_SetPacketTypes.
1616 ** Returns status of the operation
1618 *******************************************************************************/
1619 tBTM_STATUS btm_set_packet_types (tACL_CONN *p, uint16_t pkt_types)
1621 uint16_t temp_pkt_types;
1622 BTM_TRACE_DEBUG ("btm_set_packet_types");
1623 /* Save in the ACL control blocks, types that we support */
1624 temp_pkt_types = (pkt_types & BTM_ACL_SUPPORTED_PKTS_MASK &
1625 btm_cb.btm_acl_pkt_types_supported);
1627 /* OR in any exception packet types if at least 2.0 version of spec */
1628 temp_pkt_types |= ((pkt_types & BTM_ACL_EXCEPTION_PKTS_MASK) |
1629 (btm_cb.btm_acl_pkt_types_supported & BTM_ACL_EXCEPTION_PKTS_MASK));
1631 /* Exclude packet types not supported by the peer */
1632 btm_acl_chk_peer_pkt_type_support (p, &temp_pkt_types);
1634 BTM_TRACE_DEBUG ("SetPacketType Mask -> 0x%04x", temp_pkt_types);
1636 btsnd_hcic_change_conn_type (p->hci_handle, temp_pkt_types);
1637 p->pkt_types_mask = temp_pkt_types;
1639 return(BTM_CMD_STARTED);
1642 /*******************************************************************************
1644 ** Function btm_get_max_packet_size
1646 ** Returns Returns maximum packet size that can be used for current
1647 ** connection, 0 if connection is not established
1649 *******************************************************************************/
1650 uint16_t btm_get_max_packet_size (BD_ADDR addr)
1652 tACL_CONN *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1653 uint16_t pkt_types = 0;
1654 uint16_t pkt_size = 0;
1655 BTM_TRACE_DEBUG ("btm_get_max_packet_size");
1658 pkt_types = p->pkt_types_mask;
1662 /* Special case for when info for the local device is requested */
1663 if (memcmp (controller_get_interface()->get_address(), addr, BD_ADDR_LEN) == 0)
1665 pkt_types = btm_cb.btm_acl_pkt_types_supported;
1671 if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH5))
1672 pkt_size = HCI_EDR3_DH5_PACKET_SIZE;
1673 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH5))
1674 pkt_size = HCI_EDR2_DH5_PACKET_SIZE;
1675 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH3))
1676 pkt_size = HCI_EDR3_DH3_PACKET_SIZE;
1677 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH5)
1678 pkt_size = HCI_DH5_PACKET_SIZE;
1679 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH3))
1680 pkt_size = HCI_EDR2_DH3_PACKET_SIZE;
1681 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM5)
1682 pkt_size = HCI_DM5_PACKET_SIZE;
1683 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH3)
1684 pkt_size = HCI_DH3_PACKET_SIZE;
1685 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM3)
1686 pkt_size = HCI_DM3_PACKET_SIZE;
1687 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH1))
1688 pkt_size = HCI_EDR3_DH1_PACKET_SIZE;
1689 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH1))
1690 pkt_size = HCI_EDR2_DH1_PACKET_SIZE;
1691 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH1)
1692 pkt_size = HCI_DH1_PACKET_SIZE;
1693 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM1)
1694 pkt_size = HCI_DM1_PACKET_SIZE;
1700 /*******************************************************************************
1702 ** Function BTM_ReadRemoteVersion
1704 ** Returns If connected report peer device info
1706 *******************************************************************************/
1707 tBTM_STATUS BTM_ReadRemoteVersion (BD_ADDR addr, uint8_t *lmp_version,
1708 uint16_t *manufacturer, uint16_t *lmp_sub_version)
1710 tACL_CONN *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1711 BTM_TRACE_DEBUG ("BTM_ReadRemoteVersion");
1713 return(BTM_UNKNOWN_ADDR);
1716 *lmp_version = p->lmp_version;
1719 *manufacturer = p->manufacturer;
1721 if (lmp_sub_version)
1722 *lmp_sub_version = p->lmp_subversion;
1724 return(BTM_SUCCESS);
1727 /*******************************************************************************
1729 ** Function BTM_ReadRemoteFeatures
1731 ** Returns pointer to the remote supported features mask (8 bytes)
1733 *******************************************************************************/
1734 uint8_t *BTM_ReadRemoteFeatures (BD_ADDR addr)
1736 tACL_CONN *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1737 BTM_TRACE_DEBUG ("BTM_ReadRemoteFeatures");
1743 return(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]);
1746 /*******************************************************************************
1748 ** Function BTM_ReadRemoteExtendedFeatures
1750 ** Returns pointer to the remote extended features mask (8 bytes)
1751 ** or NULL if bad page
1753 *******************************************************************************/
1754 uint8_t *BTM_ReadRemoteExtendedFeatures (BD_ADDR addr, uint8_t page_number)
1756 tACL_CONN *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1757 BTM_TRACE_DEBUG ("BTM_ReadRemoteExtendedFeatures");
1763 if (page_number > HCI_EXT_FEATURES_PAGE_MAX)
1765 BTM_TRACE_ERROR("Warning: BTM_ReadRemoteExtendedFeatures page %d unknown", page_number);
1769 return(p->peer_lmp_features[page_number]);
1772 /*******************************************************************************
1774 ** Function BTM_ReadNumberRemoteFeaturesPages
1776 ** Returns number of features pages read from the remote device.
