您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

1558 行
61KB

  1. /* USB EHCI Host for Teensy 3.6
  2. * Copyright 2017 Paul Stoffregen (paul@pjrc.com)
  3. *
  4. * Permission is hereby granted, free of charge, to any person obtaining a
  5. * copy of this software and associated documentation files (the
  6. * "Software"), to deal in the Software without restriction, including
  7. * without limitation the rights to use, copy, modify, merge, publish,
  8. * distribute, sublicense, and/or sell copies of the Software, and to
  9. * permit persons to whom the Software is furnished to do so, subject to
  10. * the following conditions:
  11. *
  12. * The above copyright notice and this permission notice shall be included
  13. * in all copies or substantial portions of the Software.
  14. *
  15. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  16. * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  17. * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
  18. * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
  19. * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
  20. * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
  21. * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  22. *
  23. * information about the BlueTooth HCI comes from logic analyzer captures
  24. * plus... http://affon.narod.ru/BT/bluetooth_app_c10.pdf
  25. */
  26. #include <Arduino.h>
  27. #include "USBHost_t36.h" // Read this header first for key info
  28. #define print USBHost::print_
  29. #define println USBHost::println_//#define DEBUG_BT
  30. #define DEBUG_BT
  31. //#define DEBUG_BT_VERBOSE
  32. #ifndef DEBUG_BT
  33. #undef DEBUG_BT_VERBOSE
  34. void inline DBGPrintf(...) {};
  35. #else
  36. #define DBGPrintf USBHDBGSerial.printf
  37. #endif
  38. #ifndef DEBUG_BT_VERBOSE
  39. void inline VDBGPrintf(...) {};
  40. #else
  41. #define VDBGPrintf USBHDBGSerial.printf
  42. #endif
  43. /************************************************************/
  44. // Define HCI Commands OGF HIgh byte OCF is low byte...
  45. // Actually shifted values...
  46. /************************************************************/
  47. #define HCI_INQUIRY 0x0401
  48. #define HCI_INQUIRY_CANCEL 0x0402
  49. #define HCI_CREATE_CONNECTION 0x0405
  50. #define HCI_OP_ACCEPT_CONN_REQ 0x0409
  51. #define HCI_LINK_KEY_NEG_REPLY 0x040C
  52. #define HCI_PIN_CODE_REPLY 0x040D
  53. #define HCI_AUTH_REQUESTED 0x0411
  54. #define HCI_OP_REMOTE_NAME_REQ 0x0419
  55. #define HCI_OP_REMOTE_NAME_REQ_CANCEL 0x041a
  56. #define HCI_OP_READ_REMOTE_FEATURES 0x041b
  57. #define HCI_OP_READ_REMOTE_VERSION_INFORMATION 0x041D
  58. #define HCI_Write_Default_Link_Policy_Settings 0x080f
  59. #define HCI_Set_Event_Mask 0x0c01
  60. #define HCI_RESET 0x0c03
  61. #define HCI_Set_Event_Filter_Clear 0x0c05
  62. #define HCI_Read_Local_Name 0x0c14
  63. #define HCI_Read_Stored_Link_Key 0x0c0d
  64. #define HCI_DELETE_STORED_LINK_KEY 0x0c12
  65. #define HCI_WRITE_LOCAL_NAME 0x0c13
  66. #define Write_Connection_Accept_Timeout 0x0c16
  67. #define HCI_WRITE_SCAN_ENABLE 0x0c1a
  68. #define HCI_Read_Page_Scan_Activity 0x0c1b
  69. #define HCI_READ_CLASS_OF_DEVICE 0x0c23
  70. #define HCI_WRITE_CLASS_OF_DEV 0x0C24
  71. #define HCI_Read_Voice_Setting 0x0c25
  72. #define HCI_Read_Number_Of_Supported_IAC 0x0c38
  73. #define HCI_Read_Current_IAC_LAP 0x0c39
  74. #define HCI_WRITE_INQUIRY_MODE 0x0c45
  75. #define HCI_Read_Page_Scan_Type 0x0c46
  76. #define HCI_WRITE_EIR 0x0c52
  77. #define HCI_WRITE_SSP_MODE 0x0c56
  78. #define HCI_Read_Inquiry_Response_Transmit_Power_Level 0x0c58
  79. #define HCI_WRITE_LE_HOST_SUPPORTED 0x0c6d
  80. #define HCI_Read_Local_Supported_Features 0x1003
  81. #define HCI_Read_Local_Extended_Features 0x1004
  82. #define HCI_Read_Buffer_Size 0x1005
  83. #define HCI_Read_BD_ADDR 0x1009
  84. #define HCI_Read_Local_Version_Information 0x1001
  85. #define HCI_Read_Local_Supported_Commands 0x1002
  86. #define HCI_LE_SET_EVENT_MASK 0x2001
  87. #define HCI_LE_Read_Buffer_Size 0x2002
  88. #define HCI_LE_Read_Local_supported_Features 0x2003
  89. #define HCI_LE_READ_ADV_TX_POWER 0x2007
  90. #define HCI_LE_SET_ADV_DATA 0x2008
  91. #define HCI_LE_SET_SCAN_RSP_DATA 0x2009
  92. #define HCI_LE_READ_WHITE_LIST_SIZE 0x200f
  93. #define HCI_LE_CLEAR_WHITE_LIST 0x2010
  94. #define HCI_LE_Supported_States 0x201c
  95. /* Bluetooth L2CAP PSM - see http://www.bluetooth.org/Technical/AssignedNumbers/logical_link.htm */
  96. #define HID_CTRL_PSM 0x11 // HID_Control PSM Value
  97. #define HID_INTR_PSM 0x13 // HID_Interrupt PSM Value
  98. // Used For Connection Response
  99. #define PENDING 0x01
  100. #define SUCCESSFUL 0x00
  101. /* L2CAP signaling commands */
  102. #define L2CAP_CMD_COMMAND_REJECT 0x01
  103. #define L2CAP_CMD_CONNECTION_REQUEST 0x02
  104. #define L2CAP_CMD_CONNECTION_RESPONSE 0x03
  105. #define L2CAP_CMD_CONFIG_REQUEST 0x04
  106. #define L2CAP_CMD_CONFIG_RESPONSE 0x05
  107. #define L2CAP_CMD_DISCONNECT_REQUEST 0x06
  108. #define L2CAP_CMD_DISCONNECT_RESPONSE 0x07
  109. #define L2CAP_CMD_INFORMATION_REQUEST 0x0A
  110. #define L2CAP_CMD_INFORMATION_RESPONSE 0x0B
  111. #define HID_THDR_DATA_INPUT 0xa1
  112. // HID stuff
  113. #define HID_BOOT_PROTOCOL 0x00
  114. #define HID_RPT_PROTOCOL 0x01
  115. /* HCI Events */
  116. enum {EV_INQUIRY_COMPLETE= 0x01,EV_INQUIRY_RESULT= 0x02,EV_CONNECT_COMPLETE= 0x03,EV_INCOMING_CONNECT= 0x04,EV_DISCONNECT_COMPLETE= 0x05
  117. ,EV_AUTHENTICATION_COMPLETE= 0x06,EV_REMOTE_NAME_COMPLETE= 0x07,EV_ENCRYPTION_CHANGE= 0x08,EV_CHANGE_CONNECTION_LINK= 0x09,EV_ROLE_CHANGED= 0x12
  118. ,EV_NUM_COMPLETE_PKT= 0x13,EV_PIN_CODE_REQUEST= 0x16,EV_LINK_KEY_REQUEST= 0x17,EV_LINK_KEY_NOTIFICATION= 0x18,EV_DATA_BUFFER_OVERFLOW= 0x1A
  119. ,EV_MAX_SLOTS_CHANGE= 0x1B,EV_READ_REMOTE_VERSION_INFORMATION_COMPLETE= 0x0C,EV_QOS_SETUP_COMPLETE= 0x0D,EV_COMMAND_COMPLETE= 0x0E,EV_COMMAND_STATUS= 0x0F
  120. ,EV_LOOPBACK_COMMAND= 0x19,EV_PAGE_SCAN_REP_MODE= 0x20, EV_INQUIRY_RESULTS_WITH_RSSI=0x22, EV_EXTENDED_INQUIRY_RESULT=0x2F };
  121. // different modes
  122. enum {PC_RESET = 1, PC_WRITE_CLASS_DEVICE, PC_READ_BDADDR, PC_READ_LOCAL_VERSION,
  123. PC_SEND_WRITE_INQUIRE_MODE, PC_SEND_SET_EVENT_MASK, PC_SEND_INQUIRE,
  124. PC_INQUIRE_CANCEL=100, PC_AUTHENTICATION_REQUESTED=110, PC_LINK_KEY_NEGATIVE=120, PC_PIN_CODE_REPLY=130,
  125. PC_WRITE_SCAN_PAGE=200};
  126. //////////////
  127. //////////////
  128. // Setup some states for the TX pipe where we need to chain messages
  129. enum {STATE_TX_SEND_CONNECT_INT=200, STATE_TX_SEND_CONECT_RSP_SUCCESS, STATE_TX_SEND_CONFIG_REQ, STATE_TX_SEND_CONECT_ISR_RSP_SUCCESS, STATE_TX_SEND_CONFIG_ISR_REQ};
  130. // This is a list of all the drivers inherited from the BTHIDInput class.
  131. // Unlike the list of USBDriver (managed in enumeration.cpp), drivers stay
  132. // on this list even when they have claimed a top level collection.
  133. BTHIDInput * BluetoothController::available_bthid_drivers_list = NULL;
  134. void BluetoothController::driver_ready_for_bluetooth(BTHIDInput *driver)
  135. {
  136. driver->next = NULL;
  137. if (available_bthid_drivers_list == NULL) {
  138. available_bthid_drivers_list = driver;
  139. } else {
  140. BTHIDInput *last = available_bthid_drivers_list;
  141. while (last->next) last = last->next;
  142. last->next = driver;
  143. }
  144. }
  145. // When a new top level collection is found, this function asks drivers
  146. // if they wish to claim it. The driver taking ownership of the
  147. // collection is returned, or NULL if no driver wants it.
