1/******************************************************************************
2 *
3 *  Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 *  Licensed under the Apache License, Version 2.0 (the "License");
6 *  you may not use this file except in compliance with the License.
7 *  You may obtain a copy of the License at:
8 *
9 *  http://www.apache.org/licenses/LICENSE-2.0
10 *
11 *  Unless required by applicable law or agreed to in writing, software
12 *  distributed under the License is distributed on an "AS IS" BASIS,
13 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 *  See the License for the specific language governing permissions and
15 *  limitations under the License.
16 *
17 ******************************************************************************/
18
19/******************************************************************************
20 *
21 *  This file contains functions that interface with the NFC NCI transport.
22 *  On the receive side, it routes events to the appropriate handler
23 *  (callback). On the transmit side, it manages the command transmission.
24 *
25 ******************************************************************************/
26#include <string.h>
27#include "nfc_target.h"
28
29#if NFC_INCLUDED == TRUE
30#include "nfc_hal_api.h"
31#include "nfc_api.h"
32#include "nci_defs.h"
33#include "nci_hmsgs.h"
34#include "nfc_int.h"
35#include "rw_api.h"
36#include "rw_int.h"
37#include "hcidefs.h"
38#include "nfc_hal_api.h"
39
40#if (NFC_RW_ONLY == FALSE)
41static const UINT8 nfc_mpl_code_to_size[] =
42{64, 128, 192, 254};
43
44#endif /* NFC_RW_ONLY */
45
46
47#define NFC_PB_ATTRIB_REQ_FIXED_BYTES   1
48#define NFC_LB_ATTRIB_REQ_FIXED_BYTES   8
49
50
51/*******************************************************************************
52**
53** Function         nfc_ncif_update_window
54**
55** Description      Update tx cmd window to indicate that NFCC can received
56**
57** Returns          void
58**
59*********************************************************************************/
60void nfc_ncif_update_window (void)
61{
62    /* Sanity check - see if we were expecting a update_window */
63    if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW)
64    {
65        if (nfc_cb.nfc_state != NFC_STATE_W4_HAL_CLOSE)
66        {
67            NFC_TRACE_ERROR0("nfc_ncif_update_window: Unexpected call");
68        }
69        return;
70    }
71
72    /* Stop command-pending timer */
73    nfc_stop_timer (&nfc_cb.nci_wait_rsp_timer);
74
75    nfc_cb.p_vsc_cback = NULL;
76    nfc_cb.nci_cmd_window++;
77
78    /* Check if there were any commands waiting to be sent */
79    nfc_ncif_check_cmd_queue (NULL);
80}
81
82/*******************************************************************************
83**
84** Function         nfc_ncif_cmd_timeout
85**
86** Description      Handle a command timeout
87**
88** Returns          void
89**
90*******************************************************************************/
91void nfc_ncif_cmd_timeout (void)
92{
93    NFC_TRACE_ERROR0 ("nfc_ncif_cmd_timeout");
94
95    /* report an error */
96    nfc_ncif_event_status(NFC_GEN_ERROR_REVT, NFC_STATUS_HW_TIMEOUT);
97    nfc_ncif_event_status(NFC_NFCC_TIMEOUT_REVT, NFC_STATUS_HW_TIMEOUT);
98
99    /* if enabling NFC, notify upper layer of failure */
100    if (nfc_cb.nfc_state == NFC_STATE_CORE_INIT)
101    {
102        nfc_enabled (NFC_STATUS_FAILED, NULL);
103    }
104
105    /* terminate the process so we'll try again */
106    NFC_TRACE_ERROR0 ("NFC controller stopped responding, aborting the NFC process");
107    abort();
108}
109
110/*******************************************************************************
111**
112** Function         nfc_wait_2_deactivate_timeout
113**
114** Description      Handle a command timeout
115**
116** Returns          void
117**
118*******************************************************************************/
119void nfc_wait_2_deactivate_timeout (void)
120{
121    NFC_TRACE_ERROR0 ("nfc_wait_2_deactivate_timeout");
122    nfc_cb.flags  &= ~NFC_FL_DEACTIVATING;
123    nci_snd_deactivate_cmd ((UINT8) ((TIMER_PARAM_TYPE) nfc_cb.deactivate_timer.param));
124}
125
126
127/*******************************************************************************
128**
129** Function         nfc_ncif_send_data
130**
131** Description      This function is called to add the NCI data header
132**                  and send it to NCIT task for sending it to transport
133**                  as credits are available.
134**
135** Returns          void
136**
137*******************************************************************************/
138UINT8 nfc_ncif_send_data (tNFC_CONN_CB *p_cb, BT_HDR *p_data)
139{
140    UINT8 *pp;
141    UINT8 *ps;
142    UINT8   ulen = NCI_MAX_PAYLOAD_SIZE;
143    BT_HDR *p;
144    UINT8   pbf = 1;
145    UINT8   buffer_size = p_cb->buff_size;
146    UINT8   hdr0 = p_cb->conn_id;
147    BOOLEAN fragmented = FALSE;
148
149    NFC_TRACE_DEBUG3 ("nfc_ncif_send_data :%d, num_buff:%d qc:%d", p_cb->conn_id, p_cb->num_buff, p_cb->tx_q.count);
150    if (p_cb->id == NFC_RF_CONN_ID)
151    {
152        if (nfc_cb.nfc_state != NFC_STATE_OPEN)
153        {
154            if (nfc_cb.nfc_state == NFC_STATE_CLOSING)
155            {
156                if ((p_data == NULL) && /* called because credit from NFCC */
157                    (nfc_cb.flags  & NFC_FL_DEACTIVATING))
158                {
159                    if (p_cb->init_credits == p_cb->num_buff)
160                    {
161                        /* all the credits are back */
162                        nfc_cb.flags  &= ~NFC_FL_DEACTIVATING;
163                        NFC_TRACE_DEBUG2 ("deactivating NFC-DEP init_credits:%d, num_buff:%d", p_cb->init_credits, p_cb->num_buff);
164                        nfc_stop_timer(&nfc_cb.deactivate_timer);
165                        nci_snd_deactivate_cmd ((UINT8)((TIMER_PARAM_TYPE)nfc_cb.deactivate_timer.param));
166                    }
167                }
168            }
169            return NCI_STATUS_FAILED;
170        }
171    }
172
173    if (p_data)
174    {
175        /* always enqueue the data to the tx queue */
176        GKI_enqueue (&p_cb->tx_q, p_data);
177    }
178
179    /* try to send the first data packet in the tx queue  */
180    p_data = (BT_HDR *)GKI_getfirst (&p_cb->tx_q);
181
182    /* post data fragment to NCIT task as credits are available */
183    while (p_data && (p_data->len > 0) && (p_cb->num_buff > 0))
184    {
185        if (p_data->len <= buffer_size)
186        {
187            pbf         = 0;   /* last fragment */
188            ulen        = (UINT8)(p_data->len);
189            fragmented  = FALSE;
190        }
191        else
192        {
193            fragmented  = TRUE;
194            ulen        = buffer_size;
195        }
196
197        if (!fragmented)
198        {
199            /* if data packet is not fragmented, use the original buffer */
200            p         = p_data;
201            p_data    = (BT_HDR *)GKI_dequeue (&p_cb->tx_q);
202        }
203        else
204        {
205            /* the data packet is too big and need to be fragmented
206             * prepare a new GKI buffer
207             * (even the last fragment to avoid issues) */