1778 *******************************************************************************/
1779 uint8_t BTM_ReadNumberRemoteFeaturesPages (BD_ADDR addr)
1781 tACL_CONN *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1782 BTM_TRACE_DEBUG ("BTM_ReadNumberRemoteFeaturesPages");
1788 return(p->num_read_pages);
1791 /*******************************************************************************
1793 ** Function BTM_ReadAllRemoteFeatures
1795 ** Returns pointer to all features of the remote (24 bytes).
1797 *******************************************************************************/
1798 uint8_t *BTM_ReadAllRemoteFeatures (BD_ADDR addr)
1800 tACL_CONN *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1801 BTM_TRACE_DEBUG ("BTM_ReadAllRemoteFeatures");
1807 return(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]);
1810 /*******************************************************************************
1812 ** Function BTM_RegBusyLevelNotif
1814 ** Description This function is called to register a callback to receive
1815 ** busy level change events.
1817 ** Returns BTM_SUCCESS if successfully registered, otherwise error
1819 *******************************************************************************/
1820 tBTM_STATUS BTM_RegBusyLevelNotif (tBTM_BL_CHANGE_CB *p_cb, uint8_t *p_level,
1821 tBTM_BL_EVENT_MASK evt_mask)
1823 BTM_TRACE_DEBUG ("BTM_RegBusyLevelNotif");
1825 *p_level = btm_cb.busy_level;
1827 btm_cb.bl_evt_mask = evt_mask;
1830 btm_cb.p_bl_changed_cb = NULL;
1831 else if (btm_cb.p_bl_changed_cb)
1834 btm_cb.p_bl_changed_cb = p_cb;
1836 return(BTM_SUCCESS);
1839 /*******************************************************************************
1841 ** Function BTM_SetQoS
1843 ** Description This function is called to setup QoS
1845 ** Returns status of the operation
1847 *******************************************************************************/
1848 tBTM_STATUS BTM_SetQoS (BD_ADDR bd, FLOW_SPEC *p_flow, tBTM_CMPL_CB *p_cb)
1850 tACL_CONN *p = &btm_cb.acl_db[0];
1852 BTM_TRACE_API ("BTM_SetQoS: BdAddr: %02x%02x%02x%02x%02x%02x",
1853 bd[0], bd[1], bd[2],
1854 bd[3], bd[4], bd[5]);
1856 /* If someone already waiting on the version, do not allow another */
1857 if (btm_cb.devcb.p_qos_setup_cmpl_cb)
1860 if ( (p = btm_bda_to_acl(bd, BT_TRANSPORT_BR_EDR)) != NULL)
1862 btm_cb.devcb.p_qos_setup_cmpl_cb = p_cb;
1863 alarm_set_on_queue(btm_cb.devcb.qos_setup_timer,
1864 BTM_DEV_REPLY_TIMEOUT_MS,
1865 btm_qos_setup_timeout, NULL,
1866 btu_general_alarm_queue);
1868 btsnd_hcic_qos_setup(p->hci_handle, p_flow->qos_flags, p_flow->service_type,
1869 p_flow->token_rate, p_flow->peak_bandwidth,
1870 p_flow->latency,p_flow->delay_variation);
1871 return(BTM_CMD_STARTED);
1874 /* If here, no BD Addr found */
1875 return(BTM_UNKNOWN_ADDR);
1878 /*******************************************************************************
1880 ** Function btm_qos_setup_timeout
1882 ** Description Callback when QoS setup times out.
