| /* att.c - Attribute protocol handling */ |
| |
| /* |
| * Copyright (c) 2015-2016 Intel Corporation |
| * |
| * SPDX-License-Identifier: Apache-2.0 |
| */ |
| |
| #include <zephyr.h> |
| #include <string.h> |
| #include <errno.h> |
| #include <stdbool.h> |
| #include <sys/atomic.h> |
| #include <sys/byteorder.h> |
| #include <sys/util.h> |
| |
| #include <bluetooth/hci.h> |
| #include <bluetooth/bluetooth.h> |
| #include <bluetooth/uuid.h> |
| #include <bluetooth/gatt.h> |
| #include <bluetooth/hci_driver.h> |
| |
| #define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_DEBUG_ATT) |
| #define LOG_MODULE_NAME bt_att |
| #include "common/log.h" |
| |
| #include "hci_core.h" |
| #include "conn_internal.h" |
| #include "l2cap_internal.h" |
| #include "smp.h" |
| #include "att_internal.h" |
| #include "gatt_internal.h" |
| |
| #define ATT_CHAN(_ch) CONTAINER_OF(_ch, struct bt_att, chan.chan) |
| #define ATT_REQ(_node) CONTAINER_OF(_node, struct bt_att_req, node) |
| |
| #define ATT_CMD_MASK 0x40 |
| |
| #define ATT_TIMEOUT K_SECONDS(30) |
| |
| typedef enum __packed { |
| ATT_COMMAND, |
| ATT_REQUEST, |
| ATT_RESPONSE, |
| ATT_NOTIFICATION, |
| ATT_CONFIRMATION, |
| ATT_INDICATION, |
| ATT_UNKNOWN, |
| } att_type_t; |
| |
| static att_type_t att_op_get_type(u8_t op); |
| |
| #if CONFIG_BT_ATT_PREPARE_COUNT > 0 |
| struct bt_attr_data { |
| u16_t handle; |
| u16_t offset; |
| }; |
| |
| /* Pool for incoming ATT packets */ |
| NET_BUF_POOL_DEFINE(prep_pool, CONFIG_BT_ATT_PREPARE_COUNT, BT_ATT_MTU, |
| sizeof(struct bt_attr_data), NULL); |
| #endif /* CONFIG_BT_ATT_PREPARE_COUNT */ |
| |
| enum { |
| ATT_PENDING_RSP, |
| ATT_PENDING_CFM, |
| ATT_DISCONNECTED, |
| |
| /* Total number of flags - must be at the end of the enum */ |
| ATT_NUM_FLAGS, |
| }; |
| |
| /* ATT channel specific context */ |
| struct bt_att { |
| /* The channel this context is associated with */ |
| struct bt_l2cap_le_chan chan; |
| ATOMIC_DEFINE(flags, ATT_NUM_FLAGS); |
| struct bt_att_req *req; |
| sys_slist_t reqs; |
| struct k_delayed_work timeout_work; |
| struct k_sem tx_sem; |
| struct k_fifo tx_queue; |
| #if CONFIG_BT_ATT_PREPARE_COUNT > 0 |
| struct k_fifo prep_queue; |
| #endif |
| }; |
| |
| static struct bt_att bt_req_pool[CONFIG_BT_MAX_CONN]; |
| static struct bt_att_req cancel; |
| |
| static void att_req_destroy(struct bt_att_req *req) |
| { |
| BT_DBG("req %p", req); |
| |
| if (req->buf) { |
| net_buf_unref(req->buf); |
| } |
| |
| if (req->destroy) { |
| req->destroy(req); |
| } |
| |
| (void)memset(req, 0, sizeof(*req)); |
| } |
| |
| static struct bt_att *att_get(struct bt_conn *conn) |
| { |
| struct bt_l2cap_chan *chan; |
| |
| chan = bt_l2cap_le_lookup_tx_cid(conn, BT_L2CAP_CID_ATT); |
| __ASSERT(chan, "No ATT channel found"); |
| |
| return CONTAINER_OF(chan, struct bt_att, chan); |
| } |
| |
| static bt_conn_tx_cb_t att_cb(struct net_buf *buf); |
| |
| static int att_send(struct bt_conn *conn, struct net_buf *buf, |
| bt_conn_tx_cb_t cb, void *user_data) |
| { |
| struct bt_att_hdr *hdr; |
| |
| hdr = (void *)buf->data; |
| |
| BT_DBG("code 0x%02x", hdr->code); |
| |
| if (hdr->code == BT_ATT_OP_SIGNED_WRITE_CMD) { |
| int err; |
| |
| err = bt_smp_sign(conn, buf); |
| if (err) { |
| BT_ERR("Error signing data"); |
| net_buf_unref(buf); |
| return err; |
| } |
| } |
| |
| return bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, buf, |
| cb ? cb : att_cb(buf), |
| user_data); |
| } |
| |
| void att_pdu_sent(struct bt_conn *conn, void *user_data) |
| { |
| struct bt_att *att = att_get(conn); |
| struct net_buf *buf; |
| |
| BT_DBG("conn %p att %p", conn, att); |
| |
| while ((buf = net_buf_get(&att->tx_queue, K_NO_WAIT))) { |
| /* Check if the queued buf is a request */ |
| if (att->req && att->req->buf == buf) { |
| /* Save request state so it can be resent */ |
| net_buf_simple_save(&att->req->buf->b, |
| &att->req->state); |
| } |
| |
| if (!att_send(conn, buf, NULL, NULL)) { |
| return; |
| } |
| } |
| |
| k_sem_give(&att->tx_sem); |
| } |
| |
| void att_cfm_sent(struct bt_conn *conn, void *user_data) |
| { |
| struct bt_att *att = att_get(conn); |
| |
| BT_DBG("conn %p att %p", conn, att); |
| |
| if (IS_ENABLED(CONFIG_BT_ATT_ENFORCE_FLOW)) { |
| atomic_clear_bit(att->flags, ATT_PENDING_CFM); |
| } |
| |
| att_pdu_sent(conn, user_data); |
| } |
| |
| void att_rsp_sent(struct bt_conn *conn, void *user_data) |
| { |
| struct bt_att *att = att_get(conn); |
| |
| BT_DBG("conn %p att %p", conn, att); |
| |
| if (IS_ENABLED(CONFIG_BT_ATT_ENFORCE_FLOW)) { |
| atomic_clear_bit(att->flags, ATT_PENDING_RSP); |
| } |
| |
| att_pdu_sent(conn, user_data); |
| } |
| |
| void att_req_sent(struct bt_conn *conn, void *user_data) |
| { |
| struct bt_att *att = att_get(conn); |
| |
| BT_DBG("conn %p att %p att->req %p", conn, att, att->req); |
| |
| /* Start timeout work */ |
| if (att->req) { |
| k_delayed_work_submit(&att->timeout_work, ATT_TIMEOUT); |
| } |
| |
| att_pdu_sent(conn, user_data); |
| } |
| |
| static bt_conn_tx_cb_t att_cb(struct net_buf *buf) |
| { |
| switch (att_op_get_type(buf->data[0])) { |
| case ATT_RESPONSE: |
| return att_rsp_sent; |
| case ATT_CONFIRMATION: |
| return att_cfm_sent; |
| case ATT_REQUEST: |
| case ATT_INDICATION: |
| return att_req_sent; |
| default: |
| return att_pdu_sent; |
| } |
| } |
| |
| static void send_err_rsp(struct bt_conn *conn, u8_t req, u16_t handle, |
| u8_t err) |
| { |
| struct bt_att_error_rsp *rsp; |
| struct net_buf *buf; |
| |
| /* Ignore opcode 0x00 */ |
| if (!req) { |
| return; |
| } |
| |
| buf = bt_att_create_pdu(conn, BT_ATT_OP_ERROR_RSP, sizeof(*rsp)); |
| if (!buf) { |
| return; |
| } |
| |
| rsp = net_buf_add(buf, sizeof(*rsp)); |
| rsp->request = req; |
| rsp->handle = sys_cpu_to_le16(handle); |
| rsp->error = err; |
| |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, buf, att_rsp_sent, NULL); |
| } |
| |
| static u8_t att_mtu_req(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct bt_att_exchange_mtu_req *req; |
| struct bt_att_exchange_mtu_rsp *rsp; |
| struct net_buf *pdu; |
| u16_t mtu_client, mtu_server; |
| |
| req = (void *)buf->data; |
| |
| mtu_client = sys_le16_to_cpu(req->mtu); |
| |
| BT_DBG("Client MTU %u", mtu_client); |
| |
| /* Check if MTU is valid */ |
| if (mtu_client < BT_ATT_DEFAULT_LE_MTU) { |
| return BT_ATT_ERR_INVALID_PDU; |
| } |
| |
| pdu = bt_att_create_pdu(conn, BT_ATT_OP_MTU_RSP, sizeof(*rsp)); |
| if (!pdu) { |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| |
| mtu_server = BT_ATT_MTU; |
| |
| BT_DBG("Server MTU %u", mtu_server); |
| |
| rsp = net_buf_add(pdu, sizeof(*rsp)); |
| rsp->mtu = sys_cpu_to_le16(mtu_server); |
| |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, pdu, att_rsp_sent, NULL); |
| |
| /* BLUETOOTH SPECIFICATION Version 4.2 [Vol 3, Part F] page 484: |
| * |
| * A device's Exchange MTU Request shall contain the same MTU as the |
| * device's Exchange MTU Response (i.e. the MTU shall be symmetric). |
| */ |
| att->chan.rx.mtu = MIN(mtu_client, mtu_server); |
| att->chan.tx.mtu = att->chan.rx.mtu; |
| |
| BT_DBG("Negotiated MTU %u", att->chan.rx.mtu); |
| return 0; |
| } |
| |
| static inline bool att_is_connected(struct bt_att *att) |
| { |
| return (att->chan.chan.conn->state != BT_CONN_CONNECTED || |
| !atomic_test_bit(att->flags, ATT_DISCONNECTED)); |
| } |
| |
| static int att_send_req(struct bt_att *att, struct bt_att_req *req) |
| { |
| int err; |
| |
| __ASSERT_NO_MSG(req); |
| __ASSERT_NO_MSG(req->func); |
| __ASSERT_NO_MSG(!att->req); |
| |
| BT_DBG("req %p", req); |
| |
| att->req = req; |
| |
| if (k_sem_take(&att->tx_sem, K_NO_WAIT) < 0) { |
| k_fifo_put(&att->tx_queue, req->buf); |
| return 0; |
| } |
| |
| /* Save request state so it can be resent */ |
