3 * BlueZ - Bluetooth protocol stack for Linux
5 * Copyright (C) 2010 Nokia Corporation
6 * Copyright (C) 2010 Marcel Holtmann <marcel@holtmann.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
35 #include <bluetooth/bluetooth.h>
36 #include <bluetooth/uuid.h>
37 #include <bluetooth/sdp.h>
38 #include <bluetooth/sdp_lib.h>
51 #include "att-database.h"
54 #include "attrib-server.h"
56 static GSList *servers = NULL;
59 struct btd_adapter *adapter;
62 uint32_t gatt_sdp_handle;
63 uint32_t gap_sdp_handle;
67 uint16_t appearance_handle;
78 struct gatt_server *server;
80 struct btd_device *device;
90 static bt_uuid_t prim_uuid = {
92 .value.u16 = GATT_PRIM_SVC_UUID
94 static bt_uuid_t snd_uuid = {
96 .value.u16 = GATT_SND_SVC_UUID
98 static bt_uuid_t ccc_uuid = {
100 .value.u16 = GATT_CLIENT_CHARAC_CFG_UUID
103 static void attrib_free(void *data)
105 struct attribute *a = data;
111 static void channel_free(struct gatt_channel *channel)
114 if (channel->cleanup_id)
115 g_source_remove(channel->cleanup_id);
118 btd_device_unref(channel->device);
120 g_attrib_unref(channel->attrib);
124 static void gatt_server_free(struct gatt_server *server)
126 g_list_free_full(server->database, attrib_free);
128 if (server->l2cap_io != NULL) {
129 g_io_channel_unref(server->l2cap_io);
130 g_io_channel_shutdown(server->l2cap_io, FALSE, NULL);
133 if (server->le_io != NULL) {
134 g_io_channel_unref(server->le_io);
135 g_io_channel_shutdown(server->le_io, FALSE, NULL);
138 g_slist_free_full(server->clients, (GDestroyNotify) channel_free);
140 if (server->gatt_sdp_handle > 0)
141 remove_record_from_server(server->gatt_sdp_handle);
143 if (server->gap_sdp_handle > 0)
144 remove_record_from_server(server->gap_sdp_handle);
146 if (server->adapter != NULL)
147 btd_adapter_unref(server->adapter);
152 static gint adapter_cmp_addr(gconstpointer a, gconstpointer b)
154 const struct gatt_server *server = a;
155 const bdaddr_t *bdaddr = b;
158 adapter_get_address(server->adapter, &src);
160 return bacmp(&src, bdaddr);
163 static gint adapter_cmp(gconstpointer a, gconstpointer b)
165 const struct gatt_server *server = a;
166 const struct btd_adapter *adapter = b;
168 if (server->adapter == adapter)
174 static struct gatt_server *find_gatt_server(const bdaddr_t *bdaddr)
178 l = g_slist_find_custom(servers, bdaddr, adapter_cmp_addr);
182 ba2str(bdaddr, addr);
183 error("No GATT server found in %s", addr);
190 static sdp_record_t *server_record_new(uuid_t *uuid, uint16_t start, uint16_t end)
192 sdp_list_t *svclass_id, *apseq, *proto[2], *root, *aproto;
193 uuid_t root_uuid, proto_uuid, l2cap;
194 sdp_record_t *record;
195 sdp_data_t *psm, *sh, *eh;
196 uint16_t lp = ATT_PSM;
204 record = sdp_record_alloc();
208 sdp_uuid16_create(&root_uuid, PUBLIC_BROWSE_GROUP);
209 root = sdp_list_append(NULL, &root_uuid);
210 sdp_set_browse_groups(record, root);
211 sdp_list_free(root, NULL);
213 svclass_id = sdp_list_append(NULL, uuid);
214 sdp_set_service_classes(record, svclass_id);
215 sdp_list_free(svclass_id, NULL);
217 sdp_uuid16_create(&l2cap, L2CAP_UUID);
218 proto[0] = sdp_list_append(NULL, &l2cap);
219 psm = sdp_data_alloc(SDP_UINT16, &lp);
220 proto[0] = sdp_list_append(proto[0], psm);
221 apseq = sdp_list_append(NULL, proto[0]);
223 sdp_uuid16_create(&proto_uuid, ATT_UUID);
224 proto[1] = sdp_list_append(NULL, &proto_uuid);
225 sh = sdp_data_alloc(SDP_UINT16, &start);
226 proto[1] = sdp_list_append(proto[1], sh);
227 eh = sdp_data_alloc(SDP_UINT16, &end);
228 proto[1] = sdp_list_append(proto[1], eh);
229 apseq = sdp_list_append(apseq, proto[1]);
231 aproto = sdp_list_append(NULL, apseq);
232 sdp_set_access_protos(record, aproto);
237 sdp_list_free(proto[0], NULL);
238 sdp_list_free(proto[1], NULL);
