/******************************************************************************
**
** Function avrc_copy_packet
**
** Description Copies an AVRC packet to a new buffer. In the new buffer,
** the payload offset is at least AVCT_MSG_OFFSET octets.
**
** Returns The buffer with the copied data.
**
******************************************************************************/
static BT_HDR *avrc_copy_packet(BT_HDR *p_pkt, int rsp_pkt_len)
{
const int offset = MAX(AVCT_MSG_OFFSET, p_pkt->offset);
const int pkt_len = MAX(rsp_pkt_len, p_pkt->len);
BT_HDR *p_pkt_copy =
(BT_HDR *)osi_malloc((UINT16)(BT_HDR_SIZE + offset + pkt_len));
/* Copy the packet header, set the new offset, and copy the payload */
if (p_pkt_copy != NULL) {
memcpy(p_pkt_copy, p_pkt, BT_HDR_SIZE);
p_pkt_copy->offset = offset;
UINT8 *p_data = avrc_get_data_ptr(p_pkt);
UINT8 *p_data_copy = avrc_get_data_ptr(p_pkt_copy);
memcpy(p_data_copy, p_data, p_pkt->len);
}
return p_pkt_copy;
}
/******************************************************************************
**
** Function avrc_msg_cback
**
** Description This is the callback function used by AVCTP to report
** received AV control messages.
**
** Returns Nothing.
**
******************************************************************************/
static void avrc_msg_cback(UINT8 handle, UINT8 label, UINT8 cr,
BT_HDR *p_pkt)
{
UINT8 opcode;
tAVRC_MSG msg;
UINT8 *p_data;
UINT8 *p_begin;
BOOLEAN drop = FALSE;
BOOLEAN free = TRUE;
BT_HDR *p_rsp = NULL;
UINT8 *p_rsp_data;
int xx;
BOOLEAN reject = FALSE;
#if (BT_USE_TRACES == TRUE)
char *p_drop_msg = "dropped";
#endif
tAVRC_MSG_VENDOR *p_msg = &msg.vendor;
if (cr == AVCT_CMD &&
(p_pkt->layer_specific & AVCT_DATA_CTRL && AVRC_PACKET_LEN < sizeof(p_pkt->len)))
{
/* Ignore the invalid AV/C command frame */
#if (BT_USE_TRACES == TRUE)
p_drop_msg = "dropped - too long AV/C cmd frame size";
#endif
GKI_freebuf(p_pkt);
return;
}
if (cr == AVCT_REJ)
{
/* The peer thinks that this PID is no longer open - remove this handle */
/* */
GKI_freebuf(p_pkt);
AVCT_RemoveConn(handle);
return;
}
p_data = (UINT8 *)(p_pkt+1) + p_pkt->offset;
memset(&msg, 0, sizeof(tAVRC_MSG) );
{
msg.hdr.ctype = p_data[0] & AVRC_CTYPE_MASK;
AVRC_TRACE_DEBUG4("avrc_msg_cback handle:%d, ctype:%d, offset:%d, len: %d",
handle, msg.hdr.ctype, p_pkt->offset, p_pkt->len);
msg.hdr.subunit_type = (p_data[1] & AVRC_SUBTYPE_MASK) >> AVRC_SUBTYPE_SHIFT;
msg.hdr.subunit_id = p_data[1] & AVRC_SUBID_MASK;
opcode = p_data[2];
}
if ( ((avrc_cb.ccb[handle].control & AVRC_CT_TARGET) && (cr == AVCT_CMD)) ||
((avrc_cb.ccb[handle].control & AVRC_CT_CONTROL) && (cr == AVCT_RSP)) )
{
switch(opcode)
{
case AVRC_OP_UNIT_INFO:
if (cr == AVCT_CMD)
{
/* send the response to the peer */
p_rsp = p_pkt; /* this also sets free = FALSE, drop = TRUE */
/* check & set the offset. set response code, set subunit_type & subunit_id,
set AVRC_OP_UNIT_INFO */
p_rsp_data = avrc_get_data_ptr(p_pkt) + AVRC_AVC_HDR_SIZE; /* 3 bytes: ctype, subunit*, opcode */
