3 * BlueZ - Bluetooth protocol stack for Linux
5 * Copyright (C) 2014 Google Inc.
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
32 #include "src/shared/io.h"
33 #include "src/shared/queue.h"
34 #include "src/shared/util.h"
35 #include "src/shared/timeout.h"
36 #include "lib/bluetooth.h"
38 #include "src/shared/att.h"
39 #include "src/shared/crypto.h"
41 #define ATT_MIN_PDU_LEN 1 /* At least 1 byte for the opcode. */
42 #define ATT_OP_CMD_MASK 0x40
43 #define ATT_OP_SIGNED_MASK 0x80
44 #define ATT_TIMEOUT_INTERVAL 30000 /* 30000 ms */
46 /* Length of signature in write signed packet */
47 #define BT_ATT_SIGNATURE_LEN 12
56 int io_sec_level; /* Only used for non-L2CAP */
58 struct queue *req_queue; /* Queued ATT protocol requests */
59 struct att_send_op *pending_req;
60 struct queue *ind_queue; /* Queued ATT protocol indications */
61 struct att_send_op *pending_ind;
62 struct queue *write_queue; /* Queue of PDUs ready to send */
65 struct queue *notify_list; /* List of registered callbacks */
66 struct queue *disconn_list; /* List of disconnect handlers */
68 bool in_req; /* There's a pending incoming request */
73 unsigned int next_send_id; /* IDs for "send" ops */
74 unsigned int next_reg_id; /* IDs for registered callbacks */
76 bt_att_timeout_func_t timeout_callback;
77 bt_att_destroy_func_t timeout_destroy;
80 bt_att_debug_func_t debug_callback;
81 bt_att_destroy_func_t debug_destroy;
84 struct bt_crypto *crypto;
86 struct sign_info *local_sign;
87 struct sign_info *remote_sign;
92 bt_att_counter_func_t counter;
106 static const struct {
108 enum att_op_type type;
109 } att_opcode_type_table[] = {
110 { BT_ATT_OP_ERROR_RSP, ATT_OP_TYPE_RSP },
111 { BT_ATT_OP_MTU_REQ, ATT_OP_TYPE_REQ },
112 { BT_ATT_OP_MTU_RSP, ATT_OP_TYPE_RSP },
113 { BT_ATT_OP_FIND_INFO_REQ, ATT_OP_TYPE_REQ },
114 { BT_ATT_OP_FIND_INFO_RSP, ATT_OP_TYPE_RSP },
115 { BT_ATT_OP_FIND_BY_TYPE_REQ, ATT_OP_TYPE_REQ },
116 { BT_ATT_OP_FIND_BY_TYPE_RSP, ATT_OP_TYPE_RSP },
117 { BT_ATT_OP_READ_BY_TYPE_REQ, ATT_OP_TYPE_REQ },
118 { BT_ATT_OP_READ_BY_TYPE_RSP, ATT_OP_TYPE_RSP },
119 { BT_ATT_OP_READ_REQ, ATT_OP_TYPE_REQ },
120 { BT_ATT_OP_READ_RSP, ATT_OP_TYPE_RSP },
121 { BT_ATT_OP_READ_BLOB_REQ, ATT_OP_TYPE_REQ },
122 { BT_ATT_OP_READ_BLOB_RSP, ATT_OP_TYPE_RSP },
123 { BT_ATT_OP_READ_MULT_REQ, ATT_OP_TYPE_REQ },
124 { BT_ATT_OP_READ_MULT_RSP, ATT_OP_TYPE_RSP },
125 { BT_ATT_OP_READ_BY_GRP_TYPE_REQ, ATT_OP_TYPE_REQ },
126 { BT_ATT_OP_READ_BY_GRP_TYPE_RSP, ATT_OP_TYPE_RSP },
127 { BT_ATT_OP_WRITE_REQ, ATT_OP_TYPE_REQ },
128 { BT_ATT_OP_WRITE_RSP, ATT_OP_TYPE_RSP },
129 { BT_ATT_OP_WRITE_CMD, ATT_OP_TYPE_CMD },
130 { BT_ATT_OP_SIGNED_WRITE_CMD, ATT_OP_TYPE_CMD },
131 { BT_ATT_OP_PREP_WRITE_REQ, ATT_OP_TYPE_REQ },
132 { BT_ATT_OP_PREP_WRITE_RSP, ATT_OP_TYPE_RSP },
133 { BT_ATT_OP_EXEC_WRITE_REQ, ATT_OP_TYPE_REQ },
134 { BT_ATT_OP_EXEC_WRITE_RSP, ATT_OP_TYPE_RSP },
135 { BT_ATT_OP_HANDLE_VAL_NOT, ATT_OP_TYPE_NOT },
136 { BT_ATT_OP_HANDLE_VAL_IND, ATT_OP_TYPE_IND },
137 { BT_ATT_OP_HANDLE_VAL_CONF, ATT_OP_TYPE_CONF },
141 static enum att_op_type get_op_type(uint8_t opcode)
145 for (i = 0; att_opcode_type_table[i].opcode; i++) {
146 if (att_opcode_type_table[i].opcode == opcode)
147 return att_opcode_type_table[i].type;
150 return ATT_OP_TYPE_UNKNOWN;
153 static const struct {
156 } att_req_rsp_mapping_table[] = {