239 sdp_list_free(apseq, NULL);
240 sdp_list_free(aproto, NULL);
245 static int handle_cmp(gconstpointer a, gconstpointer b)
247 const struct attribute *attrib = a;
248 uint16_t handle = GPOINTER_TO_UINT(b);
250 return attrib->handle - handle;
253 static int attribute_cmp(gconstpointer a1, gconstpointer a2)
255 const struct attribute *attrib1 = a1;
256 const struct attribute *attrib2 = a2;
258 return attrib1->handle - attrib2->handle;
261 static struct attribute *find_svc_range(struct gatt_server *server,
262 uint16_t start, uint16_t *end)
264 struct attribute *attrib;
271 l = g_list_find_custom(server->database, GUINT_TO_POINTER(h),
278 if (bt_uuid_cmp(&attrib->uuid, &prim_uuid) != 0 &&
279 bt_uuid_cmp(&attrib->uuid, &snd_uuid) != 0)
284 for (l = l->next; l; l = l->next) {
285 struct attribute *a = l->data;
287 if (bt_uuid_cmp(&a->uuid, &prim_uuid) == 0 ||
288 bt_uuid_cmp(&a->uuid, &snd_uuid) == 0)
297 static uint32_t attrib_create_sdp_new(struct gatt_server *server,
298 uint16_t handle, const char *name)
300 sdp_record_t *record;
303 uuid_t svc, gap_uuid;
306 a = find_svc_range(server, handle, &end);
312 sdp_uuid16_create(&svc, att_get_u16(a->data));
313 else if (a->len == 16)
314 sdp_uuid128_create(&svc, a->data);
318 record = server_record_new(&svc, handle, end);
323 sdp_set_info_attr(record, name, "BlueZ", NULL);
325 sdp_uuid16_create(&gap_uuid, GENERIC_ACCESS_PROFILE_ID);
326 if (sdp_uuid_cmp(&svc, &gap_uuid) == 0) {
327 sdp_set_url_attr(record, "http://www.bluez.org/",
328 "http://www.bluez.org/",
329 "http://www.bluez.org/");
332 adapter_get_address(server->adapter, &addr);
333 if (add_record_to_server(&addr, record) == 0)
334 return record->handle;
336 sdp_record_free(record);
340 static struct attribute *attrib_db_add_new(struct gatt_server *server,
341 uint16_t handle, bt_uuid_t *uuid, int read_reqs,
342 int write_reqs, const uint8_t *value, int len)
347 DBG("handle=0x%04x", handle);
349 if (g_list_find_custom(server->database, GUINT_TO_POINTER(h),
353 a = g_new0(struct attribute, 1);
355 a->data = g_memdup(value, len);
358 a->read_reqs = read_reqs;
359 a->write_reqs = write_reqs;
361 server->database = g_list_insert_sorted(server->database, a,
367 static uint8_t att_check_reqs(struct gatt_channel *channel, uint8_t opcode,
370 /* FIXME: currently, it is assumed an encrypted link is enough for
371 * authentication. This will allow to enable the SMP negotiation once
372 * it is on upstream kernel. High security level should be mapped
373 * to authentication and medium to encryption permission. */
374 if (!channel->encrypted)
375 channel->encrypted = g_attrib_is_encrypted(channel->attrib);
376 if (reqs == ATT_AUTHENTICATION && !channel->encrypted)
377 return ATT_ECODE_AUTHENTICATION;
378 else if (reqs == ATT_AUTHORIZATION)
379 return ATT_ECODE_AUTHORIZATION;
382 case ATT_OP_READ_BY_GROUP_REQ:
383 case ATT_OP_READ_BY_TYPE_REQ:
384 case ATT_OP_READ_REQ:
385 case ATT_OP_READ_BLOB_REQ:
386 case ATT_OP_READ_MULTI_REQ:
387 if (reqs == ATT_NOT_PERMITTED)
388 return ATT_ECODE_READ_NOT_PERM;
390 case ATT_OP_PREP_WRITE_REQ:
391 case ATT_OP_WRITE_REQ:
392 case ATT_OP_WRITE_CMD:
393 if (reqs == ATT_NOT_PERMITTED)
394 return ATT_ECODE_WRITE_NOT_PERM;
401 static uint16_t read_by_group(struct gatt_channel *channel, uint16_t start,
402 uint16_t end, bt_uuid_t *uuid,
403 uint8_t *pdu, int len)
405 struct att_data_list *adl;
407 struct group_elem *cur, *old = NULL;
409 GList *dl, *database;
410 uint16_t length, last_handle, last_size = 0;
414 if (start > end || start == 0x0000)
415 return enc_error_resp(ATT_OP_READ_BY_GROUP_REQ, start,
416 ATT_ECODE_INVALID_HANDLE, pdu, len);
419 * Only <<Primary Service>> and <<Secondary Service>> grouping
420 * types may be used in the Read By Group Type Request.