| net_buf_simple_save(&req->buf->b, &req->state); |
| |
| /* Keep a reference for resending in case of an error */ |
| err = bt_l2cap_send_cb(att->chan.chan.conn, BT_L2CAP_CID_ATT, |
| net_buf_ref(req->buf), att_cb(req->buf), NULL); |
| if (err) { |
| net_buf_unref(req->buf); |
| req->buf = NULL; |
| return err; |
| } |
| |
| return 0; |
| } |
| |
| static void att_process(struct bt_att *att) |
| { |
| sys_snode_t *node; |
| |
| BT_DBG(""); |
| |
| /* Pull next request from the list */ |
| node = sys_slist_get(&att->reqs); |
| if (!node) { |
| return; |
| } |
| |
| att_send_req(att, ATT_REQ(node)); |
| } |
| |
| static u8_t att_handle_rsp(struct bt_att *att, void *pdu, u16_t len, u8_t err) |
| { |
| bt_att_func_t func; |
| |
| BT_DBG("err 0x%02x len %u: %s", err, len, bt_hex(pdu, len)); |
| |
| /* Cancel timeout if ongoing */ |
| k_delayed_work_cancel(&att->timeout_work); |
| |
| if (!att->req) { |
| BT_WARN("No pending ATT request"); |
| goto process; |
| } |
| |
| /* Check if request has been cancelled */ |
| if (att->req == &cancel) { |
| att->req = NULL; |
| goto process; |
| } |
| |
| /* Release original buffer */ |
| if (att->req->buf) { |
| net_buf_unref(att->req->buf); |
| att->req->buf = NULL; |
| } |
| |
| /* Reset func so it can be reused by the callback */ |
| func = att->req->func; |
| att->req->func = NULL; |
| |
| func(att->chan.chan.conn, err, pdu, len, att->req); |
| |
| /* Don't destroy if callback had reused the request */ |
| if (!att->req->func) { |
| att_req_destroy(att->req); |
| } |
| |
| att->req = NULL; |
| |
| process: |
| /* Process pending requests */ |
| att_process(att); |
| |
| return 0; |
| } |
| |
| #if defined(CONFIG_BT_GATT_CLIENT) |
| static u8_t att_mtu_rsp(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_att_exchange_mtu_rsp *rsp; |
| u16_t mtu; |
| |
| if (!att) { |
| return 0; |
| } |
| |
| rsp = (void *)buf->data; |
| |
| mtu = sys_le16_to_cpu(rsp->mtu); |
| |
| BT_DBG("Server MTU %u", mtu); |
| |
| /* Check if MTU is valid */ |
| if (mtu < BT_ATT_DEFAULT_LE_MTU) { |
| return att_handle_rsp(att, NULL, 0, BT_ATT_ERR_INVALID_PDU); |
| } |
| |
| att->chan.rx.mtu = MIN(mtu, BT_ATT_MTU); |
| |
| /* BLUETOOTH SPECIFICATION Version 4.2 [Vol 3, Part F] page 484: |
| * |
| * A device's Exchange MTU Request shall contain the same MTU as the |
| * device's Exchange MTU Response (i.e. the MTU shall be symmetric). |
| */ |
| att->chan.tx.mtu = att->chan.rx.mtu; |
| |
| BT_DBG("Negotiated MTU %u", att->chan.rx.mtu); |
| |
| return att_handle_rsp(att, rsp, buf->len, 0); |
| } |
| #endif /* CONFIG_BT_GATT_CLIENT */ |
| |
| static bool range_is_valid(u16_t start, u16_t end, u16_t *err) |
| { |
| /* Handle 0 is invalid */ |
| if (!start || !end) { |
| if (err) { |
| *err = 0U; |
| } |
| return false; |
| } |
| |
| /* Check if range is valid */ |
| if (start > end) { |
| if (err) { |
| *err = start; |
| } |
| return false; |
| } |
| |
| return true; |
| } |
| |
| struct find_info_data { |
| struct bt_att *att; |
| struct net_buf *buf; |
| struct bt_att_find_info_rsp *rsp; |
| union { |
| struct bt_att_info_16 *info16; |
| struct bt_att_info_128 *info128; |
| }; |
| }; |
| |
| static u8_t find_info_cb(const struct bt_gatt_attr *attr, void *user_data) |
| { |
| struct find_info_data *data = user_data; |
| struct bt_att *att = data->att; |
| |
| BT_DBG("handle 0x%04x", attr->handle); |
| |
| /* Initialize rsp at first entry */ |
| if (!data->rsp) { |
| data->rsp = net_buf_add(data->buf, sizeof(*data->rsp)); |
| data->rsp->format = (attr->uuid->type == BT_UUID_TYPE_16) ? |
| BT_ATT_INFO_16 : BT_ATT_INFO_128; |
| } |
| |
| switch (data->rsp->format) { |
| case BT_ATT_INFO_16: |
| if (attr->uuid->type != BT_UUID_TYPE_16) { |
| return BT_GATT_ITER_STOP; |
| } |
| |
| /* Fast forward to next item position */ |
| data->info16 = net_buf_add(data->buf, sizeof(*data->info16)); |
| data->info16->handle = sys_cpu_to_le16(attr->handle); |
| data->info16->uuid = sys_cpu_to_le16(BT_UUID_16(attr->uuid)->val); |
| |
| if (att->chan.tx.mtu - data->buf->len > |
| sizeof(*data->info16)) { |
| return BT_GATT_ITER_CONTINUE; |
| } |
| |
| break; |
| case BT_ATT_INFO_128: |
| if (attr->uuid->type != BT_UUID_TYPE_128) { |
| return BT_GATT_ITER_STOP; |
| } |
| |
| /* Fast forward to next item position */ |
| data->info128 = net_buf_add(data->buf, sizeof(*data->info128)); |
| data->info128->handle = sys_cpu_to_le16(attr->handle); |
| memcpy(data->info128->uuid, BT_UUID_128(attr->uuid)->val, |
| sizeof(data->info128->uuid)); |
| |
| if (att->chan.tx.mtu - data->buf->len > |
| sizeof(*data->info128)) { |
| return BT_GATT_ITER_CONTINUE; |
| } |
| } |
| |
| return BT_GATT_ITER_STOP; |
| } |
| |
| static u8_t att_find_info_rsp(struct bt_att *att, u16_t start_handle, |
| u16_t end_handle) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct find_info_data data; |
| |
| (void)memset(&data, 0, sizeof(data)); |
| |
| data.buf = bt_att_create_pdu(conn, BT_ATT_OP_FIND_INFO_RSP, 0); |
| if (!data.buf) { |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| |
| data.att = att; |
| bt_gatt_foreach_attr(start_handle, end_handle, find_info_cb, &data); |
| |
| if (!data.rsp) { |
| net_buf_unref(data.buf); |
| /* Respond since handle is set */ |
| send_err_rsp(conn, BT_ATT_OP_FIND_INFO_REQ, start_handle, |
| BT_ATT_ERR_ATTRIBUTE_NOT_FOUND); |
| return 0; |
| } |
| |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, data.buf, att_rsp_sent, |
| NULL); |
| |
| return 0; |
| } |
| |
| static u8_t att_find_info_req(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct bt_att_find_info_req *req; |
| u16_t start_handle, end_handle, err_handle; |
| |
| req = (void *)buf->data; |
| |
| start_handle = sys_le16_to_cpu(req->start_handle); |
| end_handle = sys_le16_to_cpu(req->end_handle); |
| |
| BT_DBG("start_handle 0x%04x end_handle 0x%04x", start_handle, |
| end_handle); |
| |
| if (!range_is_valid(start_handle, end_handle, &err_handle)) { |
| send_err_rsp(conn, BT_ATT_OP_FIND_INFO_REQ, err_handle, |
| BT_ATT_ERR_INVALID_HANDLE); |
| return 0; |
| } |
| |
| return att_find_info_rsp(att, start_handle, end_handle); |
| } |
| |
| struct find_type_data { |
| struct bt_att *att; |
| struct net_buf *buf; |
| struct bt_att_handle_group *group; |
| const void *value; |
| u8_t value_len; |
| u8_t err; |
| }; |
| |
| static u8_t find_type_cb(const struct bt_gatt_attr *attr, void *user_data) |
| { |
| struct find_type_data *data = user_data; |
| struct bt_att *att = data->att; |
| struct bt_conn *conn = att->chan.chan.conn; |
| int read; |
| u8_t uuid[16]; |
| |
| /* Skip secondary services */ |
| if (!bt_uuid_cmp(attr->uuid, BT_UUID_GATT_SECONDARY)) { |
| goto skip; |
| } |
| |
| /* Update group end_handle if not a primary service */ |
| if (bt_uuid_cmp(attr->uuid, BT_UUID_GATT_PRIMARY)) { |
| if (data->group && |
| attr->handle > sys_le16_to_cpu(data->group->end_handle)) { |
| data->group->end_handle = sys_cpu_to_le16(attr->handle); |
| } |
| return BT_GATT_ITER_CONTINUE; |
| } |
| |
| BT_DBG("handle 0x%04x", attr->handle); |
| |
| /* stop if there is no space left */ |
| if (att->chan.tx.mtu - data->buf->len < sizeof(*data->group)) { |
| return BT_GATT_ITER_STOP; |
| } |
| |
| /* Read attribute value and store in the buffer */ |
| read = attr->read(conn, attr, uuid, sizeof(uuid), 0); |
| if (read < 0) { |
| /* |
| * Since we don't know if it is the service with requested UUID, |
| * we cannot respond with an error to this request. |
| */ |
| goto skip; |
| } |
| |
| /* Check if data matches */ |
| if (read != data->value_len) { |
| /* Use bt_uuid_cmp() to compare UUIDs of different form. */ |
| struct bt_uuid_128 ref_uuid; |
| struct bt_uuid_128 recvd_uuid; |
| |
| if (!bt_uuid_create(&recvd_uuid.uuid, data->value, data->value_len)) { |