*p_rsp_data++ = 7;
/* Panel subunit & id=0 */
*p_rsp_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT);
AVRC_CO_ID_TO_BE_STREAM(p_rsp_data, avrc_cb.ccb[handle].company_id);
p_rsp->len = (UINT16) (p_rsp_data - (UINT8 *)(p_rsp + 1) - p_rsp->offset);
cr = AVCT_RSP;
#if (BT_USE_TRACES == TRUE)
p_drop_msg = "auto respond";
#endif
}
else
{
/* parse response */
p_data += 4; /* 3 bytes: ctype, subunit*, opcode + octet 3 (is 7)*/
msg.unit.unit_type = (*p_data & AVRC_SUBTYPE_MASK) >> AVRC_SUBTYPE_SHIFT;
msg.unit.unit = *p_data & AVRC_SUBID_MASK;
p_data++;
AVRC_BE_STREAM_TO_CO_ID(msg.unit.company_id, p_data);
}
break;
case AVRC_OP_SUB_INFO:
if (cr == AVCT_CMD)
{
/* send the response to the peer */
p_rsp = p_pkt; /* this also sets free = FALSE, drop = TRUE */
/* check & set the offset. set response code, set (subunit_type & subunit_id),
set AVRC_OP_SUB_INFO, set (page & extention code) */
p_rsp_data = avrc_get_data_ptr(p_pkt) + 4;
/* Panel subunit & id=0 */
*p_rsp_data++ = (AVRC_SUB_PANEL << AVRC_SUBTYPE_SHIFT);
memset(p_rsp_data, AVRC_CMD_OPRND_PAD, AVRC_SUBRSP_OPRND_BYTES);
p_rsp_data += AVRC_SUBRSP_OPRND_BYTES;
p_rsp->len = (UINT16) (p_rsp_data - (UINT8 *)(p_rsp + 1) - p_rsp->offset);
cr = AVCT_RSP;
#if (BT_USE_TRACES == TRUE)
p_drop_msg = "auto responded";
#endif
}
else
{
/* parse response */
p_data += AVRC_AVC_HDR_SIZE; /* 3 bytes: ctype, subunit*, opcode */
msg.sub.page = (*p_data++ >> AVRC_SUB_PAGE_SHIFT) & AVRC_SUB_PAGE_MASK;
xx = 0;
while (*p_data != AVRC_CMD_OPRND_PAD && xx<AVRC_SUB_TYPE_LEN)
{
msg.sub.subunit_type[xx] = *p_data++ >> AVRC_SUBTYPE_SHIFT;
if (msg.sub.subunit_type[xx] == AVRC_SUB_PANEL)
msg.sub.panel = TRUE;
xx++;
}
}
break;
case AVRC_OP_VENDOR:
p_data = (UINT8 *)(p_pkt+1) + p_pkt->offset;
p_begin = p_data;
if (p_pkt->len < AVRC_VENDOR_HDR_SIZE) /* 6 = ctype, subunit*, opcode & CO_ID */
{
if (cr == AVCT_CMD)
reject = TRUE;
else
drop = TRUE;
break;
}
p_data += AVRC_AVC_HDR_SIZE; /* skip the first 3 bytes: ctype, subunit*, opcode */
AVRC_BE_STREAM_TO_CO_ID(p_msg->company_id, p_data);
p_msg->p_vendor_data = p_data;
p_msg->vendor_len = p_pkt->len - (p_data - p_begin);
break;
case AVRC_OP_PASS_THRU:
if (p_pkt->len < 5) /* 3 bytes: ctype, subunit*, opcode & op_id & len */
{
if (cr == AVCT_CMD)
reject = TRUE;
else
drop = TRUE;
break;
}
p_data += AVRC_AVC_HDR_SIZE; /* skip the first 3 bytes: ctype, subunit*, opcode */
msg.pass.op_id = (AVRC_PASS_OP_ID_MASK & *p_data);
if (AVRC_PASS_STATE_MASK & *p_data)
msg.pass.state = TRUE;
else
msg.pass.state = FALSE;
p_data++;
msg.pass.pass_len = *p_data++;
if (msg.pass.pass_len != p_pkt->len - 5)
msg.pass.pass_len = p_pkt->len - 5;
if (msg.pass.pass_len)
msg.pass.p_pass_data = p_data;
else
msg.pass.p_pass_data = NULL;
break;
default:
if ((avrc_cb.ccb[handle].control & AVRC_CT_TARGET) && (cr == AVCT_CMD))
{
/* reject unsupported opcode */
reject = TRUE;
}
drop = TRUE;
break;
}
}
else /* drop the event */
{