423 if (bt_uuid_cmp(uuid, &prim_uuid) != 0 &&
424 bt_uuid_cmp(uuid, &snd_uuid) != 0)
425 return enc_error_resp(ATT_OP_READ_BY_GROUP_REQ, 0x0000,
426 ATT_ECODE_UNSUPP_GRP_TYPE, pdu, len);
429 database = channel->server->database;
430 for (dl = database, groups = NULL, cur = NULL; dl; dl = dl->next) {
434 if (a->handle < start)
437 if (a->handle >= end)
440 /* The old group ends when a new one starts */
441 if (old && (bt_uuid_cmp(&a->uuid, &prim_uuid) == 0 ||
442 bt_uuid_cmp(&a->uuid, &snd_uuid) == 0)) {
443 old->end = last_handle;
447 if (bt_uuid_cmp(&a->uuid, uuid) != 0) {
448 /* Still inside a service, update its last handle */
450 last_handle = a->handle;
454 if (last_size && (last_size != a->len))
457 status = att_check_reqs(channel, ATT_OP_READ_BY_GROUP_REQ,
460 if (status == 0x00 && a->read_cb)
461 status = a->read_cb(a, channel->device,
465 g_slist_free_full(groups, g_free);
466 return enc_error_resp(ATT_OP_READ_BY_GROUP_REQ,
467 a->handle, status, pdu, len);
470 cur = g_new0(struct group_elem, 1);
471 cur->handle = a->handle;
475 /* Attribute Grouping Type found */
476 groups = g_slist_append(groups, cur);
480 last_handle = cur->handle;
484 return enc_error_resp(ATT_OP_READ_BY_GROUP_REQ, start,
485 ATT_ECODE_ATTR_NOT_FOUND, pdu, len);
488 cur->end = a->handle;
490 cur->end = last_handle;
492 length = g_slist_length(groups);
494 adl = att_data_list_alloc(length, last_size + 4);
496 for (i = 0, l = groups; l; l = l->next, i++) {
501 value = (void *) adl->data[i];
503 att_put_u16(cur->handle, value);
504 att_put_u16(cur->end, &value[2]);
505 /* Attribute Value */
506 memcpy(&value[4], cur->data, cur->len);
509 length = enc_read_by_grp_resp(adl, pdu, len);
511 att_data_list_free(adl);
512 g_slist_free_full(groups, g_free);
517 static uint16_t read_by_type(struct gatt_channel *channel, uint16_t start,
518 uint16_t end, bt_uuid_t *uuid,
519 uint8_t *pdu, int len)
521 struct att_data_list *adl;
523 GList *dl, *database;
525 uint16_t num, length;
529 if (start > end || start == 0x0000)
530 return enc_error_resp(ATT_OP_READ_BY_TYPE_REQ, start,
531 ATT_ECODE_INVALID_HANDLE, pdu, len);
533 database = channel->server->database;
534 for (dl = database, length = 0, types = NULL; dl; dl = dl->next) {
538 if (a->handle < start)
544 if (bt_uuid_cmp(&a->uuid, uuid) != 0)
547 status = att_check_reqs(channel, ATT_OP_READ_BY_TYPE_REQ,
550 if (status == 0x00 && a->read_cb)
551 status = a->read_cb(a, channel->device,
556 return enc_error_resp(ATT_OP_READ_BY_TYPE_REQ,
557 a->handle, status, pdu, len);
560 /* All elements must have the same length */
563 else if (a->len != length)
566 types = g_slist_append(types, a);
570 return enc_error_resp(ATT_OP_READ_BY_TYPE_REQ, start,
571 ATT_ECODE_ATTR_NOT_FOUND, pdu, len);
573 num = g_slist_length(types);
575 /* Handle length plus attribute value length */
578 adl = att_data_list_alloc(num, length);
580 for (i = 0, l = types; l; i++, l = l->next) {
585 value = (void *) adl->data[i];
587 att_put_u16(a->handle, value);
589 /* Attribute Value */
590 memcpy(&value[2], a->data, a->len);
593 length = enc_read_by_type_resp(adl, pdu, len);
595 att_data_list_free(adl);
601 static int find_info(struct gatt_channel *channel, uint16_t start, uint16_t end,
602 uint8_t *pdu, int len)
605 struct att_data_list *adl;
607 GList *dl, *database;
608 uint8_t format, last_type = BT_UUID_UNSPEC;
609 uint16_t length, num;
612 if (start > end || start == 0x0000)
613 return enc_error_resp(ATT_OP_FIND_INFO_REQ, start,
614 ATT_ECODE_INVALID_HANDLE, pdu, len);
616 database = channel->server->database;
617 for (dl = database, info = NULL, num = 0; dl; dl = dl->next) {