| BT_WARN("Unable to create UUID: size %u", data->value_len); |
| goto skip; |
| } |
| if (!bt_uuid_create(&ref_uuid.uuid, uuid, read)) { |
| BT_WARN("Unable to create UUID: size %d", read); |
| goto skip; |
| } |
| if (bt_uuid_cmp(&recvd_uuid.uuid, &ref_uuid.uuid)) { |
| goto skip; |
| } |
| } else if (memcmp(data->value, uuid, read)) { |
| goto skip; |
| } |
| |
| /* If service has been found, error should be cleared */ |
| data->err = 0x00; |
| |
| /* Fast forward to next item position */ |
| data->group = net_buf_add(data->buf, sizeof(*data->group)); |
| data->group->start_handle = sys_cpu_to_le16(attr->handle); |
| data->group->end_handle = sys_cpu_to_le16(attr->handle); |
| |
| /* continue to find the end_handle */ |
| return BT_GATT_ITER_CONTINUE; |
| |
| skip: |
| data->group = NULL; |
| return BT_GATT_ITER_CONTINUE; |
| } |
| |
| static u8_t att_find_type_rsp(struct bt_att *att, u16_t start_handle, |
| u16_t end_handle, const void *value, |
| u8_t value_len) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct find_type_data data; |
| |
| (void)memset(&data, 0, sizeof(data)); |
| |
| data.buf = bt_att_create_pdu(conn, BT_ATT_OP_FIND_TYPE_RSP, 0); |
| if (!data.buf) { |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| |
| data.att = att; |
| data.group = NULL; |
| data.value = value; |
| data.value_len = value_len; |
| |
| /* Pre-set error in case no service will be found */ |
| data.err = BT_ATT_ERR_ATTRIBUTE_NOT_FOUND; |
| |
| bt_gatt_foreach_attr(start_handle, end_handle, find_type_cb, &data); |
| |
| /* If error has not been cleared, no service has been found */ |
| if (data.err) { |
| net_buf_unref(data.buf); |
| /* Respond since handle is set */ |
| send_err_rsp(conn, BT_ATT_OP_FIND_TYPE_REQ, start_handle, |
| data.err); |
| return 0; |
| } |
| |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, data.buf, att_rsp_sent, |
| NULL); |
| |
| return 0; |
| } |
| |
| static u8_t att_find_type_req(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct bt_att_find_type_req *req; |
| u16_t start_handle, end_handle, err_handle, type; |
| u8_t *value; |
| |
| req = net_buf_pull_mem(buf, sizeof(*req)); |
| |
| start_handle = sys_le16_to_cpu(req->start_handle); |
| end_handle = sys_le16_to_cpu(req->end_handle); |
| type = sys_le16_to_cpu(req->type); |
| value = buf->data; |
| |
| BT_DBG("start_handle 0x%04x end_handle 0x%04x type %u", start_handle, |
| end_handle, type); |
| |
| if (!range_is_valid(start_handle, end_handle, &err_handle)) { |
| send_err_rsp(conn, BT_ATT_OP_FIND_TYPE_REQ, err_handle, |
| BT_ATT_ERR_INVALID_HANDLE); |
| return 0; |
| } |
| |
| /* The Attribute Protocol Find By Type Value Request shall be used with |
| * the Attribute Type parameter set to the UUID for "Primary Service" |
| * and the Attribute Value set to the 16-bit Bluetooth UUID or 128-bit |
| * UUID for the specific primary service. |
| */ |
| if (bt_uuid_cmp(BT_UUID_DECLARE_16(type), BT_UUID_GATT_PRIMARY)) { |
| send_err_rsp(conn, BT_ATT_OP_FIND_TYPE_REQ, start_handle, |
| BT_ATT_ERR_ATTRIBUTE_NOT_FOUND); |
| return 0; |
| } |
| |
| return att_find_type_rsp(att, start_handle, end_handle, value, |
| buf->len); |
| } |
| |
| static u8_t err_to_att(int err) |
| { |
| BT_DBG("%d", err); |
| |
| if (err < 0 && err >= -0xff) { |
| return -err; |
| } |
| |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| |
| struct read_type_data { |
| struct bt_att *att; |
| struct bt_uuid *uuid; |
| struct net_buf *buf; |
| struct bt_att_read_type_rsp *rsp; |
| struct bt_att_data *item; |
| u8_t err; |
| }; |
| |
| static u8_t read_type_cb(const struct bt_gatt_attr *attr, void *user_data) |
| { |
| struct read_type_data *data = user_data; |
| struct bt_att *att = data->att; |
| struct bt_conn *conn = att->chan.chan.conn; |
| int read; |
| |
| /* Skip if doesn't match */ |
| if (bt_uuid_cmp(attr->uuid, data->uuid)) { |
| return BT_GATT_ITER_CONTINUE; |
| } |
| |
| BT_DBG("handle 0x%04x", attr->handle); |
| |
| /* |
| * If an attribute in the set of requested attributes would cause an |
| * Error Response then this attribute cannot be included in a |
| * Read By Type Response and the attributes before this attribute |
| * shall be returned |
| * |
| * If the first attribute in the set of requested attributes would |
| * cause an Error Response then no other attributes in the requested |
| * attributes can be considered. |
| */ |
| data->err = bt_gatt_check_perm(conn, attr, BT_GATT_PERM_READ_MASK); |
| if (data->err) { |
| if (data->rsp->len) { |
| data->err = 0x00; |
| } |
| return BT_GATT_ITER_STOP; |
| } |
| |
| /* |
| * If any attribute is founded in handle range it means that error |
| * should be changed from pre-set: attr not found error to no error. |
| */ |
| data->err = 0x00; |
| |
| /* Fast forward to next item position */ |
| data->item = net_buf_add(data->buf, sizeof(*data->item)); |
| data->item->handle = sys_cpu_to_le16(attr->handle); |
| |
| /* Read attribute value and store in the buffer */ |
| read = attr->read(conn, attr, data->buf->data + data->buf->len, |
| att->chan.tx.mtu - data->buf->len, 0); |
| if (read < 0) { |
| data->err = err_to_att(read); |
| return BT_GATT_ITER_STOP; |
| } |
| |
| if (!data->rsp->len) { |
| /* Set len to be the first item found */ |
| data->rsp->len = read + sizeof(*data->item); |
| } else if (data->rsp->len != read + sizeof(*data->item)) { |
| /* All items should have the same size */ |
| data->buf->len -= sizeof(*data->item); |
| return BT_GATT_ITER_STOP; |
| } |
| |
| net_buf_add(data->buf, read); |
| |
| /* return true only if there are still space for more items */ |
| return att->chan.tx.mtu - data->buf->len > data->rsp->len ? |
| BT_GATT_ITER_CONTINUE : BT_GATT_ITER_STOP; |
| } |
| |
| static u8_t att_read_type_rsp(struct bt_att *att, struct bt_uuid *uuid, |
| u16_t start_handle, u16_t end_handle) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct read_type_data data; |
| |
| (void)memset(&data, 0, sizeof(data)); |
| |
| data.buf = bt_att_create_pdu(conn, BT_ATT_OP_READ_TYPE_RSP, |
| sizeof(*data.rsp)); |
| if (!data.buf) { |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| |
| data.att = att; |
| data.uuid = uuid; |
| data.rsp = net_buf_add(data.buf, sizeof(*data.rsp)); |
| data.rsp->len = 0U; |
| |
| /* Pre-set error if no attr will be found in handle */ |
| data.err = BT_ATT_ERR_ATTRIBUTE_NOT_FOUND; |
| |
| bt_gatt_foreach_attr(start_handle, end_handle, read_type_cb, &data); |
| |
| if (data.err) { |
| net_buf_unref(data.buf); |
| /* Response here since handle is set */ |
| send_err_rsp(conn, BT_ATT_OP_READ_TYPE_REQ, start_handle, |
| data.err); |
| return 0; |
| } |
| |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, data.buf, att_rsp_sent, |
| NULL); |
| |
| return 0; |
| } |
| |
| static u8_t att_read_type_req(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct bt_att_read_type_req *req; |
| u16_t start_handle, end_handle, err_handle; |
| union { |
| struct bt_uuid uuid; |
| struct bt_uuid_16 u16; |
| struct bt_uuid_128 u128; |
| } u; |
| u8_t uuid_len = buf->len - sizeof(*req); |
| |
| /* Type can only be UUID16 or UUID128 */ |
| if (uuid_len != 2 && uuid_len != 16) { |
| return BT_ATT_ERR_INVALID_PDU; |
| } |
| |
| req = net_buf_pull_mem(buf, sizeof(*req)); |
| |
| start_handle = sys_le16_to_cpu(req->start_handle); |
| end_handle = sys_le16_to_cpu(req->end_handle); |
| if (!bt_uuid_create(&u.uuid, req->uuid, uuid_len)) { |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| |
| BT_DBG("start_handle 0x%04x end_handle 0x%04x type %s", |
| start_handle, end_handle, bt_uuid_str(&u.uuid)); |
| |
| if (!range_is_valid(start_handle, end_handle, &err_handle)) { |
| send_err_rsp(conn, BT_ATT_OP_READ_TYPE_REQ, err_handle, |
| BT_ATT_ERR_INVALID_HANDLE); |
| return 0; |