157 { BT_ATT_OP_MTU_REQ, BT_ATT_OP_MTU_RSP },
158 { BT_ATT_OP_FIND_INFO_REQ, BT_ATT_OP_FIND_INFO_RSP},
159 { BT_ATT_OP_FIND_BY_TYPE_REQ, BT_ATT_OP_FIND_BY_TYPE_RSP },
160 { BT_ATT_OP_READ_BY_TYPE_REQ, BT_ATT_OP_READ_BY_TYPE_RSP },
161 { BT_ATT_OP_READ_REQ, BT_ATT_OP_READ_RSP },
162 { BT_ATT_OP_READ_BLOB_REQ, BT_ATT_OP_READ_BLOB_RSP },
163 { BT_ATT_OP_READ_MULT_REQ, BT_ATT_OP_READ_MULT_RSP },
164 { BT_ATT_OP_READ_BY_GRP_TYPE_REQ, BT_ATT_OP_READ_BY_GRP_TYPE_RSP },
165 { BT_ATT_OP_WRITE_REQ, BT_ATT_OP_WRITE_RSP },
166 { BT_ATT_OP_PREP_WRITE_REQ, BT_ATT_OP_PREP_WRITE_RSP },
167 { BT_ATT_OP_EXEC_WRITE_REQ, BT_ATT_OP_EXEC_WRITE_RSP },
171 static uint8_t get_req_opcode(uint8_t rsp_opcode)
175 for (i = 0; att_req_rsp_mapping_table[i].rsp_opcode; i++) {
176 if (att_req_rsp_mapping_table[i].rsp_opcode == rsp_opcode)
177 return att_req_rsp_mapping_table[i].req_opcode;
185 unsigned int timeout_id;
186 enum att_op_type type;
190 bt_att_response_func_t callback;
191 bt_att_destroy_func_t destroy;
195 static void destroy_att_send_op(void *data)
197 struct att_send_op *op = data;
200 timeout_remove(op->timeout_id);
203 op->destroy(op->user_data);
209 static void cancel_att_send_op(struct att_send_op *op)
211 #ifdef __TIZEN_PATCH__
213 op->callback(BT_ATT_OP_ERROR_RSP, NULL, 0, op->user_data);
216 op->destroy(op->user_data);
218 op->user_data = NULL;
226 bt_att_notify_func_t callback;
227 bt_att_destroy_func_t destroy;
231 static void destroy_att_notify(void *data)
233 struct att_notify *notify = data;
236 notify->destroy(notify->user_data);
241 static bool match_notify_id(const void *a, const void *b)
243 const struct att_notify *notify = a;
244 unsigned int id = PTR_TO_UINT(b);
246 return notify->id == id;
252 bt_att_disconnect_func_t callback;
253 bt_att_destroy_func_t destroy;
257 static void destroy_att_disconn(void *data)
259 struct att_disconn *disconn = data;
261 if (disconn->destroy)
262 disconn->destroy(disconn->user_data);
267 static bool match_disconn_id(const void *a, const void *b)
269 const struct att_disconn *disconn = a;
270 unsigned int id = PTR_TO_UINT(b);
272 return disconn->id == id;
275 static bool encode_pdu(struct bt_att *att, struct att_send_op *op,
276 const void *pdu, uint16_t length)
278 uint16_t pdu_len = 1;
279 struct sign_info *sign = att->local_sign;
282 if (sign && (op->opcode & ATT_OP_SIGNED_MASK))
283 pdu_len += BT_ATT_SIGNATURE_LEN;
288 if (pdu_len > att->mtu)
292 op->pdu = malloc(op->len);
296 ((uint8_t *) op->pdu)[0] = op->opcode;
298 memcpy(op->pdu + 1, pdu, length);
300 if (!sign || !(op->opcode & ATT_OP_SIGNED_MASK) || !att->crypto)
303 if (!sign->counter(&sign_cnt, sign->user_data))
306 if ((bt_crypto_sign_att(att->crypto, sign->key, op->pdu, 1 + length,
307 sign_cnt, &((uint8_t *) op->pdu)[1 + length])))
310 util_debug(att->debug_callback, att->debug_data,
311 "ATT unable to generate signature");
318 static struct att_send_op *create_att_send_op(struct bt_att *att,
322 bt_att_response_func_t callback,
324 bt_att_destroy_func_t destroy)
326 struct att_send_op *op;
327 enum att_op_type type;
332 type = get_op_type(opcode);
333 if (type == ATT_OP_TYPE_UNKNOWN)
336 /* If the opcode corresponds to an operation type that does not elicit a
337 * response from the remote end, then no callback should have been
338 * provided, since it will never be called.