  148. BTHIDInput * BluetoothController::find_driver(uint32_t device_type, uint8_t *remoteName)
  149. {
  150. USBHDBGSerial.printf("BluetoothController::find_driver");
  151. BTHIDInput *driver = available_bthid_drivers_list;
  152. while (driver) {
  153. USBHDBGSerial.printf(" driver %x\n", (uint32_t)driver);
  154. if (driver->claim_bluetooth(this, device_type, remoteName)) {
  155. USBHDBGSerial.printf(" *** Claimed ***\n");
  156. return driver;
  157. }
  158. driver = driver->next;
  159. }
  160. return NULL;
  161. }
  162. //12 01 00 02 FF 01 01 40 5C 0A E8 21 12 01 01 02 03 01
  163. //VendorID = 0A5C, ProductID = 21E8, Version = 0112
  164. //Class/Subclass/Protocol = 255 / 1 / 1
  165. BluetoothController::product_vendor_mapping_t BluetoothController::pid_vid_mapping[] = {
  166. { 0xA5C, 0x21E8 }};
  167. /************************************************************/
  168. // Initialization and claiming of devices & interfaces
  169. /************************************************************/
  170. void BluetoothController::init()
  171. {
  172. contribute_Pipes(mypipes, sizeof(mypipes)/sizeof(Pipe_t));
  173. contribute_Transfers(mytransfers, sizeof(mytransfers)/sizeof(Transfer_t));
  174. contribute_String_Buffers(mystring_bufs, sizeof(mystring_bufs)/sizeof(strbuf_t));
  175. driver_ready_for_device(this);
  176. }
  177. bool BluetoothController::claim(Device_t *dev, int type, const uint8_t *descriptors, uint32_t len)
  178. {
  179. // only claim at device level
  180. println("BluetoothController claim this=", (uint32_t)this, HEX);
  181. if (type != 0) return false; // claim at the device level
  182. // Lets try to support the main USB Bluetooth class...
  183. // http://www.usb.org/developers/defined_class/#BaseClassE0h
  184. if (dev->bDeviceClass != 0xe0) {
  185. bool special_case_device = false;
  186. for (uint8_t i=0; i < (sizeof(pid_vid_mapping)/sizeof(pid_vid_mapping[0])); i++) {
  187. if ((pid_vid_mapping[i].idVendor == dev->idVendor) && (pid_vid_mapping[i].idProduct == dev->idProduct)) {
  188. special_case_device = true;
  189. break;
  190. }
  191. }
  192. if (!special_case_device) return false;
  193. }
  194. if ((dev->bDeviceSubClass != 1) || (dev->bDeviceProtocol != 1)) return false; // Bluetooth Programming Interface
  195. DBGPrintf("BluetoothController claim this=%x vid:pid=%x:%x\n ", (uint32_t)this, dev->idVendor, dev->idProduct);
  196. if (len > 512) {
  197. DBGPrintf(" Descriptor length %d only showing first 512\n ");
  198. len = 512;
  199. }
  200. for (uint16_t i=0; i < len; i++) {
  201. DBGPrintf("%x ", descriptors[i]);
  202. if ((i & 0x3f) == 0x3f) DBGPrintf("\n ");
  203. }
  204. DBGPrintf("\n ");
  205. // Lets try to process the first Interface and get the end points...
  206. // Some common stuff for both XBoxs
  207. uint32_t count_end_points = descriptors[4];
  208. if (count_end_points < 2) return false;
  209. uint32_t rxep = 0;
  210. uint32_t rx2ep = 0;
  211. uint32_t txep = 0;
  212. uint8_t rx_interval = 0;
  213. uint8_t rx2_interval = 0;
  214. uint8_t tx_interval = 0;
  215. rx_size_ = 0;
  216. rx2_size_ = 0;
  217. tx_size_ = 0;
  218. uint32_t descriptor_index = 9;
  219. while (count_end_points-- /*&& ((rxep == 0) || txep == 0) */) {
  220. if (descriptors[descriptor_index] != 7) return false; // length 7
  221. if (descriptors[descriptor_index+1] != 5) return false; // ep desc
  222. if ((descriptors[descriptor_index+4] <= 64)
  223. && (descriptors[descriptor_index+5] == 0)) {
  224. // have a bulk EP size
  225. if (descriptors[descriptor_index+2] & 0x80 ) {
  226. if (descriptors[descriptor_index+3] == 3) { // Interrupt
  227. rxep = descriptors[descriptor_index+2];
  228. rx_size_ = descriptors[descriptor_index+4];
  229. rx_interval = descriptors[descriptor_index+6];
  230. } else if (descriptors[descriptor_index+3] == 2) { // bulk
  231. rx2ep = descriptors[descriptor_index+2];
  232. rx2_size_ = descriptors[descriptor_index+4];
  233. rx2_interval = descriptors[descriptor_index+6];
  234. }
  235. } else {
  236. txep = descriptors[descriptor_index+2];
  237. tx_size_ = descriptors[descriptor_index+4];
  238. tx_interval = descriptors[descriptor_index+6];
  239. }
  240. }
  241. descriptor_index += 7; // setup to look at next one...
  242. }
  243. if ((rxep == 0) || (txep == 0)) {
  244. USBHDBGSerial.printf("Bluetooth end points not found: %d %d\n", rxep, txep);
  245. return false; // did not find two end points.
  246. }
  247. DBGPrintf(" rxep=%d(%d) txep=%d(%d) rx2ep=%d(%d)\n", rxep&15, rx_size_, txep, tx_size_,
  248. rx2ep&15, rx2_size_);
  249. print("BluetoothController, rxep=", rxep & 15);
  250. print("(", rx_size_);
  251. print("), txep=", txep);
  252. print("(", tx_size_);
  253. println(")");
  254. rxpipe_ = new_Pipe(dev, 3, rxep & 15, 1, rx_size_, rx_interval);
  255. if (!rxpipe_) return false;
  256. txpipe_ = new_Pipe(dev, 3, txep, 0, tx_size_, tx_interval);
  257. if (!txpipe_) {
  258. //free_Pipe(rxpipe_);
  259. return false;
  260. }
  261. rx2pipe_ = new_Pipe(dev, 2, rx2ep & 15, 1, rx2_size_, rx2_interval);
  262. if (!rx2pipe_) {
  263. // Free other pipes...
  264. return false;
  265. }
  266. rxpipe_->callback_function = rx_callback;
  267. queue_Data_Transfer(rxpipe_, rxbuf_, rx_size_, this);
  268. rx2pipe_->callback_function = rx2_callback;
  269. queue_Data_Transfer(rx2pipe_, rx2buf_, rx2_size_, this);
  270. txpipe_->callback_function = tx_callback;
  271. // Send out the reset
  272. device = dev; // yes this is normally done on return from this but should not hurt if we do it here.
  273. sendResetHCI();
  274. pending_control_ = PC_RESET;
  275. pending_control_tx_ = 0; //
  276. return true;
  277. }
  278. void BluetoothController::disconnect()
  279. {
  280. USBHDBGSerial.printf("Bluetooth Disconnect");
  281. if (connections_[current_connection_].device_driver_) {
  282. connections_[current_connection_].device_driver_->release_bluetooth();
  283. connections_[current_connection_].device_driver_->remote_name_[0] = 0;
  284. connections_[current_connection_].device_driver_ = nullptr;
  285. }
  286. connections_[current_connection_].connection_complete_ = false;
  287. }
  288. void BluetoothController::timer_event(USBDriverTimer *whichTimer)
  289. {
  290. }
  291. void BluetoothController::control(const Transfer_t *transfer)
  292. {
  293. println(" control callback (bluetooth) ", pending_control_, HEX);
  294. #ifdef DEBUG_BT_VERBOSE
  295. DBGPrintf(" Control callback (bluetooth): %d : ", pending_control_);
  296. uint8_t *buffer = (uint8_t*)transfer->buffer;
  297. for (uint8_t i=0; i < transfer->length; i++) DBGPrintf("%x ", buffer[i]);
  298. DBGPrintf("\n");
  299. #endif
  300. }
  301. /************************************************************/
  302. // Interrupt-based Data Movement
  303. /************************************************************/
  304. void BluetoothController::rx_callback(const Transfer_t *transfer)
  305. {
  306. if (!transfer->driver) return;
  307. ((BluetoothController *)(transfer->driver))->rx_data(transfer);
  308. }
  309. void BluetoothController::rx2_callback(const Transfer_t *transfer)
  310. {
  311. if (!transfer->driver) return;
  312. ((BluetoothController *)(transfer->driver))->rx2_data(transfer);
  313. }
  314. void BluetoothController::tx_callback(const Transfer_t *transfer)
  315. {
  316. if (!transfer->driver) return;
  317. ((BluetoothController *)(transfer->driver))->tx_data(transfer);
  318. }
  319. void BluetoothController::rx_data(const Transfer_t *transfer)
  320. {
  321. uint32_t len = transfer->length - ((transfer->qtd.token >> 16) & 0x7FFF);
  322. print_hexbytes((uint8_t*)transfer->buffer, len);
  323. DBGPrintf("BT rx_data(%d): ", len);
  324. uint8_t *buffer = (uint8_t*)transfer->buffer;
  325. for (uint8_t i=0; i < len; i++) DBGPrintf("%x ", buffer[i]);
  326. DBGPrintf("\n");
  327. // Note the logical packets returned from the device may be larger
  328. // than can fit in one of our packets, so we will detect this and
  329. // the next read will be continue in or rx_buf_ in the next logical
  330. // location. We will only go into process the next logical state
  331. // when we have the full response read in...
  332. if (rx_packet_data_remaining == 0) { // Previous command was fully handled
  333. rx_packet_data_remaining = rxbuf_[1] + 2; // length of data plus the two bytes at start...
  334. }
  335. // Now see if the data
  336. rx_packet_data_remaining -= len; // remove the length of this packet from length
  337. if (rx_packet_data_remaining == 0) { // read started at beginning of packet so get the total length of packet
  338. switch(rxbuf_[0]) { // Switch on event type
  339. case EV_COMMAND_COMPLETE: //0x0e
  340. handle_hci_command_complete();// Check if command succeeded
  341. break;
  342. case EV_COMMAND_STATUS: //0x0f
  343. handle_hci_command_status();
  344. break;
  345. case EV_INQUIRY_COMPLETE: // 0x01
  346. handle_hci_inquiry_complete();
  347. break;
  348. case EV_INQUIRY_RESULT: // 0x02
  349. handle_hci_inquiry_result(false);
  350. break;
  351. case EV_CONNECT_COMPLETE: // 0x03
  352. handle_hci_connection_complete();
  353. break;
  354. case EV_INCOMING_CONNECT: // 0x04
  355. handle_hci_incoming_connect();
  356. break;
  357. case EV_DISCONNECT_COMPLETE: // 0x05
  358. handle_hci_disconnect_complete();
  359. break;
  360. case EV_AUTHENTICATION_COMPLETE:// 0x06
  361. handle_hci_authentication_complete();
  362. break;
  363. case EV_REMOTE_NAME_COMPLETE: // 0x07
  364. handle_hci_remote_name_complete();
  365. break;
  366. case EV_READ_REMOTE_VERSION_INFORMATION_COMPLETE:
  367. handle_hci_remote_version_information_complete();
  368. break;
  369. case EV_PIN_CODE_REQUEST: // 0x16
  370. handle_hci_pin_code_request();
  371. break;
  372. case EV_LINK_KEY_REQUEST: // 0x17
  373. handle_hci_link_key_request();
  374. break;
  375. case EV_LINK_KEY_NOTIFICATION: // 0x18
  376. handle_hci_link_key_notification();
  377. break;
  378. case EV_INQUIRY_RESULTS_WITH_RSSI:
  379. handle_hci_inquiry_result(true);
  380. break;
  381. case EV_EXTENDED_INQUIRY_RESULT:
  382. handle_hci_extended_inquiry_result();
  383. break;
  384. default:
  385. break;
  386. }
  387. // Start read at start of buffer.
