GATT的规范阅读起来还是比较简答, 但是这样的规范在代码上是如何实现的呢?下面就分析一下bluedroid 协议栈关于GATT的代码流程。
BLE的设备都是在SMP之后进行ATT的流程的交互。从代码的实现中发现也是在SMP结束之后做回调的执行过程中进行GATT的搜索流程,SMP结束之后的回调函数是bta_dm_ble_smp_cback
/*******************************************************************************
**
** Function bta_dm_ble_smp_cback
**
** Description Callback for BLE SMP
**
**
** Returns void
**
*******************************************************************************/
static UINT8 bta_dm_ble_smp_cback (tBTM_LE_EVT event, BD_ADDR bda, tBTM_LE_EVT_DATA *p_data)
{
tBTM_STATUS status = BTM_SUCCESS;
tBTA_DM_SEC sec_event;
char *p_name = NULL;
UINT8 i;
tBT_DEVICE_TYPE dev_type; if (!bta_dm_cb.p_sec_cback)
return BTM_NOT_AUTHORIZED; memset(&sec_event, , sizeof(tBTA_DM_SEC));
switch (event)
{
...
case BTM_LE_COMPLT_EVT:
bdcpy(sec_event.auth_cmpl.bd_addr, bda);
#if BLE_INCLUDED == TRUE
BTM_ReadDevInfo(bda, &sec_event.auth_cmpl.dev_type, &sec_event.auth_cmpl.addr_type);
#endif
p_name = BTM_SecReadDevName(bda);
if (p_name != NULL)
{
BCM_STRNCPY_S((char*)sec_event.auth_cmpl.bd_name,
sizeof(BD_NAME), p_name, (BD_NAME_LEN));
}
else
{
sec_event.auth_cmpl.bd_name[] = ;
}
if (p_data->complt.reason != )
{
sec_event.auth_cmpl.fail_reason = BTA_DM_AUTH_CONVERT_SMP_CODE(((UINT8)p_data->complt.reason));
/* delete this device entry from Sec Dev DB */
bta_dm_remove_sec_dev_entry (bda);
}
else
{
sec_event.auth_cmpl.success = TRUE;
if (!p_data->complt.smp_over_br)
GATT_ConfigServiceChangeCCC(bda, TRUE, BT_TRANSPORT_LE);//开始GATT的相关的流程
} if (bta_dm_cb.p_sec_cback)
{
//bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
bta_dm_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event);//向上汇报状态,这里也会触发到GATT的流程
} break;
这里就分为两步:
- GATT_ConfigServiceChangeCCC
- bta_dm_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event);
首先来看第一个流程
GATT_ConfigServiceChangeCCC
这个函数根据名字,应该是配置service 改变的时候用何种方式通知client,看函数的实现流程:
/*******************************************************************************
**
** Function GATT_ConfigServiceChangeCCC
**
** Description Configure service change indication on remote device
**
** Returns none
**
*******************************************************************************/
void GATT_ConfigServiceChangeCCC (BD_ADDR remote_bda, BOOLEAN enable, tBT_TRANSPORT transport)
{
UINT16 conn_id = GATT_INVALID_CONN_ID;
tGATT_PROFILE_CLCB *p_clcb = gatt_profile_find_clcb_by_bd_addr (remote_bda, transport); if (p_clcb == NULL)
p_clcb = gatt_profile_clcb_alloc (, remote_bda, transport); if (GATT_GetConnIdIfConnected (gatt_cb.gatt_if, remote_bda, &p_clcb->conn_id, transport))
{
p_clcb->connected = TRUE;
}
/* hold the link here */
GATT_Connect(gatt_cb.gatt_if, remote_bda, TRUE, transport);//建立GATT 连接
p_clcb->ccc_stage = GATT_SVC_CHANGED_CONNECTING;//建立连接之后,更新ccc_stage 处于connecting 的状态 if (!p_clcb->connected)
{
/* wait for connection */
return;
} p_clcb->ccc_stage ++;//如果已经连接上了,那么就处于下一个阶段