208            if ((p = NCI_GET_CMD_BUF(ulen)) == NULL)
209                return (NCI_STATUS_BUFFER_FULL);
210            p->len    = ulen;
211            p->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE + 1;
212            pp        = (UINT8 *)(p + 1) + p->offset;
213            ps        = (UINT8 *)(p_data + 1) + p_data->offset;
214            memcpy (pp, ps, ulen);
215            /* adjust the BT_HDR on the old fragment */
216            p_data->len     -= ulen;
217            p_data->offset  += ulen;
218        }
219
220        p->event             = BT_EVT_TO_NFC_NCI;
221        p->layer_specific    = pbf;
222        p->len              += NCI_DATA_HDR_SIZE;
223        p->offset           -= NCI_DATA_HDR_SIZE;
224        pp = (UINT8 *)(p + 1) + p->offset;
225        /* build NCI Data packet header */
226        NCI_DATA_PBLD_HDR(pp, pbf, hdr0, ulen);
227
228        if (p_cb->num_buff != NFC_CONN_NO_FC)
229            p_cb->num_buff--;
230
231        /* send to HAL */
232        nfc_cb.p_hal->write(p->len, (UINT8 *)(p+1) + p->offset);
233        GKI_freebuf(p);
234
235        if (!fragmented)
236        {
237            /* check if there are more data to send */
238            p_data = (BT_HDR *)GKI_getfirst (&p_cb->tx_q);
239        }
240    }
241
242    return (NCI_STATUS_OK);
243}
244
245/*******************************************************************************
246**
247** Function         nfc_ncif_check_cmd_queue
248**
249** Description      Send NCI command to the transport
250**
251** Returns          void
252**
253*******************************************************************************/
254void nfc_ncif_check_cmd_queue (BT_HDR *p_buf)
255{
256    UINT8   *ps;
257    /* If there are commands waiting in the xmit queue, or if the controller cannot accept any more commands, */
258    /* then enqueue this command */
259    if (p_buf)
260    {
261        if ((nfc_cb.nci_cmd_xmit_q.count) || (nfc_cb.nci_cmd_window == 0))
262        {
263            GKI_enqueue (&nfc_cb.nci_cmd_xmit_q, p_buf);
264            p_buf = NULL;
265        }
266    }
267
268    /* If controller can accept another command, then send the next command */
269    if (nfc_cb.nci_cmd_window > 0)
270    {
271        /* If no command was provided, or if older commands were in the queue, then get cmd from the queue */
272        if (!p_buf)
273            p_buf = (BT_HDR *)GKI_dequeue (&nfc_cb.nci_cmd_xmit_q);
274
275        if (p_buf)
276        {
277            /* save the message header to double check the response */
278            ps   = (UINT8 *)(p_buf + 1) + p_buf->offset;
279            memcpy(nfc_cb.last_hdr, ps, NFC_SAVED_HDR_SIZE);
280            memcpy(nfc_cb.last_cmd, ps + NCI_MSG_HDR_SIZE, NFC_SAVED_CMD_SIZE);
281            if (p_buf->layer_specific == NFC_WAIT_RSP_VSC)
282            {
283                /* save the callback for NCI VSCs)  */
284                nfc_cb.p_vsc_cback = (void *)((tNFC_NCI_VS_MSG *)p_buf)->p_cback;
285            }
286
287            /* send to HAL */
288            nfc_cb.p_hal->write(p_buf->len, (UINT8 *)(p_buf+1) + p_buf->offset);
289            GKI_freebuf(p_buf);
290
291            /* Indicate command is pending */
292            nfc_cb.nci_cmd_window--;
293
294            /* start NFC command-timeout timer */
295            nfc_start_timer (&nfc_cb.nci_wait_rsp_timer, (UINT16)(NFC_TTYPE_NCI_WAIT_RSP), nfc_cb.nci_wait_rsp_tout);
296        }
297    }
298
299    if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW)
300    {
301        /* the command queue must be empty now */
302        if (nfc_cb.flags & NFC_FL_CONTROL_REQUESTED)
303        {
304            /* HAL requested control or stack needs to handle pre-discover */
305            nfc_cb.flags &= ~NFC_FL_CONTROL_REQUESTED;
306            if (nfc_cb.flags & NFC_FL_DISCOVER_PENDING)
307            {
308                if (nfc_cb.p_hal->prediscover ())
309                {
310                    /* HAL has the command window now */
311                    nfc_cb.flags         |= NFC_FL_CONTROL_GRANTED;
312                    nfc_cb.nci_cmd_window = 0;
313                }
314                else
315                {
316                    /* HAL does not need to send command,
317                     * - restore the command window and issue the discovery command now */
318                    nfc_cb.flags         &= ~NFC_FL_DISCOVER_PENDING;
319                    ps                    = (UINT8 *)nfc_cb.p_disc_pending;
320                    nci_snd_discover_cmd (*ps, (tNFC_DISCOVER_PARAMS *)(ps + 1));
321                    GKI_freebuf (nfc_cb.p_disc_pending);
322                    nfc_cb.p_disc_pending = NULL;
323                }
324            }
325            else
326            {
327                /* grant the control to HAL */
328                nfc_cb.flags         |= NFC_FL_CONTROL_GRANTED;
329                nfc_cb.nci_cmd_window = 0;
330                nfc_cb.p_hal->control_granted ();
331            }
332        }
333    }
334}
335
336
337/*******************************************************************************
338**
339** Function         nfc_ncif_send_cmd
340**
341** Description      Send NCI command to the NCIT task
342**
343** Returns          void
344**
345*******************************************************************************/
346void nfc_ncif_send_cmd (BT_HDR *p_buf)
347{
348    /* post the p_buf to NCIT task */
349    p_buf->event            = BT_EVT_TO_NFC_NCI;
350    p_buf->layer_specific   = 0;
351    nfc_ncif_check_cmd_queue (p_buf);
352}
353
354
355/*******************************************************************************
356**
357** Function         nfc_ncif_process_event
358**
359** Description      This function is called to process the data/response/notification
360**                  from NFCC
361**
362** Returns          TRUE if need to free buffer
363**
364*******************************************************************************/
365BOOLEAN nfc_ncif_process_event (BT_HDR *p_msg)
366{
367    UINT8   mt, pbf, gid, *p, *pp;
368    BOOLEAN free = TRUE;
369    UINT8   oid;
370    UINT8   *p_old, old_gid, old_oid, old_mt;
371
372    p = (UINT8 *) (p_msg + 1) + p_msg->offset;
373
374    pp = p;
375    NCI_MSG_PRS_HDR0 (pp, mt, pbf, gid);
376
377    switch (mt)
378    {
379    case NCI_MT_DATA:
380        NFC_TRACE_DEBUG0 ("NFC received data");
381        nfc_ncif_proc_data (p_msg);
382        free = FALSE;
383        break;
384
385    case NCI_MT_RSP:
386        NFC_TRACE_DEBUG1 ("NFC received rsp gid:%d", gid);
387        oid = ((*pp) & NCI_OID_MASK);
388        p_old   = nfc_cb.last_hdr;
389        NCI_MSG_PRS_HDR0(p_old, old_mt, pbf, old_gid);
390        old_oid = ((*p_old) & NCI_OID_MASK);
391        /* make sure this is the RSP we are waiting for before updating the command window */
392        if ((old_gid != gid) || (old_oid != oid))
393        {
394            NFC_TRACE_ERROR2 ("nfc_ncif_process_event unexpected rsp: gid:0x%x, oid:0x%x", gid, oid);
395            return TRUE;
396        }
397
398        switch (gid)
399        {
400        case NCI_GID_CORE:      /* 0000b NCI Core group */
401            free = nci_proc_core_rsp (p_msg);