340 #ifdef __TIZEN_PATCH__
341 if (callback && type != ATT_OP_TYPE_REQ && type != ATT_OP_TYPE_IND
342 && type != ATT_OP_TYPE_CMD)
345 if (callback && type != ATT_OP_TYPE_REQ && type != ATT_OP_TYPE_IND)
349 /* Similarly, if the operation does elicit a response then a callback
352 if (!callback && (type == ATT_OP_TYPE_REQ || type == ATT_OP_TYPE_IND))
355 op = new0(struct att_send_op, 1);
358 op->callback = callback;
359 op->destroy = destroy;
360 op->user_data = user_data;
362 if (!encode_pdu(att, op, pdu, length)) {
370 static struct att_send_op *pick_next_send_op(struct bt_att *att)
372 struct att_send_op *op;
374 /* See if any operations are already in the write queue */
375 op = queue_pop_head(att->write_queue);
379 /* If there is no pending request, pick an operation from the
382 if (!att->pending_req) {
383 op = queue_pop_head(att->req_queue);
388 /* There is either a request pending or no requests queued. If there is
389 * no pending indication, pick an operation from the indication queue.
391 if (!att->pending_ind) {
392 op = queue_pop_head(att->ind_queue);
400 struct timeout_data {
405 static bool timeout_cb(void *user_data)
407 struct timeout_data *timeout = user_data;
408 struct bt_att *att = timeout->att;
409 struct att_send_op *op = NULL;
411 if (att->pending_req && att->pending_req->id == timeout->id) {
412 op = att->pending_req;
413 att->pending_req = NULL;
414 } else if (att->pending_ind && att->pending_ind->id == timeout->id) {
415 op = att->pending_ind;
416 att->pending_ind = NULL;
422 util_debug(att->debug_callback, att->debug_data,
423 "Operation timed out: 0x%02x", op->opcode);
425 if (att->timeout_callback)
426 att->timeout_callback(op->id, op->opcode, att->timeout_data);
429 destroy_att_send_op(op);
432 * Directly terminate the connection as required by the ATT protocol.
433 * This should trigger an io disconnect event which will clean up the
434 * io and notify the upper layer.
436 io_shutdown(att->io);
441 static void write_watch_destroy(void *user_data)
443 struct bt_att *att = user_data;
445 att->writer_active = false;
448 static bool can_write_data(struct io *io, void *user_data)
450 struct bt_att *att = user_data;
451 struct att_send_op *op;
452 struct timeout_data *timeout;
456 op = pick_next_send_op(att);
460 iov.iov_base = op->pdu;
461 iov.iov_len = op->len;
463 ret = io_send(io, &iov, 1);
465 util_debug(att->debug_callback, att->debug_data,
466 "write failed: %s", strerror(-ret));
468 op->callback(BT_ATT_OP_ERROR_RSP, NULL, 0,
471 destroy_att_send_op(op);
475 util_debug(att->debug_callback, att->debug_data,
476 "ATT op 0x%02x", op->opcode);
478 util_hexdump('<', op->pdu, ret, att->debug_callback, att->debug_data);
480 /* Based on the operation type, set either the pending request or the
481 * pending indication. If it came from the write queue, then there is
482 * no need to keep it around.
