1 /******************************************************************************
2  *
3  *  Copyright (C) 1999-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  this file contains the main GATT client functions
22  *
23  ******************************************************************************/
24 
25 #include "bt_target.h"
26 
27 #if BLE_INCLUDED == TRUE
28 
29 #include <string.h>
30 #include "bt_utils.h"
31 #include "bt_common.h"
32 #include "gatt_int.h"
33 #include "l2c_int.h"
34 
35 #define GATT_WRITE_LONG_HDR_SIZE    5 /* 1 opcode + 2 handle + 2 offset */
36 #define GATT_READ_CHAR_VALUE_HDL    (GATT_READ_CHAR_VALUE | 0x80)
37 #define GATT_READ_INC_SRV_UUID128   (GATT_DISC_INC_SRVC   | 0x90)
38 
39 #define GATT_PREP_WRITE_RSP_MIN_LEN 4
40 #define GATT_NOTIFICATION_MIN_LEN 2
41 #define GATT_WRITE_RSP_MIN_LEN  2
42 #define GATT_INFO_RSP_MIN_LEN   1
43 #define GATT_MTU_RSP_MIN_LEN    2
44 #define GATT_READ_BY_TYPE_RSP_MIN_LEN    1
45 
46 /********************************************************************************
47 **                       G L O B A L      G A T T       D A T A                 *
48 *********************************************************************************/
49 void gatt_send_prepare_write(tGATT_TCB  *p_tcb, tGATT_CLCB *p_clcb);
50 
51 UINT8   disc_type_to_att_opcode[GATT_DISC_MAX] =
52 {
53     0,
54     GATT_REQ_READ_BY_GRP_TYPE,     /*  GATT_DISC_SRVC_ALL = 1, */
55     GATT_REQ_FIND_TYPE_VALUE,      /*  GATT_DISC_SRVC_BY_UUID,  */
56     GATT_REQ_READ_BY_TYPE,         /*  GATT_DISC_INC_SRVC,      */
57     GATT_REQ_READ_BY_TYPE,         /*  GATT_DISC_CHAR,          */
58     GATT_REQ_FIND_INFO             /*  GATT_DISC_CHAR_DSCPT,    */
59 };
60 
61 UINT16 disc_type_to_uuid[GATT_DISC_MAX] =
62 {
63     0,                  /* reserved */
64     GATT_UUID_PRI_SERVICE, /* <service> DISC_SRVC_ALL */
65     GATT_UUID_PRI_SERVICE, /* <service> for DISC_SERVC_BY_UUID */
66     GATT_UUID_INCLUDE_SERVICE, /* <include_service> for DISC_INC_SRVC */
67     GATT_UUID_CHAR_DECLARE,   /* <characteristic> for DISC_CHAR */
68     0                   /* no type filtering for DISC_CHAR_DSCPT */
69 };
70 
71 
72 /*******************************************************************************
73 **
74 ** Function         gatt_act_discovery
75 **
76 ** Description      GATT discovery operation.
77 **
78 ** Returns          void.
79 **
80 *******************************************************************************/
gatt_act_discovery(tGATT_CLCB * p_clcb)81 void gatt_act_discovery(tGATT_CLCB *p_clcb)
82 {
83     UINT8       op_code = disc_type_to_att_opcode[p_clcb->op_subtype];
84     tGATT_CL_MSG   cl_req;
85     tGATT_STATUS    st;
86 
87     if (p_clcb->s_handle <= p_clcb->e_handle && p_clcb->s_handle != 0)
88     {
89         memset(&cl_req, 0, sizeof(tGATT_CL_MSG));
90 
91         cl_req.browse.s_handle = p_clcb->s_handle;
92         cl_req.browse.e_handle = p_clcb->e_handle;
93 
94         if (disc_type_to_uuid[p_clcb->op_subtype] != 0)
95         {
96             cl_req.browse.uuid.len = 2;
97             cl_req.browse.uuid.uu.uuid16 = disc_type_to_uuid[p_clcb->op_subtype];
98         }
99 
100         if (p_clcb->op_subtype == GATT_DISC_SRVC_BY_UUID) /* fill in the FindByTypeValue request info*/
101         {
102             cl_req.find_type_value.uuid.len = 2;
103             cl_req.find_type_value.uuid.uu.uuid16 = disc_type_to_uuid[p_clcb->op_subtype];
104             cl_req.find_type_value.s_handle = p_clcb->s_handle;
105             cl_req.find_type_value.e_handle = p_clcb->e_handle;
106             cl_req.find_type_value.value_len = p_clcb->uuid.len;
107             /* if service type is 32 bits UUID, convert it now */
108             if (p_clcb->uuid.len == LEN_UUID_32)
109             {
110                 cl_req.find_type_value.value_len = LEN_UUID_128;
111                 gatt_convert_uuid32_to_uuid128(cl_req.find_type_value.value, p_clcb->uuid.uu.uuid32);
112             }
113             else
114             memcpy (cl_req.find_type_value.value,  &p_clcb->uuid.uu, p_clcb->uuid.len);
115         }
116 
117         st = attp_send_cl_msg(p_clcb->p_tcb, p_clcb->clcb_idx, op_code, &cl_req);
118 
119         if (st !=  GATT_SUCCESS && st != GATT_CMD_STARTED)
120         {
121             gatt_end_operation(p_clcb, GATT_ERROR, NULL);
122         }
123     }
124     else /* end of handle range */
125         gatt_end_operation(p_clcb, GATT_SUCCESS, NULL);
126 }
127 
128 /*******************************************************************************
129 **
130 ** Function         gatt_act_read
131 **
132 ** Description      GATT read operation.
133 **
134 ** Returns          void.