gatt_cl_start_config_ccc(p_clcb);//开始ccc
}
这里的ccc就是 Client Characteristic Configuration的缩写,这个流程有下面的几个stage:
#define GATT_SVC_CHANGED_CONNECTING 1 /* wait for connection */
#define GATT_SVC_CHANGED_SERVICE 2 /* GATT service discovery */
#define GATT_SVC_CHANGED_CHARACTERISTIC 3 /* service change char discovery */
#define GATT_SVC_CHANGED_DESCRIPTOR 4 /* service change CCC discoery */
#define GATT_SVC_CHANGED_CONFIGURE_CCCD 5 /* config CCC */
从上面的代码得知,建立了GATT 连接之后,处于GATT_SVC_CHANGED_SERVICE 的阶段:然后真正开始CCC的流程,下面看看gatt_cl_start_config_ccc 的代码实现:
/*******************************************************************************
**
** Function gatt_cl_start_config_ccc
**
** Description Gatt profile start configure service change CCC
**
** Returns void
**
*******************************************************************************/
static void gatt_cl_start_config_ccc(tGATT_PROFILE_CLCB *p_clcb)
{
tGATT_DISC_PARAM srvc_disc_param;
tGATT_VALUE ccc_value; memset (&srvc_disc_param, , sizeof(tGATT_DISC_PARAM));
memset (&ccc_value, , sizeof(tGATT_VALUE)); switch(p_clcb->ccc_stage)
{
case GATT_SVC_CHANGED_SERVICE: /* discover GATT service */
srvc_disc_param.s_handle = ;
srvc_disc_param.e_handle = 0xffff;
srvc_disc_param.service.len = ;
srvc_disc_param.service.uu.uuid16 = UUID_SERVCLASS_GATT_SERVER;//搜索的是GATT的server
if (GATTC_Discover (p_clcb->conn_id, GATT_DISC_SRVC_BY_UUID, &srvc_disc_param) != GATT_SUCCESS)//根据UUID 来搜索的
{
GATT_TRACE_ERROR("%s() - ccc service error", __FUNCTION__);
gatt_config_ccc_complete(p_clcb);
}
break; case GATT_SVC_CHANGED_CHARACTERISTIC: /* discover service change char */
srvc_disc_param.s_handle = ;
srvc_disc_param.e_handle = p_clcb->e_handle;//discovery阶段搜索到最后一个handle
srvc_disc_param.service.len = ;
srvc_disc_param.service.uu.uuid16 = GATT_UUID_GATT_SRV_CHGD;
if (GATTC_Discover (p_clcb->conn_id, GATT_DISC_CHAR, &srvc_disc_param) != GATT_SUCCESS)
{
GATT_TRACE_ERROR("%s() - ccc char error", __FUNCTION__);
gatt_config_ccc_complete(p_clcb);
}
break; case GATT_SVC_CHANGED_DESCRIPTOR: /* discover service change ccc */
srvc_disc_param.s_handle = p_clcb->s_handle;
srvc_disc_param.e_handle = p_clcb->e_handle;
if (GATTC_Discover (p_clcb->conn_id, GATT_DISC_CHAR_DSCPT, &srvc_disc_param) != GATT_SUCCESS)
{
GATT_TRACE_ERROR("%s() - ccc char descriptor error", __FUNCTION__);
gatt_config_ccc_complete(p_clcb);
}
break; case GATT_SVC_CHANGED_CONFIGURE_CCCD: /* write ccc */
ccc_value.handle = p_clcb->s_handle;
ccc_value.len = ;
ccc_value.value[] = GATT_CLT_CONFIG_INDICATION;
if (GATTC_Write (p_clcb->conn_id, GATT_WRITE, &ccc_value) != GATT_SUCCESS) //配置
{
GATT_TRACE_ERROR("%s() - write ccc error", __FUNCTION__);
gatt_config_ccc_complete(p_clcb);
}
break;
}
}
从上面代码结构看,其思路还是很清晰,不同stage 去做不同的事情,前三个阶段都是 执行GATTC_Discover 去搜索对端的服务。最后一个阶段是GATT_SVC_CHANGED_CONFIGURE_CCCD,是调用GATTC_Write 配置CCC
下面先分析一下GATTC_Discover的实现:
/*******************************************************************************
**
** Function GATTC_Discover
**
** Description This function is called to do a discovery procedure on ATT server.
**
** Parameters conn_id: connection identifier.
** disc_type:discovery type.
** p_param: parameters of discovery requirement.
**
** Returns GATT_SUCCESS if command received/sent successfully.
**
*******************************************************************************/
tGATT_STATUS GATTC_Discover (UINT16 conn_id, tGATT_DISC_TYPE disc_type,
tGATT_DISC_PARAM *p_param)
{
tGATT_STATUS status = GATT_SUCCESS;
tGATT_CLCB *p_clcb;
tGATT_IF gatt_if=GATT_GET_GATT_IF(conn_id);//low 8 bits
UINT8 tcb_idx = GATT_GET_TCB_IDX(conn_id);
tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(tcb_idx);
tGATT_REG *p_reg = gatt_get_regcb(gatt_if); GATT_TRACE_API ("GATTC_Discover conn_id=%d disc_type=%d",conn_id, disc_type); if ( (p_tcb == NULL) || (p_reg==NULL) ||(p_param == NULL) ||
(disc_type >= GATT_DISC_MAX))
{
GATT_TRACE_ERROR("GATTC_Discover Illegal param: disc_type %d conn_id = %d", disc_type, conn_id);
return GATT_ILLEGAL_PARAMETER;
} if (gatt_is_clcb_allocated(conn_id))
{
GATT_TRACE_ERROR("GATTC_Discover GATT_BUSY conn_id = %d", conn_id);
return GATT_BUSY;
} if ((p_clcb = gatt_clcb_alloc(conn_id)) != NULL )
{
if (!GATT_HANDLE_IS_VALID(p_param->s_handle) ||
!GATT_HANDLE_IS_VALID(p_param->e_handle) ||
/* search by type does not have a valid UUID param */
(disc_type == GATT_DISC_SRVC_BY_UUID &&
p_param->service.len == ))
{
gatt_clcb_dealloc(p_clcb);
return GATT_ILLEGAL_PARAMETER;
} p_clcb->operation = GATTC_OPTYPE_DISCOVERY;//这个opcode 并非ATT协议里面的opcode,这个只是代码实现的一种的抽象表达,常用于在GATT rsp的处理中做逻辑判断
p_clcb->op_subtype = disc_type;//这个实际对应于各种ATT的各种opcode
p_clcb->s_handle = p_param->s_handle;
p_clcb->e_handle = p_param->e_handle;
p_clcb->uuid = p_param->service; gatt_act_discovery(p_clcb);//去实作discovery的行为,一层一层组包
}
else
{
status = GATT_NO_RESOURCES;
}
return status;
}
gatt_act_discovery 这个函数就不一层层往下分析了,最后会通过L2cap 的ATT通道下发下去。
我们发出的discovery 都会收到response的,如果没有找到相关的属性,就会回复一个err response。现在我们来分析一下:
在gatt_init函数中,会注册到l2cap层相关的函数的注册,这样,当l2cap 有数据的时候,会调用相应的函数来通知到GATT层
/*******************************************************************************
**
** Function gatt_init
**
** Description This function is enable the GATT profile on the device.
** It clears out the control blocks, and registers with L2CAP.
**
** Returns void
**
*******************************************************************************/
void gatt_init (void)
{
tL2CAP_FIXED_CHNL_REG fixed_reg;
...
fixed_reg.pL2CA_FixedConn_Cb = gatt_le_connect_cback;
fixed_reg.pL2CA_FixedData_Cb = gatt_le_data_ind;//数据传输函数
fixed_reg.pL2CA_FixedCong_Cb = gatt_le_cong_cback; /* congestion callback */
fixed_reg.default_idle_tout = 0xffff; /* 0xffff default idle timeout */ L2CA_RegisterFixedChannel (L2CAP_ATT_CID, &fixed_reg);//注册到l2cap
...
从这边我们知道,当l2cap 有数据的时候就会调用gatt_le_data_ind 来通知gatt层,其执行的核心代码是gatt_data_process,并通过判断我们是server端还是client 端来路由到不同的处理函数。
当我们是client 端:gatt_client_handle_server_rsp 当我们是server 端,执行gatt_server_handle_client_req
下面我们简单分析一下gatt_client_handle_server_rsp :