  388. queue_Data_Transfer(rxpipe_, rxbuf_, rx_size_, this);
  389. } else {
  390. // Continue the read - Todo - maybe verify len == rx_size_
  391. queue_Data_Transfer(rxpipe_, buffer + rx_size_, rx_size_, this);
  392. return; // Don't process the message yet as we still have data to receive.
  393. }
  394. }
  395. //===================================================================
  396. // Called when an HCI command completes.
  397. void BluetoothController::handle_hci_command_complete()
  398. {
  399. uint16_t hci_command = rxbuf_[3] + (rxbuf_[4] << 8);
  400. uint8_t buffer_index;
  401. if(!rxbuf_[5]) {
  402. VDBGPrintf(" Command Completed! \n");
  403. } else {
  404. VDBGPrintf(" Command(%x) Completed - Error: %d! \n", hci_command, rxbuf_[5]);
  405. // BUGBUG:: probably need to queue something?
  406. }
  407. switch (hci_command) {
  408. case HCI_OP_REMOTE_NAME_REQ:
  409. break;
  410. case HCI_RESET: //0x0c03
  411. if (!rxbuf_[5]) pending_control_ = PC_WRITE_CLASS_DEVICE;
  412. // If it fails, will retry. maybe should have repeat max...
  413. break;
  414. case HCI_Set_Event_Filter_Clear: //0x0c05
  415. break;
  416. case HCI_Read_Local_Name: //0x0c14
  417. // received name back...
  418. {
  419. //BUGBUG:: probably want to grab string object and copy to
  420. USBHDBGSerial.printf(" Local name: %s\n", &rxbuf_[6]);
  421. /*
  422. uint8_t len = rxbuf_[1]+2; // Length field +2 for total bytes read
  423. for (uint8_t i=6; i < len; i++) {
  424. if (rxbuf_[i] == 0) {
  425. break;
  426. }
  427. USBHDBGSerial.printf("%c", rxbuf_[i]);
  428. }
  429. USBHDBGSerial.printf("\n"); */
  430. }
  431. break;
  432. case Write_Connection_Accept_Timeout: //0x0c16
  433. break;
  434. case HCI_READ_CLASS_OF_DEVICE: // 0x0c23
  435. break;
  436. case HCI_Read_Voice_Setting: //0x0c25
  437. break;
  438. case HCI_Read_Number_Of_Supported_IAC: //0x0c38
  439. break;
  440. case HCI_Read_Current_IAC_LAP: //0x0c39
  441. break;
  442. case HCI_WRITE_INQUIRY_MODE: //0x0c45
  443. break;
  444. case HCI_Read_Inquiry_Response_Transmit_Power_Level: //0x0c58
  445. break;
  446. case HCI_Read_Local_Supported_Features: //0x1003
  447. // Remember the features supported by local...
  448. for (buffer_index = 0; buffer_index < 8; buffer_index++) {
  449. features[buffer_index] = rxbuf_[buffer_index+6];
  450. }
  451. break;
  452. case HCI_Read_Buffer_Size: // 0x1005
  453. break;
  454. case HCI_Read_BD_ADDR: //0x1009
  455. {
  456. for(uint8_t i = 0; i < 6; i++) my_bdaddr_[i] = rxbuf_[6 + i];
  457. DBGPrintf(" BD Addr %x:%x:%x:%x:%x:%x\n", my_bdaddr_[5], my_bdaddr_[4], my_bdaddr_[3], my_bdaddr_[2], my_bdaddr_[1], my_bdaddr_[0]);
  458. }
  459. break;
  460. case HCI_Read_Local_Version_Information: //0x1001
  461. hciVersion = rxbuf_[6]; // Should do error checking above...
  462. DBGPrintf(" Local Version: %x\n", hciVersion);
  463. pending_control_ = (do_pair_device_)? PC_SEND_WRITE_INQUIRE_MODE : PC_WRITE_SCAN_PAGE;
  464. break;
  465. case HCI_Read_Local_Supported_Commands: //0x1002
  466. break;
  467. case HCI_LE_Read_Buffer_Size: //0x2002
  468. break;
  469. case HCI_LE_Read_Local_supported_Features: //0x2003
  470. break;
  471. case HCI_LE_Supported_States: //0x201c
  472. break;
  473. case HCI_Read_Local_Extended_Features: //0x1004
  474. break;
  475. case HCI_Set_Event_Mask: //0x0c01
  476. break;
  477. case HCI_Read_Stored_Link_Key: //0x0c0d
  478. break;
  479. case HCI_Write_Default_Link_Policy_Settings: //0x080f
  480. break;
  481. case HCI_Read_Page_Scan_Activity: //0x0c1b
  482. break;
  483. case HCI_Read_Page_Scan_Type: //0x0c46
  484. break;
  485. case HCI_LE_SET_EVENT_MASK: //0x2001
  486. break;
  487. case HCI_LE_READ_ADV_TX_POWER: //0x2007
  488. break;
  489. case HCI_LE_READ_WHITE_LIST_SIZE: //0x200f
  490. break;
  491. case HCI_LE_CLEAR_WHITE_LIST: //0x2010
  492. break;
  493. case HCI_DELETE_STORED_LINK_KEY: //0x0c12
  494. break;
  495. case HCI_WRITE_LOCAL_NAME: //0x0c13
  496. break;
  497. case HCI_WRITE_SCAN_ENABLE: //0x0c1a
  498. DBGPrintf("Write_Scan_enable Completed\n");
  499. // See if we have driver and a remote
  500. if (connections_[current_connection_].device_driver_ && connections_[current_connection_].connection_complete_) { // We have a driver call their
  501. connections_[current_connection_].device_driver_->connectionComplete();
  502. connections_[current_connection_].connection_complete_ = false; // only call once
  503. }
  504. break;
  505. case HCI_WRITE_SSP_MODE: //0x0c56
  506. break;
  507. case HCI_WRITE_EIR: //0x0c52
  508. break;
  509. case HCI_WRITE_LE_HOST_SUPPORTED: //0x0c6d
  510. break;
  511. case HCI_LE_SET_SCAN_RSP_DATA: //0x2009
  512. break;
  513. }
  514. // And queue up the next command
  515. queue_next_hci_command();
  516. }
  517. void BluetoothController::queue_next_hci_command()
  518. {
  519. // Ok We completed a command now see if we need to queue another command
  520. // Still probably need to reorganize...
  521. switch (pending_control_) {
  522. // Initial setup states.
  523. case PC_RESET:
  524. sendResetHCI();
  525. break;
  526. case PC_WRITE_CLASS_DEVICE:
  527. sendHDCWriteClassOfDev();
  528. pending_control_++;
  529. break;
  530. case PC_READ_BDADDR:
  531. sendHCIReadBDAddr();
  532. pending_control_++;
  533. break;
  534. case PC_READ_LOCAL_VERSION:
  535. sendHCIReadLocalVersionInfo();
  536. //pending_control_++;
  537. break;
  538. // These are used when we are pairing.
  539. case PC_SEND_WRITE_INQUIRE_MODE:
  540. sendHCIHCIWriteInquiryMode(2); // lets set into extended inquire mode
  541. pending_control_++;
  542. break;
  543. case PC_SEND_SET_EVENT_MASK:
  544. sendHCISetEventMask(); // Set the event mask to include extend inquire event
  545. pending_control_++;
  546. break;
  547. case PC_SEND_INQUIRE:
  548. sendHCI_INQUIRY();
  549. pending_control_++;
  550. break;
  551. case PC_INQUIRE_CANCEL:
  552. // lets try to create a connection...
  553. sendHCICreateConnection();
  554. pending_control_++;
  555. break;
  556. case PC_AUTHENTICATION_REQUESTED:
  557. break;
  558. case PC_LINK_KEY_NEGATIVE:
  559. break;
  560. case PC_PIN_CODE_REPLY:
  561. break;
  562. // None Pair mode
  563. case PC_WRITE_SCAN_PAGE:
  564. sendHCIWriteScanEnable(2);
  565. pending_control_ = 0; //
  566. break;
  567. default:
  568. break;
  569. }
  570. }
  571. void BluetoothController::handle_hci_command_status()
  572. {
  573. // <event type><param count><status><num packets allowed to be sent><CMD><CMD>
  574. uint16_t hci_command = rxbuf_[4] + (rxbuf_[5] << 8);
  575. if (rxbuf_[2]) {
  576. #ifdef DEBUG_BT
  577. DBGPrintf(" Command %x Status %x - ", hci_command, rxbuf_[2]);
  578. switch (rxbuf_[2]) {
  579. case 0x01: DBGPrintf("Unknown HCI Command\n"); break;
  580. case 0x02: DBGPrintf("Unknown Connection Identifier\n"); break;
  581. case 0x03: DBGPrintf("Hardware Failure\n"); break;
  582. case 0x04: DBGPrintf("Page Timeout\n"); break;
  583. case 0x05: DBGPrintf("Authentication Failure\n"); break;
  584. case 0x06: DBGPrintf("PIN or Key Missing\n"); break;
  585. case 0x07: DBGPrintf("Memory Capacity Exceeded\n"); break;
  586. case 0x08: DBGPrintf("Connection Timeout\n"); break;
  587. case 0x09: DBGPrintf("Connection Limit Exceeded\n"); break;
  588. case 0x0A: DBGPrintf("Synchronous Connection Limit To A Device Exceeded\n"); break;
  589. case 0x0B: DBGPrintf("Connection Already Exists\n"); break;
  590. case 0x0C: DBGPrintf("Command Disallowed\n"); break;
  591. case 0x0D: DBGPrintf("Connection Rejected due to Limited Resources\n"); break;
  592. case 0x0E: DBGPrintf("Connection Rejected Due To Security Reasons\n"); break;
  593. case 0x0F: DBGPrintf("Connection Rejected due to Unacceptable BD_ADDR\n"); break;
  594. default: DBGPrintf("???\n"); break;
  595. }
  596. #endif
  597. // lets try recovering from some errors...