| } |
| |
| return att_read_type_rsp(att, &u.uuid, start_handle, end_handle); |
| } |
| |
| struct read_data { |
| struct bt_att *att; |
| u16_t offset; |
| struct net_buf *buf; |
| struct bt_att_read_rsp *rsp; |
| u8_t err; |
| }; |
| |
| static u8_t read_cb(const struct bt_gatt_attr *attr, void *user_data) |
| { |
| struct read_data *data = user_data; |
| struct bt_att *att = data->att; |
| struct bt_conn *conn = att->chan.chan.conn; |
| int read; |
| |
| BT_DBG("handle 0x%04x", attr->handle); |
| |
| data->rsp = net_buf_add(data->buf, sizeof(*data->rsp)); |
| |
| /* |
| * If any attribute is founded in handle range it means that error |
| * should be changed from pre-set: invalid handle error to no error. |
| */ |
| data->err = 0x00; |
| |
| /* Check attribute permissions */ |
| data->err = bt_gatt_check_perm(conn, attr, BT_GATT_PERM_READ_MASK); |
| if (data->err) { |
| return BT_GATT_ITER_STOP; |
| } |
| |
| /* Read attribute value and store in the buffer */ |
| read = attr->read(conn, attr, data->buf->data + data->buf->len, |
| att->chan.tx.mtu - data->buf->len, data->offset); |
| if (read < 0) { |
| data->err = err_to_att(read); |
| return BT_GATT_ITER_STOP; |
| } |
| |
| net_buf_add(data->buf, read); |
| |
| return BT_GATT_ITER_CONTINUE; |
| } |
| |
| static u8_t att_read_rsp(struct bt_att *att, u8_t op, u8_t rsp, u16_t handle, |
| u16_t offset) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct read_data data; |
| |
| if (!bt_gatt_change_aware(conn, true)) { |
| return BT_ATT_ERR_DB_OUT_OF_SYNC; |
| } |
| |
| if (!handle) { |
| return BT_ATT_ERR_INVALID_HANDLE; |
| } |
| |
| (void)memset(&data, 0, sizeof(data)); |
| |
| data.buf = bt_att_create_pdu(conn, rsp, 0); |
| if (!data.buf) { |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| |
| data.att = att; |
| data.offset = offset; |
| |
| /* Pre-set error if no attr will be found in handle */ |
| data.err = BT_ATT_ERR_INVALID_HANDLE; |
| |
| bt_gatt_foreach_attr(handle, handle, read_cb, &data); |
| |
| /* In case of error discard data and respond with an error */ |
| if (data.err) { |
| net_buf_unref(data.buf); |
| /* Respond here since handle is set */ |
| send_err_rsp(conn, op, handle, data.err); |
| return 0; |
| } |
| |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, data.buf, att_rsp_sent, |
| NULL); |
| |
| return 0; |
| } |
| |
| static u8_t att_read_req(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_att_read_req *req; |
| u16_t handle; |
| |
| req = (void *)buf->data; |
| |
| handle = sys_le16_to_cpu(req->handle); |
| |
| BT_DBG("handle 0x%04x", handle); |
| |
| return att_read_rsp(att, BT_ATT_OP_READ_REQ, BT_ATT_OP_READ_RSP, |
| handle, 0); |
| } |
| |
| static u8_t att_read_blob_req(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_att_read_blob_req *req; |
| u16_t handle, offset; |
| |
| req = (void *)buf->data; |
| |
| handle = sys_le16_to_cpu(req->handle); |
| offset = sys_le16_to_cpu(req->offset); |
| |
| BT_DBG("handle 0x%04x offset %u", handle, offset); |
| |
| return att_read_rsp(att, BT_ATT_OP_READ_BLOB_REQ, |
| BT_ATT_OP_READ_BLOB_RSP, handle, offset); |
| } |
| |
| #if defined(CONFIG_BT_GATT_READ_MULTIPLE) |
| static u8_t att_read_mult_req(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct read_data data; |
| u16_t handle; |
| |
| (void)memset(&data, 0, sizeof(data)); |
| |
| data.buf = bt_att_create_pdu(conn, BT_ATT_OP_READ_MULT_RSP, 0); |
| if (!data.buf) { |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| |
| data.att = att; |
| |
| while (buf->len >= sizeof(u16_t)) { |
| handle = net_buf_pull_le16(buf); |
| |
| BT_DBG("handle 0x%04x ", handle); |
| |
| /* An Error Response shall be sent by the server in response to |
| * the Read Multiple Request [....] if a read operation is not |
| * permitted on any of the Characteristic Values. |
| * |
| * If handle is not valid then return invalid handle error. |
| * If handle is found error will be cleared by read_cb. |
| */ |
| data.err = BT_ATT_ERR_INVALID_HANDLE; |
| |
| bt_gatt_foreach_attr(handle, handle, read_cb, &data); |
| |
| /* Stop reading in case of error */ |
| if (data.err) { |
| net_buf_unref(data.buf); |
| /* Respond here since handle is set */ |
| send_err_rsp(conn, BT_ATT_OP_READ_MULT_REQ, handle, |
| data.err); |
| return 0; |
| } |
| } |
| |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, data.buf, att_rsp_sent, |
| NULL); |
| |
| return 0; |
| } |
| #endif /* CONFIG_BT_GATT_READ_MULTIPLE */ |
| |
| struct read_group_data { |
| struct bt_att *att; |
| struct bt_uuid *uuid; |
| struct net_buf *buf; |
| struct bt_att_read_group_rsp *rsp; |
| struct bt_att_group_data *group; |
| }; |
| |
| static u8_t read_group_cb(const struct bt_gatt_attr *attr, void *user_data) |
| { |
| struct read_group_data *data = user_data; |
| struct bt_att *att = data->att; |
| struct bt_conn *conn = att->chan.chan.conn; |
| int read; |
| |
| /* Update group end_handle if attribute is not a service */ |
| if (bt_uuid_cmp(attr->uuid, BT_UUID_GATT_PRIMARY) && |
| bt_uuid_cmp(attr->uuid, BT_UUID_GATT_SECONDARY)) { |
| if (data->group && |
| attr->handle > sys_le16_to_cpu(data->group->end_handle)) { |
| data->group->end_handle = sys_cpu_to_le16(attr->handle); |
| } |
| return BT_GATT_ITER_CONTINUE; |
| } |
| |
| /* If Group Type don't match skip */ |
| if (bt_uuid_cmp(attr->uuid, data->uuid)) { |
| data->group = NULL; |
| return BT_GATT_ITER_CONTINUE; |
| } |
| |
| BT_DBG("handle 0x%04x", attr->handle); |
| |
| /* Stop if there is no space left */ |
| if (data->rsp->len && |
| att->chan.tx.mtu - data->buf->len < data->rsp->len) { |
| return BT_GATT_ITER_STOP; |
| } |
| |
| /* Fast forward to next group position */ |
| data->group = net_buf_add(data->buf, sizeof(*data->group)); |
| |
| /* Initialize group handle range */ |
| data->group->start_handle = sys_cpu_to_le16(attr->handle); |
| data->group->end_handle = sys_cpu_to_le16(attr->handle); |
| |
| /* Read attribute value and store in the buffer */ |
| read = attr->read(conn, attr, data->buf->data + data->buf->len, |
| att->chan.tx.mtu - data->buf->len, 0); |
| if (read < 0) { |
| /* TODO: Handle read errors */ |
| return BT_GATT_ITER_STOP; |
| } |
| |
| if (!data->rsp->len) { |
| /* Set len to be the first group found */ |
| data->rsp->len = read + sizeof(*data->group); |
| } else if (data->rsp->len != read + sizeof(*data->group)) { |
| /* All groups entries should have the same size */ |
| data->buf->len -= sizeof(*data->group); |
| return false; |
| } |
| |
| net_buf_add(data->buf, read); |
| |
| /* Continue to find the end handle */ |
| return BT_GATT_ITER_CONTINUE; |
| } |
| |
| static u8_t att_read_group_rsp(struct bt_att *att, struct bt_uuid *uuid, |
| u16_t start_handle, u16_t end_handle) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct read_group_data data; |
| |
| (void)memset(&data, 0, sizeof(data)); |
| |
| data.buf = bt_att_create_pdu(conn, BT_ATT_OP_READ_GROUP_RSP, |
| sizeof(*data.rsp)); |
| if (!data.buf) { |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| |
| data.att = att; |
| data.uuid = uuid; |
| data.rsp = net_buf_add(data.buf, sizeof(*data.rsp)); |
| data.rsp->len = 0U; |
| data.group = NULL; |
| |
| bt_gatt_foreach_attr(start_handle, end_handle, read_group_cb, &data); |
| |
| if (!data.rsp->len) { |
| net_buf_unref(data.buf); |
| /* Respond here since handle is set */ |
| send_err_rsp(conn, BT_ATT_OP_READ_GROUP_REQ, start_handle, |
| BT_ATT_ERR_ATTRIBUTE_NOT_FOUND); |
| return 0; |
| } |
| |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, data.buf, att_rsp_sent, |
| NULL); |
| |
| return 0; |
| } |
| |
| static u8_t att_read_group_req(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct bt_att_read_group_req *req; |
| u16_t start_handle, end_handle, err_handle; |