1886 *******************************************************************************/
1887 void btm_qos_setup_timeout(UNUSED_ATTR void *data)
1889 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_qos_setup_cmpl_cb;
1890 btm_cb.devcb.p_qos_setup_cmpl_cb = NULL;
1892 (*p_cb)((void *) NULL);
1895 /*******************************************************************************
1897 ** Function btm_qos_setup_complete
1899 ** Description This function is called when the command complete message
1900 ** is received from the HCI for the qos setup request.
1904 *******************************************************************************/
1905 void btm_qos_setup_complete(uint8_t status, uint16_t handle, FLOW_SPEC *p_flow)
1907 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_qos_setup_cmpl_cb;
1908 tBTM_QOS_SETUP_CMPL qossu;
1910 BTM_TRACE_DEBUG("%s", __func__);
1911 alarm_cancel(btm_cb.devcb.qos_setup_timer);
1912 btm_cb.devcb.p_qos_setup_cmpl_cb = NULL;
1914 /* If there was a registered callback, call it */
1917 memset(&qossu, 0, sizeof(tBTM_QOS_SETUP_CMPL));
1918 qossu.status = status;
1919 qossu.handle = handle;
1922 qossu.flow.qos_flags = p_flow->qos_flags;
1923 qossu.flow.service_type = p_flow->service_type;
1924 qossu.flow.token_rate = p_flow->token_rate;
1925 qossu.flow.peak_bandwidth = p_flow->peak_bandwidth;
1926 qossu.flow.latency = p_flow->latency;
1927 qossu.flow.delay_variation = p_flow->delay_variation;
1929 BTM_TRACE_DEBUG ("BTM: p_flow->delay_variation: 0x%02x",
1930 qossu.flow.delay_variation);
1935 /*******************************************************************************
1937 ** Function BTM_ReadRSSI
1939 ** Description This function is called to read the link policy settings.
1940 ** The address of link policy results are returned in the callback.
1941 ** (tBTM_RSSI_RESULTS)
1943 ** Returns BTM_CMD_STARTED if successfully initiated or error code
1945 *******************************************************************************/
1946 tBTM_STATUS BTM_ReadRSSI (const BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb)
1949 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
1950 #if (BLE_INCLUDED == TRUE)
1951 tBT_DEVICE_TYPE dev_type;
1952 tBLE_ADDR_TYPE addr_type;
1954 BTM_TRACE_API ("BTM_ReadRSSI: RemBdAddr: %02x%02x%02x%02x%02x%02x",
1955 remote_bda[0], remote_bda[1], remote_bda[2],
1956 remote_bda[3], remote_bda[4], remote_bda[5]);
1958 /* If someone already waiting on the version, do not allow another */
1959 if (btm_cb.devcb.p_rssi_cmpl_cb)
1962 #if (BLE_INCLUDED == TRUE)
1963 BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type);
1964 if (dev_type == BT_DEVICE_TYPE_BLE)
1965 transport = BT_TRANSPORT_LE;
1968 p = btm_bda_to_acl(remote_bda, transport);
1969 if (p != (tACL_CONN *)NULL)
1971 btm_cb.devcb.p_rssi_cmpl_cb = p_cb;
1972 alarm_set_on_queue(btm_cb.devcb.read_rssi_timer,
1973 BTM_DEV_REPLY_TIMEOUT_MS, btm_read_rssi_timeout,
1974 NULL, btu_general_alarm_queue);
1976 btsnd_hcic_read_rssi (p->hci_handle);
1977 return(BTM_CMD_STARTED);
1980 /* If here, no BD Addr found */
1981 return(BTM_UNKNOWN_ADDR);
1984 /*******************************************************************************
1986 ** Function BTM_ReadLinkQuality
1988 ** Description This function is called to read the link qulaity.
1989 ** The value of the link quality is returned in the callback.