485 case ATT_OP_TYPE_REQ:
486 att->pending_req = op;
488 case ATT_OP_TYPE_IND:
489 att->pending_ind = op;
491 #ifdef __TIZEN_PATCH__
492 case ATT_OP_TYPE_CMD:
494 op->callback(0, NULL, 0, op->user_data);
495 destroy_att_send_op(op);
498 case ATT_OP_TYPE_RSP:
499 /* Set in_req to false to indicate that no request is pending */
502 /* Fall through to the next case */
503 #ifndef __TIZEN_PATCH__
504 case ATT_OP_TYPE_CMD:
506 case ATT_OP_TYPE_NOT:
507 case ATT_OP_TYPE_CONF:
508 case ATT_OP_TYPE_UNKNOWN:
510 destroy_att_send_op(op);
514 timeout = new0(struct timeout_data, 1);
516 timeout->id = op->id;
517 op->timeout_id = timeout_add(ATT_TIMEOUT_INTERVAL, timeout_cb,
520 /* Return true as there may be more operations ready to write. */
524 static void wakeup_writer(struct bt_att *att)
526 if (att->writer_active)
529 /* Set the write handler only if there is anything that can be sent
532 if (queue_isempty(att->write_queue)) {
533 if ((att->pending_req || queue_isempty(att->req_queue)) &&
534 (att->pending_ind || queue_isempty(att->ind_queue)))
538 if (!io_set_write_handler(att->io, can_write_data, att,
539 write_watch_destroy))
542 att->writer_active = true;
545 static void disconn_handler(void *data, void *user_data)
547 struct att_disconn *disconn = data;
548 int err = PTR_TO_INT(user_data);
550 if (disconn->removed)
553 if (disconn->callback)
554 disconn->callback(err, disconn->user_data);
557 static bool disconnect_cb(struct io *io, void *user_data)
559 struct bt_att *att = user_data;
565 if (getsockopt(att->fd, SOL_SOCKET, SO_ERROR, &err, &len) < 0) {
566 util_debug(att->debug_callback, att->debug_data,
567 "Failed to obtain disconnect error: %s",
572 util_debug(att->debug_callback, att->debug_data,
573 "Physical link disconnected: %s",
579 bt_att_cancel_all(att);
583 queue_foreach(att->disconn_list, disconn_handler, INT_TO_PTR(err));
585 bt_att_unregister_all(att);
591 static bool change_security(struct bt_att *att, uint8_t ecode)
595 security = bt_att_get_security(att);
596 if (security != BT_ATT_SECURITY_AUTO)
599 if (ecode == BT_ATT_ERROR_INSUFFICIENT_ENCRYPTION &&
600 security < BT_ATT_SECURITY_MEDIUM)
601 security = BT_ATT_SECURITY_MEDIUM;
602 else if (ecode == BT_ATT_ERROR_AUTHENTICATION &&
603 security < BT_ATT_SECURITY_HIGH)
604 security = BT_ATT_SECURITY_HIGH;
608 return bt_att_set_security(att, security);
611 static bool handle_error_rsp(struct bt_att *att, uint8_t *pdu,
612 ssize_t pdu_len, uint8_t *opcode)
614 const struct bt_att_pdu_error_rsp *rsp;
615 struct att_send_op *op = att->pending_req;
617 if (pdu_len != sizeof(*rsp)) {
624 *opcode = rsp->opcode;
626 /* Attempt to change security */
627 if (!change_security(att, rsp->ecode))
630 util_debug(att->debug_callback, att->debug_data,
631 "Retrying operation %p", op);
633 att->pending_req = NULL;
635 #ifdef __TIZEN_PATCH__
636 if (op->timeout_id) {
637 timeout_remove(op->timeout_id);
642 /* Push operation back to request queue */
643 return queue_push_head(att->req_queue, op);
646 static void handle_rsp(struct bt_att *att, uint8_t opcode, uint8_t *pdu,
649 struct att_send_op *op = att->pending_req;
652 uint8_t *rsp_pdu = NULL;
653 uint16_t rsp_pdu_len = 0;
656 * If no request is pending, then the response is unexpected. Disconnect
660 util_debug(att->debug_callback, att->debug_data,
661 "Received unexpected ATT response");
662 io_shutdown(att->io);
667 * If the received response doesn't match the pending request, or if
668 * the request is malformed, end the current request with failure.