402            break;
403        case NCI_GID_RF_MANAGE:   /* 0001b NCI Discovery group */
404            nci_proc_rf_management_rsp (p_msg);
405            break;
406#if (NFC_NFCEE_INCLUDED == TRUE)
407#if (NFC_RW_ONLY == FALSE)
408        case NCI_GID_EE_MANAGE:  /* 0x02 0010b NFCEE Discovery group */
409            nci_proc_ee_management_rsp (p_msg);
410            break;
411#endif
412#endif
413        case NCI_GID_PROP:      /* 1111b Proprietary */
414                nci_proc_prop_rsp (p_msg);
415            break;
416        default:
417            NFC_TRACE_ERROR1 ("NFC: Unknown gid:%d", gid);
418            break;
419        }
420
421        nfc_ncif_update_window ();
422        break;
423
424    case NCI_MT_NTF:
425        NFC_TRACE_DEBUG1 ("NFC received ntf gid:%d", gid);
426        switch (gid)
427        {
428        case NCI_GID_CORE:      /* 0000b NCI Core group */
429            nci_proc_core_ntf (p_msg);
430            break;
431        case NCI_GID_RF_MANAGE:   /* 0001b NCI Discovery group */
432            nci_proc_rf_management_ntf (p_msg);
433            break;
434#if (NFC_NFCEE_INCLUDED == TRUE)
435#if (NFC_RW_ONLY == FALSE)
436        case NCI_GID_EE_MANAGE:  /* 0x02 0010b NFCEE Discovery group */
437            nci_proc_ee_management_ntf (p_msg);
438            break;
439#endif
440#endif
441        case NCI_GID_PROP:      /* 1111b Proprietary */
442                nci_proc_prop_ntf (p_msg);
443            break;
444        default:
445            NFC_TRACE_ERROR1 ("NFC: Unknown gid:%d", gid);
446            break;
447        }
448        break;
449
450    default:
451        NFC_TRACE_DEBUG2 ("NFC received unknown mt:0x%x, gid:%d", mt, gid);
452    }
453
454    return (free);
455}
456
457/*******************************************************************************
458**
459** Function         nfc_ncif_rf_management_status
460**
461** Description      This function is called to report an event
462**
463** Returns          void
464**
465*******************************************************************************/
466void nfc_ncif_rf_management_status (tNFC_DISCOVER_EVT event, UINT8 status)
467{
468    tNFC_DISCOVER   evt_data;
469    if (nfc_cb.p_discv_cback)
470    {
471        evt_data.status = (tNFC_STATUS) status;
472        (*nfc_cb.p_discv_cback) (event, &evt_data);
473    }
474}
475
476/*******************************************************************************
477**
478** Function         nfc_ncif_set_config_status
479**
480** Description      This function is called to report NFC_SET_CONFIG_REVT
481**
482** Returns          void
483**
484*******************************************************************************/
485void nfc_ncif_set_config_status (UINT8 *p, UINT8 len)
486{
487    tNFC_RESPONSE   evt_data;
488    if (nfc_cb.p_resp_cback)
489    {
490        evt_data.set_config.status          = (tNFC_STATUS) *p++;
491        evt_data.set_config.num_param_id    = NFC_STATUS_OK;
492        if (evt_data.set_config.status != NFC_STATUS_OK)
493        {
494            evt_data.set_config.num_param_id    = *p++;
495            STREAM_TO_ARRAY (evt_data.set_config.param_ids, p, evt_data.set_config.num_param_id);
496        }
497
498        (*nfc_cb.p_resp_cback) (NFC_SET_CONFIG_REVT, &evt_data);
499    }
500}
501
502/*******************************************************************************
503**
504** Function         nfc_ncif_event_status
505**
506** Description      This function is called to report an event
507**
508** Returns          void
509**
510*******************************************************************************/
511void nfc_ncif_event_status (tNFC_RESPONSE_EVT event, UINT8 status)
512{
513    tNFC_RESPONSE   evt_data;
514    if (nfc_cb.p_resp_cback)
515    {
516        evt_data.status = (tNFC_STATUS) status;
517        (*nfc_cb.p_resp_cback) (event, &evt_data);
518    }
519}
520
521/*******************************************************************************
522**
523** Function         nfc_ncif_error_status
524**
525** Description      This function is called to report an error event to data cback
526**
527** Returns          void
528**
529*******************************************************************************/
530void nfc_ncif_error_status (UINT8 conn_id, UINT8 status)
531{
532    tNFC_CONN_CB * p_cb;
533    p_cb = nfc_find_conn_cb_by_conn_id (conn_id);
534    if (p_cb && p_cb->p_cback)
535    {
536        (*p_cb->p_cback) (conn_id, NFC_ERROR_CEVT, (tNFC_CONN *) &status);
537    }
538}
539
540/*******************************************************************************
541**
542** Function         nfc_ncif_proc_rf_field_ntf
543**
544** Description      This function is called to process RF field notification
545**
546** Returns          void
547**
548*******************************************************************************/
549#if (NFC_RW_ONLY == FALSE)
550void nfc_ncif_proc_rf_field_ntf (UINT8 rf_status)
551{
552    tNFC_RESPONSE   evt_data;
553    if (nfc_cb.p_resp_cback)
554    {
555        evt_data.status            = (tNFC_STATUS) NFC_STATUS_OK;
556        evt_data.rf_field.rf_field = rf_status;
557        (*nfc_cb.p_resp_cback) (NFC_RF_FIELD_REVT, &evt_data);
558    }
559}
560#endif
561
562/*******************************************************************************
563**
564** Function         nfc_ncif_proc_credits
565**
566** Description      This function is called to process data credits
567**
568** Returns          void
569**
570*******************************************************************************/
571void nfc_ncif_proc_credits(UINT8 *p, UINT16 plen)
572{
573    UINT8   num, xx;
574    tNFC_CONN_CB * p_cb;
575
576    num = *p++;
577    for (xx = 0; xx < num; xx++)
578    {
579        p_cb = nfc_find_conn_cb_by_conn_id(*p++);
580        if (p_cb && p_cb->num_buff != NFC_CONN_NO_FC)
581        {
582            p_cb->num_buff += (*p);
583#if (BT_USE_TRACES == TRUE)
584            if (p_cb->num_buff > p_cb->init_credits)
585            {
586                if (nfc_cb.nfc_state == NFC_STATE_OPEN)
587                {
588                    /* if this happens in activated state, it's very likely that our NFCC has issues */
589                    /* However, credit may be returned after deactivation */
590                    NFC_TRACE_ERROR2( "num_buff:0x%x, init_credits:0x%x", p_cb->num_buff, p_cb->init_credits);
591                }
592                p_cb->num_buff = p_cb->init_credits;
593            }
594#endif
595            /* check if there's nay data in tx q to be sent */
596            nfc_ncif_send_data (p_cb, NULL);
597        }
598        p++;
599    }
600}
601/*******************************************************************************
602**
603** Function         nfc_ncif_decode_rf_params
604**
605** Description      This function is called to process the detected technology
606**                  and mode and the associated parameters for DISCOVER_NTF and
607**                  ACTIVATE_NTF
608**
609** Returns          void
610**
611*******************************************************************************/
612UINT8 * nfc_ncif_decode_rf_params (tNFC_RF_TECH_PARAMS *p_param, UINT8 *p)
613{