1990 ** (tBTM_LINK_QUALITY_RESULTS)
1992 ** Returns BTM_CMD_STARTED if successfully initiated or error code
1994 *******************************************************************************/
1995 tBTM_STATUS BTM_ReadLinkQuality (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb)
1999 BTM_TRACE_API ("BTM_ReadLinkQuality: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2000 remote_bda[0], remote_bda[1], remote_bda[2],
2001 remote_bda[3], remote_bda[4], remote_bda[5]);
2003 /* If someone already waiting on the version, do not allow another */
2004 if (btm_cb.devcb.p_link_qual_cmpl_cb)
2007 p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
2008 if (p != (tACL_CONN *)NULL)
2010 btm_cb.devcb.p_link_qual_cmpl_cb = p_cb;
2011 alarm_set_on_queue(btm_cb.devcb.read_link_quality_timer,
2012 BTM_DEV_REPLY_TIMEOUT_MS,
2013 btm_read_link_quality_timeout, NULL,
2014 btu_general_alarm_queue);
2016 btsnd_hcic_get_link_quality(p->hci_handle);
2017 return(BTM_CMD_STARTED);
2020 /* If here, no BD Addr found */
2021 return(BTM_UNKNOWN_ADDR);
2024 /*******************************************************************************
2026 ** Function BTM_ReadTxPower
2028 ** Description This function is called to read the current
2029 ** TX power of the connection. The tx power level results
2030 ** are returned in the callback.
2031 ** (tBTM_RSSI_RESULTS)
2033 ** Returns BTM_CMD_STARTED if successfully initiated or error code
2035 *******************************************************************************/
2036 tBTM_STATUS BTM_ReadTxPower (BD_ADDR remote_bda, tBT_TRANSPORT transport, tBTM_CMPL_CB *p_cb)
2039 #define BTM_READ_RSSI_TYPE_CUR 0x00
2040 #define BTM_READ_RSSI_TYPE_MAX 0X01
2042 BTM_TRACE_API ("BTM_ReadTxPower: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2043 remote_bda[0], remote_bda[1], remote_bda[2],
2044 remote_bda[3], remote_bda[4], remote_bda[5]);
2046 /* If someone already waiting on the version, do not allow another */
2047 if (btm_cb.devcb.p_tx_power_cmpl_cb)
2050 p = btm_bda_to_acl(remote_bda, transport);
2051 if (p != (tACL_CONN *)NULL)
2053 btm_cb.devcb.p_tx_power_cmpl_cb = p_cb;
2054 alarm_set_on_queue(btm_cb.devcb.read_tx_power_timer,
2055 BTM_DEV_REPLY_TIMEOUT_MS,
2056 btm_read_tx_power_timeout, NULL,
2057 btu_general_alarm_queue);
2059 #if (BLE_INCLUDED == TRUE)
2060 if (p->transport == BT_TRANSPORT_LE)
2062 memcpy(btm_cb.devcb.read_tx_pwr_addr, remote_bda, BD_ADDR_LEN);
2063 btsnd_hcic_ble_read_adv_chnl_tx_power();
2068 btsnd_hcic_read_tx_power(p->hci_handle, BTM_READ_RSSI_TYPE_CUR);
2071 return(BTM_CMD_STARTED);
2074 /* If here, no BD Addr found */
2075 return (BTM_UNKNOWN_ADDR);
2078 /*******************************************************************************
2080 ** Function btm_read_tx_power_timeout
2082 ** Description Callback when reading the tx power times out.
2086 *******************************************************************************/
2087 void btm_read_tx_power_timeout(UNUSED_ATTR void *data)
2089 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
2090 btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
2092 (*p_cb)((void *) NULL);
2095 /*******************************************************************************
2097 ** Function btm_read_tx_power_complete
2099 ** Description This function is called when the command complete message
2100 ** is received from the HCI for the read tx power request.
2104 *******************************************************************************/
2105 void btm_read_tx_power_complete(uint8_t *p, bool is_ble)
2107 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
2108 tBTM_TX_POWER_RESULTS results;
2110 tACL_CONN *p_acl_cb = &btm_cb.acl_db[0];
2113 BTM_TRACE_DEBUG("%s", __func__);
2114 alarm_cancel(btm_cb.devcb.read_tx_power_timer);
2115 btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
2117 /* If there was a registered callback, call it */
2120 STREAM_TO_UINT8 (results.hci_status, p);
2122 if (results.hci_status == HCI_SUCCESS)
2124 results.status = BTM_SUCCESS;
2128 STREAM_TO_UINT16 (handle, p);
2129 STREAM_TO_UINT8 (results.tx_power, p);
2131 /* Search through the list of active channels for the correct BD Addr */
2132 for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
2134 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
2136 memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2141 #if (BLE_INCLUDED == TRUE)
2144 STREAM_TO_UINT8 (results.tx_power, p);
2145 memcpy(results.rem_bda, btm_cb.devcb.read_tx_pwr_addr, BD_ADDR_LEN);
2148 BTM_TRACE_DEBUG ("BTM TX power Complete: tx_power %d, hci status 0x%02x",
2149 results.tx_power, results.hci_status);
2152 results.status = BTM_ERR_PROCESSING;
2158 /*******************************************************************************
2160 ** Function btm_read_rssi_timeout
2162 ** Description Callback when reading the RSSI times out.