670 if (opcode == BT_ATT_OP_ERROR_RSP) {
671 /* Return if error response cause a retry */
672 if (handle_error_rsp(att, pdu, pdu_len, &req_opcode)) {
676 } else if (!(req_opcode = get_req_opcode(opcode)))
679 if (req_opcode != op->opcode)
686 rsp_pdu_len = pdu_len;
692 util_debug(att->debug_callback, att->debug_data,
693 "Failed to handle response PDU; opcode: 0x%02x", opcode);
695 rsp_opcode = BT_ATT_OP_ERROR_RSP;
699 op->callback(rsp_opcode, rsp_pdu, rsp_pdu_len, op->user_data);
701 destroy_att_send_op(op);
702 att->pending_req = NULL;
707 static void handle_conf(struct bt_att *att, uint8_t *pdu, ssize_t pdu_len)
709 struct att_send_op *op = att->pending_ind;
712 * Disconnect the bearer if the confirmation is unexpected or the PDU is
715 if (!op || pdu_len) {
716 util_debug(att->debug_callback, att->debug_data,
717 "Received unexpected/invalid ATT confirmation");
718 io_shutdown(att->io);
723 op->callback(BT_ATT_OP_HANDLE_VAL_CONF, NULL, 0, op->user_data);
725 destroy_att_send_op(op);
726 att->pending_ind = NULL;
738 static bool opcode_match(uint8_t opcode, uint8_t test_opcode)
740 enum att_op_type op_type = get_op_type(test_opcode);
742 if (opcode == BT_ATT_ALL_REQUESTS && (op_type == ATT_OP_TYPE_REQ ||
743 op_type == ATT_OP_TYPE_CMD))
746 return opcode == test_opcode;
749 static void respond_not_supported(struct bt_att *att, uint8_t opcode)
751 struct bt_att_pdu_error_rsp pdu;
755 pdu.ecode = BT_ATT_ERROR_REQUEST_NOT_SUPPORTED;
757 bt_att_send(att, BT_ATT_OP_ERROR_RSP, &pdu, sizeof(pdu), NULL, NULL,
761 static bool handle_signed(struct bt_att *att, uint8_t opcode, uint8_t *pdu,
766 struct sign_info *sign;
768 /* Check if there is enough data for a signature */
769 if (pdu_len < 2 + BT_ATT_SIGNATURE_LEN)
772 sign = att->remote_sign;
776 signature = pdu + (pdu_len - BT_ATT_SIGNATURE_LEN);
777 sign_cnt = get_le32(signature);
779 /* Validate counter */
780 if (!sign->counter(&sign_cnt, sign->user_data))
783 /* Generate signature and verify it */
784 if (!bt_crypto_sign_att(att->crypto, sign->key, pdu,
785 pdu_len - BT_ATT_SIGNATURE_LEN, sign_cnt,
792 util_debug(att->debug_callback, att->debug_data,
793 "ATT failed to verify signature: 0x%02x", opcode);
798 static void handle_notify(struct bt_att *att, uint8_t opcode, uint8_t *pdu,
801 const struct queue_entry *entry;
804 if ((opcode & ATT_OP_SIGNED_MASK) && !att->crypto) {
805 if (!handle_signed(att, opcode, pdu, pdu_len))
807 pdu_len -= BT_ATT_SIGNATURE_LEN;
813 entry = queue_get_entries(att->notify_list);
816 struct att_notify *notify = entry->data;
820 if (!opcode_match(notify->opcode, opcode))
825 if (notify->callback)
826 notify->callback(opcode, pdu, pdu_len,
829 /* callback could remove all entries from notify list */
830 if (queue_isempty(att->notify_list))
835 * If this was a request and no handler was registered for it, respond
836 * with "Not Supported"
838 if (!found && get_op_type(opcode) == ATT_OP_TYPE_REQ)
839 respond_not_supported(att, opcode);
844 static bool can_read_data(struct io *io, void *user_data)
846 struct bt_att *att = user_data;
851 bytes_read = read(att->fd, att->buf, att->mtu);
855 util_hexdump('>', att->buf, bytes_read,
856 att->debug_callback, att->debug_data);
858 if (bytes_read < ATT_MIN_PDU_LEN)
866 /* Act on the received PDU based on the opcode type */
867 switch (get_op_type(opcode)) {
868 case ATT_OP_TYPE_RSP:
869 util_debug(att->debug_callback, att->debug_data,
870 "ATT response received: 0x%02x", opcode);
871 handle_rsp(att, opcode, pdu + 1, bytes_read - 1);
873 case ATT_OP_TYPE_CONF:
874 util_debug(att->debug_callback, att->debug_data,
875 "ATT confirmation received: 0x%02x", opcode);
876 handle_conf(att, pdu + 1, bytes_read - 1);
878 case ATT_OP_TYPE_REQ:
880 * If a request is currently pending, then the sequential
881 * protocol was violated. Disconnect the bearer, which will
882 * promptly notify the upper layer via disconnect handlers.