135 **
136 *******************************************************************************/
gatt_act_read(tGATT_CLCB * p_clcb,UINT16 offset)137 void gatt_act_read (tGATT_CLCB *p_clcb, UINT16 offset)
138 {
139     tGATT_TCB  *p_tcb = p_clcb->p_tcb;
140     UINT8   rt = GATT_INTERNAL_ERROR;
141     tGATT_CL_MSG  msg;
142     UINT8        op_code = 0;
143 
144     memset (&msg, 0, sizeof(tGATT_CL_MSG));
145 
146     switch (p_clcb->op_subtype)
147     {
148         case GATT_READ_CHAR_VALUE:
149         case GATT_READ_BY_TYPE:
150             op_code = GATT_REQ_READ_BY_TYPE;
151             msg.browse.s_handle = p_clcb->s_handle;
152             msg.browse.e_handle = p_clcb->e_handle;
153             if (p_clcb->op_subtype == GATT_READ_BY_TYPE)
154                 memcpy(&msg.browse.uuid, &p_clcb->uuid, sizeof(tBT_UUID));
155             else
156             {
157                 msg.browse.uuid.len = LEN_UUID_16;
158                 msg.browse.uuid.uu.uuid16 = GATT_UUID_CHAR_DECLARE;
159             }
160             break;
161 
162         case GATT_READ_CHAR_VALUE_HDL:
163         case GATT_READ_BY_HANDLE:
164             if (!p_clcb->counter)
165             {
166                 op_code = GATT_REQ_READ;
167                 msg.handle = p_clcb->s_handle;
168             }
169             else
170             {
171                 if (!p_clcb->first_read_blob_after_read)
172                     p_clcb->first_read_blob_after_read = TRUE;
173                 else
174                     p_clcb->first_read_blob_after_read = FALSE;
175 
176                 GATT_TRACE_DEBUG("gatt_act_read first_read_blob_after_read=%d",
177                                   p_clcb->first_read_blob_after_read);
178                 op_code = GATT_REQ_READ_BLOB;
179                 msg.read_blob.offset = offset;
180                 msg.read_blob.handle = p_clcb->s_handle;
181             }
182             p_clcb->op_subtype &= ~ 0x80;
183             break;
184 
185         case GATT_READ_PARTIAL:
186             op_code = GATT_REQ_READ_BLOB;
187             msg.read_blob.handle = p_clcb->s_handle;
188             msg.read_blob.offset = offset;
189             break;
190 
191         case GATT_READ_MULTIPLE:
192             op_code = GATT_REQ_READ_MULTI;
193             memcpy (&msg.read_multi, p_clcb->p_attr_buf, sizeof(tGATT_READ_MULTI));
194             break;
195 
196         case GATT_READ_INC_SRV_UUID128:
197             op_code = GATT_REQ_READ;
198             msg.handle = p_clcb->s_handle;
199             p_clcb->op_subtype &= ~ 0x90;
200             break;
201 
202         default:
203             GATT_TRACE_ERROR("Unknown read type: %d", p_clcb->op_subtype);
204             break;
205     }
206 
207     if (op_code != 0)
208         rt = attp_send_cl_msg(p_tcb, p_clcb->clcb_idx, op_code, &msg);
209 
210     if ( op_code == 0 || (rt != GATT_SUCCESS && rt != GATT_CMD_STARTED))
211     {
212         gatt_end_operation(p_clcb, rt, NULL);
213     }
214 }
215 
216 /*******************************************************************************
217 **
218 ** Function         gatt_act_write
219 **
220 ** Description      GATT write operation.
221 **
222 ** Returns          void.
223 **
224 *******************************************************************************/
gatt_act_write(tGATT_CLCB * p_clcb,UINT8 sec_act)225 void gatt_act_write (tGATT_CLCB *p_clcb, UINT8 sec_act)
226 {
227     tGATT_TCB           *p_tcb = p_clcb->p_tcb;
228     UINT8               rt = GATT_SUCCESS, op_code = 0;
229     tGATT_VALUE         *p_attr = (tGATT_VALUE *)p_clcb->p_attr_buf;
230 
231     if (p_attr)
232     {
233         switch (p_clcb->op_subtype)
234         {
235             case GATT_WRITE_NO_RSP:
236                 p_clcb->s_handle = p_attr->handle;
237                 op_code = (sec_act == GATT_SEC_SIGN_DATA) ? GATT_SIGN_CMD_WRITE : GATT_CMD_WRITE;
238                 rt = gatt_send_write_msg(p_tcb,
239                                          p_clcb->clcb_idx,
240                                          op_code,
241                                          p_attr->handle,
242                                          p_attr->len,
243                                          0,
244                                          p_attr->value);
245                 break;
246 
247             case GATT_WRITE:
248                 if (p_attr->len <= (p_tcb->payload_size - GATT_HDR_SIZE))
249                 {
250                     p_clcb->s_handle = p_attr->handle;
251 
252                     rt = gatt_send_write_msg(p_tcb,
253                                              p_clcb->clcb_idx,
254                                              GATT_REQ_WRITE,
255                                              p_attr->handle,
256                                              p_attr->len,
257                                              0,
258                                              p_attr->value);
259                 }
260                 else /* prepare write for long attribute */
261                 {
262                     gatt_send_prepare_write(p_tcb, p_clcb);
263                 }
264                 break;
265 
266             case GATT_WRITE_PREPARE:
267                 gatt_send_prepare_write(p_tcb, p_clcb);
268                 break;
269 
270             default:
271                 rt = GATT_INTERNAL_ERROR;
272                 GATT_TRACE_ERROR("Unknown write type: %d", p_clcb->op_subtype);
273                 break;
274         }
275     }
276     else
277         rt = GATT_INTERNAL_ERROR;
278 
279     if ((rt != GATT_SUCCESS  && rt != GATT_CMD_STARTED && rt != GATT_CONGESTED)
280         || (rt != GATT_CMD_STARTED && p_clcb->op_subtype == GATT_WRITE_NO_RSP))
281     {
282         if (rt != GATT_SUCCESS)
283         {
284             GATT_TRACE_ERROR("gatt_act_write() failed op_code=0x%x rt=%d", op_code, rt);
285         }
286         gatt_end_operation(p_clcb, rt, NULL);
287     }
288 }
289 /*******************************************************************************
290 **
291 ** Function         gatt_send_queue_write_cancel
292 **
293 ** Description      send queue write cancel
294 **
295 ** Returns          void.
296 **
297 *******************************************************************************/
gatt_send_queue_write_cancel(tGATT_TCB * p_tcb,tGATT_CLCB * p_clcb,tGATT_EXEC_FLAG flag)298 void gatt_send_queue_write_cancel (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, tGATT_EXEC_FLAG flag)
299 {
300     UINT8       rt ;
301 
302     GATT_TRACE_DEBUG("gatt_send_queue_write_cancel ");
303 
304     rt = attp_send_cl_msg(p_tcb, p_clcb->clcb_idx, GATT_REQ_EXEC_WRITE, (tGATT_CL_MSG *)&flag);
305 
306     if (rt != GATT_SUCCESS)
307     {
308         gatt_end_operation(p_clcb, rt, NULL);
309     }
310 }
311 /*******************************************************************************
312 **
313 ** Function         gatt_check_write_long_terminate
314 **
315 ** Description      To terminate write long or not.
316 **
317 ** Returns          TRUE: write long is terminated; FALSE keep sending.