620 if (a->handle < start)
626 if (last_type == BT_UUID_UNSPEC)
627 last_type = a->uuid.type;
629 if (a->uuid.type != last_type)
632 info = g_slist_append(info, a);
635 last_type = a->uuid.type;
639 return enc_error_resp(ATT_OP_FIND_INFO_REQ, start,
640 ATT_ECODE_ATTR_NOT_FOUND, pdu, len);
642 if (last_type == BT_UUID16) {
645 } else if (last_type == BT_UUID128) {
653 adl = att_data_list_alloc(num, length + 2);
655 for (i = 0, l = info; l; i++, l = l->next) {
660 value = (void *) adl->data[i];
662 att_put_u16(a->handle, value);
664 /* Attribute Value */
665 att_put_uuid(a->uuid, &value[2]);
668 length = enc_find_info_resp(format, adl, pdu, len);
670 att_data_list_free(adl);
676 static int find_by_type(struct gatt_channel *channel, uint16_t start,
677 uint16_t end, bt_uuid_t *uuid, const uint8_t *value,
678 int vlen, uint8_t *opdu, int mtu)
681 struct att_range *range;
683 GList *dl, *database;
686 if (start > end || start == 0x0000)
687 return enc_error_resp(ATT_OP_FIND_BY_TYPE_REQ, start,
688 ATT_ECODE_INVALID_HANDLE, opdu, mtu);
690 /* Searching first requested handle number */
691 database = channel->server->database;
692 for (dl = database, matches = NULL, range = NULL; dl; dl = dl->next) {
695 if (a->handle < start)
701 /* Primary service? Attribute value matches? */
702 if ((bt_uuid_cmp(&a->uuid, uuid) == 0) && (a->len == vlen) &&
703 (memcmp(a->data, value, vlen) == 0)) {
705 range = g_new0(struct att_range, 1);
706 range->start = a->handle;
707 /* It is allowed to have end group handle the same as
708 * start handle, for groups with only one attribute. */
709 range->end = a->handle;
711 matches = g_slist_append(matches, range);
713 /* Update the last found handle or reset the pointer
714 * to track that a new group started: Primary or
715 * Secondary service. */
716 if (bt_uuid_cmp(&a->uuid, &prim_uuid) == 0 ||
717 bt_uuid_cmp(&a->uuid, &snd_uuid) == 0)
720 range->end = a->handle;
725 return enc_error_resp(ATT_OP_FIND_BY_TYPE_REQ, start,
726 ATT_ECODE_ATTR_NOT_FOUND, opdu, mtu);
728 len = enc_find_by_type_resp(matches, opdu, mtu);
730 g_slist_free_full(matches, g_free);
735 static uint16_t read_value(struct gatt_channel *channel, uint16_t handle,
736 uint8_t *pdu, int len)
745 l = g_list_find_custom(channel->server->database,
746 GUINT_TO_POINTER(h), handle_cmp);
748 return enc_error_resp(ATT_OP_READ_REQ, handle,
749 ATT_ECODE_INVALID_HANDLE, pdu, len);
753 bdaddr_type = device_get_addr_type(channel->device);
755 if (bt_uuid_cmp(&ccc_uuid, &a->uuid) == 0 &&
756 read_device_ccc(&channel->src, &channel->dst, bdaddr_type,
757 handle, &cccval) == 0) {
760 att_put_u16(cccval, config);
761 return enc_read_resp(config, sizeof(config), pdu, len);
764 status = att_check_reqs(channel, ATT_OP_READ_REQ, a->read_reqs);
766 if (status == 0x00 && a->read_cb)
767 status = a->read_cb(a, channel->device, a->cb_user_data);
770 return enc_error_resp(ATT_OP_READ_REQ, handle, status, pdu,
773 return enc_read_resp(a->data, a->len, pdu, len);
776 static uint16_t read_blob(struct gatt_channel *channel, uint16_t handle,
777 uint16_t offset, uint8_t *pdu, int len)
786 l = g_list_find_custom(channel->server->database,
787 GUINT_TO_POINTER(h), handle_cmp);
789 return enc_error_resp(ATT_OP_READ_BLOB_REQ, handle,
790 ATT_ECODE_INVALID_HANDLE, pdu, len);
794 if (a->len <= offset)
795 return enc_error_resp(ATT_OP_READ_BLOB_REQ, handle,
796 ATT_ECODE_INVALID_OFFSET, pdu, len);
798 bdaddr_type = device_get_addr_type(channel->device);
800 if (bt_uuid_cmp(&ccc_uuid, &a->uuid) == 0 &&
801 read_device_ccc(&channel->src, &channel->dst, bdaddr_type,