885 util_debug(att->debug_callback, att->debug_data,
886 "Received request while another is "
887 "pending: 0x%02x", opcode);
888 io_shutdown(att->io);
896 /* Fall through to the next case */
897 case ATT_OP_TYPE_CMD:
898 case ATT_OP_TYPE_NOT:
899 case ATT_OP_TYPE_UNKNOWN:
900 case ATT_OP_TYPE_IND:
902 /* For all other opcodes notify the upper layer of the PDU and
903 * let them act on it.
905 util_debug(att->debug_callback, att->debug_data,
906 "ATT PDU received: 0x%02x", opcode);
907 handle_notify(att, opcode, pdu + 1, bytes_read - 1);
916 static bool is_io_l2cap_based(int fd)
924 len = sizeof(domain);
925 err = getsockopt(fd, SOL_SOCKET, SO_DOMAIN, &domain, &len);
929 if (domain != AF_BLUETOOTH)
934 err = getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &proto, &len);
938 return proto == BTPROTO_L2CAP;
941 static void bt_att_free(struct bt_att *att)
943 if (att->pending_req)
944 destroy_att_send_op(att->pending_req);
946 if (att->pending_ind)
947 destroy_att_send_op(att->pending_ind);
950 bt_crypto_unref(att->crypto);
952 queue_destroy(att->req_queue, NULL);
953 queue_destroy(att->ind_queue, NULL);
954 queue_destroy(att->write_queue, NULL);
955 queue_destroy(att->notify_list, NULL);
956 queue_destroy(att->disconn_list, NULL);
958 if (att->timeout_destroy)
959 att->timeout_destroy(att->timeout_data);
961 if (att->debug_destroy)
962 att->debug_destroy(att->debug_data);
964 free(att->local_sign);
965 free(att->remote_sign);
972 struct bt_att *bt_att_new(int fd, bool ext_signed)
979 att = new0(struct bt_att, 1);
981 att->mtu = BT_ATT_DEFAULT_LE_MTU;
982 att->buf = malloc(att->mtu);
986 att->io = io_new(fd);
990 /* crypto is optional, if not available leave it NULL */
992 att->crypto = bt_crypto_new();
994 att->req_queue = queue_new();
995 att->ind_queue = queue_new();
996 att->write_queue = queue_new();
997 att->notify_list = queue_new();
998 att->disconn_list = queue_new();
1000 if (!io_set_read_handler(att->io, can_read_data, att, NULL))
1003 if (!io_set_disconnect_handler(att->io, disconnect_cb, att, NULL))
1006 att->io_on_l2cap = is_io_l2cap_based(att->fd);
1007 if (!att->io_on_l2cap)
1008 att->io_sec_level = BT_SECURITY_LOW;
1010 return bt_att_ref(att);
1018 struct bt_att *bt_att_ref(struct bt_att *att)
1023 __sync_fetch_and_add(&att->ref_count, 1);
1028 void bt_att_unref(struct bt_att *att)
1033 if (__sync_sub_and_fetch(&att->ref_count, 1))
1036 bt_att_unregister_all(att);
1037 bt_att_cancel_all(att);
1042 bool bt_att_set_close_on_unref(struct bt_att *att, bool do_close)
1044 if (!att || !att->io)
1047 return io_set_close_on_destroy(att->io, do_close);
1050 int bt_att_get_fd(struct bt_att *att)
1058 bool bt_att_set_debug(struct bt_att *att, bt_att_debug_func_t callback,
1059 void *user_data, bt_att_destroy_func_t destroy)
1064 if (att->debug_destroy)
1065 att->debug_destroy(att->debug_data);
1067 att->debug_callback = callback;
1068 att->debug_destroy = destroy;
1069 att->debug_data = user_data;
1074 uint16_t bt_att_get_mtu(struct bt_att *att)
1082 bool bt_att_set_mtu(struct bt_att *att, uint16_t mtu)
1089 if (mtu < BT_ATT_DEFAULT_LE_MTU)
1104 bool bt_att_set_timeout_cb(struct bt_att *att, bt_att_timeout_func_t callback,
1106 bt_att_destroy_func_t destroy)
1111 if (att->timeout_destroy)
1112 att->timeout_destroy(att->timeout_data);