2166 *******************************************************************************/
2167 void btm_read_rssi_timeout(UNUSED_ATTR void *data)
2169 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
2170 btm_cb.devcb.p_rssi_cmpl_cb = NULL;
2172 (*p_cb)((void *) NULL);
2175 /*******************************************************************************
2177 ** Function btm_read_rssi_complete
2179 ** Description This function is called when the command complete message
2180 ** is received from the HCI for the read rssi request.
2184 *******************************************************************************/
2185 void btm_read_rssi_complete (uint8_t *p)
2187 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
2188 tBTM_RSSI_RESULTS results;
2190 tACL_CONN *p_acl_cb = &btm_cb.acl_db[0];
2193 BTM_TRACE_DEBUG("%s", __func__);
2194 alarm_cancel(btm_cb.devcb.read_rssi_timer);
2195 btm_cb.devcb.p_rssi_cmpl_cb = NULL;
2197 /* If there was a registered callback, call it */
2200 STREAM_TO_UINT8 (results.hci_status, p);
2202 if (results.hci_status == HCI_SUCCESS)
2204 results.status = BTM_SUCCESS;
2206 STREAM_TO_UINT16 (handle, p);
2208 STREAM_TO_UINT8 (results.rssi, p);
2209 BTM_TRACE_DEBUG ("BTM RSSI Complete: rssi %d, hci status 0x%02x",
2210 results.rssi, results.hci_status);
2212 /* Search through the list of active channels for the correct BD Addr */
2213 for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
2215 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
2217 memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2223 results.status = BTM_ERR_PROCESSING;
2229 /*******************************************************************************
2231 ** Function btm_read_link_quality_timeout
2233 ** Description Callback when reading the link quality times out.
2237 *******************************************************************************/
2238 void btm_read_link_quality_timeout(UNUSED_ATTR void *data)
2240 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_link_qual_cmpl_cb;
2241 btm_cb.devcb.p_link_qual_cmpl_cb = NULL;
2243 (*p_cb)((void *) NULL);
2246 /*******************************************************************************
2248 ** Function btm_read_link_quality_complete
2250 ** Description This function is called when the command complete message
2251 ** is received from the HCI for the read link quality.
2255 *******************************************************************************/
2256 void btm_read_link_quality_complete(uint8_t *p)
2258 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_link_qual_cmpl_cb;
2259 tBTM_LINK_QUALITY_RESULTS results;
2261 tACL_CONN *p_acl_cb = &btm_cb.acl_db[0];
2264 BTM_TRACE_DEBUG("%s", __func__);
2265 alarm_cancel(btm_cb.devcb.read_link_quality_timer);
2266 btm_cb.devcb.p_link_qual_cmpl_cb = NULL;
2268 /* If there was a registered callback, call it */
2271 STREAM_TO_UINT8 (results.hci_status, p);
2273 if (results.hci_status == HCI_SUCCESS)
2275 results.status = BTM_SUCCESS;
2277 STREAM_TO_UINT16 (handle, p);
2279 STREAM_TO_UINT8 (results.link_quality, p);
2280 BTM_TRACE_DEBUG ("BTM Link Quality Complete: Link Quality %d, hci status 0x%02x",
2281 results.link_quality, results.hci_status);
2283 /* Search through the list of active channels for the correct BD Addr */
2284 for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
2286 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
2288 memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2294 results.status = BTM_ERR_PROCESSING;
2300 /*******************************************************************************
2302 ** Function btm_remove_acl
2304 ** Description This function is called to disconnect an ACL connection
2306 ** Returns BTM_SUCCESS if successfully initiated, otherwise BTM_NO_RESOURCES.