318 **
319 *******************************************************************************/
gatt_check_write_long_terminate(tGATT_TCB * p_tcb,tGATT_CLCB * p_clcb,tGATT_VALUE * p_rsp_value)320 BOOLEAN gatt_check_write_long_terminate(tGATT_TCB  *p_tcb, tGATT_CLCB *p_clcb, tGATT_VALUE *p_rsp_value)
321 {
322     tGATT_VALUE         *p_attr = (tGATT_VALUE *)p_clcb->p_attr_buf;
323     BOOLEAN             exec = FALSE;
324     tGATT_EXEC_FLAG     flag = GATT_PREP_WRITE_EXEC;
325 
326     GATT_TRACE_DEBUG("gatt_check_write_long_terminate ");
327     /* check the first write response status */
328     if (p_rsp_value != NULL)
329     {
330         if (p_rsp_value->handle != p_attr->handle ||
331             p_rsp_value->len != p_clcb->counter ||
332             memcmp(p_rsp_value->value, p_attr->value + p_attr->offset, p_rsp_value->len))
333         {
334             /* data does not match    */
335             p_clcb->status = GATT_ERROR;
336             flag = GATT_PREP_WRITE_CANCEL;
337             exec = TRUE;
338         }
339         else /* response checking is good */
340         {
341             p_clcb->status = GATT_SUCCESS;
342             /* update write offset and check if end of attribute value */
343             if ((p_attr->offset += p_rsp_value->len) >= p_attr->len)
344                 exec = TRUE;
345         }
346     }
347     if (exec)
348     {
349         gatt_send_queue_write_cancel (p_tcb, p_clcb, flag);
350         return TRUE;
351     }
352     return FALSE;
353 }
354 /*******************************************************************************
355 **
356 ** Function         gatt_send_prepare_write
357 **
358 ** Description      Send prepare write.
359 **
360 ** Returns          void.
361 **
362 *******************************************************************************/
gatt_send_prepare_write(tGATT_TCB * p_tcb,tGATT_CLCB * p_clcb)363 void gatt_send_prepare_write(tGATT_TCB  *p_tcb, tGATT_CLCB *p_clcb)
364 {
365     tGATT_VALUE  *p_attr = (tGATT_VALUE *)p_clcb->p_attr_buf;
366     UINT16  to_send, offset;
367     UINT8   rt = GATT_SUCCESS;
368     UINT8   type = p_clcb->op_subtype;
369 
370     GATT_TRACE_DEBUG("gatt_send_prepare_write type=0x%x", type );
371     to_send = p_attr->len - p_attr->offset;
372 
373     if (to_send > (p_tcb->payload_size - GATT_WRITE_LONG_HDR_SIZE)) /* 2 = UINT16 offset bytes  */
374         to_send = p_tcb->payload_size - GATT_WRITE_LONG_HDR_SIZE;
375 
376     p_clcb->s_handle = p_attr->handle;
377 
378     offset = p_attr->offset;
379     if (type == GATT_WRITE_PREPARE)
380     {
381         offset += p_clcb->start_offset;
382     }
383 
384     GATT_TRACE_DEBUG("offset =0x%x len=%d", offset, to_send );
385 
386     rt = gatt_send_write_msg(p_tcb,
387                              p_clcb->clcb_idx,
388                              GATT_REQ_PREPARE_WRITE,
389                              p_attr->handle,
390                              to_send,                           /* length */
391                              offset,                            /* used as offset */
392                              p_attr->value + p_attr->offset);   /* data */
393 
394     /* remember the write long attribute length */
395     p_clcb->counter = to_send;
396 
397     if (rt != GATT_SUCCESS && rt != GATT_CMD_STARTED)
398     {
399         gatt_end_operation(p_clcb, rt, NULL);
400     }
401 }
402 
403 
404 /*******************************************************************************
405 **
406 ** Function         gatt_process_find_type_value_rsp
407 **
408 ** Description      This function is called to handle find by type value response.
409 **
410 **
411 ** Returns          void
412 **
413 *******************************************************************************/
gatt_process_find_type_value_rsp(tGATT_TCB * p_tcb,tGATT_CLCB * p_clcb,UINT16 len,UINT8 * p_data)414 void gatt_process_find_type_value_rsp (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT16 len, UINT8 *p_data)
415 {
416     tGATT_DISC_RES      result;
417     UINT8               *p = p_data;
418 
419     UNUSED(p_tcb);
420 
421     GATT_TRACE_DEBUG("gatt_process_find_type_value_rsp ");
422     /* unexpected response */
423     if (p_clcb->operation != GATTC_OPTYPE_DISCOVERY || p_clcb->op_subtype != GATT_DISC_SRVC_BY_UUID)
424         return;
425 
426     memset (&result, 0, sizeof(tGATT_DISC_RES));
427     result.type.len = 2;
428     result.type.uu.uuid16 = GATT_UUID_PRI_SERVICE;
429 
430     /* returns a series of handle ranges */
431     while (len >= 4)
432     {
433         STREAM_TO_UINT16 (result.handle, p);
434         STREAM_TO_UINT16 (result.value.group_value.e_handle, p);
435         memcpy (&result.value.group_value.service_type,  &p_clcb->uuid, sizeof(tBT_UUID));
436 
437         len -= 4;
438 
439         if (p_clcb->p_reg->app_cb.p_disc_res_cb)
440             (*p_clcb->p_reg->app_cb.p_disc_res_cb)(p_clcb->conn_id, p_clcb->op_subtype, &result);
441     }
442 
443     /* last handle  + 1 */
444     p_clcb->s_handle = (result.value.group_value.e_handle == 0) ? 0 : (result.value.group_value.e_handle + 1);
445     /* initiate another request */
446     gatt_act_discovery(p_clcb) ;
447 }
448 /*******************************************************************************
449 **
450 ** Function         gatt_process_read_info_rsp
451 **
452 ** Description      This function is called to handle the read information
453 **                  response.