1114 att->timeout_callback = callback;
1115 att->timeout_destroy = destroy;
1116 att->timeout_data = user_data;
1121 unsigned int bt_att_register_disconnect(struct bt_att *att,
1122 bt_att_disconnect_func_t callback,
1124 bt_att_destroy_func_t destroy)
1126 struct att_disconn *disconn;
1128 if (!att || !att->io)
1131 disconn = new0(struct att_disconn, 1);
1132 disconn->callback = callback;
1133 disconn->destroy = destroy;
1134 disconn->user_data = user_data;
1136 if (att->next_reg_id < 1)
1137 att->next_reg_id = 1;
1139 disconn->id = att->next_reg_id++;
1141 if (!queue_push_tail(att->disconn_list, disconn)) {
1149 bool bt_att_unregister_disconnect(struct bt_att *att, unsigned int id)
1151 struct att_disconn *disconn;
1156 disconn = queue_remove_if(att->disconn_list, match_disconn_id,
1161 destroy_att_disconn(disconn);
1165 unsigned int bt_att_send(struct bt_att *att, uint8_t opcode,
1166 const void *pdu, uint16_t length,
1167 bt_att_response_func_t callback, void *user_data,
1168 bt_att_destroy_func_t destroy)
1170 struct att_send_op *op;
1173 if (!att || !att->io)
1176 op = create_att_send_op(att, opcode, pdu, length, callback, user_data,
1181 if (att->next_send_id < 1)
1182 att->next_send_id = 1;
1184 op->id = att->next_send_id++;
1186 /* Add the op to the correct queue based on its type */
1188 case ATT_OP_TYPE_REQ:
1189 result = queue_push_tail(att->req_queue, op);
1191 case ATT_OP_TYPE_IND:
1192 result = queue_push_tail(att->ind_queue, op);
1194 case ATT_OP_TYPE_CMD:
1195 case ATT_OP_TYPE_NOT:
1196 case ATT_OP_TYPE_UNKNOWN:
1197 case ATT_OP_TYPE_RSP:
1198 case ATT_OP_TYPE_CONF:
1200 result = queue_push_tail(att->write_queue, op);
1215 static bool match_op_id(const void *a, const void *b)
1217 const struct att_send_op *op = a;
1218 unsigned int id = PTR_TO_UINT(b);
1220 return op->id == id;
1223 bool bt_att_cancel(struct bt_att *att, unsigned int id)
1225 struct att_send_op *op;
1230 if (att->pending_req && att->pending_req->id == id) {
1231 /* Don't cancel the pending request; remove it's handlers */
1232 cancel_att_send_op(att->pending_req);
1236 if (att->pending_ind && att->pending_ind->id == id) {
1237 /* Don't cancel the pending indication; remove it's handlers */
1238 cancel_att_send_op(att->pending_ind);
1242 op = queue_remove_if(att->req_queue, match_op_id, UINT_TO_PTR(id));
1246 op = queue_remove_if(att->ind_queue, match_op_id, UINT_TO_PTR(id));
1250 op = queue_remove_if(att->write_queue, match_op_id, UINT_TO_PTR(id));
1258 destroy_att_send_op(op);
1265 bool bt_att_cancel_all(struct bt_att *att)
1270 queue_remove_all(att->req_queue, NULL, NULL, destroy_att_send_op);
1271 queue_remove_all(att->ind_queue, NULL, NULL, destroy_att_send_op);
1272 queue_remove_all(att->write_queue, NULL, NULL, destroy_att_send_op);
1274 if (att->pending_req)
1275 /* Don't cancel the pending request; remove it's handlers */
1276 cancel_att_send_op(att->pending_req);
1278 if (att->pending_ind)
1279 /* Don't cancel the pending request; remove it's handlers */
1280 cancel_att_send_op(att->pending_ind);
1285 static uint8_t att_ecode_from_error(int err)
1288 * If the error fits in a single byte, treat it as an ATT protocol
1289 * error as is. Since "0" is not a valid ATT protocol error code, we map
1290 * that to UNLIKELY below.