2308 *******************************************************************************/
2309 tBTM_STATUS btm_remove_acl (BD_ADDR bd_addr, tBT_TRANSPORT transport)
2311 uint16_t hci_handle = BTM_GetHCIConnHandle(bd_addr, transport);
2312 tBTM_STATUS status = BTM_SUCCESS;
2314 BTM_TRACE_DEBUG ("btm_remove_acl");
2315 #if (BTM_DISC_DURING_RS == TRUE)
2316 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
2318 /* Role Switch is pending, postpone until completed */
2319 if (p_dev_rec && (p_dev_rec->rs_disc_pending == BTM_SEC_RS_PENDING))
2321 p_dev_rec->rs_disc_pending = BTM_SEC_DISC_PENDING;
2323 else /* otherwise can disconnect right away */
2326 if (hci_handle != 0xFFFF && p_dev_rec &&
2327 p_dev_rec->sec_state!= BTM_SEC_STATE_DISCONNECTING)
2329 btsnd_hcic_disconnect(hci_handle, HCI_ERR_PEER_USER);
2332 status = BTM_UNKNOWN_ADDR;
2339 /*******************************************************************************
2341 ** Function BTM_SetTraceLevel
2343 ** Description This function sets the trace level for BTM. If called with
2344 ** a value of 0xFF, it simply returns the current trace level.
2346 ** Returns The new or current trace level
2348 *******************************************************************************/
2349 uint8_t BTM_SetTraceLevel (uint8_t new_level)
2351 BTM_TRACE_DEBUG ("BTM_SetTraceLevel");
2352 if (new_level != 0xFF)
2353 btm_cb.trace_level = new_level;
2355 return(btm_cb.trace_level);
2358 /*******************************************************************************
2360 ** Function btm_cont_rswitch
2362 ** Description This function is called to continue processing an active
2363 ** role switch. It first disables encryption if enabled and
2364 ** EPR is not supported
2368 *******************************************************************************/
2369 void btm_cont_rswitch (tACL_CONN *p, tBTM_SEC_DEV_REC *p_dev_rec,
2372 BTM_TRACE_DEBUG ("btm_cont_rswitch");
2373 /* Check to see if encryption needs to be turned off if pending
2374 change of link key or role switch */
2375 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
2377 /* Must turn off Encryption first if necessary */
2378 /* Some devices do not support switch or change of link key while encryption is on */
2379 if (p_dev_rec != NULL && ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0)
2380 && !BTM_EPR_AVAILABLE(p))
2382 btsnd_hcic_set_conn_encrypt(p->hci_handle, false);
2383 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
2384 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
2385 p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
2387 else /* Encryption not used or EPR supported, continue with switch
2388 and/or change of link key */
2390 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
2392 p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
2393 #if (BTM_DISC_DURING_RS == TRUE)
2395 p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
2397 btsnd_hcic_switch_role(p->remote_addr, (uint8_t)!p->link_role);
2403 /*******************************************************************************
2405 ** Function btm_acl_resubmit_page
2407 ** Description send pending page request
2409 *******************************************************************************/
2410 void btm_acl_resubmit_page (void)
2412 tBTM_SEC_DEV_REC *p_dev_rec;
2416 BTM_TRACE_DEBUG ("btm_acl_resubmit_page");
2417 /* If there were other page request schedule can start the next one */
2418 if ((p_buf = (BT_HDR *)fixed_queue_try_dequeue(btm_cb.page_queue)) != NULL)
2420 /* skip 3 (2 bytes opcode and 1 byte len) to get to the bd_addr
2421 * for both create_conn and rmt_name */
2422 pp = (uint8_t *)(p_buf + 1) + p_buf->offset + 3;
2424 STREAM_TO_BDADDR (bda, pp);
2426 p_dev_rec = btm_find_or_alloc_dev (bda);
2428 memcpy (btm_cb.connecting_bda, p_dev_rec->bd_addr, BD_ADDR_LEN);
2429 memcpy (btm_cb.connecting_dc, p_dev_rec->dev_class, DEV_CLASS_LEN);
2431 btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p_buf);
2434 btm_cb.paging = false;
2437 /*******************************************************************************
2439 ** Function btm_acl_reset_paging
2441 ** Description set paging to false and free the page queue - called at hci_reset
2443 *******************************************************************************/
2444 void btm_acl_reset_paging (void)
2447 BTM_TRACE_DEBUG ("btm_acl_reset_paging");
2448 /* If we sent reset we are definitely not paging any more */