| union { |
| struct bt_uuid uuid; |
| struct bt_uuid_16 u16; |
| struct bt_uuid_128 u128; |
| } u; |
| u8_t uuid_len = buf->len - sizeof(*req); |
| |
| /* Type can only be UUID16 or UUID128 */ |
| if (uuid_len != 2 && uuid_len != 16) { |
| return BT_ATT_ERR_INVALID_PDU; |
| } |
| |
| req = net_buf_pull_mem(buf, sizeof(*req)); |
| |
| start_handle = sys_le16_to_cpu(req->start_handle); |
| end_handle = sys_le16_to_cpu(req->end_handle); |
| |
| if (!bt_uuid_create(&u.uuid, req->uuid, uuid_len)) { |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| |
| BT_DBG("start_handle 0x%04x end_handle 0x%04x type %s", |
| start_handle, end_handle, bt_uuid_str(&u.uuid)); |
| |
| if (!range_is_valid(start_handle, end_handle, &err_handle)) { |
| send_err_rsp(conn, BT_ATT_OP_READ_GROUP_REQ, err_handle, |
| BT_ATT_ERR_INVALID_HANDLE); |
| return 0; |
| } |
| |
| /* Core v4.2, Vol 3, sec 2.5.3 Attribute Grouping: |
| * Not all of the grouping attributes can be used in the ATT |
| * Read By Group Type Request. The "Primary Service" and "Secondary |
| * Service" grouping types may be used in the Read By Group Type |
| * Request. The "Characteristic" grouping type shall not be used in |
| * the ATT Read By Group Type Request. |
| */ |
| if (bt_uuid_cmp(&u.uuid, BT_UUID_GATT_PRIMARY) && |
| bt_uuid_cmp(&u.uuid, BT_UUID_GATT_SECONDARY)) { |
| send_err_rsp(conn, BT_ATT_OP_READ_GROUP_REQ, start_handle, |
| BT_ATT_ERR_UNSUPPORTED_GROUP_TYPE); |
| return 0; |
| } |
| |
| return att_read_group_rsp(att, &u.uuid, start_handle, end_handle); |
| } |
| |
| struct write_data { |
| struct bt_conn *conn; |
| struct net_buf *buf; |
| u8_t req; |
| const void *value; |
| u8_t len; |
| u16_t offset; |
| u8_t err; |
| }; |
| |
| static u8_t write_cb(const struct bt_gatt_attr *attr, void *user_data) |
| { |
| struct write_data *data = user_data; |
| int write; |
| u8_t flags = 0U; |
| |
| BT_DBG("handle 0x%04x offset %u", attr->handle, data->offset); |
| |
| /* Check attribute permissions */ |
| data->err = bt_gatt_check_perm(data->conn, attr, |
| BT_GATT_PERM_WRITE_MASK); |
| if (data->err) { |
| return BT_GATT_ITER_STOP; |
| } |
| |
| /* Set command flag if not a request */ |
| if (!data->req) { |
| flags |= BT_GATT_WRITE_FLAG_CMD; |
| } |
| |
| /* Write attribute value */ |
| write = attr->write(data->conn, attr, data->value, data->len, |
| data->offset, flags); |
| if (write < 0 || write != data->len) { |
| data->err = err_to_att(write); |
| return BT_GATT_ITER_STOP; |
| } |
| |
| data->err = 0U; |
| |
| return BT_GATT_ITER_CONTINUE; |
| } |
| |
| static u8_t att_write_rsp(struct bt_conn *conn, u8_t req, u8_t rsp, |
| u16_t handle, u16_t offset, const void *value, |
| u8_t len) |
| { |
| struct write_data data; |
| |
| if (!bt_gatt_change_aware(conn, req ? true : false)) { |
| return BT_ATT_ERR_DB_OUT_OF_SYNC; |
| } |
| |
| if (!handle) { |
| return BT_ATT_ERR_INVALID_HANDLE; |
| } |
| |
| (void)memset(&data, 0, sizeof(data)); |
| |
| /* Only allocate buf if required to respond */ |
| if (rsp) { |
| data.buf = bt_att_create_pdu(conn, rsp, 0); |
| if (!data.buf) { |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| } |
| |
| data.conn = conn; |
| data.req = req; |
| data.offset = offset; |
| data.value = value; |
| data.len = len; |
| data.err = BT_ATT_ERR_INVALID_HANDLE; |
| |
| bt_gatt_foreach_attr(handle, handle, write_cb, &data); |
| |
| if (data.err) { |
| /* In case of error discard data and respond with an error */ |
| if (rsp) { |
| net_buf_unref(data.buf); |
| /* Respond here since handle is set */ |
| send_err_rsp(conn, req, handle, data.err); |
| } |
| return req == BT_ATT_OP_EXEC_WRITE_REQ ? data.err : 0; |
| } |
| |
| if (data.buf) { |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, data.buf, |
| att_rsp_sent, NULL); |
| } |
| |
| return 0; |
| } |
| |
| static u8_t att_write_req(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| u16_t handle; |
| |
| handle = net_buf_pull_le16(buf); |
| |
| BT_DBG("handle 0x%04x", handle); |
| |
| return att_write_rsp(conn, BT_ATT_OP_WRITE_REQ, BT_ATT_OP_WRITE_RSP, |
| handle, 0, buf->data, buf->len); |
| } |
| |
| #if CONFIG_BT_ATT_PREPARE_COUNT > 0 |
| struct prep_data { |
| struct bt_conn *conn; |
| struct net_buf *buf; |
| const void *value; |
| u8_t len; |
| u16_t offset; |
| u8_t err; |
| }; |
| |
| static u8_t prep_write_cb(const struct bt_gatt_attr *attr, void *user_data) |
| { |
| struct prep_data *data = user_data; |
| struct bt_attr_data *attr_data; |
| int write; |
| |
| BT_DBG("handle 0x%04x offset %u", attr->handle, data->offset); |
| |
| /* Check attribute permissions */ |
| data->err = bt_gatt_check_perm(data->conn, attr, |
| BT_GATT_PERM_WRITE_MASK); |
| if (data->err) { |
| return BT_GATT_ITER_STOP; |
| } |
| |
| /* Check if attribute requires handler to accept the data */ |
| if (!(attr->perm & BT_GATT_PERM_PREPARE_WRITE)) { |
| goto append; |
| } |
| |
| /* Write attribute value to check if device is authorized */ |
| write = attr->write(data->conn, attr, data->value, data->len, |
| data->offset, BT_GATT_WRITE_FLAG_PREPARE); |
| if (write != 0) { |
| data->err = err_to_att(write); |
| return BT_GATT_ITER_STOP; |
| } |
| |
| append: |
| /* Copy data into the outstanding queue */ |
| data->buf = net_buf_alloc(&prep_pool, K_NO_WAIT); |
| if (!data->buf) { |
| data->err = BT_ATT_ERR_PREPARE_QUEUE_FULL; |
| return BT_GATT_ITER_STOP; |
| } |
| |
| attr_data = net_buf_user_data(data->buf); |
| attr_data->handle = attr->handle; |
| attr_data->offset = data->offset; |
| |
| net_buf_add_mem(data->buf, data->value, data->len); |
| |
| data->err = 0U; |
| |
| return BT_GATT_ITER_CONTINUE; |
| } |
| |
| static u8_t att_prep_write_rsp(struct bt_att *att, u16_t handle, u16_t offset, |
| const void *value, u8_t len) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct prep_data data; |
| struct bt_att_prepare_write_rsp *rsp; |
| |
| if (!bt_gatt_change_aware(conn, true)) { |
| return BT_ATT_ERR_DB_OUT_OF_SYNC; |
| } |
| |
| if (!handle) { |
| return BT_ATT_ERR_INVALID_HANDLE; |
| } |
| |
| (void)memset(&data, 0, sizeof(data)); |
| |
| data.conn = conn; |
| data.offset = offset; |
| data.value = value; |
| data.len = len; |
| data.err = BT_ATT_ERR_INVALID_HANDLE; |
| |
| bt_gatt_foreach_attr(handle, handle, prep_write_cb, &data); |
| |
| if (data.err) { |
| /* Respond here since handle is set */ |
| send_err_rsp(conn, BT_ATT_OP_PREPARE_WRITE_REQ, handle, |
| data.err); |
| return 0; |
| } |
| |
| BT_DBG("buf %p handle 0x%04x offset %u", data.buf, handle, offset); |
| |
| /* Store buffer in the outstanding queue */ |
| net_buf_put(&att->prep_queue, data.buf); |
| |
| /* Generate response */ |
| data.buf = bt_att_create_pdu(conn, BT_ATT_OP_PREPARE_WRITE_RSP, 0); |
| if (!data.buf) { |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| |
| rsp = net_buf_add(data.buf, sizeof(*rsp)); |
| rsp->handle = sys_cpu_to_le16(handle); |
| rsp->offset = sys_cpu_to_le16(offset); |
| net_buf_add(data.buf, len); |
| memcpy(rsp->value, value, len); |
| |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, data.buf, att_rsp_sent, |
| NULL); |
| |
| return 0; |
| } |
| #endif /* CONFIG_BT_ATT_PREPARE_COUNT */ |
| |
| static u8_t att_prepare_write_req(struct bt_att *att, struct net_buf *buf) |
| { |
| #if CONFIG_BT_ATT_PREPARE_COUNT == 0 |
| return BT_ATT_ERR_NOT_SUPPORTED; |
| #else |
| struct bt_att_prepare_write_req *req; |
| u16_t handle, offset; |
| |
| req = net_buf_pull_mem(buf, sizeof(*req)); |
| |
| handle = sys_le16_to_cpu(req->handle); |
| offset = sys_le16_to_cpu(req->offset); |
| |
| BT_DBG("handle 0x%04x offset %u", handle, offset); |
| |
| return att_prep_write_rsp(att, handle, offset, buf->data, buf->len); |
| #endif /* CONFIG_BT_ATT_PREPARE_COUNT */ |
| } |
| |
| #if CONFIG_BT_ATT_PREPARE_COUNT > 0 |