454 **
455 **
456 ** Returns          void
457 **
458 *******************************************************************************/
gatt_process_read_info_rsp(tGATT_TCB * p_tcb,tGATT_CLCB * p_clcb,UINT8 op_code,UINT16 len,UINT8 * p_data)459 void gatt_process_read_info_rsp(tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op_code,
460                                 UINT16 len, UINT8 *p_data)
461 {
462     tGATT_DISC_RES  result;
463     UINT8   *p = p_data, uuid_len = 0, type;
464 
465     UNUSED(p_tcb);
466     UNUSED(op_code);
467 
468     if (len < GATT_INFO_RSP_MIN_LEN)
469     {
470         GATT_TRACE_ERROR("invalid Info Response PDU received, discard.");
471         gatt_end_operation(p_clcb, GATT_INVALID_PDU, NULL);
472         return;
473     }
474     /* unexpected response */
475     if (p_clcb->operation != GATTC_OPTYPE_DISCOVERY || p_clcb->op_subtype != GATT_DISC_CHAR_DSCPT)
476         return;
477 
478     STREAM_TO_UINT8(type, p);
479     len -= 1;
480 
481     if (type == GATT_INFO_TYPE_PAIR_16)
482         uuid_len = LEN_UUID_16;
483     else if (type == GATT_INFO_TYPE_PAIR_128)
484         uuid_len = LEN_UUID_128;
485 
486     while (len >= uuid_len + 2)
487     {
488         STREAM_TO_UINT16 (result.handle, p);
489 
490         if (uuid_len > 0)
491         {
492             if (!gatt_parse_uuid_from_cmd(&result.type, uuid_len, &p))
493                 break;
494         }
495         else
496             memcpy (&result.type, &p_clcb->uuid, sizeof(tBT_UUID));
497 
498         len -= (uuid_len + 2);
499 
500         if (p_clcb->p_reg->app_cb.p_disc_res_cb)
501             (*p_clcb->p_reg->app_cb.p_disc_res_cb)(p_clcb->conn_id, p_clcb->op_subtype, &result);
502     }
503 
504     p_clcb->s_handle = (result.handle == 0) ? 0 :(result.handle + 1);
505     /* initiate another request */
506     gatt_act_discovery(p_clcb) ;
507 }
508 /*******************************************************************************
509 **
510 ** Function         gatt_proc_disc_error_rsp
511 **
512 ** Description      This function process the read by type response and send another
513 **                  request if needed.
514 **
515 ** Returns          void.
516 **
517 *******************************************************************************/
gatt_proc_disc_error_rsp(tGATT_TCB * p_tcb,tGATT_CLCB * p_clcb,UINT8 opcode,UINT16 handle,UINT8 reason)518 void gatt_proc_disc_error_rsp(tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 opcode,
519                               UINT16 handle, UINT8 reason)
520 {
521     tGATT_STATUS    status = (tGATT_STATUS) reason;
522 
523     UNUSED(p_tcb);
524     UNUSED(handle);
525 
526     GATT_TRACE_DEBUG("gatt_proc_disc_error_rsp reason: %02x cmd_code %04x", reason, opcode);
527 
528     switch (opcode)
529     {
530         case GATT_REQ_READ_BY_GRP_TYPE:
531         case GATT_REQ_FIND_TYPE_VALUE:
532         case GATT_REQ_READ_BY_TYPE:
533         case GATT_REQ_FIND_INFO:
534             if (reason == GATT_NOT_FOUND)
535             {
536                 status = GATT_SUCCESS;
537                 GATT_TRACE_DEBUG("Discovery completed");
538             }
539             break;
540         default:
541             GATT_TRACE_ERROR("Incorrect discovery opcode %04x",   opcode);
542             break;
543     }
544 
545     gatt_end_operation(p_clcb, status, NULL);
546 }
547 
548 /*******************************************************************************
549 **
550 ** Function         gatt_process_error_rsp
551 **
552 ** Description      This function is called to handle the error response
553 **
554 **
555 ** Returns          void
556 **
557 *******************************************************************************/
gatt_process_error_rsp(tGATT_TCB * p_tcb,tGATT_CLCB * p_clcb,UINT8 op_code,UINT16 len,UINT8 * p_data)558 void gatt_process_error_rsp(tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op_code,
559                             UINT16 len, UINT8 *p_data)
560 {
561     UINT8   opcode, reason, * p= p_data;
562     UINT16  handle;
563     tGATT_VALUE  *p_attr = (tGATT_VALUE *)p_clcb->p_attr_buf;
564 
565     UNUSED(op_code);
566     UNUSED(len);
567 
568     GATT_TRACE_DEBUG("gatt_process_error_rsp ");
569     STREAM_TO_UINT8(opcode, p);
570     STREAM_TO_UINT16(handle, p);
571     STREAM_TO_UINT8(reason, p);
572 
573     if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY)
574     {
575         gatt_proc_disc_error_rsp(p_tcb, p_clcb, opcode, handle, reason);
576     }
577     else
578     {
579         if ( (p_clcb->operation == GATTC_OPTYPE_WRITE) &&
580              (p_clcb->op_subtype == GATT_WRITE) &&
581              (opcode == GATT_REQ_PREPARE_WRITE) &&
582              (p_attr) &&
583              (handle == p_attr->handle)  )
584         {
585             p_clcb->status = reason;
586             gatt_send_queue_write_cancel(p_tcb, p_clcb, GATT_PREP_WRITE_CANCEL);
587         }
588         else if ((p_clcb->operation == GATTC_OPTYPE_READ) &&
589                  ((p_clcb->op_subtype == GATT_READ_CHAR_VALUE_HDL) ||
590                   (p_clcb->op_subtype == GATT_READ_BY_HANDLE)) &&
591                  (opcode == GATT_REQ_READ_BLOB) &&
592                  p_clcb->first_read_blob_after_read &&
593                  (reason == GATT_NOT_LONG))
594         {
595             gatt_end_operation(p_clcb, GATT_SUCCESS, (void *)p_clcb->p_attr_buf);
596         }
597         else
598             gatt_end_operation(p_clcb, reason, NULL);
599     }
600 }
601 /*******************************************************************************
602 **
603 ** Function         gatt_process_prep_write_rsp
604 **
605 ** Description      This function is called to handle the read response
606 **
607 **
608 ** Returns          void
609 **
610 *******************************************************************************/
gatt_process_prep_write_rsp(tGATT_TCB * p_tcb,tGATT_CLCB * p_clcb,UINT8 op_code,UINT16 len,UINT8 * p_data)611 void gatt_process_prep_write_rsp (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op_code,
612                                   UINT16 len, UINT8 *p_data)
613 {
614     UINT8 *p = p_data;
615 
616     tGATT_VALUE value = {
617         .conn_id = p_clcb->conn_id,
618         .auth_req = GATT_AUTH_REQ_NONE,
619     };
620 
621     GATT_TRACE_ERROR("value resp op_code = %s len = %d", gatt_dbg_op_name(op_code), len);
622 
623     if (len < GATT_PREP_WRITE_RSP_MIN_LEN)
624     {
625         GATT_TRACE_ERROR("illegal prepare write response length, discard");
626         gatt_end_operation(p_clcb, GATT_INVALID_PDU, &value);
627         return;
628     }
629 
630     STREAM_TO_UINT16 (value.handle, p);
631     STREAM_TO_UINT16 (value.offset, p);
632 
633     value.len = len - 4;
634 
635     memcpy (value.value, p, value.len);
636 
637     if (p_clcb->op_subtype == GATT_WRITE_PREPARE)
638     {
639         p_clcb->status = GATT_SUCCESS;
640         /* application should verify handle offset
641            and value are matched or not */
642 
643         gatt_end_operation(p_clcb, p_clcb->status, &value);
644     }
645     else if (p_clcb->op_subtype == GATT_WRITE )
646     {
647         if (!gatt_check_write_long_terminate(p_tcb, p_clcb, &value))
648             gatt_send_prepare_write(p_tcb, p_clcb);
649     }
650 
651 }
652 /*******************************************************************************
653 **
654 ** Function         gatt_process_notification
655 **
656 ** Description      This function is called to handle the handle value indication
657 **                  or handle value notification.