  598. switch (hci_command) {
  599. case HCI_OP_ACCEPT_CONN_REQ:
  600. // We assume that the connection failed...
  601. DBGPrintf("### Connection Failed ###");
  602. if (count_connections_) count_connections_--;
  603. break;
  604. default:
  605. break;
  606. }
  607. } else {
  608. #ifdef DEBUG_BT
  609. VDBGPrintf(" Command %x Status %x\n", hci_command, rxbuf_[2]);
  610. #endif
  611. }
  612. }
  613. void BluetoothController::handle_hci_inquiry_result(bool fRSSI)
  614. {
  615. // result - versus result with RSSI
  616. // | Diverge here...
  617. // 2 f 1 79 22 23 a c5 cc 1 2 0 40 25 0 3b 2
  618. // 22 f 1 79 22 23 a c5 cc 1 2 40 25 0 3e 31 d2
  619. // Wondered if multiple items if all of the BDADDR are first then next field...
  620. // looks like it is that way...
  621. // Section 7.7.2
  622. if (fRSSI) DBGPrintf(" Inquiry Result with RSSI - Count: %d\n", rxbuf_[2]);
  623. else DBGPrintf(" Inquiry Result - Count: %d\n", rxbuf_[2]);
  624. for (uint8_t i=0; i < rxbuf_[2]; i++) {
  625. uint8_t index_bd = 3 + (i*6);
  626. uint8_t index_ps = 3 + (6*rxbuf_[2]) + i;
  627. uint8_t index_class = 3 + (9*rxbuf_[2]) + i;
  628. uint8_t index_clock_offset = 3 + (12*rxbuf_[2]) + i;
  629. if (fRSSI) {
  630. // Handle the differences in offsets here...
  631. index_class = 3 + (8*rxbuf_[2]) + i;
  632. index_clock_offset = 3 + (11*rxbuf_[2]) + i;
  633. }
  634. uint32_t bluetooth_class = rxbuf_[index_class] + ((uint32_t)rxbuf_[index_class+1] << 8) + ((uint32_t)rxbuf_[index_class+2] << 16);
  635. DBGPrintf(" BD:%x:%x:%x:%x:%x:%x, PS:%d, class: %x\n",
  636. rxbuf_[index_bd],rxbuf_[index_bd+1],rxbuf_[index_bd+2],rxbuf_[index_bd+3],rxbuf_[index_bd+4],rxbuf_[index_bd+5],
  637. rxbuf_[index_ps], bluetooth_class);
  638. // See if we know the class
  639. if (((bluetooth_class & 0xff00) == 0x2500) || ((bluetooth_class & 0xff00) == 0x500)) {
  640. DBGPrintf(" Peripheral device\n");
  641. if (bluetooth_class & 0x80) DBGPrintf(" Mouse\n");
  642. if (bluetooth_class & 0x40) DBGPrintf(" Keyboard\n");
  643. switch(bluetooth_class & 0x3c) {
  644. case 4: DBGPrintf(" Joystick\n"); break;
  645. case 8: DBGPrintf(" Gamepad\n"); break;
  646. case 0xc: DBGPrintf(" Remote Control\n"); break;
  647. }
  648. // BUGBUG, lets hard code to go to new state...
  649. for (uint8_t i = 0; i < 6; i++) connections_[current_connection_].device_bdaddr_[i] = rxbuf_[index_bd+i];
  650. connections_[current_connection_].device_class_ = bluetooth_class;
  651. connections_[current_connection_].device_driver_ = find_driver(connections_[current_connection_].device_class_);
  652. connections_[current_connection_].device_ps_repetion_mode_ = rxbuf_[index_ps]; // mode
  653. connections_[current_connection_].device_clock_offset_[0] = rxbuf_[index_clock_offset];
  654. connections_[current_connection_].device_clock_offset_[1] = rxbuf_[index_clock_offset+1];
  655. // Now we need to bail from inquiry and setup to try to connect...
  656. sendHCIInquiryCancel();
  657. pending_control_ = PC_INQUIRE_CANCEL;
  658. break;
  659. }
  660. }
  661. }
  662. void BluetoothController::handle_hci_extended_inquiry_result()
  663. {
  664. DBGPrintf(" Extended Inquiry Result - Count: %d\n", rxbuf_[2]);
  665. // Should always be only one result here.
  666. uint8_t index_bd = 3;
  667. uint8_t index_ps = 9;
  668. uint8_t index_class = 11;
  669. uint8_t index_clock_offset = 14;
  670. //uint8_t index_rssi = 16;
  671. uint8_t index_eir_data = 17;
  672. uint8_t index_local_name = 0;
  673. uint8_t size_local_name = 0;
  674. uint32_t bluetooth_class = rxbuf_[index_class] + ((uint32_t)rxbuf_[index_class+1] << 8) + ((uint32_t)rxbuf_[index_class+2] << 16);
  675. DBGPrintf(" BD:%x:%x:%x:%x:%x:%x, PS:%d, class: %x\n",
  676. rxbuf_[index_bd],rxbuf_[index_bd+1],rxbuf_[index_bd+2],rxbuf_[index_bd+3],rxbuf_[index_bd+4],rxbuf_[index_bd+5],
  677. rxbuf_[index_ps], bluetooth_class);
  678. // Lets see if we can find a name
  679. while (index_eir_data < 256) {
  680. if (rxbuf_[index_eir_data] == 0) break; // no more data
  681. switch (rxbuf_[index_eir_data+1]) {
  682. case 0x08: // Shortened local name
  683. case 0x09: // complete local name
  684. index_local_name = index_eir_data+2;
  685. size_local_name = rxbuf_[index_eir_data]-1;
  686. break;
  687. }
  688. index_eir_data += rxbuf_[index_eir_data] + 1; // point to the next item
  689. }
  690. if (index_local_name && size_local_name) {
  691. // Hack lets null teminate the string
  692. rxbuf_[index_local_name+size_local_name] = 0;
  693. DBGPrintf(" Local Name: %s\n", &rxbuf_[index_local_name]);
  694. }
  695. // See if we know the class
  696. if (((bluetooth_class & 0xff00) == 0x2500) || ((bluetooth_class & 0xff00) == 0x500)) {
  697. DBGPrintf(" Peripheral device\n");
  698. if (bluetooth_class & 0x80) DBGPrintf(" Mouse\n");
  699. if (bluetooth_class & 0x40) DBGPrintf(" Keyboard\n");
  700. switch(bluetooth_class & 0x3c) {
  701. case 4: DBGPrintf(" Joystick\n"); break;
  702. case 8: DBGPrintf(" Gamepad\n"); break;
  703. case 0xc: DBGPrintf(" Remote Control\n"); break;
  704. }
  705. // BUGBUG, lets hard code to go to new state...
  706. for (uint8_t i = 0; i < 6; i++) connections_[current_connection_].device_bdaddr_[i] = rxbuf_[index_bd+i];
  707. connections_[current_connection_].device_class_ = bluetooth_class;
  708. connections_[current_connection_].device_driver_ = find_driver(connections_[current_connection_].device_class_, index_local_name? &rxbuf_[index_local_name] : nullptr);
  709. connections_[current_connection_].device_ps_repetion_mode_ = rxbuf_[index_ps]; // mode
  710. connections_[current_connection_].device_clock_offset_[0] = rxbuf_[index_clock_offset];
  711. connections_[current_connection_].device_clock_offset_[1] = rxbuf_[index_clock_offset+1];
  712. // and if we found a driver, save away the name
  713. if (connections_[current_connection_].device_driver_ && index_local_name && size_local_name) {
  714. uint8_t buffer_index;
  715. for (buffer_index = 0; size_local_name && (buffer_index < BTHIDInput::REMOTE_NAME_SIZE-1); buffer_index++) {
  716. connections_[current_connection_].device_driver_->remote_name_[buffer_index] = rxbuf_[index_local_name+buffer_index];
  717. size_local_name--;
  718. }
  719. connections_[current_connection_].device_driver_->remote_name_[buffer_index] = 0; // make sure null terminated
  720. }
  721. // Now we need to bail from inquiry and setup to try to connect...
  722. sendHCIInquiryCancel();
  723. pending_control_ = PC_INQUIRE_CANCEL;
  724. }
  725. }
  726. void BluetoothController::handle_hci_inquiry_complete() {
  727. VDBGPrintf(" Inquiry Complete - status: %d\n", rxbuf_[2]);
  728. }
  729. void BluetoothController::handle_hci_connection_complete() {
  730. // 0 1 2 3 4 5 6 7 8 9 10 11 12
  731. // ST CH CH BD BD BD BD BD BD LT EN
  732. // 03 0b 04 00 00 40 25 00 58 4b 00 01 00
  733. connections_[current_connection_].device_connection_handle_ = rxbuf_[3]+ (uint16_t)(rxbuf_[4]<<8);
  734. DBGPrintf(" Connection Complete - ST:%x LH:%x\n", rxbuf_[2], connections_[current_connection_].device_connection_handle_);
  735. if (do_pair_device_ && !(connections_[current_connection_].device_driver_ && (connections_[current_connection_].device_driver_->special_process_required & BTHIDInput::SP_DONT_NEED_CONNECT))) {
  736. sendHCIAuthenticationRequested();
  737. pending_control_ = PC_AUTHENTICATION_REQUESTED;
  738. } else if (connections_[current_connection_].device_driver_ && (connections_[current_connection_].device_driver_->special_process_required & BTHIDInput::SP_NEED_CONNECT)) {
  739. DBGPrintf(" Needs connect to device(PS4?)\n");
  740. // The PS4 requires a connection request to it.