| static u8_t att_exec_write_rsp(struct bt_att *att, u8_t flags) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct net_buf *buf; |
| u8_t err = 0U; |
| |
| while ((buf = net_buf_get(&att->prep_queue, K_NO_WAIT))) { |
| struct bt_attr_data *data = net_buf_user_data(buf); |
| |
| BT_DBG("buf %p handle 0x%04x offset %u", buf, data->handle, |
| data->offset); |
| |
| /* Just discard the data if an error was set */ |
| if (!err && flags == BT_ATT_FLAG_EXEC) { |
| err = att_write_rsp(conn, BT_ATT_OP_EXEC_WRITE_REQ, 0, |
| data->handle, data->offset, |
| buf->data, buf->len); |
| if (err) { |
| /* Respond here since handle is set */ |
| send_err_rsp(conn, BT_ATT_OP_EXEC_WRITE_REQ, |
| data->handle, err); |
| } |
| } |
| |
| net_buf_unref(buf); |
| } |
| |
| if (err) { |
| return 0; |
| } |
| |
| /* Generate response */ |
| buf = bt_att_create_pdu(conn, BT_ATT_OP_EXEC_WRITE_RSP, 0); |
| if (!buf) { |
| return BT_ATT_ERR_UNLIKELY; |
| } |
| |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, buf, att_rsp_sent, NULL); |
| |
| return 0; |
| } |
| #endif /* CONFIG_BT_ATT_PREPARE_COUNT */ |
| |
| |
| static u8_t att_exec_write_req(struct bt_att *att, struct net_buf *buf) |
| { |
| #if CONFIG_BT_ATT_PREPARE_COUNT == 0 |
| return BT_ATT_ERR_NOT_SUPPORTED; |
| #else |
| struct bt_att_exec_write_req *req; |
| |
| req = (void *)buf->data; |
| |
| BT_DBG("flags 0x%02x", req->flags); |
| |
| return att_exec_write_rsp(att, req->flags); |
| #endif /* CONFIG_BT_ATT_PREPARE_COUNT */ |
| } |
| |
| static u8_t att_write_cmd(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| u16_t handle; |
| |
| handle = net_buf_pull_le16(buf); |
| |
| BT_DBG("handle 0x%04x", handle); |
| |
| return att_write_rsp(conn, 0, 0, handle, 0, buf->data, buf->len); |
| } |
| |
| #if defined(CONFIG_BT_SIGNING) |
| static u8_t att_signed_write_cmd(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| struct bt_att_signed_write_cmd *req; |
| u16_t handle; |
| int err; |
| |
| req = (void *)buf->data; |
| |
| handle = sys_le16_to_cpu(req->handle); |
| |
| BT_DBG("handle 0x%04x", handle); |
| |
| /* Verifying data requires full buffer including attribute header */ |
| net_buf_push(buf, sizeof(struct bt_att_hdr)); |
| err = bt_smp_sign_verify(conn, buf); |
| if (err) { |
| BT_ERR("Error verifying data"); |
| /* No response for this command */ |
| return 0; |
| } |
| |
| net_buf_pull(buf, sizeof(struct bt_att_hdr)); |
| net_buf_pull(buf, sizeof(*req)); |
| |
| return att_write_rsp(conn, 0, 0, handle, 0, buf->data, |
| buf->len - sizeof(struct bt_att_signature)); |
| } |
| #endif /* CONFIG_BT_SIGNING */ |
| |
| #if defined(CONFIG_BT_GATT_CLIENT) |
| #if defined(CONFIG_BT_SMP) |
| static int att_change_security(struct bt_conn *conn, u8_t err) |
| { |
| bt_security_t sec; |
| |
| switch (err) { |
| case BT_ATT_ERR_INSUFFICIENT_ENCRYPTION: |
| if (conn->sec_level >= BT_SECURITY_L2) |
| return -EALREADY; |
| sec = BT_SECURITY_L2; |
| break; |
| case BT_ATT_ERR_AUTHENTICATION: |
| if (conn->sec_level < BT_SECURITY_L2) { |
| /* BLUETOOTH SPECIFICATION Version 4.2 [Vol 3, Part C] |
| * page 375: |
| * |
| * If an LTK is not available, the service request |
| * shall be rejected with the error code 'Insufficient |
| * Authentication'. |
| * Note: When the link is not encrypted, the error code |
| * "Insufficient Authentication" does not indicate that |
| * MITM protection is required. |
| */ |
| sec = BT_SECURITY_L2; |
| } else if (conn->sec_level < BT_SECURITY_L3) { |
| /* BLUETOOTH SPECIFICATION Version 4.2 [Vol 3, Part C] |
| * page 375: |
| * |
| * If an authenticated pairing is required but only an |
| * unauthenticated pairing has occurred and the link is |
| * currently encrypted, the service request shall be |
| * rejected with the error code 'Insufficient |
| * Authentication'. |
| * Note: When unauthenticated pairing has occurred and |
| * the link is currently encrypted, the error code |
| * 'Insufficient Authentication' indicates that MITM |
| * protection is required. |
| */ |
| sec = BT_SECURITY_L3; |
| } else if (conn->sec_level < BT_SECURITY_L4) { |
| /* BLUETOOTH SPECIFICATION Version 4.2 [Vol 3, Part C] |
| * page 375: |
| * |
| * If LE Secure Connections authenticated pairing is |
| * required but LE legacy pairing has occurred and the |
| * link is currently encrypted, the service request |
| * shall be rejected with the error code ''Insufficient |
| * Authentication'. |
| */ |
| sec = BT_SECURITY_L4; |
| } else { |
| return -EALREADY; |
| } |
| break; |
| default: |
| return -EINVAL; |
| } |
| |
| return bt_conn_set_security(conn, sec); |
| } |
| #endif /* CONFIG_BT_SMP */ |
| |
| static u8_t att_error_rsp(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_att_error_rsp *rsp; |
| u8_t err; |
| |
| rsp = (void *)buf->data; |
| |
| BT_DBG("request 0x%02x handle 0x%04x error 0x%02x", rsp->request, |
| sys_le16_to_cpu(rsp->handle), rsp->error); |
| |
| /* Don't retry if there is no req pending or it has been cancelled */ |
| if (!att->req || att->req == &cancel) { |
| err = BT_ATT_ERR_UNLIKELY; |
| goto done; |
| } |
| |
| if (att->req->buf) { |
| /* Restore state to be resent */ |
| net_buf_simple_restore(&att->req->buf->b, &att->req->state); |
| } |
| |
| err = rsp->error; |
| #if defined(CONFIG_BT_SMP) |
| if (att->req->retrying) { |
| goto done; |
| } |
| |
| /* Check if security needs to be changed */ |
| if (!att_change_security(att->chan.chan.conn, err)) { |
| att->req->retrying = true; |
| /* Wait security_changed: TODO: Handle fail case */ |
| return 0; |
| } |
| #endif /* CONFIG_BT_SMP */ |
| |
| done: |
| return att_handle_rsp(att, NULL, 0, err); |
| } |
| |
| static u8_t att_handle_find_info_rsp(struct bt_att *att, struct net_buf *buf) |
| { |
| BT_DBG(""); |
| |
| return att_handle_rsp(att, buf->data, buf->len, 0); |
| } |
| |
| static u8_t att_handle_find_type_rsp(struct bt_att *att, struct net_buf *buf) |
| { |
| BT_DBG(""); |
| |
| return att_handle_rsp(att, buf->data, buf->len, 0); |
| } |
| |
| static u8_t att_handle_read_type_rsp(struct bt_att *att, struct net_buf *buf) |
| { |
| BT_DBG(""); |
| |
| return att_handle_rsp(att, buf->data, buf->len, 0); |
| } |
| |
| static u8_t att_handle_read_rsp(struct bt_att *att, struct net_buf *buf) |
| { |
| BT_DBG(""); |
| |
| return att_handle_rsp(att, buf->data, buf->len, 0); |
| } |
| |
| static u8_t att_handle_read_blob_rsp(struct bt_att *att, struct net_buf *buf) |
| { |
| BT_DBG(""); |
| |
| return att_handle_rsp(att, buf->data, buf->len, 0); |
| } |
| |
| #if defined(CONFIG_BT_GATT_READ_MULTIPLE) |
| static u8_t att_handle_read_mult_rsp(struct bt_att *att, struct net_buf *buf) |
| { |
| BT_DBG(""); |
| |
| return att_handle_rsp(att, buf->data, buf->len, 0); |
| } |
| #endif /* CONFIG_BT_GATT_READ_MULTIPLE */ |
| |
| static u8_t att_handle_read_group_rsp(struct bt_att *att, struct net_buf *buf) |
| { |
| BT_DBG(""); |
| |
| return att_handle_rsp(att, buf->data, buf->len, 0); |
| } |
| |
| static u8_t att_handle_write_rsp(struct bt_att *att, struct net_buf *buf) |
| { |
| BT_DBG(""); |
| |
| return att_handle_rsp(att, buf->data, buf->len, 0); |
| } |
| |
| static u8_t att_handle_prepare_write_rsp(struct bt_att *att, |
| struct net_buf *buf) |
| { |
| BT_DBG(""); |
| |
| return att_handle_rsp(att, buf->data, buf->len, 0); |
| } |
| |
| static u8_t att_handle_exec_write_rsp(struct bt_att *att, struct net_buf *buf) |
| { |
| BT_DBG(""); |
| |
| return att_handle_rsp(att, buf->data, buf->len, 0); |
| } |
| |
| static u8_t att_notify(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| u16_t handle; |
| |
| handle = net_buf_pull_le16(buf); |
| |
| BT_DBG("handle 0x%04x", handle); |
| |
| bt_gatt_notification(conn, handle, buf->data, buf->len); |
| |
| return 0; |