658 **
659 **
660 ** Returns          void
661 **
662 *******************************************************************************/
gatt_process_notification(tGATT_TCB * p_tcb,UINT8 op_code,UINT16 len,UINT8 * p_data)663 void gatt_process_notification(tGATT_TCB *p_tcb, UINT8 op_code,
664                                UINT16 len, UINT8 *p_data)
665 {
666     tGATT_VALUE     value;
667     tGATT_REG       *p_reg;
668     UINT16          conn_id;
669     tGATT_STATUS    encrypt_status;
670     UINT8           *p= p_data, i,
671     event = (op_code == GATT_HANDLE_VALUE_NOTIF) ? GATTC_OPTYPE_NOTIFICATION : GATTC_OPTYPE_INDICATION;
672 
673     GATT_TRACE_DEBUG("gatt_process_notification ");
674 
675     if (len < GATT_NOTIFICATION_MIN_LEN)
676     {
677         GATT_TRACE_ERROR("illegal notification PDU length, discard");
678         return;
679     }
680 
681     memset(&value, 0, sizeof(value));
682     STREAM_TO_UINT16(value.handle, p);
683     value.len = len - 2;
684     memcpy (value.value, p, value.len);
685 
686     if (!GATT_HANDLE_IS_VALID(value.handle))
687     {
688         /* illegal handle, send ack now */
689         if (op_code == GATT_HANDLE_VALUE_IND)
690             attp_send_cl_msg(p_tcb, 0, GATT_HANDLE_VALUE_CONF, NULL);
691         return;
692     }
693 
694     if (event == GATTC_OPTYPE_INDICATION)
695     {
696         if (p_tcb->ind_count)
697         {
698             /* this is an error case that receiving an indication but we
699                still has an indication not being acked yet.
700                For now, just log the error reset the counter.
701                Later we need to disconnect the link unconditionally.
702             */
703             GATT_TRACE_ERROR("gatt_process_notification rcv Ind. but ind_count=%d (will reset ind_count)",  p_tcb->ind_count);
704         }
705         p_tcb->ind_count = 0;
706     }
707 
708     /* should notify all registered client with the handle value notificaion/indication
709        Note: need to do the indication count and start timer first then do callback
710      */
711 
712     for (i = 0, p_reg = gatt_cb.cl_rcb; i < GATT_MAX_APPS; i++, p_reg++)
713     {
714         if (p_reg->in_use && p_reg->app_cb.p_cmpl_cb && (event == GATTC_OPTYPE_INDICATION))
715             p_tcb->ind_count++;
716     }
717 
718     if (event == GATTC_OPTYPE_INDICATION)
719     {
720         /* start a timer for app confirmation */
721         if (p_tcb->ind_count > 0)
722             gatt_start_ind_ack_timer(p_tcb);
723         else /* no app to indicate, or invalid handle */
724             attp_send_cl_msg(p_tcb, 0, GATT_HANDLE_VALUE_CONF, NULL);
725     }
726 
727     encrypt_status = gatt_get_link_encrypt_status(p_tcb);
728     for (i = 0, p_reg = gatt_cb.cl_rcb; i < GATT_MAX_APPS; i++, p_reg++)
729     {
730         if (p_reg->in_use && p_reg->app_cb.p_cmpl_cb)
731         {
732             conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_reg->gatt_if);
733             (*p_reg->app_cb.p_cmpl_cb) (conn_id, event, encrypt_status, (tGATT_CL_COMPLETE *)&value);
734         }
735     }
736 
737 }
738 
739 /*******************************************************************************
740 **
741 ** Function         gatt_process_read_by_type_rsp
742 **
743 ** Description      This function is called to handle the read by type response.
744 **                  read by type can be used for discovery, or read by type or
745 **                  read characteristic value.
746 **
747 ** Returns          void
748 **
749 *******************************************************************************/
gatt_process_read_by_type_rsp(tGATT_TCB * p_tcb,tGATT_CLCB * p_clcb,UINT8 op_code,UINT16 len,UINT8 * p_data)750 void gatt_process_read_by_type_rsp (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op_code,
751                                     UINT16 len, UINT8 *p_data)
752 {
753     tGATT_DISC_RES      result;
754     tGATT_DISC_VALUE    record_value;
755     UINT8               *p = p_data, value_len, handle_len = 2;
756     UINT16              handle = 0;
757 
758     /* discovery procedure and no callback function registered */
759     if (((!p_clcb->p_reg) || (!p_clcb->p_reg->app_cb.p_disc_res_cb)) && (p_clcb->operation == GATTC_OPTYPE_DISCOVERY))
760         return;
761 
762     if (len < GATT_READ_BY_TYPE_RSP_MIN_LEN)
763     {
764         GATT_TRACE_ERROR("Illegal ReadByType/ReadByGroupType Response length, discard");
765         gatt_end_operation(p_clcb, GATT_INVALID_PDU, NULL);
766         return;
767     }
768 
769     STREAM_TO_UINT8(value_len, p);
770 
771     if ((value_len > (p_tcb->payload_size - 2)) || (value_len > (len-1))  )
772     {
773         /* this is an error case that server's response containing a value length which is larger than MTU-2
774            or value_len > message total length -1 */
775         GATT_TRACE_ERROR("gatt_process_read_by_type_rsp: Discard response op_code=%d vale_len=%d > (MTU-2=%d or msg_len-1=%d)",
776                           op_code, value_len, (p_tcb->payload_size - 2), (len-1));
777         gatt_end_operation(p_clcb, GATT_ERROR, NULL);
778         return;
779     }
780 
781     if (op_code == GATT_RSP_READ_BY_GRP_TYPE)
782         handle_len = 4;
783 
784     value_len -= handle_len; /* substract the handle pairs bytes */
785     len -= 1;
786 
787     while (len >= (handle_len + value_len))
788     {
789         STREAM_TO_UINT16(handle, p);
790 
791         if (!GATT_HANDLE_IS_VALID(handle))
792         {
793             gatt_end_operation(p_clcb, GATT_INVALID_HANDLE, NULL);
794             return;
795         }
796 
797         memset(&result, 0, sizeof(tGATT_DISC_RES));
798         memset(&record_value, 0, sizeof(tGATT_DISC_VALUE));
799 
800         result.handle = handle;
801         result.type.len = 2;
802         result.type.uu.uuid16 = disc_type_to_uuid[p_clcb->op_subtype];
803 
804         /* discover all services */
805         if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY &&
806             p_clcb->op_subtype == GATT_DISC_SRVC_ALL &&
807             op_code == GATT_RSP_READ_BY_GRP_TYPE)
808         {