614    tNFC_RF_PA_PARAMS   *p_pa;
615    UINT8               len, *p_start, u8;
616    tNFC_RF_PB_PARAMS   *p_pb;
617    tNFC_RF_LF_PARAMS   *p_lf;
618    tNFC_RF_PF_PARAMS   *p_pf;
619    tNFC_RF_PISO15693_PARAMS *p_i93;
620
621    len             = *p++;
622    p_start         = p;
623    switch (p_param->mode)
624    {
625    case NCI_DISCOVERY_TYPE_POLL_A:
626    case NCI_DISCOVERY_TYPE_POLL_A_ACTIVE:
627        p_pa        = &p_param->param.pa;
628        /*
629SENS_RES Response   2 bytes Defined in [DIGPROT] Available after Technology Detection
630NFCID1 length   1 byte  Length of NFCID1 Available after Collision Resolution
631NFCID1  4, 7, or 10 bytes   Defined in [DIGPROT]Available after Collision Resolution
632SEL_RES Response    1 byte  Defined in [DIGPROT]Available after Collision Resolution
633        */
634        STREAM_TO_ARRAY (p_pa->sens_res, p, 2);
635        p_pa->nfcid1_len     = *p++;
636        if (p_pa->nfcid1_len > NCI_NFCID1_MAX_LEN)
637            p_pa->nfcid1_len = NCI_NFCID1_MAX_LEN;
638        STREAM_TO_ARRAY (p_pa->nfcid1, p, p_pa->nfcid1_len);
639        u8                   = *p++;
640        if (u8)
641            p_pa->sel_rsp    = *p++;
642        break;
643
644    case NCI_DISCOVERY_TYPE_POLL_B:
645        /*
646SENSB_RES Response length (n)   1 byte  Length of SENSB_RES Response (Byte 2 - Byte 12 or 13)Available after Technology Detection
647SENSB_RES Response Byte 2 - Byte 12 or 13   11 or 12 bytes  Defined in [DIGPROT] Available after Technology Detection
648        */
649        p_pb                = &p_param->param.pb;
650        p_pb->sensb_res_len = *p++;
651        if (p_pb->sensb_res_len > NCI_MAX_SENSB_RES_LEN)
652            p_pb->sensb_res_len = NCI_MAX_SENSB_RES_LEN;
653        STREAM_TO_ARRAY (p_pb->sensb_res, p, p_pb->sensb_res_len);
654        memcpy (p_pb->nfcid0, p_pb->sensb_res, NFC_NFCID0_MAX_LEN);
655        break;
656
657    case NCI_DISCOVERY_TYPE_POLL_F:
658    case NCI_DISCOVERY_TYPE_POLL_F_ACTIVE:
659        /*
660Bit Rate    1 byte  1   212 kbps/2   424 kbps/0 and 3 to 255  RFU
661SENSF_RES Response length.(n) 1 byte  Length of SENSF_RES (Byte 2 - Byte 17 or 19).Available after Technology Detection
662SENSF_RES Response Byte 2 - Byte 17 or 19  n bytes Defined in [DIGPROT] Available after Technology Detection
663        */
664        p_pf                = &p_param->param.pf;
665        p_pf->bit_rate      = *p++;
666        p_pf->sensf_res_len = *p++;
667        if (p_pf->sensf_res_len > NCI_MAX_SENSF_RES_LEN)
668            p_pf->sensf_res_len = NCI_MAX_SENSF_RES_LEN;
669        STREAM_TO_ARRAY (p_pf->sensf_res, p, p_pf->sensf_res_len);
670        memcpy (p_pf->nfcid2, p_pf->sensf_res, NCI_NFCID2_LEN);
671        p_pf->mrti_check    = p_pf->sensf_res[NCI_MRTI_CHECK_INDEX];
672        p_pf->mrti_update   = p_pf->sensf_res[NCI_MRTI_UPDATE_INDEX];
673        break;
674
675    case NCI_DISCOVERY_TYPE_LISTEN_F:
676    case NCI_DISCOVERY_TYPE_LISTEN_F_ACTIVE:
677        p_lf                = &p_param->param.lf;
678        u8                  = *p++;
679        if (u8)
680        {
681            STREAM_TO_ARRAY (p_lf->nfcid2, p, NCI_NFCID2_LEN);
682        }
683        break;
684
685    case NCI_DISCOVERY_TYPE_POLL_ISO15693:
686        p_i93               = &p_param->param.pi93;
687        p_i93->flag         = *p++;
688        p_i93->dsfid        = *p++;
689        STREAM_TO_ARRAY (p_i93->uid, p, NFC_ISO15693_UID_LEN);
690        break;
691
692    case NCI_DISCOVERY_TYPE_POLL_KOVIO:
693        p_param->param.pk.uid_len = *p++;
694        STREAM_TO_ARRAY (p_param->param.pk.uid, p, NFC_KOVIO_MAX_LEN);
695        break;
696    }
697
698    return (p_start + len);
699}
700
701/*******************************************************************************
702**
703** Function         nfc_ncif_proc_discover_ntf
704**
705** Description      This function is called to process discover notification
706**
707** Returns          void
708**
709*******************************************************************************/
710void nfc_ncif_proc_discover_ntf (UINT8 *p, UINT16 plen)
711{
712    tNFC_DISCOVER   evt_data;
713
714    if (nfc_cb.p_discv_cback)
715    {
716        p                              += NCI_MSG_HDR_SIZE;
717        evt_data.status                 = NCI_STATUS_OK;
718        evt_data.result.rf_disc_id      = *p++;
719        evt_data.result.protocol        = *p++;
720
721        /* fill in tNFC_RESULT_DEVT */
722        evt_data.result.rf_tech_param.mode  = *p++;
723        p = nfc_ncif_decode_rf_params (&evt_data.result.rf_tech_param, p);
724
725        evt_data.result.more            = *p++;
726        (*nfc_cb.p_discv_cback) (NFC_RESULT_DEVT, &evt_data);
727    }
728}
729
730/*******************************************************************************
731**
732** Function         nfc_ncif_proc_activate
733**
734** Description      This function is called to process de-activate
735**                  response and notification
736**
737** Returns          void
738**
739*******************************************************************************/
740void nfc_ncif_proc_activate (UINT8 *p, UINT8 len)
741{
742    tNFC_DISCOVER   evt_data;
743    tNFC_INTF_PARAMS        *p_intf = &evt_data.activate.intf_param;
744    tNFC_INTF_PA_ISO_DEP    *p_pa_iso;
745    tNFC_INTF_LB_ISO_DEP    *p_lb_iso;
746    tNFC_INTF_PB_ISO_DEP    *p_pb_iso;
747#if (NFC_RW_ONLY == FALSE)
748    tNFC_INTF_PA_NFC_DEP    *p_pa_nfc;
749    int                     mpl_idx = 0;
750    UINT8                   gb_idx = 0, mpl;
751#endif
752    UINT8                   t0;
753    tNCI_DISCOVERY_TYPE     mode;
754    tNFC_CONN_CB * p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
755    UINT8                   *pp, len_act;
756    UINT8                   buff_size, num_buff;
757
758    nfc_set_state (NFC_STATE_OPEN);
759
760    memset (p_intf, 0, sizeof (tNFC_INTF_PARAMS));
761    evt_data.activate.rf_disc_id    = *p++;
762    p_intf->type                    = *p++;
763    evt_data.activate.protocol      = *p++;
764
765    if (evt_data.activate.protocol == NCI_PROTOCOL_18092_ACTIVE)
766        evt_data.activate.protocol = NCI_PROTOCOL_NFC_DEP;
767
768    evt_data.activate.rf_tech_param.mode    = *p++;
769    buff_size                               = *p++;
770    num_buff                                = *p++;
771    /* fill in tNFC_activate_DEVT */
772    p = nfc_ncif_decode_rf_params (&evt_data.activate.rf_tech_param, p);
773
774    evt_data.activate.rf_tech_param.mode    = *p++;
775    evt_data.activate.tx_bitrate            = *p++;
776    evt_data.activate.rx_bitrate            = *p++;
777    mode         = evt_data.activate.rf_tech_param.mode;
778    len_act      = *p++;
779    NFC_TRACE_DEBUG3 ("nfc_ncif_proc_activate:%d %d, mode:0x%02x", len, len_act, mode);
780    /* just in case the interface reports activation parameters not defined in the NCI spec */
781    p_intf->intf_param.frame.param_len      = len_act;
782    if (p_intf->intf_param.frame.param_len > NFC_MAX_RAW_PARAMS)
783        p_intf->intf_param.frame.param_len = NFC_MAX_RAW_PARAMS;
784    pp = p;
785    STREAM_TO_ARRAY (p_intf->intf_param.frame.param, pp, p_intf->intf_param.frame.param_len);