/*******************************************************************************
**
** Function gatt_client_handle_server_rsp
**
** Description This function is called to handle the server response to
** client.
**
**
** Returns void
**
*******************************************************************************/
void gatt_client_handle_server_rsp (tGATT_TCB *p_tcb, UINT8 op_code,
UINT16 len, UINT8 *p_data)
{
tGATT_CLCB *p_clcb = NULL;
UINT8 rsp_code; if (op_code != GATT_HANDLE_VALUE_IND && op_code != GATT_HANDLE_VALUE_NOTIF)
{
p_clcb = gatt_cmd_dequeue(p_tcb, &rsp_code);//取出发送的cmd rsp_code = gatt_cmd_to_rsp_code(rsp_code); if (p_clcb == NULL || (rsp_code != op_code && op_code != GATT_RSP_ERROR))
{
GATT_TRACE_WARNING ("ATT - Ignore wrong response. Receives (%02x) \
Request(%02x) Ignored", op_code, rsp_code); return;
}
else
{
btu_stop_timer (&p_clcb->rsp_timer_ent);//停掉rsp timer
p_clcb->retry_count = ;
}
}
/* the size of the message may not be bigger than the local max PDU size*/
/* The message has to be smaller than the agreed MTU, len does not count op_code */
if (len >= p_tcb->payload_size)
{
GATT_TRACE_ERROR("invalid response/indicate pkt size: %d, PDU size: %d", len + , p_tcb->payload_size);
if (op_code != GATT_HANDLE_VALUE_NOTIF &&
op_code != GATT_HANDLE_VALUE_IND)
gatt_end_operation(p_clcb, GATT_ERROR, NULL);
}
else
{
switch (op_code)
{
case GATT_RSP_ERROR://出错的时候执行的语句
gatt_process_error_rsp(p_tcb, p_clcb, op_code, len, p_data);
break; case GATT_RSP_MTU: /* 2 bytes mtu */
gatt_process_mtu_rsp(p_tcb, p_clcb, len ,p_data);
break; case GATT_RSP_FIND_INFO:
gatt_process_read_info_rsp(p_tcb, p_clcb, op_code, len, p_data);
break; case GATT_RSP_READ_BY_TYPE:
case GATT_RSP_READ_BY_GRP_TYPE:
gatt_process_read_by_type_rsp(p_tcb, p_clcb, op_code, len, p_data);
break; case GATT_RSP_READ:
case GATT_RSP_READ_BLOB:
case GATT_RSP_READ_MULTI:
gatt_process_read_rsp(p_tcb, p_clcb, op_code, len, p_data);
break; case GATT_RSP_FIND_TYPE_VALUE: /* disc service with UUID */
gatt_process_find_type_value_rsp(p_tcb, p_clcb, len, p_data);
break; case GATT_RSP_WRITE:
gatt_process_handle_rsp(p_clcb);
break; case GATT_RSP_PREPARE_WRITE:
gatt_process_prep_write_rsp(p_tcb, p_clcb, op_code, len, p_data);
break; case GATT_RSP_EXEC_WRITE:
gatt_end_operation(p_clcb, p_clcb->status, NULL);
break; case GATT_HANDLE_VALUE_NOTIF:
case GATT_HANDLE_VALUE_IND:
gatt_process_notification(p_tcb, op_code, len, p_data);
break; default:
GATT_TRACE_ERROR("Unknown opcode = %d", op_code);
break;
}
} if (op_code != GATT_HANDLE_VALUE_IND && op_code != GATT_HANDLE_VALUE_NOTIF)
{
gatt_cl_send_next_cmd_inq(p_tcb);//如果还有数据pending,继续发送
} return;
}
这边我们可以预想,GATT开始进行搜索的时候是进行 primary service的搜索,然后搜索完了之后,再去搜索,服务器会有error response数据返回,那这里猜测应该是在error response中会完成stage 的转换。如果对端发过来的数据是相应的response,那么就调用相应的处理函数,处理完了之后应该还是会发起一次新的服务搜索,直至结束。
下面我们依次分析这几个函数:先看看错误处理:
/*******************************************************************************
**
** Function gatt_proc_disc_error_rsp
**
** Description This function process the read by type response and send another
** request if needed.
**
** Returns void.
**
*******************************************************************************/
void gatt_proc_disc_error_rsp(tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 opcode,
UINT16 handle, UINT8 reason)
{
tGATT_STATUS status = (tGATT_STATUS) reason; UNUSED(p_tcb);
UNUSED(handle);
switch (opcode)
{
case GATT_REQ_READ_BY_GRP_TYPE:
case GATT_REQ_FIND_TYPE_VALUE:
case GATT_REQ_READ_BY_TYPE:
case GATT_REQ_FIND_INFO:
if (reason == GATT_NOT_FOUND)
{
status = GATT_SUCCESS;
}
break;
default:
GATT_TRACE_ERROR("Incorrect discovery opcode %04x", opcode);
break;