802 handle, &cccval) == 0) {
805 att_put_u16(cccval, config);
806 return enc_read_blob_resp(config, sizeof(config), offset,
810 status = att_check_reqs(channel, ATT_OP_READ_BLOB_REQ, a->read_reqs);
812 if (status == 0x00 && a->read_cb)
813 status = a->read_cb(a, channel->device, a->cb_user_data);
816 return enc_error_resp(ATT_OP_READ_BLOB_REQ, handle, status,
819 return enc_read_blob_resp(a->data, a->len, offset, pdu, len);
822 static uint16_t write_value(struct gatt_channel *channel, uint16_t handle,
823 const uint8_t *value, int vlen,
824 uint8_t *pdu, int len)
831 l = g_list_find_custom(channel->server->database,
832 GUINT_TO_POINTER(h), handle_cmp);
834 return enc_error_resp(ATT_OP_WRITE_REQ, handle,
835 ATT_ECODE_INVALID_HANDLE, pdu, len);
839 status = att_check_reqs(channel, ATT_OP_WRITE_REQ, a->write_reqs);
841 return enc_error_resp(ATT_OP_WRITE_REQ, handle, status, pdu,
844 if (bt_uuid_cmp(&ccc_uuid, &a->uuid) != 0) {
846 attrib_db_update(channel->server->adapter, handle, NULL,
850 status = a->write_cb(a, channel->device,
853 return enc_error_resp(ATT_OP_WRITE_REQ, handle,
857 uint16_t cccval = att_get_u16(value);
858 uint8_t bdaddr_type = device_get_addr_type(channel->device);
860 write_device_ccc(&channel->src, &channel->dst, bdaddr_type,
864 return enc_write_resp(pdu, len);
867 static uint16_t mtu_exchange(struct gatt_channel *channel, uint16_t mtu,
868 uint8_t *pdu, int len)
874 if (mtu < ATT_DEFAULT_LE_MTU)
875 return enc_error_resp(ATT_OP_MTU_REQ, 0,
876 ATT_ECODE_REQ_NOT_SUPP, pdu, len);
878 io = g_attrib_get_channel(channel->attrib);
880 bt_io_get(io, BT_IO_L2CAP, &gerr,
881 BT_IO_OPT_IMTU, &imtu,
885 return enc_error_resp(ATT_OP_MTU_REQ, 0,
886 ATT_ECODE_UNLIKELY, pdu, len);
888 channel->mtu = MIN(mtu, imtu);
889 g_attrib_set_mtu(channel->attrib, channel->mtu);
891 return enc_mtu_resp(imtu, pdu, len);
894 static void channel_remove(struct gatt_channel *channel)
896 channel->server->clients = g_slist_remove(channel->server->clients,
898 channel_free(channel);
901 static gboolean channel_watch_cb(GIOChannel *io, GIOCondition cond,
904 channel_remove(user_data);
909 static void channel_handler(const uint8_t *ipdu, uint16_t len,
912 struct gatt_channel *channel = user_data;
913 uint8_t opdu[ATT_MAX_MTU], value[ATT_MAX_MTU];
914 uint16_t length, start, end, mtu, offset;
919 DBG("op 0x%02x", ipdu[0]);
922 case ATT_OP_READ_BY_GROUP_REQ:
923 length = dec_read_by_grp_req(ipdu, len, &start, &end, &uuid);
925 status = ATT_ECODE_INVALID_PDU;
929 length = read_by_group(channel, start, end, &uuid, opdu,
932 case ATT_OP_READ_BY_TYPE_REQ:
933 length = dec_read_by_type_req(ipdu, len, &start, &end, &uuid);
935 status = ATT_ECODE_INVALID_PDU;
939 length = read_by_type(channel, start, end, &uuid, opdu,
942 case ATT_OP_READ_REQ:
943 length = dec_read_req(ipdu, len, &start);
945 status = ATT_ECODE_INVALID_PDU;
949 length = read_value(channel, start, opdu, channel->mtu);
951 case ATT_OP_READ_BLOB_REQ:
952 length = dec_read_blob_req(ipdu, len, &start, &offset);
954 status = ATT_ECODE_INVALID_PDU;
958 length = read_blob(channel, start, offset, opdu, channel->mtu);
962 status = ATT_ECODE_REQ_NOT_SUPP;
966 length = dec_mtu_req(ipdu, len, &mtu);
968 status = ATT_ECODE_INVALID_PDU;
972 length = mtu_exchange(channel, mtu, opdu, channel->mtu);
974 case ATT_OP_FIND_INFO_REQ:
975 length = dec_find_info_req(ipdu, len, &start, &end);
977 status = ATT_ECODE_INVALID_PDU;
981 length = find_info(channel, start, end, opdu, channel->mtu);
983 case ATT_OP_WRITE_REQ:
984 length = dec_write_req(ipdu, len, &start, value, &vlen);
986 status = ATT_ECODE_INVALID_PDU;