809             STREAM_TO_UINT16(handle, p);
810 
811             if (!GATT_HANDLE_IS_VALID(handle))
812             {
813                 gatt_end_operation(p_clcb, GATT_INVALID_HANDLE, NULL);
814                 return;
815             }
816             else
817             {
818                 record_value.group_value.e_handle = handle;
819                 if (!gatt_parse_uuid_from_cmd(&record_value.group_value.service_type, value_len, &p))
820                 {
821                     GATT_TRACE_ERROR("discover all service response parsing failure");
822                     break;
823                 }
824             }
825         }
826         /* discover included service */
827         else if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY && p_clcb->op_subtype == GATT_DISC_INC_SRVC)
828         {
829             STREAM_TO_UINT16(record_value.incl_service.s_handle, p);
830             STREAM_TO_UINT16(record_value.incl_service.e_handle, p);
831 
832             if (!GATT_HANDLE_IS_VALID(record_value.incl_service.s_handle) ||
833                 !GATT_HANDLE_IS_VALID(record_value.incl_service.e_handle))
834             {
835                 gatt_end_operation(p_clcb, GATT_INVALID_HANDLE, NULL);
836                 return;
837             }
838 
839             if(value_len == 6)
840             {
841                 STREAM_TO_UINT16(record_value.incl_service.service_type.uu.uuid16, p);
842                 record_value.incl_service.service_type.len = LEN_UUID_16;
843             }
844             else if (value_len == 4)
845             {
846                 p_clcb->s_handle = record_value.incl_service.s_handle;
847                 p_clcb->read_uuid128.wait_for_read_rsp = TRUE;
848                 p_clcb->read_uuid128.next_disc_start_hdl = handle + 1;
849                 memcpy(&p_clcb->read_uuid128.result, &result, sizeof(result));
850                 memcpy(&p_clcb->read_uuid128.result.value, &record_value, sizeof (result.value));
851                 p_clcb->op_subtype |= 0x90;
852                 gatt_act_read(p_clcb, 0);
853                 return;
854             }
855             else
856             {
857                GATT_TRACE_ERROR("gatt_process_read_by_type_rsp INCL_SRVC failed with invalid data value_len=%d", value_len);
858                gatt_end_operation(p_clcb, GATT_INVALID_PDU, (void *)p);
859                return;
860             }
861         }
862         /* read by type */
863         else if (p_clcb->operation == GATTC_OPTYPE_READ && p_clcb->op_subtype == GATT_READ_BY_TYPE)
864         {
865             p_clcb->counter = len - 2;
866             p_clcb->s_handle = handle;
867             if ( p_clcb->counter == (p_clcb->p_tcb->payload_size -4))
868             {
869                 p_clcb->op_subtype = GATT_READ_BY_HANDLE;
870                 if (!p_clcb->p_attr_buf)
871                     p_clcb->p_attr_buf = (UINT8 *)osi_malloc(GATT_MAX_ATTR_LEN);
872                 if (p_clcb->counter <= GATT_MAX_ATTR_LEN) {
873                     memcpy(p_clcb->p_attr_buf, p, p_clcb->counter);
874                     gatt_act_read(p_clcb, p_clcb->counter);
875                 } else {
876                     gatt_end_operation(p_clcb, GATT_INTERNAL_ERROR, (void *)p);
877                 }
878             }
879             else
880             {
881                  gatt_end_operation(p_clcb, GATT_SUCCESS, (void *)p);
882             }
883             return;
884         }
885         else /* discover characterisitic */
886         {
887             STREAM_TO_UINT8 (record_value.dclr_value.char_prop, p);
888             STREAM_TO_UINT16(record_value.dclr_value.val_handle, p);
889             if (!GATT_HANDLE_IS_VALID(record_value.dclr_value.val_handle))
890             {
891                 gatt_end_operation(p_clcb, GATT_INVALID_HANDLE, NULL);
892                 return;
893             }
894             if (!gatt_parse_uuid_from_cmd(&record_value.dclr_value.char_uuid, (UINT16)(value_len - 3), &p))
895             {
896                 gatt_end_operation(p_clcb, GATT_SUCCESS, NULL);
897                 /* invalid format, and skip the result */
898                 return;
899             }
900 
901             /* UUID not matching */
902             if (!gatt_uuid_compare(record_value.dclr_value.char_uuid, p_clcb->uuid))
903             {
904                 len -= (value_len + 2);
905                 continue; /* skip the result, and look for next one */
906             }
907             else if (p_clcb->operation == GATTC_OPTYPE_READ)
908             /* UUID match for read characteristic value */
909             {
910                 /* only read the first matching UUID characteristic value, and
911                   discard the rest results */
912                 p_clcb->s_handle = record_value.dclr_value.val_handle;
913                 p_clcb->op_subtype |= 0x80;
914                 gatt_act_read(p_clcb, 0);
915                 return;
916             }
917         }
918         len -= (value_len + handle_len);
919 
920         /* result is (handle, 16bits UUID) pairs */
921         memcpy (&result.value, &record_value, sizeof (result.value));
922 
923         /* send callback if is discover procedure */
924         if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY && p_clcb->p_reg->app_cb.p_disc_res_cb)
925             (*p_clcb->p_reg->app_cb.p_disc_res_cb)(p_clcb->conn_id, p_clcb->op_subtype, &result);
926     }
927 
928     p_clcb->s_handle = (handle == 0) ? 0 : (handle + 1);
929 
930     if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY)
931     {
932         /* initiate another request */
933         gatt_act_discovery(p_clcb) ;
934     }
935     else /* read characteristic value */
936     {
937         gatt_act_read(p_clcb, 0);
938     }
939 }
940 
941 /*******************************************************************************
942 **
943 ** Function         gatt_process_read_rsp
944 **
945 ** Description      This function is called to handle the read BLOB response
946 **
947 **
948 ** Returns          void
949 **
950 *******************************************************************************/