  741. delay(1);
  742. sendl2cap_ConnectionRequest(connections_[current_connection_].device_connection_handle_, connections_[current_connection_].connection_rxid_, connections_[current_connection_].control_dcid_, HID_CTRL_PSM);
  743. #if 0
  744. delay(1);
  745. uint8_t packet[2];
  746. memset(packet, 0, sizeof(packet));
  747. packet[0] = 0x43;
  748. packet[1] = 0x02; // Report ID
  749. USBHDBGSerial.printf("SixAxis Command Issued!\r\n");
  750. sendL2CapCommand(packet, sizeof(packet), 0x40);
  751. #endif
  752. }
  753. }
  754. void BluetoothController::handle_hci_incoming_connect() {
  755. // BD BD BD BD BD BD CL CL CL LT
  756. // 0x04 0x0A 0x79 0x22 0x23 0x0A 0xC5 0xCC 0x40 0x05 0x00 0x01
  757. uint32_t class_of_device = rxbuf_[8] + (uint16_t)(rxbuf_[9]<<8) + (uint32_t)(rxbuf_[10]<<16);
  758. DBGPrintf(" Event: Incoming Connect - %x:%x:%x:%x:%x:%x CL:%x LT:%x\n",
  759. rxbuf_[2], rxbuf_[3], rxbuf_[4], rxbuf_[5], rxbuf_[6], rxbuf_[7], class_of_device, rxbuf_[11]);
  760. if (((class_of_device & 0xff00) == 0x2500) || ((class_of_device & 0xff00) == 0x500)) {
  761. DBGPrintf(" Peripheral device\n");
  762. if (class_of_device & 0x80) DBGPrintf(" Mouse\n");
  763. if (class_of_device & 0x40) DBGPrintf(" Keyboard\n");
  764. switch(class_of_device & 0x3c) {
  765. case 4: DBGPrintf(" Joystick\n"); break;
  766. case 8: DBGPrintf(" Gamepad\n"); break;
  767. case 0xc: DBGPrintf(" Remote Control\n"); break;
  768. }
  769. if (count_connections_ < MAX_CONNECTIONS) current_connection_ = count_connections_++;
  770. connections_[current_connection_].device_driver_ = find_driver(class_of_device);
  771. // We need to save away the BDADDR and class link type?
  772. for(uint8_t i=0; i<6; i++) connections_[current_connection_].device_bdaddr_[i] = rxbuf_[i+2];
  773. connections_[current_connection_].device_class_ = class_of_device;
  774. sendHCIRemoteNameRequest();
  775. }
  776. // sendHCIAuthenticationRequested();
  777. // pending_control_ = PC_AUTHENTICATION_REQUESTED;
  778. }
  779. void BluetoothController::handle_hci_pin_code_request() {
  780. // 0x16 0x06 0x79 0x22 0x23 0x0A 0xC5 0xCC
  781. DBGPrintf(" Event: Pin Code Request %x:%x:%x:%x:%x:%x\n",
  782. rxbuf_[2], rxbuf_[3], rxbuf_[4], rxbuf_[5], rxbuf_[6], rxbuf_[7]);
  783. sendHCIPinCodeReply();
  784. pending_control_ = PC_PIN_CODE_REPLY;
  785. }
  786. void BluetoothController::handle_hci_link_key_request() {
  787. // 17 6 79 22 23 a c5 cc
  788. DBGPrintf(" Event: Link Key Request %x:%x:%x:%x:%x:%x\n",
  789. rxbuf_[2], rxbuf_[3], rxbuf_[4], rxbuf_[5], rxbuf_[6], rxbuf_[7]);
  790. // Now here is where we need to decide to say we have key or tell them to
  791. // cancel key... right now hard code to cancel...
  792. sendHCILinkKeyNegativeReply();
  793. pending_control_ = PC_LINK_KEY_NEGATIVE;
  794. }
  795. void BluetoothController::handle_hci_link_key_notification() {
  796. // 0 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 20 1 2 3 4
  797. // 18 17 79 22 23 a c5 cc 5e 98 d4 5e bb 15 66 da 67 fe 4f 87 2b 61 46 b4 0
  798. DBGPrintf(" Event: Link Key Notificaton %x:%x:%x:%x:%x:%x Type:%x\n key:",
  799. rxbuf_[2], rxbuf_[3], rxbuf_[4], rxbuf_[5], rxbuf_[6], rxbuf_[7], rxbuf_[24]);
  800. for (uint8_t i = 8; i < 24; i++) DBGPrintf("%02x ", rxbuf_[i]);
  801. DBGPrintf("\n");
  802. // Now here is where we need to decide to say we have key or tell them to
  803. // cancel key... right now hard code to cancel...
  804. }
  805. void BluetoothController::handle_hci_disconnect_complete()
  806. {
  807. //5 4 0 48 0 13
  808. DBGPrintf(" Event: HCI Disconnect complete(%d): handle: %x, reason:%x\n", rxbuf_[2],
  809. rxbuf_[3]+(rxbuf_[4]<<8), rxbuf_[5]);
  810. if (connections_[current_connection_].device_driver_) {
  811. connections_[current_connection_].device_driver_->release_bluetooth();
  812. connections_[current_connection_].device_driver_->remote_name_[0] = 0;
  813. connections_[current_connection_].device_driver_ = nullptr;
  814. // Restore to normal...
  815. connections_[current_connection_].control_dcid_ = 0x70;
  816. connections_[current_connection_].interrupt_dcid_ = 0x71;
  817. }
  818. // Probably should clear out connection data.
  819. #if 0
  820. connections_[current_connection_].device_connection_handle_ = 0;
  821. connections_[current_connection_].device_class_ = 0;
  822. memset(connections_[current_connection_].device_bdaddr_, 0, sizeof(connections_[current_connection_].device_bdaddr_));
  823. #endif
  824. // Now we need to remove that item from our list of connections.
  825. count_connections_--;
  826. if (count_connections_ == 0) {
  827. // reset the next connection counts back to initial states.
  828. next_dcid_ = 0x70; // Lets try not hard coding control and interrupt dcid
  829. }
  830. for (uint8_t i = current_connection_; i < count_connections_; i++) connections_[i] = connections_[i+1];
  831. current_connection_ = 0;
  832. }
  833. void BluetoothController::handle_hci_authentication_complete()
  834. {
  835. // 6 3 13 48 0
  836. DBGPrintf(" Event: HCI Authentication complete(%d): handle: %x\n", rxbuf_[2],
  837. rxbuf_[3]+(rxbuf_[4]<<8));
  838. // Start up lcap connection...
  839. connections_[current_connection_].connection_rxid_ = 0;
  840. sendl2cap_ConnectionRequest(connections_[current_connection_].device_connection_handle_, connections_[current_connection_].connection_rxid_, connections_[current_connection_].control_dcid_, HID_CTRL_PSM);
  841. }
  842. void BluetoothController::handle_hci_remote_name_complete() {
  843. // STAT bd bd bd bd bd bd
  844. // 0x07 0xFF 0x00 0x79 0x22 0x23 0x0A 0xC5 0xCC 0x42 0x6C 0x75 0x65 0x74 0x6F 0x6F ...
  845. DBGPrintf(" Event: handle_hci_remote_name_complete(%d)\n", rxbuf_[2]);
  846. if (rxbuf_[2] == 0) {
  847. DBGPrintf(" Remote Name: ");
  848. for (uint8_t *psz = &rxbuf_[9]; *psz; psz++) DBGPrintf("%c", *psz);
  849. DBGPrintf("\n");
  850. }
  851. if (connections_[current_connection_].device_driver_) {
  852. if (!connections_[current_connection_].device_driver_->remoteNameComplete(&rxbuf_[9])) {
  853. connections_[current_connection_].device_driver_->release_bluetooth();
  854. connections_[current_connection_].device_driver_ = nullptr;
  855. }
  856. }
  857. if (!connections_[current_connection_].device_driver_) {
  858. connections_[current_connection_].device_driver_ = find_driver(connections_[current_connection_].device_class_, &rxbuf_[9]);
  859. // not sure I should call remote name again, but they already process...
  860. if (connections_[current_connection_].device_driver_) {
  861. connections_[current_connection_].device_driver_->remoteNameComplete(&rxbuf_[9]);
  862. }
  863. }
  864. if (connections_[current_connection_].device_driver_) {
  865. // lets save away the string.
  866. uint8_t buffer_index;
  867. for (buffer_index = 0; buffer_index < BTHIDInput::REMOTE_NAME_SIZE-1; buffer_index++) {
  868. connections_[current_connection_].device_driver_->remote_name_[buffer_index] = rxbuf_[9+buffer_index];
  869. if (!connections_[current_connection_].device_driver_->remote_name_[buffer_index]) break;
  870. }
  871. connections_[current_connection_].device_driver_->remote_name_[buffer_index] = 0; // make sure null terminated
  872. if (connections_[current_connection_].device_driver_->special_process_required & BTHIDInput::SP_PS3_IDS) {
  873. // Real hack see if PS3...
  874. connections_[current_connection_].control_dcid_ = 0x40;
  875. connections_[current_connection_].interrupt_dcid_ = 0x41;
  876. } else {
  877. connections_[current_connection_].control_dcid_ = next_dcid_++;
  878. connections_[current_connection_].interrupt_dcid_ = next_dcid_++;
  879. }
  880. }
  881. // If we are in the connection complete mode, then this is a pairing state and needed to call
  882. // get remote name later.
  883. if (connections_[current_connection_].connection_complete_) {
  884. if (connections_[current_connection_].device_driver_) { // We have a driver call their
  885. connections_[current_connection_].device_driver_->connectionComplete();
  886. connections_[current_connection_].connection_complete_ = false; // only call once
  887. }
  888. } else {
  889. sendHCIAcceptConnectionRequest();
  890. }
  891. }
  892. void BluetoothController::handle_hci_remote_version_information_complete() {
  893. // STAT bd bd bd bd bd bd
  894. //c 8 0 48 0 5 45 0 0 0
  895. connections_[current_connection_].remote_ver_ = rxbuf_[6];
  896. connections_[current_connection_].remote_man_ = rxbuf_[7]+((uint16_t)rxbuf_[8]<< 8);
  897. connections_[current_connection_].remote_subv_ = rxbuf_[9];
  898. DBGPrintf(" Event: handle_hci_remote_version_information_complete(%d): ", rxbuf_[2]);
  899. DBGPrintf(" Handle: %x, Ver:%x, Man: %x, SV: %x\n",
  900. rxbuf_[3]+((uint16_t)rxbuf_[4]<< 8), connections_[current_connection_].remote_ver_, connections_[current_connection_].remote_man_, connections_[current_connection_].remote_subv_);
  901. // Lets now try to accept the connection.
  902. sendHCIAcceptConnectionRequest();
  903. }
  904. void BluetoothController::rx2_data(const Transfer_t *transfer)
  905. {
  906. uint32_t len = transfer->length - ((transfer->qtd.token >> 16) & 0x7FFF);
  907. DBGPrintf("\n=====================\nBT rx2_data(%d): ", len);
  908. uint8_t *buffer = (uint8_t*)transfer->buffer;
  909. for (uint8_t i=0; i < len; i++) DBGPrintf("%x ", buffer[i]);
  910. DBGPrintf("\n");
  911. // call backs. See if this is an L2CAP reply. example
  912. // HCI | l2cap
  913. //48 20 10 0 | c 0 1 0 | 3 0 8 0 44 0 70 0 0 0 0 0
  914. // BUGBUG need to do more verification, like the handle
  915. uint16_t hci_length = buffer[2] + ((uint16_t)buffer[3]<<8);
  916. uint16_t l2cap_length = buffer[4] + ((uint16_t)buffer[5]<<8);
  917. // uint16_t rsp_packet_length = buffer[10] + ((uint16_t)buffer[11]<<8);
  918. if ((hci_length == (l2cap_length + 4)) /*&& (hci_length == (rsp_packet_length+8))*/) {
  919. // All the lengths appear to be correct... need to do more...