1292 if (err > 0 && err < UINT8_MAX)
1296 * Since we allow UNIX errnos, map them to appropriate ATT protocol
1297 * and "Common Profile and Service" error codes.
1301 return BT_ATT_ERROR_INVALID_HANDLE;
1303 return BT_ATT_ERROR_INSUFFICIENT_RESOURCES;
1305 return BT_ERROR_ALREADY_IN_PROGRESS;
1307 return BT_ERROR_OUT_OF_RANGE;
1310 return BT_ATT_ERROR_UNLIKELY;
1313 unsigned int bt_att_send_error_rsp(struct bt_att *att, uint8_t opcode,
1314 uint16_t handle, int error)
1316 struct bt_att_pdu_error_rsp pdu;
1319 if (!att || !opcode)
1322 ecode = att_ecode_from_error(error);
1324 memset(&pdu, 0, sizeof(pdu));
1326 pdu.opcode = opcode;
1327 put_le16(handle, &pdu.handle);
1330 return bt_att_send(att, BT_ATT_OP_ERROR_RSP, &pdu, sizeof(pdu),
1334 unsigned int bt_att_register(struct bt_att *att, uint8_t opcode,
1335 bt_att_notify_func_t callback,
1337 bt_att_destroy_func_t destroy)
1339 struct att_notify *notify;
1341 if (!att || !callback || !att->io)
1344 notify = new0(struct att_notify, 1);
1345 notify->opcode = opcode;
1346 notify->callback = callback;
1347 notify->destroy = destroy;
1348 notify->user_data = user_data;
1350 if (att->next_reg_id < 1)
1351 att->next_reg_id = 1;
1353 notify->id = att->next_reg_id++;
1355 if (!queue_push_tail(att->notify_list, notify)) {
1363 bool bt_att_unregister(struct bt_att *att, unsigned int id)
1365 struct att_notify *notify;
1370 notify = queue_remove_if(att->notify_list, match_notify_id,
1375 destroy_att_notify(notify);
1379 bool bt_att_unregister_all(struct bt_att *att)
1384 queue_remove_all(att->notify_list, NULL, NULL, destroy_att_notify);
1385 queue_remove_all(att->disconn_list, NULL, NULL, destroy_att_disconn);
1390 int bt_att_get_security(struct bt_att *att)
1392 struct bt_security sec;
1398 if (!att->io_on_l2cap)
1399 return att->io_sec_level;
1401 memset(&sec, 0, sizeof(sec));
1403 if (getsockopt(att->fd, SOL_BLUETOOTH, BT_SECURITY, &sec, &len) < 0)
1409 bool bt_att_set_security(struct bt_att *att, int level)
1411 struct bt_security sec;
1413 if (!att || level < BT_ATT_SECURITY_AUTO ||
1414 level > BT_ATT_SECURITY_HIGH)
1417 if (!att->io_on_l2cap) {
1418 att->io_sec_level = level;
1422 memset(&sec, 0, sizeof(sec));
1425 if (setsockopt(att->fd, SOL_BLUETOOTH, BT_SECURITY, &sec,
1432 static bool sign_set_key(struct sign_info **sign, uint8_t key[16],
1433 bt_att_counter_func_t func, void *user_data)
1436 *sign = new0(struct sign_info, 1);
1438 (*sign)->counter = func;
1439 (*sign)->user_data = user_data;
1440 memcpy((*sign)->key, key, 16);
1445 bool bt_att_set_local_key(struct bt_att *att, uint8_t sign_key[16],
1446 bt_att_counter_func_t func, void *user_data)
1451 return sign_set_key(&att->local_sign, sign_key, func, user_data);
1454 bool bt_att_set_remote_key(struct bt_att *att, uint8_t sign_key[16],
1455 bt_att_counter_func_t func, void *user_data)
1460 return sign_set_key(&att->remote_sign, sign_key, func, user_data);
1463 bool bt_att_has_crypto(struct bt_att *att)
1468 return att->crypto ? true : false;