990 length = write_value(channel, start, value, vlen, opdu,
993 case ATT_OP_WRITE_CMD:
994 length = dec_write_cmd(ipdu, len, &start, value, &vlen);
996 write_value(channel, start, value, vlen, opdu,
999 case ATT_OP_FIND_BY_TYPE_REQ:
1000 length = dec_find_by_type_req(ipdu, len, &start, &end,
1001 &uuid, value, &vlen);
1003 status = ATT_ECODE_INVALID_PDU;
1007 length = find_by_type(channel, start, end, &uuid, value, vlen,
1008 opdu, channel->mtu);
1010 case ATT_OP_HANDLE_CNF:
1012 case ATT_OP_HANDLE_IND:
1013 case ATT_OP_HANDLE_NOTIFY:
1014 /* The attribute client is already handling these */
1016 case ATT_OP_READ_MULTI_REQ:
1017 case ATT_OP_PREP_WRITE_REQ:
1018 case ATT_OP_EXEC_WRITE_REQ:
1020 DBG("Unsupported request 0x%02x", ipdu[0]);
1021 status = ATT_ECODE_REQ_NOT_SUPP;
1026 status = ATT_ECODE_IO;
1030 length = enc_error_resp(ipdu[0], 0x0000, status, opdu,
1033 g_attrib_send(channel->attrib, 0, opdu[0], opdu, length,
1037 guint attrib_channel_attach(GAttrib *attrib)
1039 struct gatt_server *server;
1040 struct btd_device *device;
1041 struct gatt_channel *channel;
1043 GError *gerr = NULL;
1048 io = g_attrib_get_channel(attrib);
1050 channel = g_new0(struct gatt_channel, 1);
1052 bt_io_get(io, BT_IO_L2CAP, &gerr,
1053 BT_IO_OPT_SOURCE_BDADDR, &channel->src,
1054 BT_IO_OPT_DEST_BDADDR, &channel->dst,
1055 BT_IO_OPT_CID, &cid,
1056 BT_IO_OPT_IMTU, &mtu,
1059 error("bt_io_get: %s", gerr->message);
1065 server = find_gatt_server(&channel->src);
1066 if (server == NULL) {
1069 ba2str(&channel->src, src);
1070 error("No GATT server found in %s", src);
1075 channel->server = server;
1077 ba2str(&channel->dst, addr);
1079 device = adapter_find_device(server->adapter, addr);
1080 if (device == NULL || device_is_bonded(device) == FALSE)
1081 delete_device_ccc(&channel->src, &channel->dst);
1083 if (cid != ATT_CID) {
1084 channel->le = FALSE;
1088 channel->mtu = ATT_DEFAULT_LE_MTU;
1091 channel->attrib = g_attrib_ref(attrib);
1092 channel->id = g_attrib_register(channel->attrib, GATTRIB_ALL_REQS,
1093 channel_handler, channel, NULL);
1095 channel->cleanup_id = g_io_add_watch(io, G_IO_HUP, channel_watch_cb,
1098 channel->device = btd_device_ref(device);
1100 server->clients = g_slist_append(server->clients, channel);
1105 static gint channel_id_cmp(gconstpointer data, gconstpointer user_data)
1107 const struct gatt_channel *channel = data;
1108 guint id = GPOINTER_TO_UINT(user_data);
1110 return channel->id - id;
1113 gboolean attrib_channel_detach(GAttrib *attrib, guint id)
1115 struct gatt_server *server;
1116 struct gatt_channel *channel;
1117 GError *gerr = NULL;
1122 io = g_attrib_get_channel(attrib);
1124 bt_io_get(io, BT_IO_L2CAP, &gerr, BT_IO_OPT_SOURCE_BDADDR, &src,
1128 error("bt_io_get: %s", gerr->message);
1133 server = find_gatt_server(&src);
1137 l = g_slist_find_custom(server->clients, GUINT_TO_POINTER(id),
1144 g_attrib_unregister(channel->attrib, channel->id);
1145 channel_remove(channel);
1150 static void connect_event(GIOChannel *io, GError *gerr, void *user_data)
1155 error("%s", gerr->message);
1159 attrib = g_attrib_new(io);
1160 attrib_channel_attach(attrib);
1161 g_attrib_unref(attrib);
1164 static void confirm_event(GIOChannel *io, void *user_data)
1166 GError *gerr = NULL;
1168 if (bt_io_accept(io, connect_event, user_data, NULL, &gerr) == FALSE) {
1169 error("bt_io_accept: %s", gerr->message);
1171 g_io_channel_unref(io);
1177 static gboolean register_core_services(struct gatt_server *server)
1181 uint16_t appearance = 0x0000;
1183 /* GAP service: primary service definition */
1184 bt_uuid16_create(&uuid, GATT_PRIM_SVC_UUID);