  920. // See if we should set the current_connection...
  921. for (uint8_t i = 0; i < count_connections_; i++) {
  922. //if (connections_[i].interrupt_dcid_ == buffer[6]) {
  923. if (connections_[i].device_connection_handle_ == buffer[0]) {
  924. current_connection_ = i;
  925. break;
  926. }
  927. }
  928. switch (buffer[8]) {
  929. case L2CAP_CMD_CONNECTION_REQUEST:
  930. process_l2cap_connection_request(&buffer[8]);
  931. break;
  932. case L2CAP_CMD_CONNECTION_RESPONSE:
  933. process_l2cap_connection_response(&buffer[8]);
  934. break;
  935. case L2CAP_CMD_CONFIG_REQUEST:
  936. process_l2cap_config_request(&buffer[8]);
  937. break;
  938. case L2CAP_CMD_CONFIG_RESPONSE:
  939. process_l2cap_config_response(&buffer[8]);
  940. break;
  941. case HID_THDR_DATA_INPUT:
  942. handleHIDTHDRData(buffer); // Pass the whole buffer...
  943. break;
  944. case L2CAP_CMD_COMMAND_REJECT:
  945. process_l2cap_command_reject(&buffer[8]);
  946. break;
  947. case L2CAP_CMD_DISCONNECT_REQUEST:
  948. process_l2cap_disconnect_request(&buffer[8]);
  949. break;
  950. }
  951. }
  952. // Queue up for next read...
  953. queue_Data_Transfer(rx2pipe_, rx2buf_, rx2_size_, this);
  954. }
  955. void BluetoothController::sendHCICommand(uint16_t hciCommand, uint16_t cParams, const uint8_t* data)
  956. {
  957. txbuf_[0] = hciCommand & 0xff;
  958. txbuf_[1] = (hciCommand >> 8) & 0xff;
  959. txbuf_[2] = cParams;
  960. if (cParams) {
  961. memcpy(&txbuf_[3], data, cParams); // copy in the commands parameters.
  962. }
  963. uint8_t nbytes = cParams+3;
  964. for (uint8_t i=0; i< nbytes; i++) DBGPrintf("%02x ", txbuf_[i]);
  965. DBGPrintf(")\n");
  966. mk_setup(setup, 0x20, 0x0, 0, 0, nbytes);
  967. queue_Control_Transfer(device, &setup, txbuf_, this);
  968. }
  969. //---------------------------------------------
  970. void BluetoothController::sendHCIHCIWriteInquiryMode(uint8_t inquiry_mode) {
  971. // Setup Inquiry mode
  972. DBGPrintf("HCI_WRITE_INQUIRY_MODE called (");
  973. sendHCICommand(HCI_WRITE_INQUIRY_MODE, 1, &inquiry_mode);
  974. }
  975. void BluetoothController::sendHCISetEventMask() {
  976. // Setup Inquiry mode
  977. DBGPrintf("HCI_Set_Event_Mask called (");
  978. static const uint8_t hci_event_mask_data[8] = {
  979. // Default: 0x0000 1FFF FFFF FFFF
  980. 0xff,0xff, 0xff,0xff, 0xff,0x5f, 0x00,0x00}; // default plus extended inquiry mode
  981. sendHCICommand(HCI_Set_Event_Mask, sizeof(hci_event_mask_data), hci_event_mask_data);
  982. }
  983. //---------------------------------------------
  984. void BluetoothController::sendHCI_INQUIRY() {
  985. // Start unlimited inqury, set timeout to max and
  986. DBGPrintf("HCI_INQUIRY called (");
  987. static const uint8_t hci_inquiry_data[ ] = {
  988. 0x33, 0x8B, 0x9E, // Bluetooth assigned number LAP 0x9E8B33 General/unlimited inquiry Access mode
  989. 0x30, 0xa}; // Max inquiry time little over minute and up to 10 responses
  990. sendHCICommand(HCI_INQUIRY, sizeof(hci_inquiry_data), hci_inquiry_data);
  991. }
  992. //---------------------------------------------
  993. void BluetoothController::sendHCIInquiryCancel() {
  994. DBGPrintf("HCI_INQUIRY_CANCEL called (");
  995. sendHCICommand(HCI_INQUIRY_CANCEL, 0, nullptr);
  996. }
  997. //---------------------------------------------
  998. void BluetoothController::sendHCICreateConnection() {
  999. DBGPrintf("HCI_CREATE_CONNECTION called (");
  1000. uint8_t connection_data[13];
  1001. // 0 1 2 3 4 5 6 7 8 9 10 11 12
  1002. // BD BD BD BD BD BD PT PT PRS 0 CS CS ARS
  1003. //0x79 0x22 0x23 0x0A 0xC5 0xCC 0x18 0xCC 0x01 0x00 0x00 0x00 0x00
  1004. //0x05 0x04 0x0D 0x79 0x22 0x23 0x0A 0xC5 0xCC 0x18 0xCC 0x01 0x00 0x00 0x00 0x00
  1005. // 05 04 0d 40 25 00 c4 01 00 18 cc 01 00 00 00 00
  1006. for (uint8_t i=0; i<6; i++) connection_data[i] = connections_[current_connection_].device_bdaddr_[i];
  1007. connection_data[6] = 0x18; //DM1/DH1
  1008. connection_data[7] = 0xcc; //
  1009. connection_data[8] = connections_[current_connection_].device_ps_repetion_mode_; // from device
  1010. connection_data[9] = 0; //
  1011. connection_data[10] = 0; // clock offset
  1012. connection_data[11] = 0; // clock offset
  1013. connection_data[12] = 0; // allow role swith no
  1014. sendHCICommand(HCI_CREATE_CONNECTION, sizeof(connection_data), connection_data);
  1015. }
  1016. //---------------------------------------------
  1017. void BluetoothController::sendHCIAcceptConnectionRequest() {
  1018. DBGPrintf("HCI_OP_ACCEPT_CONN_REQ called (");
  1019. uint8_t connection_data[7];
  1020. // 0 1 2 3 4 5 6 7 8 9 10 11 12
  1021. // BD BD BD BD BD BD role
  1022. //0x79 0x22 0x23 0x0A 0xC5 0xCC 0x00
  1023. for (uint8_t i=0; i<6; i++) connection_data[i] = connections_[current_connection_].device_bdaddr_[i];
  1024. connection_data[6] = 0; // Role as master
  1025. sendHCICommand(HCI_OP_ACCEPT_CONN_REQ, sizeof(connection_data), connection_data);
  1026. }
  1027. //---------------------------------------------
  1028. void BluetoothController::sendHCIAuthenticationRequested() {
  1029. DBGPrintf("HCI_AUTH_REQUESTED called (");
  1030. uint8_t connection_data[2];
  1031. connection_data[0] = connections_[current_connection_].device_connection_handle_ & 0xff;
  1032. connection_data[1] = (connections_[current_connection_].device_connection_handle_>>8) & 0xff;
  1033. sendHCICommand(HCI_AUTH_REQUESTED, sizeof(connection_data), connection_data);
  1034. }
  1035. //---------------------------------------------
  1036. void BluetoothController::sendHCILinkKeyNegativeReply() {
  1037. DBGPrintf("HCI_LINK_KEY_NEG_REPLY called (");
  1038. uint8_t connection_data[6];
  1039. for (uint8_t i=0; i<6; i++) connection_data[i] = connections_[current_connection_].device_bdaddr_[i];
  1040. sendHCICommand(HCI_LINK_KEY_NEG_REPLY, sizeof(connection_data), connection_data);
  1041. }
  1042. //---------------------------------------------
  1043. // BUGBUG:: hard code string for this pass.
  1044. void BluetoothController::sendHCIPinCodeReply() {
  1045. // 0x0D 0x04 0x17 0x79 0x22 0x23 0x0A 0xC5 0xCC 0x04 0x30 0x30 0x30 0x30 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
  1046. DBGPrintf("HCI_PIN_CODE_REPLY called (");
  1047. uint8_t connection_data[23];
  1048. uint8_t i;
  1049. for (i=0; i<6; i++) connection_data[i] = connections_[current_connection_].device_bdaddr_[i];
  1050. for (i=0; pair_pincode_[i] !=0; i++) connection_data[7+i] = pair_pincode_[i];
  1051. connection_data[6] = i; // remember the length
  1052. for (uint8_t i=7+connection_data[6]; i<23; i++) connection_data[i] = 0;
  1053. sendHCICommand(HCI_PIN_CODE_REPLY, sizeof(connection_data), connection_data);
  1054. }
  1055. //---------------------------------------------
  1056. void BluetoothController::sendResetHCI() {
  1057. DBGPrintf("HCI_RESET called (");
  1058. sendHCICommand(HCI_RESET, 0, nullptr);
  1059. }
  1060. void BluetoothController::sendHDCWriteClassOfDev() {
  1061. // 0x24 0x0C 0x03 0x04 0x08 0x00
  1062. const static uint8_t device_class_data[] = {BT_CLASS_DEVICE & 0xff, (BT_CLASS_DEVICE >> 8) & 0xff, (BT_CLASS_DEVICE >> 16) & 0xff};
  1063. DBGPrintf("HCI_WRITE_CLASS_OF_DEV called (");
  1064. sendHCICommand(HCI_WRITE_CLASS_OF_DEV, sizeof(device_class_data), device_class_data);
  1065. }
  1066. void BluetoothController::sendHCIReadBDAddr() {
  1067. DBGPrintf("HCI_Read_BD_ADDR called (");
  1068. sendHCICommand(HCI_Read_BD_ADDR, 0, nullptr);
  1069. }
  1070. void BluetoothController::sendHCIReadLocalVersionInfo() {
  1071. DBGPrintf("HCI_Read_Local_Version_Information called (");
  1072. sendHCICommand(HCI_Read_Local_Version_Information, 0, nullptr);
  1073. }
  1074. void BluetoothController::sendHCIWriteScanEnable(uint8_t scan_op) {// 0x0c1a
  1075. // 0x1A 0x0C 0x01 0x02
  1076. DBGPrintf("HCI_WRITE_SCAN_ENABLE called(");
  1077. sendHCICommand(HCI_WRITE_SCAN_ENABLE, 1, &scan_op);
  1078. }
  1079. void BluetoothController::sendHCIRemoteNameRequest() { // 0x0419
  1080. // BD BD BD BD BD BD PS 0 CLK CLK
  1081. //0x19 0x04 0x0A 0x79 0x22 0x23 0x0A 0xC5 0xCC 0x01 0x00 0x00 0x00
  1082. DBGPrintf("HCI_OP_REMOTE_NAME_REQ called (");
  1083. uint8_t connection_data[10];
  1084. for (uint8_t i=0; i<6; i++) connection_data[i] = connections_[current_connection_].device_bdaddr_[i];
  1085. connection_data[6] = 1; // page scan repeat mode...