786    if (evt_data.activate.intf_param.type == NCI_INTERFACE_ISO_DEP)
787    {
788        /* Make max payload of NCI aligned to max payload of ISO-DEP for better performance */
789        if (buff_size > NCI_ISO_DEP_MAX_INFO)
790            buff_size = NCI_ISO_DEP_MAX_INFO;
791
792        switch (mode)
793        {
794        case NCI_DISCOVERY_TYPE_POLL_A:
795            p_pa_iso                  = &p_intf->intf_param.pa_iso;
796            p_pa_iso->ats_res_len     = *p++;
797
798            if (p_pa_iso->ats_res_len == 0)
799                break;
800
801            if (p_pa_iso->ats_res_len > NFC_MAX_ATS_LEN)
802                p_pa_iso->ats_res_len = NFC_MAX_ATS_LEN;
803            STREAM_TO_ARRAY (p_pa_iso->ats_res, p, p_pa_iso->ats_res_len);
804            pp = &p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
805            t0 = p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
806            pp++;       /* T0 */
807            if (t0 & NCI_ATS_TA_MASK)
808                pp++;   /* TA */
809            if (t0 & NCI_ATS_TB_MASK)
810            {
811                /* FWI (Frame Waiting time Integer) & SPGI (Start-up Frame Guard time Integer) */
812                p_pa_iso->fwi       = (((*pp) >> 4) & 0x0F);
813                p_pa_iso->sfgi      = ((*pp) & 0x0F);
814                pp++;   /* TB */
815            }
816            if (t0 & NCI_ATS_TC_MASK)
817            {
818                p_pa_iso->nad_used  = ((*pp) & 0x01);
819                pp++;   /* TC */
820            }
821            p_pa_iso->his_byte_len  = (UINT8) (p_pa_iso->ats_res_len - (pp - p_pa_iso->ats_res));
822            memcpy (p_pa_iso->his_byte,  pp, p_pa_iso->his_byte_len);
823            break;
824
825        case NCI_DISCOVERY_TYPE_LISTEN_A:
826            p_intf->intf_param.la_iso.rats = *p++;
827            break;
828
829        case NCI_DISCOVERY_TYPE_POLL_B:
830            /* ATTRIB RSP
831            Byte 1   Byte 2 ~ 2+n-1
832            MBLI/DID Higher layer - Response
833            */
834            p_pb_iso                     = &p_intf->intf_param.pb_iso;
835            p_pb_iso->attrib_res_len     = *p++;
836
837            if (p_pb_iso->attrib_res_len == 0)
838                break;
839
840            if (p_pb_iso->attrib_res_len > NFC_MAX_ATTRIB_LEN)
841                p_pb_iso->attrib_res_len = NFC_MAX_ATTRIB_LEN;
842            STREAM_TO_ARRAY (p_pb_iso->attrib_res, p, p_pb_iso->attrib_res_len);
843            p_pb_iso->mbli = (p_pb_iso->attrib_res[0]) >> 4;
844            if (p_pb_iso->attrib_res_len > NFC_PB_ATTRIB_REQ_FIXED_BYTES)
845            {
846                p_pb_iso->hi_info_len    = p_pb_iso->attrib_res_len - NFC_PB_ATTRIB_REQ_FIXED_BYTES;
847                if (p_pb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
848                    p_pb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
849                memcpy (p_pb_iso->hi_info, &p_pb_iso->attrib_res[NFC_PB_ATTRIB_REQ_FIXED_BYTES], p_pb_iso->hi_info_len);
850            }
851            break;
852
853        case NCI_DISCOVERY_TYPE_LISTEN_B:
854            /* ATTRIB CMD
855            Byte 2~5 Byte 6  Byte 7  Byte 8  Byte 9  Byte 10 ~ 10+k-1
856            NFCID0   Param 1 Param 2 Param 3 Param 4 Higher layer - INF
857            */
858            p_lb_iso                     = &p_intf->intf_param.lb_iso;
859            p_lb_iso->attrib_req_len     = *p++;
860
861            if (p_lb_iso->attrib_req_len == 0)
862                break;
863
864            if (p_lb_iso->attrib_req_len > NFC_MAX_ATTRIB_LEN)
865                p_lb_iso->attrib_req_len = NFC_MAX_ATTRIB_LEN;
866            STREAM_TO_ARRAY (p_lb_iso->attrib_req, p, p_lb_iso->attrib_req_len);
867            memcpy (p_lb_iso->nfcid0, p_lb_iso->attrib_req, NFC_NFCID0_MAX_LEN);
868            if (p_lb_iso->attrib_req_len > NFC_LB_ATTRIB_REQ_FIXED_BYTES)
869            {
870                p_lb_iso->hi_info_len    = p_lb_iso->attrib_req_len - NFC_LB_ATTRIB_REQ_FIXED_BYTES;
871                if (p_lb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
872                    p_lb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
873                memcpy (p_lb_iso->hi_info, &p_lb_iso->attrib_req[NFC_LB_ATTRIB_REQ_FIXED_BYTES], p_lb_iso->hi_info_len);
874            }
875            break;
876        }
877
878    }
879#if (NFC_RW_ONLY == FALSE)
880    else if (evt_data.activate.intf_param.type == NCI_INTERFACE_NFC_DEP)
881    {
882        /* Make max payload of NCI aligned to max payload of NFC-DEP for better performance */
883        if (buff_size > NCI_NFC_DEP_MAX_DATA)
884            buff_size = NCI_NFC_DEP_MAX_DATA;
885
886        p_pa_nfc                  = &p_intf->intf_param.pa_nfc;
887        p_pa_nfc->atr_res_len     = *p++;
888
889        if (p_pa_nfc->atr_res_len > 0)
890        {
891            if (p_pa_nfc->atr_res_len > NFC_MAX_ATS_LEN)
892                p_pa_nfc->atr_res_len = NFC_MAX_ATS_LEN;
893            STREAM_TO_ARRAY (p_pa_nfc->atr_res, p, p_pa_nfc->atr_res_len);
894            if (  (mode == NCI_DISCOVERY_TYPE_POLL_A)
895                ||(mode == NCI_DISCOVERY_TYPE_POLL_F)
896                ||(mode == NCI_DISCOVERY_TYPE_POLL_A_ACTIVE)
897                ||(mode == NCI_DISCOVERY_TYPE_POLL_F_ACTIVE)  )
898            {
899                /* ATR_RES
900                Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17 Byte 18~18+n
901                NFCID3T   DIDT    BST     BRT     TO      PPT     [GT0 ... GTn] */
902                mpl_idx                 = 14;
903                gb_idx                  = NCI_P_GEN_BYTE_INDEX;
904                p_pa_nfc->waiting_time  = p_pa_nfc->atr_res[NCI_L_NFC_DEP_TO_INDEX] & 0x0F;
905            }
906            else if (  (mode == NCI_DISCOVERY_TYPE_LISTEN_A)
907                     ||(mode == NCI_DISCOVERY_TYPE_LISTEN_F)
908                     ||(mode == NCI_DISCOVERY_TYPE_LISTEN_A_ACTIVE)
909                     ||(mode == NCI_DISCOVERY_TYPE_LISTEN_F_ACTIVE)  )
910            {
911                /* ATR_REQ
912                Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17~17+n
913                NFCID3I   DIDI    BSI     BRI     PPI     [GI0 ... GIn] */
914                mpl_idx = 13;
915                gb_idx  = NCI_L_GEN_BYTE_INDEX;
916            }
917
918            mpl                         = ((p_pa_nfc->atr_res[mpl_idx]) >> 4) & 0x03;
919            p_pa_nfc->max_payload_size  = nfc_mpl_code_to_size[mpl];
920            if (p_pa_nfc->atr_res_len > gb_idx)
921            {
922                p_pa_nfc->gen_bytes_len = p_pa_nfc->atr_res_len - gb_idx;
923                if (p_pa_nfc->gen_bytes_len > NFC_MAX_GEN_BYTES_LEN)
924                    p_pa_nfc->gen_bytes_len = NFC_MAX_GEN_BYTES_LEN;
925                memcpy (p_pa_nfc->gen_bytes, &p_pa_nfc->atr_res[gb_idx], p_pa_nfc->gen_bytes_len);
926            }
927        }
928    }
929#endif
930    p_cb->act_protocol  = evt_data.activate.protocol;
931    p_cb->buff_size     = buff_size;
932    p_cb->num_buff      = num_buff;
933    p_cb->init_credits  = num_buff;
934
935    if (nfc_cb.p_discv_cback)
936    {
937        (*nfc_cb.p_discv_cback) (NFC_ACTIVATE_DEVT, &evt_data);
938    }
939}
940
941/*******************************************************************************