1185 att_put_u16(GENERIC_ACCESS_PROFILE_ID, &atval[0]);
1186 attrib_db_add_new(server, 0x0001, &uuid, ATT_NONE, ATT_NOT_PERMITTED,
1189 /* GAP service: device name characteristic */
1190 server->name_handle = 0x0006;
1191 bt_uuid16_create(&uuid, GATT_CHARAC_UUID);
1192 atval[0] = ATT_CHAR_PROPER_READ;
1193 att_put_u16(server->name_handle, &atval[1]);
1194 att_put_u16(GATT_CHARAC_DEVICE_NAME, &atval[3]);
1195 attrib_db_add_new(server, 0x0004, &uuid, ATT_NONE, ATT_NOT_PERMITTED,
1198 /* GAP service: device name attribute */
1199 bt_uuid16_create(&uuid, GATT_CHARAC_DEVICE_NAME);
1200 attrib_db_add_new(server, server->name_handle, &uuid, ATT_NONE,
1201 ATT_NOT_PERMITTED, NULL, 0);
1203 /* GAP service: device appearance characteristic */
1204 server->appearance_handle = 0x0008;
1205 bt_uuid16_create(&uuid, GATT_CHARAC_UUID);
1206 atval[0] = ATT_CHAR_PROPER_READ;
1207 att_put_u16(server->appearance_handle, &atval[1]);
1208 att_put_u16(GATT_CHARAC_APPEARANCE, &atval[3]);
1209 attrib_db_add_new(server, 0x0007, &uuid, ATT_NONE, ATT_NOT_PERMITTED,
1212 /* GAP service: device appearance attribute */
1213 bt_uuid16_create(&uuid, GATT_CHARAC_APPEARANCE);
1214 att_put_u16(appearance, &atval[0]);
1215 attrib_db_add_new(server, server->appearance_handle, &uuid, ATT_NONE,
1216 ATT_NOT_PERMITTED, atval, 2);
1217 server->gap_sdp_handle = attrib_create_sdp_new(server, 0x0001,
1218 "Generic Access Profile");
1219 if (server->gap_sdp_handle == 0) {
1220 error("Failed to register GAP service record");
1224 /* GATT service: primary service definition */
1225 bt_uuid16_create(&uuid, GATT_PRIM_SVC_UUID);
1226 att_put_u16(GENERIC_ATTRIB_PROFILE_ID, &atval[0]);
1227 attrib_db_add_new(server, 0x0010, &uuid, ATT_NONE, ATT_NOT_PERMITTED,
1230 server->gatt_sdp_handle = attrib_create_sdp_new(server, 0x0010,
1231 "Generic Attribute Profile");
1232 if (server->gatt_sdp_handle == 0) {
1233 error("Failed to register GATT service record");
1240 int btd_adapter_gatt_server_start(struct btd_adapter *adapter)
1242 struct gatt_server *server;
1243 GError *gerr = NULL;
1246 DBG("Start GATT server in hci%d", adapter_get_dev_id(adapter));
1248 server = g_new0(struct gatt_server, 1);
1249 server->adapter = btd_adapter_ref(adapter);
1251 adapter_get_address(server->adapter, &addr);
1254 server->l2cap_io = bt_io_listen(BT_IO_L2CAP, NULL, confirm_event,
1256 BT_IO_OPT_SOURCE_BDADDR, &addr,
1257 BT_IO_OPT_PSM, ATT_PSM,
1258 BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
1261 if (server->l2cap_io == NULL) {
1262 error("%s", gerr->message);
1264 gatt_server_free(server);
1268 if (!register_core_services(server)) {
1269 gatt_server_free(server);
1274 server->le_io = bt_io_listen(BT_IO_L2CAP, NULL, confirm_event,
1275 &server->le_io, NULL, &gerr,
1276 BT_IO_OPT_SOURCE_BDADDR, &addr,
1277 BT_IO_OPT_CID, ATT_CID,
1278 BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
1281 if (server->le_io == NULL) {
1282 error("%s", gerr->message);
1284 /* Doesn't have LE support, continue */
1287 servers = g_slist_prepend(servers, server);
1291 void btd_adapter_gatt_server_stop(struct btd_adapter *adapter)
1293 struct gatt_server *server;
1296 l = g_slist_find_custom(servers, adapter, adapter_cmp);
1300 DBG("Stop GATT server in hci%d", adapter_get_dev_id(adapter));
1303 servers = g_slist_remove(servers, server);
1304 gatt_server_free(server);
1307 uint32_t attrib_create_sdp(struct btd_adapter *adapter, uint16_t handle,
1312 l = g_slist_find_custom(servers, adapter, adapter_cmp);
1316 return attrib_create_sdp_new(l->data, handle, name);
1319 void attrib_free_sdp(uint32_t sdp_handle)