| } |
| |
| static u8_t att_indicate(struct bt_att *att, struct net_buf *buf) |
| { |
| struct bt_conn *conn = att->chan.chan.conn; |
| u16_t handle; |
| |
| handle = net_buf_pull_le16(buf); |
| |
| BT_DBG("handle 0x%04x", handle); |
| |
| bt_gatt_notification(conn, handle, buf->data, buf->len); |
| |
| buf = bt_att_create_pdu(conn, BT_ATT_OP_CONFIRM, 0); |
| if (!buf) { |
| return 0; |
| } |
| |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, buf, att_cfm_sent, NULL); |
| |
| return 0; |
| } |
| #endif /* CONFIG_BT_GATT_CLIENT */ |
| |
| static u8_t att_confirm(struct bt_att *att, struct net_buf *buf) |
| { |
| BT_DBG(""); |
| |
| return att_handle_rsp(att, buf->data, buf->len, 0); |
| } |
| |
| static const struct att_handler { |
| u8_t op; |
| u8_t expect_len; |
| att_type_t type; |
| u8_t (*func)(struct bt_att *att, struct net_buf *buf); |
| } handlers[] = { |
| { BT_ATT_OP_MTU_REQ, |
| sizeof(struct bt_att_exchange_mtu_req), |
| ATT_REQUEST, |
| att_mtu_req }, |
| { BT_ATT_OP_FIND_INFO_REQ, |
| sizeof(struct bt_att_find_info_req), |
| ATT_REQUEST, |
| att_find_info_req }, |
| { BT_ATT_OP_FIND_TYPE_REQ, |
| sizeof(struct bt_att_find_type_req), |
| ATT_REQUEST, |
| att_find_type_req }, |
| { BT_ATT_OP_READ_TYPE_REQ, |
| sizeof(struct bt_att_read_type_req), |
| ATT_REQUEST, |
| att_read_type_req }, |
| { BT_ATT_OP_READ_REQ, |
| sizeof(struct bt_att_read_req), |
| ATT_REQUEST, |
| att_read_req }, |
| { BT_ATT_OP_READ_BLOB_REQ, |
| sizeof(struct bt_att_read_blob_req), |
| ATT_REQUEST, |
| att_read_blob_req }, |
| #if defined(CONFIG_BT_GATT_READ_MULTIPLE) |
| { BT_ATT_OP_READ_MULT_REQ, |
| BT_ATT_READ_MULT_MIN_LEN_REQ, |
| ATT_REQUEST, |
| att_read_mult_req }, |
| #endif /* CONFIG_BT_GATT_READ_MULTIPLE */ |
| { BT_ATT_OP_READ_GROUP_REQ, |
| sizeof(struct bt_att_read_group_req), |
| ATT_REQUEST, |
| att_read_group_req }, |
| { BT_ATT_OP_WRITE_REQ, |
| sizeof(struct bt_att_write_req), |
| ATT_REQUEST, |
| att_write_req }, |
| { BT_ATT_OP_PREPARE_WRITE_REQ, |
| sizeof(struct bt_att_prepare_write_req), |
| ATT_REQUEST, |
| att_prepare_write_req }, |
| { BT_ATT_OP_EXEC_WRITE_REQ, |
| sizeof(struct bt_att_exec_write_req), |
| ATT_REQUEST, |
| att_exec_write_req }, |
| { BT_ATT_OP_CONFIRM, |
| 0, |
| ATT_CONFIRMATION, |
| att_confirm }, |
| { BT_ATT_OP_WRITE_CMD, |
| sizeof(struct bt_att_write_cmd), |
| ATT_COMMAND, |
| att_write_cmd }, |
| #if defined(CONFIG_BT_SIGNING) |
| { BT_ATT_OP_SIGNED_WRITE_CMD, |
| (sizeof(struct bt_att_write_cmd) + |
| sizeof(struct bt_att_signature)), |
| ATT_COMMAND, |
| att_signed_write_cmd }, |
| #endif /* CONFIG_BT_SIGNING */ |
| #if defined(CONFIG_BT_GATT_CLIENT) |
| { BT_ATT_OP_ERROR_RSP, |
| sizeof(struct bt_att_error_rsp), |
| ATT_RESPONSE, |
| att_error_rsp }, |
| { BT_ATT_OP_MTU_RSP, |
| sizeof(struct bt_att_exchange_mtu_rsp), |
| ATT_RESPONSE, |
| att_mtu_rsp }, |
| { BT_ATT_OP_FIND_INFO_RSP, |
| sizeof(struct bt_att_find_info_rsp), |
| ATT_RESPONSE, |
| att_handle_find_info_rsp }, |
| { BT_ATT_OP_FIND_TYPE_RSP, |
| sizeof(struct bt_att_find_type_rsp), |
| ATT_RESPONSE, |
| att_handle_find_type_rsp }, |
| { BT_ATT_OP_READ_TYPE_RSP, |
| sizeof(struct bt_att_read_type_rsp), |
| ATT_RESPONSE, |
| att_handle_read_type_rsp }, |
| { BT_ATT_OP_READ_RSP, |
| sizeof(struct bt_att_read_rsp), |
| ATT_RESPONSE, |
| att_handle_read_rsp }, |
| { BT_ATT_OP_READ_BLOB_RSP, |
| sizeof(struct bt_att_read_blob_rsp), |
| ATT_RESPONSE, |
| att_handle_read_blob_rsp }, |
| #if defined(CONFIG_BT_GATT_READ_MULTIPLE) |
| { BT_ATT_OP_READ_MULT_RSP, |
| sizeof(struct bt_att_read_mult_rsp), |
| ATT_RESPONSE, |
| att_handle_read_mult_rsp }, |
| #endif /* CONFIG_BT_GATT_READ_MULTIPLE */ |
| { BT_ATT_OP_READ_GROUP_RSP, |
| sizeof(struct bt_att_read_group_rsp), |
| ATT_RESPONSE, |
| att_handle_read_group_rsp }, |
| { BT_ATT_OP_WRITE_RSP, |
| 0, |
| ATT_RESPONSE, |
| att_handle_write_rsp }, |
| { BT_ATT_OP_PREPARE_WRITE_RSP, |
| sizeof(struct bt_att_prepare_write_rsp), |
| ATT_RESPONSE, |
| att_handle_prepare_write_rsp }, |
| { BT_ATT_OP_EXEC_WRITE_RSP, |
| 0, |
| ATT_RESPONSE, |
| att_handle_exec_write_rsp }, |
| { BT_ATT_OP_NOTIFY, |
| sizeof(struct bt_att_notify), |
| ATT_NOTIFICATION, |
| att_notify }, |
| { BT_ATT_OP_INDICATE, |
| sizeof(struct bt_att_indicate), |
| ATT_INDICATION, |
| att_indicate }, |
| #endif /* CONFIG_BT_GATT_CLIENT */ |
| }; |
| |
| static att_type_t att_op_get_type(u8_t op) |
| { |
| switch (op) { |
| case BT_ATT_OP_MTU_REQ: |
| case BT_ATT_OP_FIND_INFO_REQ: |
| case BT_ATT_OP_FIND_TYPE_REQ: |
| case BT_ATT_OP_READ_TYPE_REQ: |
| case BT_ATT_OP_READ_REQ: |
| case BT_ATT_OP_READ_BLOB_REQ: |
| case BT_ATT_OP_READ_MULT_REQ: |
| case BT_ATT_OP_READ_GROUP_REQ: |
| case BT_ATT_OP_WRITE_REQ: |
| case BT_ATT_OP_PREPARE_WRITE_REQ: |
| case BT_ATT_OP_EXEC_WRITE_REQ: |
| return ATT_REQUEST; |
| case BT_ATT_OP_CONFIRM: |
| return ATT_CONFIRMATION; |
| case BT_ATT_OP_WRITE_CMD: |
| case BT_ATT_OP_SIGNED_WRITE_CMD: |
| return ATT_COMMAND; |
| case BT_ATT_OP_ERROR_RSP: |
| case BT_ATT_OP_MTU_RSP: |
| case BT_ATT_OP_FIND_INFO_RSP: |
| case BT_ATT_OP_FIND_TYPE_RSP: |
| case BT_ATT_OP_READ_TYPE_RSP: |
| case BT_ATT_OP_READ_RSP: |
| case BT_ATT_OP_READ_BLOB_RSP: |
| case BT_ATT_OP_READ_MULT_RSP: |
| case BT_ATT_OP_READ_GROUP_RSP: |
| case BT_ATT_OP_WRITE_RSP: |
| case BT_ATT_OP_PREPARE_WRITE_RSP: |
| case BT_ATT_OP_EXEC_WRITE_RSP: |
| return ATT_RESPONSE; |
| case BT_ATT_OP_NOTIFY: |
| return ATT_NOTIFICATION; |
| case BT_ATT_OP_INDICATE: |
| return ATT_INDICATION; |
| } |
| |
| if (op & ATT_CMD_MASK) { |
| return ATT_COMMAND; |
| } |
| |
| return ATT_UNKNOWN; |
| } |
| |
| static int bt_att_recv(struct bt_l2cap_chan *chan, struct net_buf *buf) |
| { |
| struct bt_att *att = ATT_CHAN(chan); |
| struct bt_att_hdr *hdr; |
| const struct att_handler *handler; |
| u8_t err; |
| size_t i; |
| |
| if (buf->len < sizeof(*hdr)) { |
| BT_ERR("Too small ATT PDU received"); |
| return 0; |
| } |
| |
| hdr = net_buf_pull_mem(buf, sizeof(*hdr)); |
| BT_DBG("Received ATT code 0x%02x len %u", hdr->code, buf->len); |
| |
| for (i = 0, handler = NULL; i < ARRAY_SIZE(handlers); i++) { |
| if (hdr->code == handlers[i].op) { |
| handler = &handlers[i]; |
| break; |
| } |
| } |
| |
| if (!handler) { |
| BT_WARN("Unhandled ATT code 0x%02x", hdr->code); |
| if (att_op_get_type(hdr->code) != ATT_COMMAND) { |
| send_err_rsp(chan->conn, hdr->code, 0, |
| BT_ATT_ERR_NOT_SUPPORTED); |
| } |
| return 0; |
| } |
| |
| if (IS_ENABLED(CONFIG_BT_ATT_ENFORCE_FLOW)) { |
| if (handler->type == ATT_REQUEST && |
| atomic_test_and_set_bit(att->flags, ATT_PENDING_RSP)) { |
| BT_WARN("Ignoring unexpected request"); |
| return 0; |
| } else if (handler->type == ATT_INDICATION && |
| atomic_test_and_set_bit(att->flags, |
| ATT_PENDING_CFM)) { |
| BT_WARN("Ignoring unexpected indication"); |
| return 0; |
| } |
| } |
| |
| if (buf->len < handler->expect_len) { |
| BT_ERR("Invalid len %u for code 0x%02x", buf->len, hdr->code); |
| err = BT_ATT_ERR_INVALID_PDU; |
| } else { |
| err = handler->func(att, buf); |
| } |
| |
| if (handler->type == ATT_REQUEST && err) { |
| BT_DBG("ATT error 0x%02x", err); |
| send_err_rsp(chan->conn, hdr->code, 0, err); |
| } |
| |
| return 0; |
| } |
| |
| static struct bt_att *att_chan_get(struct bt_conn *conn) |
| { |
| struct bt_l2cap_chan *chan; |
| struct bt_att *att; |
| |
| if (conn->state != BT_CONN_CONNECTED) { |
| BT_WARN("Not connected"); |
| return NULL; |
| } |
| |
| chan = bt_l2cap_le_lookup_rx_cid(conn, BT_L2CAP_CID_ATT); |
| if (!chan) { |
| BT_ERR("Unable to find ATT channel"); |
| return NULL; |
| } |
| |
| att = ATT_CHAN(chan); |
| if (atomic_test_bit(att->flags, ATT_DISCONNECTED)) { |
| BT_WARN("ATT context flagged as disconnected"); |
| return NULL; |
| } |
| |
| return att; |
| } |
| |