942**
943** Function         nfc_ncif_proc_deactivate
944**
945** Description      This function is called to process de-activate
946**                  response and notification
947**
948** Returns          void
949**
950*******************************************************************************/
951void nfc_ncif_proc_deactivate (UINT8 status, UINT8 deact_type, BOOLEAN is_ntf)
952{
953    tNFC_DISCOVER   evt_data;
954    tNFC_DEACTIVATE_DEVT    *p_deact;
955    tNFC_CONN_CB * p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
956    void    *p_data;
957
958    nfc_set_state (NFC_STATE_IDLE);
959    p_deact             = &evt_data.deactivate;
960    p_deact->status     = status;
961    p_deact->type       = deact_type;
962    p_deact->is_ntf     = is_ntf;
963
964    while ((p_data = GKI_dequeue (&p_cb->rx_q)) != NULL)
965    {
966        GKI_freebuf (p_data);
967    }
968
969    while ((p_data = GKI_dequeue (&p_cb->tx_q)) != NULL)
970    {
971        GKI_freebuf (p_data);
972    }
973
974    if (p_cb->p_cback)
975        (*p_cb->p_cback) (NFC_RF_CONN_ID, NFC_DEACTIVATE_CEVT, (tNFC_CONN *) p_deact);
976
977    if (nfc_cb.p_discv_cback)
978    {
979        (*nfc_cb.p_discv_cback) (NFC_DEACTIVATE_DEVT, &evt_data);
980    }
981}
982/*******************************************************************************
983**
984** Function         nfc_ncif_proc_ee_action
985**
986** Description      This function is called to process NFCEE ACTION NTF
987**
988** Returns          void
989**
990*******************************************************************************/
991#if ((NFC_NFCEE_INCLUDED == TRUE) && (NFC_RW_ONLY == FALSE))
992void nfc_ncif_proc_ee_action (UINT8 *p, UINT16 plen)
993{
994    tNFC_EE_ACTION_REVT evt_data;
995    tNFC_RESPONSE_CBACK *p_cback = nfc_cb.p_resp_cback;
996    UINT8   data_len, ulen, tag, *p_data;
997    UINT8   max_len;
998
999    if (p_cback)
1000    {
1001        memset (&evt_data.act_data, 0, sizeof (tNFC_ACTION_DATA));
1002        evt_data.status             = NFC_STATUS_OK;
1003        evt_data.nfcee_id           = *p++;
1004        evt_data.act_data.trigger   = *p++;
1005        data_len                    = *p++;
1006        if (plen >= 3)
1007            plen -= 3;
1008        if (data_len > plen)
1009            data_len = (UINT8) plen;
1010
1011        switch (evt_data.act_data.trigger)
1012        {
1013        case NCI_EE_TRIG_7816_SELECT:
1014            if (data_len > NFC_MAX_AID_LEN)
1015                data_len = NFC_MAX_AID_LEN;
1016            evt_data.act_data.param.aid.len_aid = data_len;
1017            STREAM_TO_ARRAY (evt_data.act_data.param.aid.aid, p, data_len);
1018            break;
1019        case NCI_EE_TRIG_RF_PROTOCOL:
1020            evt_data.act_data.param.protocol    = *p++;
1021            break;
1022        case NCI_EE_TRIG_RF_TECHNOLOGY:
1023            evt_data.act_data.param.technology  = *p++;
1024            break;
1025        case NCI_EE_TRIG_APP_INIT:
1026            while (data_len > NFC_TL_SIZE)
1027            {
1028                data_len    -= NFC_TL_SIZE;
1029                tag         = *p++;
1030                ulen        = *p++;
1031                if (ulen > data_len)
1032                    ulen = data_len;
1033                p_data      = NULL;
1034                max_len     = ulen;
1035                switch (tag)
1036                {
1037                case NCI_EE_ACT_TAG_AID:    /* AID                 */
1038                    if (max_len > NFC_MAX_AID_LEN)
1039                        max_len = NFC_MAX_AID_LEN;
1040                    evt_data.act_data.param.app_init.len_aid = max_len;
1041                    p_data = evt_data.act_data.param.app_init.aid;
1042                    break;
1043                case NCI_EE_ACT_TAG_DATA:   /* hex data for app    */
1044                    if (max_len > NFC_MAX_APP_DATA_LEN)
1045                        max_len = NFC_MAX_APP_DATA_LEN;
1046                    evt_data.act_data.param.app_init.len_data   = max_len;
1047                    p_data                                      = evt_data.act_data.param.app_init.data;
1048                    break;
1049                }
1050                if (p_data)
1051                {
1052                    STREAM_TO_ARRAY (p_data, p, max_len);
1053                }
1054                data_len -= ulen;
1055            }
1056            break;
1057        }
1058        (*p_cback) (NFC_EE_ACTION_REVT, (tNFC_RESPONSE *) &evt_data);
1059    }
1060}
1061
1062/*******************************************************************************
1063**
1064** Function         nfc_ncif_proc_ee_discover_req
1065**
1066** Description      This function is called to process NFCEE DISCOVER REQ NTF
1067**
1068** Returns          void
1069**
1070*******************************************************************************/
1071void nfc_ncif_proc_ee_discover_req (UINT8 *p, UINT16 plen)
1072{
1073    tNFC_RESPONSE_CBACK *p_cback = nfc_cb.p_resp_cback;
1074    tNFC_EE_DISCOVER_REQ_REVT   ee_disc_req;
1075    tNFC_EE_DISCOVER_INFO       *p_info;
1076    UINT8                       u8;
1077
1078    NFC_TRACE_DEBUG2 ("nfc_ncif_proc_ee_discover_req %d len:%d", *p, plen);
1079    if (p_cback)
1080    {
1081        u8  = *p;
1082        ee_disc_req.status      = NFC_STATUS_OK;
1083        ee_disc_req.num_info    = *p++;
1084        p_info                  = ee_disc_req.info;
1085        if (plen)
1086            plen--;
1087        while ((u8 > 0) && (plen >= NFC_EE_DISCOVER_ENTRY_LEN))
1088        {
1089            p_info->op  = *p++;                  /* T */
1090            if (*p != NFC_EE_DISCOVER_INFO_LEN)/* L */
1091            {
1092                NFC_TRACE_DEBUG1 ("bad entry len:%d", *p );
1093                return;
1094            }
1095            p++;
1096            /* V */
1097            p_info->nfcee_id    = *p++;
1098            p_info->tech_n_mode = *p++;
1099            p_info->protocol    = *p++;
1100            u8--;
1101            plen    -=NFC_EE_DISCOVER_ENTRY_LEN;
1102            p_info++;
1103        }
1104        (*p_cback) (NFC_EE_DISCOVER_REQ_REVT, (tNFC_RESPONSE *) &ee_disc_req);
1105    }
1106
1107}
1108
1109/*******************************************************************************
1110**
1111** Function         nfc_ncif_proc_get_routing
1112**
1113** Description      This function is called to process get routing notification
1114**
1115** Returns          void
1116**
1117*******************************************************************************/
1118void nfc_ncif_proc_get_routing (UINT8 *p, UINT8 len)
1119{
1120    tNFC_GET_ROUTING_REVT evt_data;
1121    UINT8       more, num_entries, xx, yy, *pn, tl;
1122    tNFC_STATUS status = NFC_STATUS_CONTINUE;
1123
1124    if (nfc_cb.p_resp_cback)
1125    {
1126        more        = *p++;
1127        num_entries = *p++;
1128        for (xx = 0; xx < num_entries; xx++)
1129        {
1130            if ((more == FALSE) && (xx == (num_entries - 1)))
1131                status = NFC_STATUS_OK;
1132            evt_data.status         = (tNFC_STATUS) status;
1133            evt_data.nfcee_id       = *p++;
1134            evt_data.num_tlvs       = *p++;