}
gatt_end_operation(p_clcb, status, NULL);//搜索结束 执行该函数
}
/*******************************************************************************
**
** Function gatt_end_operation
**
** Description This function ends a discovery, send callback and finalize
** some control value.
**
** Returns 16 bits uuid.
**
*******************************************************************************/
void gatt_end_operation(tGATT_CLCB *p_clcb, tGATT_STATUS status, void *p_data)
{
tGATT_CL_COMPLETE cb_data;
tGATT_CMPL_CBACK *p_cmpl_cb = (p_clcb->p_reg) ? p_clcb->p_reg->app_cb.p_cmpl_cb : NULL;
UINT8 op = p_clcb->operation, disc_type=GATT_DISC_MAX;
tGATT_DISC_CMPL_CB *p_disc_cmpl_cb = (p_clcb->p_reg) ? p_clcb->p_reg->app_cb.p_disc_cmpl_cb : NULL;
UINT16 conn_id;
UINT8 operation; memset(&cb_data.att_value, , sizeof(tGATT_VALUE)); if (p_cmpl_cb != NULL && p_clcb->operation != )
{
if (p_clcb->operation == GATTC_OPTYPE_READ)
{
cb_data.att_value.handle = p_clcb->s_handle;
cb_data.att_value.len = p_clcb->counter; if (p_data && p_clcb->counter)
memcpy (cb_data.att_value.value, p_data, cb_data.att_value.len);
} if (p_clcb->operation == GATTC_OPTYPE_WRITE)
{
memset(&cb_data.att_value, , sizeof(tGATT_VALUE));
cb_data.handle =
cb_data.att_value.handle = p_clcb->s_handle;
if (p_clcb->op_subtype == GATT_WRITE_PREPARE)
{
if (p_data)
{
cb_data.att_value = *((tGATT_VALUE *) p_data);
}
else
{
GATT_TRACE_DEBUG("Rcv Prepare write rsp but no data");
}
}
} if (p_clcb->operation == GATTC_OPTYPE_CONFIG)
cb_data.mtu = p_clcb->p_tcb->payload_size; if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY)
{
disc_type = p_clcb->op_subtype;
}
} if (p_clcb->p_attr_buf) //free
{
GKI_freebuf(p_clcb->p_attr_buf);
} operation = p_clcb->operation;
conn_id = p_clcb->conn_id;
btu_stop_timer(&p_clcb->rsp_timer_ent);//停掉timer,是在发送的时候开启的 gatt_clcb_dealloc(p_clcb);//free 结构 if (p_disc_cmpl_cb && (op == GATTC_OPTYPE_DISCOVERY))
(*p_disc_cmpl_cb)(conn_id, disc_type, status);//调用回调
else if (p_cmpl_cb && op)
(*p_cmpl_cb)(conn_id, op, status, &cb_data);
else
GATT_TRACE_WARNING ("gatt_end_operation not sent out op=%d p_disc_cmpl_cb:%p p_cmpl_cb:%p",
operation, p_disc_cmpl_cb, p_cmpl_cb);
}
这里重点是 p_disc_cmpl_cb,看其实现:
/*******************************************************************************
**
** Function gatt_disc_cmpl_cback
**
** Description Gatt profile discovery complete callback
**
** Returns void
**
*******************************************************************************/
static void gatt_disc_cmpl_cback (UINT16 conn_id, tGATT_DISC_TYPE disc_type, tGATT_STATUS status)
{
tGATT_PROFILE_CLCB *p_clcb = gatt_profile_find_clcb_by_conn_id(conn_id); if (p_clcb == NULL)
return; if (status == GATT_SUCCESS && p_clcb->ccc_result > )
{
p_clcb->ccc_result = ;
p_clcb->ccc_stage ++;//转换到下一个stage
gatt_cl_start_config_ccc(p_clcb);//并且继续进行CCC
} else {
GATT_TRACE_ERROR("%s() - Register for service changed indication failure", __FUNCTION__);
/* free the connection */
gatt_config_ccc_complete (p_clcb);
}
}
从上面的代码 ,我们发现,转到了下一个stage 之后,又回到了gatt_cl_start_config_ccc ,进行下一轮的服务搜索。
下面我们继续分析:gatt_process_find_type_value_rsp 这是对应于GATT_RSP_FIND_TYPE_VALUE 的case:
/*******************************************************************************
**
** Function gatt_process_find_type_value_rsp
**
** Description This function is called to handle find by type value response.
**
**
** Returns void
**
*******************************************************************************/
void gatt_process_find_type_value_rsp (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT16 len, UINT8 *p_data)
{
tGATT_DISC_RES result;
UINT8 *p = p_data; /* unexpected response */
if (p_clcb->operation != GATTC_OPTYPE_DISCOVERY || p_clcb->op_subtype != GATT_DISC_SRVC_BY_UUID) //这个函数处理的都是GATTC_OPTYPE_DISCOVERY且subtype是 GATT_DISC_SRVC_BY_UUID
return; memset (&result, , sizeof(tGATT_DISC_RES));
result.type.len = ;
result.type.uu.uuid16 = GATT_UUID_PRI_SERVICE; /* returns a series of handle ranges */
while (len >= )
{
STREAM_TO_UINT16 (result.handle, p);
STREAM_TO_UINT16 (result.value.group_value.e_handle, p);
memcpy (&result.value.group_value.service_type, &p_clcb->uuid, sizeof(tBT_UUID)); len -= ; if (p_clcb->p_reg->app_cb.p_disc_res_cb)
(*p_clcb->p_reg->app_cb.p_disc_res_cb)(p_clcb->conn_id, p_clcb->op_subtype, &result);//回调结果
} /* last handle + 1 */
p_clcb->s_handle = (result.value.group_value.e_handle == ) ? : (result.value.group_value.e_handle + );//更新start handle,并继续进行搜索
/* initiate another request */
gatt_act_discovery(p_clcb) ;
}
这里又涉及到GATT的回调函数,我们需要看看其 来龙去脉:
发现在gatt_init 中会进行gatt_profile_db_init :
/*******************************************************************************
**
** Function gatt_profile_db_init
**
** Description Initializa the GATT profile attribute database.
**
*******************************************************************************/
void gatt_profile_db_init (void)
{
tBT_UUID app_uuid = {LEN_UUID_128, {}};
tBT_UUID uuid = {LEN_UUID_16, {UUID_SERVCLASS_GATT_SERVER}};
UINT16 service_handle = ;
tGATT_STATUS status; /* Fill our internal UUID with a fixed pattern 0x81 */
memset (&app_uuid.uu.uuid128, 0x81, LEN_UUID_128); /* Create a GATT profile service */
gatt_cb.gatt_if = GATT_Register(&app_uuid, &gatt_profile_cback);//gatt_if是index of the client registered with GATT,gatt_if 是从1开始的
GATT_StartIf(gatt_cb.gatt_if);
这里是将gatt_profile_cback 注册到GATT:看看gatt_profile_cback 的实现:
static tGATT_CBACK gatt_profile_cback =
{
gatt_connect_cback,
gatt_cl_op_cmpl_cback,
gatt_disc_res_cback,
gatt_disc_cmpl_cback,
gatt_request_cback,
NULL,
NULL
} ;
那我们这里执行的函数就是gatt_disc_res_cback:
/*******************************************************************************
**
** Function gatt_disc_res_cback
**
** Description Gatt profile discovery result callback
**
** Returns void
**
*******************************************************************************/
static void gatt_disc_res_cback (UINT16 conn_id, tGATT_DISC_TYPE disc_type, tGATT_DISC_RES *p_data)
{
tGATT_PROFILE_CLCB *p_clcb = gatt_profile_find_clcb_by_conn_id(conn_id); if (p_clcb == NULL)
return; switch (disc_type)
{
case GATT_DISC_SRVC_BY_UUID:/* stage 1 */
p_clcb->e_handle = p_data->value.group_value.e_handle;//获得服务器返回的最后一个handle,继续搜索是s = e+1
p_clcb->ccc_result ++;//这个标志在discovery complete函数中复位
break; case GATT_DISC_CHAR:/* stage 2 */
p_clcb->s_handle = p_data->value.dclr_value.val_handle;
p_clcb->ccc_result ++;
break; case GATT_DISC_CHAR_DSCPT: /* stage 3 */
if (p_data->type.uu.uuid16 == GATT_UUID_CHAR_CLIENT_CONFIG)
{
p_clcb->s_handle = p_data->handle;
p_clcb->ccc_result ++;
}
break;
}
}
我们看到 gatt_process_find_type_value_rsp 最后会更新 下一轮开始搜索的hanle 值。
其他的函数 的实现都是 类似的,就不一一分析了,那 Client Characteristic Configuration的分析就到此结束。
SMP 结束之后,还会向上面汇报SMP 结束的event,限于篇幅的原因,关于
bta_dm_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event);
的部分,将在GATT 服务搜索流程二中描述。