| struct net_buf *bt_att_create_pdu(struct bt_conn *conn, u8_t op, size_t len) |
| { |
| struct bt_att_hdr *hdr; |
| struct net_buf *buf; |
| struct bt_att *att; |
| |
| att = att_chan_get(conn); |
| if (!att) { |
| return NULL; |
| } |
| |
| if (len + sizeof(op) > att->chan.tx.mtu) { |
| BT_WARN("ATT MTU exceeded, max %u, wanted %zu", |
| att->chan.tx.mtu, len + sizeof(op)); |
| return NULL; |
| } |
| |
| switch (att_op_get_type(op)) { |
| case ATT_RESPONSE: |
| case ATT_CONFIRMATION: |
| /* Use a timeout only when responding/confirming */ |
| buf = bt_l2cap_create_pdu_timeout(NULL, 0, ATT_TIMEOUT); |
| break; |
| default: |
| buf = bt_l2cap_create_pdu(NULL, 0); |
| } |
| |
| if (!buf) { |
| BT_ERR("Unable to allocate buffer for op 0x%02x", op); |
| return NULL; |
| } |
| |
| hdr = net_buf_add(buf, sizeof(*hdr)); |
| hdr->code = op; |
| |
| return buf; |
| } |
| |
| static void att_reset(struct bt_att *att) |
| { |
| struct bt_att_req *req, *tmp; |
| int i; |
| struct net_buf *buf; |
| |
| #if CONFIG_BT_ATT_PREPARE_COUNT > 0 |
| /* Discard queued buffers */ |
| while ((buf = k_fifo_get(&att->prep_queue, K_NO_WAIT))) { |
| net_buf_unref(buf); |
| } |
| #endif /* CONFIG_BT_ATT_PREPARE_COUNT > 0 */ |
| |
| while ((buf = k_fifo_get(&att->tx_queue, K_NO_WAIT))) { |
| net_buf_unref(buf); |
| } |
| |
| atomic_set_bit(att->flags, ATT_DISCONNECTED); |
| |
| /* Ensure that any waiters are woken up */ |
| for (i = 0; i < CONFIG_BT_ATT_TX_MAX; i++) { |
| k_sem_give(&att->tx_sem); |
| } |
| |
| /* Notify pending requests */ |
| SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&att->reqs, req, tmp, node) { |
| if (req->func) { |
| req->func(NULL, BT_ATT_ERR_UNLIKELY, NULL, 0, req); |
| } |
| |
| att_req_destroy(req); |
| } |
| |
| /* Reset list */ |
| sys_slist_init(&att->reqs); |
| |
| if (!att->req) { |
| return; |
| } |
| |
| /* Notify outstanding request */ |
| att_handle_rsp(att, NULL, 0, BT_ATT_ERR_UNLIKELY); |
| } |
| |
| static void att_timeout(struct k_work *work) |
| { |
| struct bt_att *att = CONTAINER_OF(work, struct bt_att, timeout_work); |
| struct bt_l2cap_le_chan *ch = &att->chan; |
| |
| BT_ERR("ATT Timeout"); |
| |
| /* BLUETOOTH SPECIFICATION Version 4.2 [Vol 3, Part F] page 480: |
| * |
| * A transaction not completed within 30 seconds shall time out. Such a |
| * transaction shall be considered to have failed and the local higher |
| * layers shall be informed of this failure. No more attribute protocol |
| * requests, commands, indications or notifications shall be sent to the |
| * target device on this ATT Bearer. |
| */ |
| att_reset(att); |
| |
| /* Consider the channel disconnected */ |
| bt_gatt_disconnected(ch->chan.conn); |
| ch->chan.conn = NULL; |
| } |
| |
| static void bt_att_connected(struct bt_l2cap_chan *chan) |
| { |
| struct bt_att *att = ATT_CHAN(chan); |
| struct bt_l2cap_le_chan *ch = BT_L2CAP_LE_CHAN(chan); |
| |
| BT_DBG("chan %p cid 0x%04x", ch, ch->tx.cid); |
| |
| k_fifo_init(&att->tx_queue); |
| #if CONFIG_BT_ATT_PREPARE_COUNT > 0 |
| k_fifo_init(&att->prep_queue); |
| #endif |
| |
| ch->tx.mtu = BT_ATT_DEFAULT_LE_MTU; |
| ch->rx.mtu = BT_ATT_DEFAULT_LE_MTU; |
| |
| k_delayed_work_init(&att->timeout_work, att_timeout); |
| sys_slist_init(&att->reqs); |
| } |
| |
| static void bt_att_disconnected(struct bt_l2cap_chan *chan) |
| { |
| struct bt_att *att = ATT_CHAN(chan); |
| struct bt_l2cap_le_chan *ch = BT_L2CAP_LE_CHAN(chan); |
| |
| BT_DBG("chan %p cid 0x%04x", ch, ch->tx.cid); |
| |
| att_reset(att); |
| |
| bt_gatt_disconnected(ch->chan.conn); |
| } |
| |
| #if defined(CONFIG_BT_SMP) |
| static void bt_att_encrypt_change(struct bt_l2cap_chan *chan, |
| u8_t hci_status) |
| { |
| struct bt_att *att = ATT_CHAN(chan); |
| struct bt_l2cap_le_chan *ch = BT_L2CAP_LE_CHAN(chan); |
| struct bt_conn *conn = ch->chan.conn; |
| |
| BT_DBG("chan %p conn %p handle %u sec_level 0x%02x status 0x%02x", ch, |
| conn, conn->handle, conn->sec_level, hci_status); |
| |
| /* |
| * If status (HCI status of security procedure) is non-zero, notify |
| * outstanding request about security failure. |
| */ |
| if (hci_status) { |
| att_handle_rsp(att, NULL, 0, BT_ATT_ERR_AUTHENTICATION); |
| return; |
| } |
| |
| bt_gatt_encrypt_change(conn); |
| |
| if (conn->sec_level == BT_SECURITY_L1) { |
| return; |
| } |
| |
| if (!att->req || !att->req->retrying) { |
| return; |
| } |
| |
| k_sem_take(&att->tx_sem, K_FOREVER); |
| if (!att_is_connected(att)) { |
| BT_WARN("Disconnected"); |
| k_sem_give(&att->tx_sem); |
| return; |
| } |
| |
| BT_DBG("Retrying"); |
| |
| /* Resend buffer */ |
| (void)bt_l2cap_send_cb(conn, BT_L2CAP_CID_ATT, att->req->buf, |
| att_cb(att->req->buf), NULL); |
| att->req->buf = NULL; |
| } |
| #endif /* CONFIG_BT_SMP */ |
| |
| static int bt_att_accept(struct bt_conn *conn, struct bt_l2cap_chan **chan) |
| { |
| int i; |
| static struct bt_l2cap_chan_ops ops = { |
| .connected = bt_att_connected, |
| .disconnected = bt_att_disconnected, |
| .recv = bt_att_recv, |
| #if defined(CONFIG_BT_SMP) |
| .encrypt_change = bt_att_encrypt_change, |
| #endif /* CONFIG_BT_SMP */ |
| }; |
| |
| BT_DBG("conn %p handle %u", conn, conn->handle); |
| |
| for (i = 0; i < ARRAY_SIZE(bt_req_pool); i++) { |
| struct bt_att *att = &bt_req_pool[i]; |
| |
| if (att->chan.chan.conn) { |
| continue; |
| } |
| |
| (void)memset(att, 0, sizeof(*att)); |
| att->chan.chan.ops = &ops; |
| k_sem_init(&att->tx_sem, CONFIG_BT_ATT_TX_MAX, |
| CONFIG_BT_ATT_TX_MAX); |
| |
| *chan = &att->chan.chan; |
| |
| return 0; |
| } |
| |
| BT_ERR("No available ATT context for conn %p", conn); |
| |
| return -ENOMEM; |
| } |
| |
| BT_L2CAP_CHANNEL_DEFINE(att_fixed_chan, BT_L2CAP_CID_ATT, bt_att_accept); |
| |
| void bt_att_init(void) |
| { |
| bt_gatt_init(); |
| } |
| |
| u16_t bt_att_get_mtu(struct bt_conn *conn) |
| { |
| struct bt_att *att; |
| |
| att = att_chan_get(conn); |
| if (!att) { |
| return 0; |
| } |
| |
| /* tx and rx MTU shall be symmetric */ |
| return att->chan.tx.mtu; |
| } |
| |
| int bt_att_send(struct bt_conn *conn, struct net_buf *buf, bt_conn_tx_cb_t cb, |
| void *user_data) |
| { |
| struct bt_att *att; |
| int err; |
| |
| __ASSERT_NO_MSG(conn); |
| __ASSERT_NO_MSG(buf); |
| |
| att = att_chan_get(conn); |
| if (!att) { |
| net_buf_unref(buf); |
| return -ENOTCONN; |
| } |
| |
| /* Don't use tx_sem if caller has set it own callback */ |
| if (!cb) { |
| /* Queue buffer to be send later */ |
| if (k_sem_take(&att->tx_sem, K_NO_WAIT) < 0) { |
| k_fifo_put(&att->tx_queue, buf); |
| return 0; |
| } |
| } |
| |
| err = att_send(conn, buf, cb, user_data); |
| if (err) { |
| if (!cb) { |
| k_sem_give(&att->tx_sem); |
| } |
| return err; |
| } |
| |
| return 0; |
| } |
| |
| int bt_att_req_send(struct bt_conn *conn, struct bt_att_req *req) |
| { |
| struct bt_att *att; |
| |
| BT_DBG("conn %p req %p", conn, req); |
| |
| __ASSERT_NO_MSG(conn); |
| __ASSERT_NO_MSG(req); |
| |
| att = att_chan_get(conn); |
| if (!att) { |
| net_buf_unref(req->buf); |
| req->buf = NULL; |
| return -ENOTCONN; |
| } |
| |
| /* Check if there is a request outstanding */ |
| if (att->req) { |
| /* Queue the request to be send later */ |
| sys_slist_append(&att->reqs, &req->node); |
| return 0; |
| } |
| |
| return att_send_req(att, req); |
| } |
| |
| void bt_att_req_cancel(struct bt_conn *conn, struct bt_att_req *req) |
| { |
| struct bt_att *att; |
| |
| BT_DBG("req %p", req); |
| |
| if (!conn || !req) { |
| return; |
| } |
| |
| att = att_chan_get(conn); |
| if (!att) { |
| return; |
| } |
| |
| /* Check if request is outstanding */ |
| if (att->req == req) { |
| att->req = &cancel; |
| } else { |
| /* Remove request from the list */ |
| sys_slist_find_and_remove(&att->reqs, &req->node); |
| } |
| |
| att_req_destroy(req); |
| } |