1135            evt_data.tlv_size       = 0;
1136            pn                      = evt_data.param_tlvs;
1137            for (yy = 0; yy < evt_data.num_tlvs; yy++)
1138            {
1139                tl                  = *(p+1);
1140                tl                 += NFC_TL_SIZE;
1141                STREAM_TO_ARRAY (pn, p, tl);
1142                evt_data.tlv_size  += tl;
1143                pn                 += tl;
1144            }
1145            (*nfc_cb.p_resp_cback) (NFC_GET_ROUTING_REVT, (tNFC_RESPONSE *) &evt_data);
1146        }
1147    }
1148}
1149#endif
1150
1151/*******************************************************************************
1152**
1153** Function         nfc_ncif_proc_conn_create_rsp
1154**
1155** Description      This function is called to process connection create
1156**                  response
1157**
1158** Returns          void
1159**
1160*******************************************************************************/
1161void nfc_ncif_proc_conn_create_rsp (UINT8 *p, UINT16 plen, UINT8 dest_type)
1162{
1163    tNFC_CONN_CB * p_cb;
1164    tNFC_STATUS    status;
1165    tNFC_CONN_CBACK *p_cback;
1166    tNFC_CONN   evt_data;
1167    UINT8           conn_id;
1168
1169    /* find the pending connection control block */
1170    p_cb                = nfc_find_conn_cb_by_conn_id (NFC_PEND_CONN_ID);
1171    if (p_cb)
1172    {
1173        p                                  += NCI_MSG_HDR_SIZE;
1174        status                              = *p++;
1175        p_cb->buff_size                     = *p++;
1176        p_cb->num_buff = p_cb->init_credits = *p++;
1177        conn_id                             = *p++;
1178        evt_data.conn_create.status         = status;
1179        evt_data.conn_create.dest_type      = dest_type;
1180        evt_data.conn_create.id             = p_cb->id;
1181        evt_data.conn_create.buff_size      = p_cb->buff_size;
1182        evt_data.conn_create.num_buffs      = p_cb->num_buff;
1183        p_cback = p_cb->p_cback;
1184        if (status == NCI_STATUS_OK)
1185        {
1186            nfc_set_conn_id (p_cb, conn_id);
1187        }
1188        else
1189        {
1190            nfc_free_conn_cb (p_cb);
1191        }
1192
1193
1194        if (p_cback)
1195            (*p_cback) (conn_id, NFC_CONN_CREATE_CEVT, &evt_data);
1196    }
1197}
1198
1199/*******************************************************************************
1200**
1201** Function         nfc_ncif_report_conn_close_evt
1202**
1203** Description      This function is called to report connection close event
1204**
1205** Returns          void
1206**
1207*******************************************************************************/
1208void nfc_ncif_report_conn_close_evt (UINT8 conn_id, tNFC_STATUS status)
1209{
1210    tNFC_CONN       evt_data;
1211    tNFC_CONN_CBACK *p_cback;
1212    tNFC_CONN_CB    *p_cb;
1213
1214    p_cb = nfc_find_conn_cb_by_conn_id (conn_id);
1215    if (p_cb)
1216    {
1217        p_cback         = p_cb->p_cback;
1218        nfc_free_conn_cb (p_cb);
1219        evt_data.status = status;
1220        if (p_cback)
1221            (*p_cback) (conn_id, NFC_CONN_CLOSE_CEVT, &evt_data);
1222    }
1223}
1224
1225/*******************************************************************************
1226**
1227** Function         nfc_ncif_proc_reset_rsp
1228**
1229** Description      This function is called to process reset response/notification
1230**
1231** Returns          void
1232**
1233*******************************************************************************/
1234void nfc_ncif_proc_reset_rsp (UINT8 *p, BOOLEAN is_ntf)
1235{
1236    UINT8 status = *p++;
1237
1238    if (is_ntf)
1239    {
1240        NFC_TRACE_ERROR1 ("reset notification!!:0x%x ", status);
1241        /* clean up, if the state is OPEN
1242         * FW does not report reset ntf right now */
1243        if (nfc_cb.nfc_state == NFC_STATE_OPEN)
1244        {
1245            /*if any conn_cb is connected, close it.
1246              if any pending outgoing packets are dropped.*/
1247            nfc_reset_all_conn_cbs ();
1248        }
1249        status = NCI_STATUS_OK;
1250    }
1251
1252    if (nfc_cb.flags & (NFC_FL_RESTARTING|NFC_FL_POWER_CYCLE_NFCC))
1253    {
1254        nfc_reset_all_conn_cbs ();
1255    }
1256
1257    if (status == NCI_STATUS_OK)
1258    {
1259        if ((*p) != NCI_VERSION)
1260        {
1261            NFC_TRACE_DEBUG2 ("NCI version mismatch!!:0x%02x != 0x%02x ", NCI_VERSION, *p);
1262            if ((*p) < NCI_VERSION_0_F)
1263            {
1264                NFC_TRACE_ERROR0 ("NFCC version is too old");
1265                status = NCI_STATUS_FAILED;
1266            }
1267        }
1268    }
1269
1270    if (status == NCI_STATUS_OK)
1271    {
1272        nci_snd_core_init ();
1273    }
1274    else
1275    {
1276        NFC_TRACE_ERROR0 ("Failed to reset NFCC");
1277        nfc_enabled (status, NULL);
1278    }
1279}
1280
1281/*******************************************************************************
1282**
1283** Function         nfc_ncif_proc_init_rsp
1284**
1285** Description      This function is called to process init response
1286**
1287** Returns          void
1288**
1289*******************************************************************************/
1290void nfc_ncif_proc_init_rsp (BT_HDR *p_msg)
1291{
1292    UINT8 *p, status;
1293    tNFC_CONN_CB * p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1294
1295    p = (UINT8 *) (p_msg + 1) + p_msg->offset;
1296
1297    /* handle init params in nfc_enabled */
1298    status   = *(p + NCI_MSG_HDR_SIZE);
1299    if (status == NCI_STATUS_OK)
1300    {
1301        p_cb->id            = NFC_RF_CONN_ID;
1302        p_cb->act_protocol  = NCI_PROTOCOL_UNKNOWN;
1303
1304        nfc_set_state (NFC_STATE_W4_POST_INIT_CPLT);
1305
1306        nfc_cb.p_nci_init_rsp = p_msg;
1307        nfc_cb.p_hal->core_initialized (p);
1308    }
1309    else
1310    {
1311        nfc_enabled (status, NULL);
1312        GKI_freebuf (p_msg);
1313    }
1314}
1315
1316/*******************************************************************************
1317**
1318** Function         nfc_ncif_proc_get_config_rsp
1319**
1320** Description      This function is called to process get config response
1321**
1322** Returns          void
1323**
1324*******************************************************************************/
1325void nfc_ncif_proc_get_config_rsp (BT_HDR *p_evt)
1326{
1327    UINT8   *p;
1328    tNFC_RESPONSE_CBACK *p_cback = nfc_cb.p_resp_cback;
1329    tNFC_RESPONSE  evt_data;
1330
1331    p_evt->offset += NCI_MSG_HDR_SIZE;
1332    p_evt->len    -= NCI_MSG_HDR_SIZE;
1333    if (p_cback)
1334    {
1335        p                                = (UINT8 *) (p_evt + 1) + p_evt->offset;
1336        evt_data.get_config.status       = *p++;
1337        evt_data.get_config.tlv_size     = p_evt->len;
1338        evt_data.get_config.p_param_tlvs = p;
1339        (*p_cback) (NFC_GET_CONFIG_REVT, &evt_data);
1340    }
1341}
1342
1343/*******************************************************************************
1344**
1345** Function         nfc_ncif_proc_t3t_polling_ntf
1346**
1347** Description      Handle NCI_MSG_RF_T3T_POLLING NTF