2449 while ((p = (BT_HDR *)fixed_queue_try_dequeue(btm_cb.page_queue)) != NULL)
2452 btm_cb.paging = false;
2455 /*******************************************************************************
2457 ** Function btm_acl_paging
2459 ** Description send a paging command or queue it in btm_cb
2461 *******************************************************************************/
2462 void btm_acl_paging (BT_HDR *p, BD_ADDR bda)
2464 tBTM_SEC_DEV_REC *p_dev_rec;
2466 BTM_TRACE_DEBUG ("btm_acl_paging discing:%d, paging:%d BDA: %06x%06x",
2467 btm_cb.discing, btm_cb.paging,
2468 (bda[0]<<16) + (bda[1]<<8) + bda[2], (bda[3]<<16) + (bda[4] << 8) + bda[5]);
2471 btm_cb.paging = true;
2472 fixed_queue_enqueue(btm_cb.page_queue, p);
2476 if (!BTM_ACL_IS_CONNECTED (bda))
2478 BTM_TRACE_DEBUG ("connecting_bda: %06x%06x",
2479 (btm_cb.connecting_bda[0]<<16) + (btm_cb.connecting_bda[1]<<8) +
2480 btm_cb.connecting_bda[2],
2481 (btm_cb.connecting_bda[3]<<16) + (btm_cb.connecting_bda[4] << 8) +
2482 btm_cb.connecting_bda[5]);
2483 if (btm_cb.paging &&
2484 memcmp (bda, btm_cb.connecting_bda, BD_ADDR_LEN) != 0)
2486 fixed_queue_enqueue(btm_cb.page_queue, p);
2490 p_dev_rec = btm_find_or_alloc_dev (bda);
2491 memcpy (btm_cb.connecting_bda, p_dev_rec->bd_addr, BD_ADDR_LEN);
2492 memcpy (btm_cb.connecting_dc, p_dev_rec->dev_class, DEV_CLASS_LEN);
2494 btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p);
2497 btm_cb.paging = true;
2499 else /* ACL is already up */
2501 btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p);
2506 /*******************************************************************************
2508 ** Function btm_acl_notif_conn_collision
2510 ** Description Send connection collision event to upper layer if registered
2512 ** Returns true if sent out to upper layer,
2513 ** false if no one needs the notification.
2515 *******************************************************************************/
2516 bool btm_acl_notif_conn_collision (BD_ADDR bda)
2518 tBTM_BL_EVENT_DATA evt_data;
2520 /* Report possible collision to the upper layer. */
2521 if (btm_cb.p_bl_changed_cb)
2523 BTM_TRACE_DEBUG ("btm_acl_notif_conn_collision: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2524 bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
2526 evt_data.event = BTM_BL_COLLISION_EVT;
2527 evt_data.conn.p_bda = bda;
2529 #if (BLE_INCLUDED == TRUE)
2530 evt_data.conn.transport = BT_TRANSPORT_BR_EDR;
2531 evt_data.conn.handle = BTM_INVALID_HCI_HANDLE;
2533 (*btm_cb.p_bl_changed_cb)(&evt_data);
2541 /*******************************************************************************
2543 ** Function btm_acl_chk_peer_pkt_type_support
2545 ** Description Check if peer supports requested packets
2547 *******************************************************************************/
2548 void btm_acl_chk_peer_pkt_type_support (tACL_CONN *p, uint16_t *p_pkt_type)
2550 /* 3 and 5 slot packets? */
2551 if (!HCI_3_SLOT_PACKETS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2552 *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH3 +BTM_ACL_PKT_TYPES_MASK_DM3);
2554 if (!HCI_5_SLOT_PACKETS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2555 *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH5 + BTM_ACL_PKT_TYPES_MASK_DM5);
2557 /* 2 and 3 MPS support? */
2558 if (!HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2559 /* Not supported. Add 'not_supported' mask for all 2MPS packet types */
2560 *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 +
2561 BTM_ACL_PKT_TYPES_MASK_NO_2_DH5);
2563 if (!HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2564 /* Not supported. Add 'not_supported' mask for all 3MPS packet types */
2565 *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_3_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3 +
2566 BTM_ACL_PKT_TYPES_MASK_NO_3_DH5);
2568 /* EDR 3 and 5 slot support? */
2569 if (HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0])
2570 || HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2572 if (!HCI_3_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2573 /* Not supported. Add 'not_supported' mask for all 3-slot EDR packet types */
2574 *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3);
2576 if (!HCI_5_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2577 /* Not supported. Add 'not_supported' mask for all 5-slot EDR packet types */
2578 *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH5 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH5);