  1086. connection_data[7] = 0; // 0
  1087. connection_data[8] = 0; // Clk offset
  1088. connection_data[9] = 0;
  1089. sendHCICommand(HCI_OP_REMOTE_NAME_REQ, sizeof(connection_data), connection_data);
  1090. }
  1091. void BluetoothController::sendHCIRemoteVersionInfoRequest() { // 0x041D
  1092. // BD BD BD BD BD BD PS 0 CLK CLK
  1093. //0x19 0x04 0x0A 0x79 0x22 0x23 0x0A 0xC5 0xCC 0x01 0x00 0x00 0x00
  1094. DBGPrintf("HCI_OP_READ_REMOTE_VERSION_INFORMATION called (");
  1095. uint8_t connection_data[2];
  1096. connection_data[0] = connections_[current_connection_].device_connection_handle_ & 0xff;
  1097. connection_data[1] = (connections_[current_connection_].device_connection_handle_>>8) & 0xff;
  1098. sendHCICommand(HCI_OP_READ_REMOTE_VERSION_INFORMATION, sizeof(connection_data), connection_data);
  1099. }
  1100. // l2cap support functions.
  1101. void BluetoothController::sendl2cap_ConnectionResponse(uint16_t handle, uint8_t rxid, uint16_t dcid, uint16_t scid, uint8_t result) {
  1102. uint8_t l2capbuf[12];
  1103. l2capbuf[0] = L2CAP_CMD_CONNECTION_RESPONSE; // Code
  1104. l2capbuf[1] = rxid; // Identifier
  1105. l2capbuf[2] = 0x08; // Length
  1106. l2capbuf[3] = 0x00;
  1107. l2capbuf[4] = dcid & 0xff; // Destination CID
  1108. l2capbuf[5] = dcid >> 8;
  1109. l2capbuf[6] = scid & 0xff; // Source CID
  1110. l2capbuf[7] = scid >> 8;
  1111. l2capbuf[8] = result; // Result: Pending or Success
  1112. l2capbuf[9] = 0x00;
  1113. l2capbuf[10] = 0x00; // No further information
  1114. l2capbuf[11] = 0x00;
  1115. DBGPrintf("L2CAP_CMD_CONNECTION_RESPONSE called(");
  1116. sendL2CapCommand(handle, l2capbuf, sizeof(l2capbuf));
  1117. }
  1118. void BluetoothController::sendl2cap_ConnectionRequest(uint16_t handle, uint8_t rxid, uint16_t scid, uint16_t psm) {
  1119. uint8_t l2capbuf[8];
  1120. l2capbuf[0] = L2CAP_CMD_CONNECTION_REQUEST; // Code
  1121. l2capbuf[1] = rxid; // Identifier
  1122. l2capbuf[2] = 0x04; // Length
  1123. l2capbuf[3] = 0x00;
  1124. l2capbuf[4] = (uint8_t)(psm & 0xff); // PSM
  1125. l2capbuf[5] = (uint8_t)(psm >> 8);
  1126. l2capbuf[6] = scid & 0xff; // Source CID
  1127. l2capbuf[7] = (scid >> 8) & 0xff;
  1128. DBGPrintf("ConnectionRequest called(");
  1129. sendL2CapCommand(handle, l2capbuf, sizeof(l2capbuf));
  1130. }
  1131. void BluetoothController::sendl2cap_ConfigRequest(uint16_t handle, uint8_t rxid, uint16_t dcid) {
  1132. uint8_t l2capbuf[12];
  1133. l2capbuf[0] = L2CAP_CMD_CONFIG_REQUEST; // Code
  1134. l2capbuf[1] = rxid; // Identifier
  1135. l2capbuf[2] = 0x08; // Length
  1136. l2capbuf[3] = 0x00;
  1137. l2capbuf[4] = dcid & 0xff; // Destination CID
  1138. l2capbuf[5] = (dcid >> 8) & 0xff;
  1139. l2capbuf[6] = 0x00; // Flags
  1140. l2capbuf[7] = 0x00;
  1141. l2capbuf[8] = 0x01; // Config Opt: type = MTU (Maximum Transmission Unit) - Hint
  1142. l2capbuf[9] = 0x02; // Config Opt: length
  1143. l2capbuf[10] = 0xFF; // MTU
  1144. l2capbuf[11] = 0xFF;
  1145. DBGPrintf("L2CAP_ConfigRequest called(");
  1146. sendL2CapCommand(handle, l2capbuf, sizeof(l2capbuf));
  1147. }
  1148. void BluetoothController::sendl2cap_ConfigResponse(uint16_t handle, uint8_t rxid, uint16_t scid) {
  1149. uint8_t l2capbuf[14];
  1150. l2capbuf[0] = L2CAP_CMD_CONFIG_RESPONSE; // Code
  1151. l2capbuf[1] = rxid; // Identifier
  1152. l2capbuf[2] = 0x0A; // Length
  1153. l2capbuf[3] = 0x00;
  1154. l2capbuf[4] = scid & 0xff; // Source CID
  1155. l2capbuf[5] = (scid >> 8) & 0xff;
  1156. l2capbuf[6] = 0x00; // Flag
  1157. l2capbuf[7] = 0x00;
  1158. l2capbuf[8] = 0x00; // Result
  1159. l2capbuf[9] = 0x00;
  1160. l2capbuf[10] = 0x01; // Config
  1161. l2capbuf[11] = 0x02;
  1162. l2capbuf[12] = 0xA0;
  1163. l2capbuf[13] = 0x02;
  1164. DBGPrintf("L2CAP_ConfigResponse called(");
  1165. sendL2CapCommand(handle, l2capbuf, sizeof(l2capbuf));
  1166. }
  1167. //*******************************************************************
  1168. //*******************************************************************
  1169. void BluetoothController::tx_data(const Transfer_t *transfer)
  1170. {
  1171. println(" tx_data(bluetooth) ", pending_control_, HEX);
  1172. #ifdef DEBUG_BT_VERBOSE
  1173. DBGPrintf("tx_data callback (bluetooth): %d : ", pending_control_tx_);
  1174. uint8_t *buffer = (uint8_t*)transfer->buffer;
  1175. for (uint8_t i=0; i < transfer->length; i++) DBGPrintf("%x ", buffer[i]);
  1176. DBGPrintf("\n");
  1177. #endif
  1178. switch (pending_control_tx_) {
  1179. case STATE_TX_SEND_CONNECT_INT:
  1180. delay(1);
  1181. connections_[current_connection_].connection_rxid_++;
  1182. sendl2cap_ConnectionRequest(connections_[current_connection_].device_connection_handle_, connections_[current_connection_].connection_rxid_, connections_[current_connection_].interrupt_dcid_, HID_INTR_PSM);
  1183. pending_control_tx_ = 0;
  1184. break;
  1185. case STATE_TX_SEND_CONECT_RSP_SUCCESS:
  1186. delay(1);
  1187. // Tell the device we are ready
  1188. sendl2cap_ConnectionResponse(connections_[current_connection_].device_connection_handle_, connections_[current_connection_].connection_rxid_++, connections_[current_connection_].control_dcid_, connections_[current_connection_].control_scid_, SUCCESSFUL);
  1189. pending_control_tx_ = STATE_TX_SEND_CONFIG_REQ;
  1190. break;
  1191. case STATE_TX_SEND_CONFIG_REQ:
  1192. delay(1);
  1193. sendl2cap_ConfigRequest(connections_[current_connection_].device_connection_handle_, connections_[current_connection_].connection_rxid_, connections_[current_connection_].control_scid_);
  1194. pending_control_tx_ = 0;
  1195. break;
  1196. case STATE_TX_SEND_CONECT_ISR_RSP_SUCCESS:
  1197. delay(1);
  1198. // Tell the device we are ready
  1199. sendl2cap_ConnectionResponse(connections_[current_connection_].device_connection_handle_, connections_[current_connection_].connection_rxid_++, connections_[current_connection_].interrupt_dcid_, connections_[current_connection_].interrupt_scid_, SUCCESSFUL);
  1200. pending_control_tx_ = STATE_TX_SEND_CONFIG_ISR_REQ;
  1201. break;
  1202. case STATE_TX_SEND_CONFIG_ISR_REQ:
  1203. delay(1);
  1204. sendl2cap_ConfigRequest(connections_[current_connection_].device_connection_handle_, connections_[current_connection_].connection_rxid_, connections_[current_connection_].interrupt_scid_);
  1205. pending_control_tx_ = 0;
  1206. break;
  1207. }
  1208. }
  1209. //*******************************************************************
  1210. //
  1211. // HCI ACL Packets
  1212. // HCI Handle Low, HCI_Handle_High (PB, BC), Total length low, TLH - HCI ACL Data packet
  1213. // length Low, length high, channel id low, channel id high - L2CAP header
  1214. // code, identifier, length, ... - Control-frame
  1215. /************************************************************/
  1216. /* L2CAP Commands */
  1217. // Public wrrapper function
  1218. void BluetoothController::sendL2CapCommand(uint8_t* data, uint8_t nbytes, int channel) {
  1219. uint16_t channel_out;
  1220. switch (channel) {
  1221. case CONTROL_SCID:
  1222. channel_out = connections_[current_connection_].control_scid_;
  1223. break;
  1224. case INTERRUPT_SCID:
  1225. channel_out = connections_[current_connection_].interrupt_scid_;
  1226. break;
  1227. default:
  1228. channel_out = (uint16_t)channel;
  1229. }
  1230. DBGPrintf("sendL2CapCommand: %x %d %x\n", (uint32_t)data, nbytes, channel, channel_out);
  1231. sendL2CapCommand (connections_[current_connection_].device_connection_handle_, data, nbytes, channel_out & 0xff, (channel_out >> 8) & 0xff);
  1232. }
  1233. void BluetoothController::sendL2CapCommand(uint16_t handle, uint8_t* data, uint8_t nbytes, uint8_t channelLow, uint8_t channelHigh)
  1234. {
  1235. txbuf_[0] = handle & 0xff; // HCI handle with PB,BC flag
  1236. txbuf_[1] = (((handle >> 8) & 0x0f) | 0x20);
  1237. txbuf_[2] = (uint8_t)((4 + nbytes) & 0xff); // HCI ACL total data length
  1238. txbuf_[3] = (uint8_t)((4 + nbytes) >> 8);
  1239. txbuf_[4] = (uint8_t)(nbytes & 0xff); // L2CAP header: Length
  1240. txbuf_[5] = (uint8_t)(nbytes >> 8);
  1241. txbuf_[6] = channelLow;
  1242. txbuf_[7] = channelHigh;
  1243. if (nbytes) {
  1244. memcpy(&txbuf_[8], data, nbytes); // copy in the commands parameters.