1348**
1349** Returns          void
1350**
1351*******************************************************************************/
1352void nfc_ncif_proc_t3t_polling_ntf (UINT8 *p, UINT16 plen)
1353{
1354    UINT8 status;
1355    UINT8 num_responses;
1356
1357    /* Pass result to RW_T3T for processing */
1358    STREAM_TO_UINT8 (status, p);
1359    STREAM_TO_UINT8 (num_responses, p);
1360    plen-=NFC_TL_SIZE;
1361    rw_t3t_handle_nci_poll_ntf (status, num_responses, (UINT8) plen, p);
1362}
1363
1364/*******************************************************************************
1365**
1366** Function         nfc_data_event
1367**
1368** Description      Report Data event on the given connection control block
1369**
1370** Returns          void
1371**
1372*******************************************************************************/
1373void nfc_data_event (tNFC_CONN_CB * p_cb)
1374{
1375    BT_HDR      *p_evt;
1376    tNFC_DATA_CEVT data_cevt;
1377    UINT8       *p;
1378
1379    if (p_cb->p_cback)
1380    {
1381        while ((p_evt = (BT_HDR *)GKI_getfirst (&p_cb->rx_q)) != NULL)
1382        {
1383            if (p_evt->layer_specific & NFC_RAS_FRAGMENTED)
1384            {
1385                break;
1386            }
1387            p_evt = (BT_HDR *) GKI_dequeue (&p_cb->rx_q);
1388            /* report data event */
1389            p_evt->offset   += NCI_MSG_HDR_SIZE;
1390            p_evt->len      -= NCI_MSG_HDR_SIZE;
1391            if (p_evt->layer_specific)
1392                data_cevt.status = NFC_STATUS_BAD_LENGTH;
1393            else
1394                data_cevt.status = NFC_STATUS_OK;
1395            data_cevt.p_data = p_evt;
1396            /* adjust payload, if needed */
1397            if (p_cb->conn_id == NFC_RF_CONN_ID)
1398            {
1399                /* if NCI_PROTOCOL_T1T/NCI_PROTOCOL_T2T/NCI_PROTOCOL_T3T, the status byte needs to be removed
1400                 */
1401                if ((p_cb->act_protocol >= NCI_PROTOCOL_T1T) && (p_cb->act_protocol <= NCI_PROTOCOL_T3T))
1402                {
1403                    p_evt->len--;
1404                    p                = (UINT8 *) (p_evt + 1);
1405                    data_cevt.status = *(p + p_evt->offset + p_evt->len);
1406                }
1407            }
1408            (*p_cb->p_cback) (p_cb->conn_id, NFC_DATA_CEVT, (tNFC_CONN *) &data_cevt);
1409            p_evt = NULL;
1410        }
1411    }
1412}
1413
1414/*******************************************************************************
1415**
1416** Function         nfc_ncif_proc_data
1417**
1418** Description      Find the connection control block associated with the data
1419**                  packet. Assemble the data packet, if needed.
1420**                  Report the Data event.
1421**
1422** Returns          void
1423**
1424*******************************************************************************/
1425void nfc_ncif_proc_data (BT_HDR *p_msg)
1426{
1427    UINT8   *pp, cid;
1428    tNFC_CONN_CB * p_cb;
1429    UINT8   pbf;
1430    BT_HDR  *p_last;
1431    UINT8   *ps, *pd;
1432    UINT16  size;
1433    BT_HDR  *p_max = NULL;
1434    UINT16  len;
1435    UINT16  error_mask = 0;
1436
1437    pp   = (UINT8 *) (p_msg+1) + p_msg->offset;
1438    NFC_TRACE_DEBUG3 ("nfc_ncif_proc_data 0x%02x%02x%02x", pp[0], pp[1], pp[2]);
1439    NCI_DATA_PRS_HDR (pp, pbf, cid, len);
1440    p_cb = nfc_find_conn_cb_by_conn_id (cid);
1441    if (p_cb && (p_msg->len >= NCI_DATA_HDR_SIZE))
1442    {
1443        NFC_TRACE_DEBUG1 ("nfc_ncif_proc_data len:%d", len);
1444        if (len > 0)
1445        {
1446            p_msg->layer_specific       = 0;
1447            if (pbf)
1448                p_msg->layer_specific   = NFC_RAS_FRAGMENTED;
1449            p_last = (BT_HDR *)GKI_getlast (&p_cb->rx_q);
1450            if (p_last && (p_last->layer_specific & NFC_RAS_FRAGMENTED))
1451            {
1452                /* last data buffer is not last fragment, append this new packet to the last */
1453                size = GKI_get_buf_size(p_last);
1454                if (size < (BT_HDR_SIZE + p_last->len + p_last->offset + len))
1455                {
1456                    /* the current size of p_last is not big enough to hold the new fragment, p_msg */
1457                    if (size != GKI_MAX_BUF_SIZE)
1458                    {
1459                        /* try the biggest GKI pool */
1460                        p_max = (BT_HDR *)GKI_getpoolbuf (GKI_MAX_BUF_SIZE_POOL_ID);
1461                        if (p_max)
1462                        {
1463                            /* copy the content of last buffer to the new buffer */
1464                            memcpy(p_max, p_last, BT_HDR_SIZE);
1465                            pd  = (UINT8 *)(p_max + 1) + p_max->offset;
1466                            ps  = (UINT8 *)(p_last + 1) + p_last->offset;
1467                            memcpy(pd, ps, p_last->len);
1468
1469                            /* place the new buffer in the queue instead */
1470                            GKI_remove_from_queue (&p_cb->rx_q, p_last);
1471                            GKI_freebuf (p_last);
1472                            GKI_enqueue (&p_cb->rx_q, p_max);
1473                            p_last  = p_max;
1474                        }
1475                    }
1476                    if (p_max == NULL)
1477                    {
1478                        p_last->layer_specific  |= NFC_RAS_TOO_BIG;
1479                        NFC_TRACE_ERROR1 ("nci_reassemble_msg buffer overrun(%d)!!", len);
1480                    }
1481                }
1482
1483                ps   = (UINT8 *)(p_msg + 1) + p_msg->offset + NCI_MSG_HDR_SIZE;
1484                len  = p_msg->len - NCI_MSG_HDR_SIZE;
1485                if ((p_last->layer_specific & NFC_RAS_TOO_BIG) == 0)
1486                {
1487                    pd   = (UINT8 *)(p_last + 1) + p_last->offset + p_last->len;
1488                    memcpy(pd, ps, len);
1489                    p_last->len  += len;
1490                    /* do not need to update pbf and len in NCI header.
1491                     * They are stripped off at NFC_DATA_CEVT and len may exceed 255 */
1492                    NFC_TRACE_DEBUG1 ("nfc_ncif_proc_data len:%d", p_last->len);
1493                }
1494
1495                error_mask              = (p_last->layer_specific & NFC_RAS_TOO_BIG);
1496                p_last->layer_specific  = (p_msg->layer_specific | error_mask);
1497                GKI_freebuf (p_msg);
1498#ifdef DISP_NCI
1499                if ((p_last->layer_specific & NFC_RAS_FRAGMENTED) == 0)
1500                {
1501                    /* this packet was reassembled. display the complete packet */
1502                    DISP_NCI ((UINT8 *)(p_last + 1) + p_last->offset, p_last->len, TRUE);
1503                }
1504#endif
1505            }
1506            else
1507            {
1508                /* enqueue the new buffer to the rx queue */
1509                GKI_enqueue (&p_cb->rx_q, p_msg);
1510            }
1511            nfc_data_event (p_cb);
1512            return;
1513        }
1514        /* else an empty data packet*/
1515    }
1516    GKI_freebuf (p_msg);
1517}
1518
1519#endif /* NFC_INCLUDED == TRUE*/
1520