gatt_process_read_rsp(tGATT_TCB * p_tcb,tGATT_CLCB * p_clcb,UINT8 op_code,UINT16 len,UINT8 * p_data)951 void gatt_process_read_rsp(tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb,  UINT8 op_code,
952                            UINT16 len, UINT8 *p_data)
953 {
954     UINT16      offset = p_clcb->counter;
955     UINT8       * p= p_data;
956 
957     UNUSED(op_code);
958 
959     if (p_clcb->operation == GATTC_OPTYPE_READ)
960     {
961         if (p_clcb->op_subtype != GATT_READ_BY_HANDLE)
962         {
963             p_clcb->counter = len;
964             gatt_end_operation(p_clcb, GATT_SUCCESS, (void *)p);
965         }
966         else
967         {
968 
969             /* allocate GKI buffer holding up long attribute value  */
970             if (!p_clcb->p_attr_buf)
971                 p_clcb->p_attr_buf = (UINT8 *)osi_malloc(GATT_MAX_ATTR_LEN);
972 
973             /* copy attrobute value into cb buffer  */
974             if (offset < GATT_MAX_ATTR_LEN) {
975                 if ((len + offset) > GATT_MAX_ATTR_LEN)
976                     len = GATT_MAX_ATTR_LEN - offset;
977 
978                 p_clcb->counter += len;
979 
980                 memcpy(p_clcb->p_attr_buf + offset, p, len);
981 
982                 /* send next request if needed  */
983 
984                 if (len == (p_tcb->payload_size - 1) && /* full packet for read or read blob rsp */
985                     len + offset < GATT_MAX_ATTR_LEN)
986                 {
987                     GATT_TRACE_DEBUG("full pkt issue read blob for remianing bytes old offset=%d len=%d new offset=%d",
988                                       offset, len, p_clcb->counter);
989                     gatt_act_read(p_clcb, p_clcb->counter);
990                 }
991                 else /* end of request, send callback */
992                 {
993                     gatt_end_operation(p_clcb, GATT_SUCCESS, (void *)p_clcb->p_attr_buf);
994                 }
995             }
996             else /* exception, should not happen */
997             {
998                 GATT_TRACE_ERROR("attr offset = %d p_attr_buf = %d ", offset, p_clcb->p_attr_buf);
999                 gatt_end_operation(p_clcb, GATT_NO_RESOURCES, (void *)p_clcb->p_attr_buf);
1000             }
1001         }
1002     }
1003     else
1004     {
1005         if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY &&
1006             p_clcb->op_subtype == GATT_DISC_INC_SRVC &&
1007             p_clcb->read_uuid128.wait_for_read_rsp )
1008         {
1009             p_clcb->s_handle = p_clcb->read_uuid128.next_disc_start_hdl;
1010             p_clcb->read_uuid128.wait_for_read_rsp = FALSE;
1011             if (len == LEN_UUID_128)
1012             {
1013 
1014                 memcpy(p_clcb->read_uuid128.result.value.incl_service.service_type.uu.uuid128, p, len);
1015                 p_clcb->read_uuid128.result.value.incl_service.service_type.len = LEN_UUID_128;
1016                 if ( p_clcb->p_reg->app_cb.p_disc_res_cb)
1017                     (*p_clcb->p_reg->app_cb.p_disc_res_cb)(p_clcb->conn_id, p_clcb->op_subtype, &p_clcb->read_uuid128.result);
1018                 gatt_act_discovery(p_clcb) ;
1019             }
1020             else
1021             {
1022                 gatt_end_operation(p_clcb, GATT_INVALID_PDU, (void *)p);
1023             }
1024         }
1025     }
1026 
1027 }
1028 
1029 
1030 /*******************************************************************************
1031 **
1032 ** Function         gatt_process_handle_rsp
1033 **
1034 ** Description      This function is called to handle the write response
1035 **
1036 **
1037 ** Returns          void
1038 **
1039 *******************************************************************************/
gatt_process_handle_rsp(tGATT_CLCB * p_clcb)1040 void gatt_process_handle_rsp(tGATT_CLCB *p_clcb)
1041 {
1042     gatt_end_operation(p_clcb, GATT_SUCCESS, NULL);
1043 }
1044 /*******************************************************************************
1045 **
1046 ** Function         gatt_process_mtu_rsp
1047 **
1048 ** Description      This function is called to process the configure MTU response.
1049 **
1050 **
1051 ** Returns          void
1052 **
1053 *******************************************************************************/
gatt_process_mtu_rsp(tGATT_TCB * p_tcb,tGATT_CLCB * p_clcb,UINT16 len,UINT8 * p_data)1054 void gatt_process_mtu_rsp(tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT16 len, UINT8 *p_data)
1055 {
1056     UINT16 mtu;
1057     tGATT_STATUS    status = GATT_SUCCESS;
1058 
1059     if (len < GATT_MTU_RSP_MIN_LEN)
1060     {
1061         GATT_TRACE_ERROR("invalid MTU response PDU received, discard.");
1062         status = GATT_INVALID_PDU;
1063     }
1064     else
1065     {
1066     STREAM_TO_UINT16(mtu, p_data);
1067 
1068     if (mtu < p_tcb->payload_size && mtu >= GATT_DEF_BLE_MTU_SIZE)
1069         p_tcb->payload_size = mtu;
1070     }
1071 
1072     l2cble_set_fixed_channel_tx_data_length(p_tcb->peer_bda, L2CAP_ATT_CID, p_tcb->payload_size);
1073     gatt_end_operation(p_clcb, status, NULL);
1074 }
1075 /*******************************************************************************
1076 **
1077 ** Function         gatt_cmd_to_rsp_code
1078 **
1079 ** Description      The function convert a ATT command op code into the corresponding
1080 **                  response code assume no error occurs.
1081 **
1082 ** Returns          response code.
1083 **
1084 *******************************************************************************/
gatt_cmd_to_rsp_code(UINT8 cmd_code)1085 UINT8 gatt_cmd_to_rsp_code (UINT8 cmd_code)
1086 {
1087     UINT8   rsp_code  = 0;
1088 
1089     if (cmd_code > 1 && cmd_code != GATT_CMD_WRITE)
1090     {
1091         rsp_code = cmd_code + 1;
1092     }
1093     return rsp_code;
1094 }
1095 /*******************************************************************************
1096 **
1097 ** Function         gatt_cl_send_next_cmd_inq
1098 **
1099 ** Description      Find next command in queue and sent to server
1100 **
1101 ** Returns          TRUE if command sent, otherwise FALSE.