1321 remove_record_from_server(sdp_handle);
1324 static uint16_t find_uuid16_avail(struct btd_adapter *adapter, uint16_t nitems)
1326 struct gatt_server *server;
1331 l = g_slist_find_custom(servers, adapter, adapter_cmp);
1336 if (server->database == NULL)
1339 for (dl = server->database, handle = 0x0001; dl; dl = dl->next) {
1340 struct attribute *a = dl->data;
1342 if ((bt_uuid_cmp(&a->uuid, &prim_uuid) == 0 ||
1343 bt_uuid_cmp(&a->uuid, &snd_uuid) == 0) &&
1344 a->handle - handle >= nitems)
1345 /* Note: the range above excludes the current handle */
1348 if (a->len == 16 && (bt_uuid_cmp(&a->uuid, &prim_uuid) == 0 ||
1349 bt_uuid_cmp(&a->uuid, &snd_uuid) == 0)) {
1350 /* 128 bit UUID service definition */
1354 if (a->handle == 0xffff)
1357 handle = a->handle + 1;
1360 if (0xffff - handle + 1 >= nitems)
1366 static uint16_t find_uuid128_avail(struct btd_adapter *adapter, uint16_t nitems)
1368 uint16_t handle = 0, end = 0xffff;
1369 struct gatt_server *server;
1373 l = g_slist_find_custom(servers, adapter, adapter_cmp);
1378 if (server->database == NULL)
1379 return 0xffff - nitems + 1;
1381 for (dl = g_list_last(server->database); dl; dl = dl->prev) {
1382 struct attribute *a = dl->data;
1387 if (bt_uuid_cmp(&a->uuid, &prim_uuid) != 0 &&
1388 bt_uuid_cmp(&a->uuid, &snd_uuid) != 0)
1391 if (end - handle >= nitems)
1392 return end - nitems + 1;
1395 /* 16 bit UUID service definition */
1399 if (a->handle == 0x0001)
1402 end = a->handle - 1;
1406 if (end - 0x0001 >= nitems)
1407 return end - nitems + 1;
1412 uint16_t attrib_db_find_avail(struct btd_adapter *adapter, bt_uuid_t *svc_uuid,
1415 g_assert(nitems > 0);
1417 if (svc_uuid->type == BT_UUID16)
1418 return find_uuid16_avail(adapter, nitems);
1419 else if (svc_uuid->type == BT_UUID128)
1420 return find_uuid128_avail(adapter, nitems);
1422 char uuidstr[MAX_LEN_UUID_STR];
1424 bt_uuid_to_string(svc_uuid, uuidstr, MAX_LEN_UUID_STR);
1425 error("Service uuid: %s is neither a 16-bit nor a 128-bit uuid",
1431 struct attribute *attrib_db_add(struct btd_adapter *adapter, uint16_t handle,
1432 bt_uuid_t *uuid, int read_reqs, int write_reqs,
1433 const uint8_t *value, int len)
1437 l = g_slist_find_custom(servers, adapter, adapter_cmp);
1441 return attrib_db_add_new(l->data, handle, uuid, read_reqs, write_reqs,
1445 int attrib_db_update(struct btd_adapter *adapter, uint16_t handle,
1446 bt_uuid_t *uuid, const uint8_t *value,
1447 int len, struct attribute **attr)
1449 struct gatt_server *server;
1450 struct attribute *a;
1455 l = g_slist_find_custom(servers, adapter, adapter_cmp);
1461 DBG("handle=0x%04x", handle);
1463 dl = g_list_find_custom(server->database, GUINT_TO_POINTER(h),
1470 a->data = g_try_realloc(a->data, len);
1471 if (len && a->data == NULL)
1475 memcpy(a->data, value, len);
1486 int attrib_db_del(struct btd_adapter *adapter, uint16_t handle)
1488 struct gatt_server *server;
1489 struct attribute *a;
1494 l = g_slist_find_custom(servers, adapter, adapter_cmp);
1500 DBG("handle=0x%04x", handle);
1502 dl = g_list_find_custom(server->database, GUINT_TO_POINTER(h),
1508 server->database = g_list_remove(server->database, a);
1515 int attrib_gap_set(struct btd_adapter *adapter, uint16_t uuid,
1516 const uint8_t *value, int len)
1518 struct gatt_server *server;
1522 l = g_slist_find_custom(servers, adapter, adapter_cmp);
1528 /* FIXME: Missing Privacy and Reconnection Address */
1531 case GATT_CHARAC_DEVICE_NAME:
1532 handle = server->name_handle;
1534 case GATT_CHARAC_APPEARANCE:
1535 handle = server->appearance_handle;
1541 return attrib_db_update(adapter, handle, NULL, value, len, NULL);