  1245. }
  1246. nbytes = nbytes+8;
  1247. for (uint8_t i=0; i< nbytes; i++) DBGPrintf("%02x ", txbuf_[i]);
  1248. DBGPrintf(")\n");
  1249. if (!queue_Data_Transfer(txpipe_, txbuf_, nbytes, this)) {
  1250. println("sendL2CapCommand failed");
  1251. }
  1252. }
  1253. void BluetoothController::process_l2cap_connection_request(uint8_t *data) {
  1254. // ID LEN LEN PSM PSM SCID SCID
  1255. // 0x02 0x02 0x04 0x00 0x11 0x00 0x43 0x00
  1256. uint16_t psm = data[4]+((uint16_t)data[5] << 8);
  1257. uint16_t scid = data[6]+((uint16_t)data[7] << 8);
  1258. connections_[current_connection_].connection_rxid_ = data[1];
  1259. DBGPrintf(" L2CAP Connection Request: ID: %d, PSM: %x, SCID: %x\n",connections_[current_connection_].connection_rxid_, psm, scid);
  1260. // Assuming not pair mode Send response like:
  1261. // RXID Len LEN DCID DCID SCID SCID RES 0 0 0
  1262. // 0x03 0x02 0x08 0x00 0x70 0x00 0x43 0x00 0x01 0x00 0x00 0x00
  1263. if (psm == HID_CTRL_PSM) {
  1264. connections_[current_connection_].control_scid_ = scid;
  1265. sendl2cap_ConnectionResponse(connections_[current_connection_].device_connection_handle_, connections_[current_connection_].connection_rxid_, connections_[current_connection_].control_dcid_, connections_[current_connection_].control_scid_, PENDING);
  1266. pending_control_tx_ = STATE_TX_SEND_CONECT_RSP_SUCCESS;
  1267. } else if (psm == HID_INTR_PSM) {
  1268. connections_[current_connection_].interrupt_scid_ = scid;
  1269. sendl2cap_ConnectionResponse(connections_[current_connection_].device_connection_handle_, connections_[current_connection_].connection_rxid_, connections_[current_connection_].interrupt_dcid_, connections_[current_connection_].interrupt_scid_, PENDING);
  1270. pending_control_tx_ = STATE_TX_SEND_CONECT_ISR_RSP_SUCCESS;
  1271. }
  1272. }
  1273. // Process the l2cap_connection_response...
  1274. void BluetoothController::process_l2cap_connection_response(uint8_t *data) {
  1275. uint16_t scid = data[4]+((uint16_t)data[5] << 8);
  1276. uint16_t dcid = data[6]+((uint16_t)data[7] << 8);
  1277. DBGPrintf(" L2CAP Connection Response: ID: %d, Dest:%x, Source:%x, Result:%x, Status: %x\n",
  1278. data[1], scid, dcid,
  1279. data[8]+((uint16_t)data[9] << 8), data[10]+((uint16_t)data[11] << 8));
  1280. //48 20 10 0 | c 0 1 0 | 3 0 8 0 44 0 70 0 0 0 0 0
  1281. if (dcid == connections_[current_connection_].interrupt_dcid_) {
  1282. connections_[current_connection_].interrupt_scid_ = scid;
  1283. DBGPrintf(" Interrupt Response\n");
  1284. connections_[current_connection_].connection_rxid_++;
  1285. sendl2cap_ConfigRequest(connections_[current_connection_].device_connection_handle_, connections_[current_connection_].connection_rxid_, scid);
  1286. } else if (dcid == connections_[current_connection_].control_dcid_) {
  1287. connections_[current_connection_].control_scid_ = scid;
  1288. DBGPrintf(" Control Response\n");
  1289. sendl2cap_ConfigRequest(connections_[current_connection_].device_connection_handle_, connections_[current_connection_].connection_rxid_, scid);
  1290. }
  1291. }
  1292. void BluetoothController::process_l2cap_config_request(uint8_t *data) {
  1293. //48 20 10 0 c 0 1 0 *4 2 8 0 70 0 0 0 1 2 30 0
  1294. uint16_t dcid = data[4]+((uint16_t)data[5] << 8);
  1295. DBGPrintf(" L2CAP config Request: ID: %d, Dest:%x, Flags:%x, Options: %x %x %x %x\n",
  1296. data[1], dcid, data[6]+((uint16_t)data[7] << 8),
  1297. data[8], data[9], data[10], data[11]);
  1298. // Now see which dest was specified
  1299. if (dcid == connections_[current_connection_].control_dcid_) {
  1300. DBGPrintf(" Control Configuration request\n");
  1301. sendl2cap_ConfigResponse(connections_[current_connection_].device_connection_handle_, data[1], connections_[current_connection_].control_scid_);
  1302. } else if (dcid == connections_[current_connection_].interrupt_dcid_) {
  1303. DBGPrintf(" Interrupt Configuration request\n");
  1304. sendl2cap_ConfigResponse(connections_[current_connection_].device_connection_handle_, data[1], connections_[current_connection_].interrupt_scid_);
  1305. }
  1306. }
  1307. void BluetoothController::process_l2cap_config_response(uint8_t *data) {
  1308. // 48 20 12 0 e 0 1 0 5 0 a 0 70 0 0 0 0 0 1 2 30 0
  1309. uint16_t scid = data[4]+((uint16_t)data[5] << 8);
  1310. DBGPrintf(" L2CAP config Response: ID: %d, Source:%x, Flags:%x, Result:%x, Config: %x\n",
  1311. data[1], scid, data[6]+((uint16_t)data[7] << 8),
  1312. data[8]+((uint16_t)data[9] << 8), data[10]+((uint16_t)data[11] << 8));
  1313. if (scid == connections_[current_connection_].control_dcid_) {
  1314. // Set HID Boot mode
  1315. // Don't do if PS3...
  1316. if (!(connections_[current_connection_].device_driver_->special_process_required & BTHIDInput::SP_PS3_IDS)) {
  1317. setHIDProtocol(HID_BOOT_PROTOCOL); //
  1318. }
  1319. //setHIDProtocol(HID_RPT_PROTOCOL); //HID_RPT_PROTOCOL
  1320. if (do_pair_device_ && !(connections_[current_connection_].device_driver_ && (connections_[current_connection_].device_driver_->special_process_required & BTHIDInput::SP_DONT_NEED_CONNECT))) {
  1321. pending_control_tx_ = STATE_TX_SEND_CONNECT_INT;
  1322. } else if (connections_[current_connection_].device_driver_ && (connections_[current_connection_].device_driver_->special_process_required & BTHIDInput::SP_NEED_CONNECT)) {
  1323. DBGPrintf(" Needs connect to device INT(PS4?)\n");
  1324. // The PS4 requires a connection request to it.
  1325. pending_control_tx_ = STATE_TX_SEND_CONNECT_INT;
  1326. } else {
  1327. pending_control_ = 0;
  1328. }
  1329. } else if (scid == connections_[current_connection_].interrupt_dcid_) {
  1330. // Enable SCan to page mode
  1331. connections_[current_connection_].connection_complete_ = true;
  1332. sendHCIWriteScanEnable(2);
  1333. }
  1334. }
  1335. void BluetoothController::process_l2cap_command_reject(uint8_t *data) {
  1336. // 48 20 b 0 7 0 70 0 *1 0 0 0 2 0 4
  1337. DBGPrintf(" L2CAP command reject: ID: %d, length:%x, Reason:%x, Data: %x %x \n",
  1338. data[1], data[2] + ((uint16_t)data[3] << 8), data[4], data[5], data[6]);
  1339. }
  1340. void BluetoothController::process_l2cap_disconnect_request(uint8_t *data) {
  1341. uint16_t dcid = data[4]+((uint16_t)data[5] << 8);
  1342. uint16_t scid = data[6]+((uint16_t)data[7] << 8);
  1343. DBGPrintf(" L2CAP disconnect request: ID: %d, Length:%x, Dest:%x, Source:%x\n",
  1344. data[1], data[2] + ((uint16_t)data[3] << 8), dcid, scid);
  1345. }
  1346. void BluetoothController::setHIDProtocol(uint8_t protocol) {
  1347. // Should verify protocol is boot or report
  1348. uint8_t l2capbuf[1];
  1349. l2capbuf[0] = 0x70 | protocol; // Set Protocol, see Bluetooth HID specs page 33
  1350. DBGPrintf("Set HID Protocol %d (", protocol);
  1351. sendL2CapCommand(connections_[current_connection_].device_connection_handle_, l2capbuf, sizeof(l2capbuf), connections_[current_connection_].control_scid_ & 0xff, connections_[current_connection_].control_scid_ >> 8);
  1352. }
  1353. void BluetoothController::handleHIDTHDRData(uint8_t *data) {
  1354. // Example
  1355. // T HID data
  1356. //48 20 d 0 9 0 71 0 a1 3 8a cc c5 a 23 22 79
  1357. uint16_t len = data[4] + ((uint16_t)data[5] << 8);
  1358. DBGPrintf("HID HDR Data: len: %d, Type: %d Con:%d\n", len, data[9], current_connection_);
  1359. // ??? How to parse??? Use HID object???
  1360. if (connections_[current_connection_].device_driver_) {
  1361. connections_[current_connection_].device_driver_->process_bluetooth_HID_data(&data[9], len-1); // We skip the first byte...
  1362. } else {
  1363. switch (data[9]) {
  1364. case 1:
  1365. DBGPrintf(" Keyboard report type\n");
  1366. break;
  1367. case 2:
  1368. DBGPrintf(" Mouse report type\n");
  1369. break;
  1370. case 3:
  1371. DBGPrintf(" Combo keyboard/pointing\n");
  1372. break;
  1373. default:
  1374. DBGPrintf(" Unknown report\n");
  1375. }
  1376. }
  1377. }