1102 **
1103 *******************************************************************************/
gatt_cl_send_next_cmd_inq(tGATT_TCB * p_tcb)1104 BOOLEAN gatt_cl_send_next_cmd_inq(tGATT_TCB *p_tcb)
1105 {
1106     tGATT_CMD_Q  *p_cmd = &p_tcb->cl_cmd_q[p_tcb->pending_cl_req];
1107     BOOLEAN     sent = FALSE;
1108     UINT8       rsp_code;
1109     tGATT_CLCB   *p_clcb = NULL;
1110     tGATT_STATUS att_ret = GATT_SUCCESS;
1111 
1112     while (!sent &&
1113            p_tcb->pending_cl_req != p_tcb->next_slot_inq &&
1114            p_cmd->to_send && p_cmd->p_cmd != NULL)
1115     {
1116         att_ret = attp_send_msg_to_l2cap(p_tcb, p_cmd->p_cmd);
1117 
1118         if (att_ret == GATT_SUCCESS || att_ret == GATT_CONGESTED)
1119         {
1120             sent = TRUE;
1121             p_cmd->to_send = FALSE;
1122             p_cmd->p_cmd = NULL;
1123 
1124             /* dequeue the request if is write command or sign write */
1125             if (p_cmd->op_code != GATT_CMD_WRITE && p_cmd->op_code != GATT_SIGN_CMD_WRITE)
1126             {
1127                 gatt_start_rsp_timer (p_cmd->clcb_idx);
1128             }
1129             else
1130             {
1131                 p_clcb = gatt_cmd_dequeue(p_tcb, &rsp_code);
1132 
1133                 /* if no ack needed, keep sending */
1134                 if (att_ret == GATT_SUCCESS)
1135                     sent = FALSE;
1136 
1137                 p_cmd = &p_tcb->cl_cmd_q[p_tcb->pending_cl_req];
1138                 /* send command complete callback here */
1139                 gatt_end_operation(p_clcb, att_ret, NULL);
1140             }
1141         }
1142         else
1143         {
1144             GATT_TRACE_ERROR("gatt_cl_send_next_cmd_inq: L2CAP sent error");
1145 
1146             memset(p_cmd, 0, sizeof(tGATT_CMD_Q));
1147             p_tcb->pending_cl_req ++;
1148             p_cmd = &p_tcb->cl_cmd_q[p_tcb->pending_cl_req];
1149         }
1150 
1151     }
1152     return sent;
1153 }
1154 
1155 /*******************************************************************************
1156 **
1157 ** Function         gatt_client_handle_server_rsp
1158 **
1159 ** Description      This function is called to handle the server response to
1160 **                  client.
1161 **
1162 **
1163 ** Returns          void
1164 **
1165 *******************************************************************************/
gatt_client_handle_server_rsp(tGATT_TCB * p_tcb,UINT8 op_code,UINT16 len,UINT8 * p_data)1166 void gatt_client_handle_server_rsp (tGATT_TCB *p_tcb, UINT8 op_code,
1167                                     UINT16 len, UINT8 *p_data)
1168 {
1169     tGATT_CLCB   *p_clcb = NULL;
1170     UINT8        rsp_code;
1171 
1172     if (op_code != GATT_HANDLE_VALUE_IND && op_code != GATT_HANDLE_VALUE_NOTIF)
1173     {
1174         p_clcb = gatt_cmd_dequeue(p_tcb, &rsp_code);
1175 
1176         rsp_code = gatt_cmd_to_rsp_code(rsp_code);
1177 
1178         if (p_clcb == NULL || (rsp_code != op_code && op_code != GATT_RSP_ERROR))
1179         {
1180             GATT_TRACE_WARNING ("ATT - Ignore wrong response. Receives (%02x) \
1181                                 Request(%02x) Ignored", op_code, rsp_code);
1182 
1183             return;
1184         }
1185         else
1186         {
1187             alarm_cancel(p_clcb->gatt_rsp_timer_ent);
1188             p_clcb->retry_count = 0;
1189         }
1190     }
1191     /* the size of the message may not be bigger than the local max PDU size*/
1192     /* The message has to be smaller than the agreed MTU, len does not count op_code */
1193     if (len >= p_tcb->payload_size)
1194     {
1195         GATT_TRACE_ERROR("invalid response/indicate pkt size: %d, PDU size: %d", len + 1, p_tcb->payload_size);
1196         if (op_code != GATT_HANDLE_VALUE_NOTIF &&
1197             op_code != GATT_HANDLE_VALUE_IND)
1198             gatt_end_operation(p_clcb, GATT_ERROR, NULL);
1199     }
1200     else
1201     {
1202         switch (op_code)
1203         {
1204             case GATT_RSP_ERROR:
1205                 gatt_process_error_rsp(p_tcb, p_clcb, op_code, len, p_data);
1206                 break;
1207 
1208             case GATT_RSP_MTU:       /* 2 bytes mtu */
1209                 gatt_process_mtu_rsp(p_tcb, p_clcb, len ,p_data);
1210                 break;
1211 
1212             case GATT_RSP_FIND_INFO:
1213                 gatt_process_read_info_rsp(p_tcb, p_clcb, op_code, len, p_data);
1214                 break;
1215 
1216             case GATT_RSP_READ_BY_TYPE:
1217             case GATT_RSP_READ_BY_GRP_TYPE:
1218                 gatt_process_read_by_type_rsp(p_tcb, p_clcb, op_code, len, p_data);
1219                 break;
1220 
1221             case GATT_RSP_READ:
1222             case GATT_RSP_READ_BLOB:
1223             case GATT_RSP_READ_MULTI:
1224                 gatt_process_read_rsp(p_tcb, p_clcb, op_code, len, p_data);
1225                 break;
1226 
1227             case GATT_RSP_FIND_TYPE_VALUE: /* disc service with UUID */
1228                 gatt_process_find_type_value_rsp(p_tcb, p_clcb, len, p_data);
1229                 break;
1230 
1231             case GATT_RSP_WRITE:
1232                 gatt_process_handle_rsp(p_clcb);
1233                 break;
1234 
1235             case GATT_RSP_PREPARE_WRITE:
1236                 gatt_process_prep_write_rsp(p_tcb, p_clcb, op_code, len, p_data);
1237                 break;
1238 
1239             case GATT_RSP_EXEC_WRITE:
1240                 gatt_end_operation(p_clcb, p_clcb->status, NULL);
1241                 break;
1242 
1243             case GATT_HANDLE_VALUE_NOTIF:
1244             case GATT_HANDLE_VALUE_IND:
1245                 gatt_process_notification(p_tcb, op_code, len, p_data);
1246                 break;
1247 
1248             default:
1249                 GATT_TRACE_ERROR("Unknown opcode = %d", op_code);
1250                 break;
1251         }
1252     }
1253 
1254     if (op_code != GATT_HANDLE_VALUE_IND && op_code != GATT_HANDLE_VALUE_NOTIF)
1255     {
1256         gatt_cl_send_next_cmd_inq(p_tcb);
1257     }
1258 
1259     return;
1260 }
1261 
1262 #endif  /* BLE_INCLUDED */
1263