关于bta_dm_cb.p_sec_cback,这里我们之前已经分析过,他就是bte_dm_evt ,最终调用的函数btif_dm_upstreams_evt :
static void btif_dm_upstreams_evt(UINT16 event, char* p_param) { tBTA_DM_SEC *p_data = (tBTA_DM_SEC*)p_param; tBTA_SERVICE_MASK service_mask; uint32_t i; bt_bdaddr_t bd_addr; ... case BTA_DM_BLE_AUTH_CMPL_EVT: BTIF_TRACE_DEBUG("BTA_DM_BLE_AUTH_CMPL_EVT. "); btif_dm_ble_auth_cmpl_evt(&p_data->auth_cmpl); break; ... }
继续看:
/******************************************************************************* ** ** Function btif_dm_ble_auth_cmpl_evt ** ** Description Executes authentication complete event in btif context ** ** Returns void ** *******************************************************************************/ static void btif_dm_ble_auth_cmpl_evt (tBTA_DM_AUTH_CMPL *p_auth_cmpl) { /* Save link key, if not temporary */ bt_bdaddr_t bd_addr; bt_status_t status = BT_STATUS_FAIL; bt_bond_state_t state = BT_BOND_STATE_NONE; bdcpy(bd_addr.address, p_auth_cmpl->bd_addr); if ( (p_auth_cmpl->success == TRUE) && (p_auth_cmpl->key_present) ) { /* store keys */ } if (p_auth_cmpl->success) { status = BT_STATUS_SUCCESS; state = BT_BOND_STATE_BONDED; int addr_type; bt_bdaddr_t bdaddr; bdcpy(bdaddr.address, p_auth_cmpl->bd_addr); if (btif_storage_get_remote_addr_type(&bdaddr, &addr_type) != BT_STATUS_SUCCESS) btif_storage_set_remote_addr_type(&bdaddr, p_auth_cmpl->addr_type); /* Test for temporary bonding */ if (btm_get_bond_type_dev(p_auth_cmpl->bd_addr) == BOND_TYPE_TEMPORARY) { ... } else { btif_dm_save_ble_bonding_keys();//保存key 到config BTA_GATTC_Refresh(bd_addr.address);//refresh btif_dm_get_remote_services_by_transport(&bd_addr, BTA_GATT_TRANSPORT_LE);//继续获取服务 } else { ... } bond_state_changed(status, &bd_addr, state);//上报状态 }
btif_dm_save_ble_bonding_keys 很简单,就是保存SMP相关的key 到config文件,bond_state_changed也很简单,就是 上报状态,下面着重看看BTA_GATTC_Refresh和btif_dm_get_remote_services_by_transport
首先看看BTA_GATTC_Refresh:简单的地方会一带而过:
/******************************************************************************* ** ** Function BTA_GATTC_Refresh ** ** Description Refresh the server cache of the remote device ** ** Parameters remote_bda: remote device BD address. ** ** Returns void ** *******************************************************************************/ void BTA_GATTC_Refresh(BD_ADDR remote_bda) { tBTA_GATTC_API_OPEN *p_buf; if ((p_buf = (tBTA_GATTC_API_OPEN *) GKI_getbuf(sizeof(tBTA_GATTC_API_OPEN))) != NULL) { p_buf->hdr.event = BTA_GATTC_API_REFRESH_EVT;//发送事件 memcpy(p_buf->remote_bda, remote_bda, BD_ADDR_LEN); bta_sys_sendmsg(p_buf); } return; }
处理这个事件的函数是: bta_gattc_process_api_refresh:
/******************************************************************************* ** ** Function bta_gattc_process_api_refresh ** ** Description process refresh API to delete cache and start a new discovery ** if currently connected. ** ** Returns None. ** *******************************************************************************/ void bta_gattc_process_api_refresh(tBTA_GATTC_CB *p_cb, tBTA_GATTC_DATA * p_msg) { tBTA_GATTC_SERV *p_srvc_cb = bta_gattc_find_srvr_cache(p_msg->api_conn.remote_bda);//查找cache tBTA_GATTC_CLCB *p_clcb = &bta_gattc_cb.clcb[0]; BOOLEAN found = FALSE; UINT8 i; UNUSED(p_cb); if (p_srvc_cb != NULL)//找到cache { /* try to find a CLCB */ if (p_srvc_cb->connected && p_srvc_cb->num_clcb != 0) { for (i = 0; i < BTA_GATTC_CLCB_MAX; i ++, p_clcb ++) { if (p_clcb->in_use && p_clcb->p_srcb == p_srvc_cb) { found = TRUE;//找到对应的clcb break; } } if (found) { bta_gattc_sm_execute(p_clcb, BTA_GATTC_INT_DISCOVER_EVT, NULL);//继续搜索 return; } } /* in all other cases, mark it and delete the cache */ if (p_srvc_cb->p_srvc_cache != NULL)//没有找到对应clcb,那么这个cache也没有存在的价值了,直接删除 { while (!GKI_queue_is_empty(&p_srvc_cb->cache_buffer)) GKI_freebuf (GKI_dequeue (&p_srvc_cb->cache_buffer)); p_srvc_cb->p_srvc_cache = NULL; } } /* used to reset cache in application */ bta_gattc_co_cache_reset(p_msg->api_conn.remote_bda);//删除/data/misc/bluedroid/gatt_cache_* 文件 }
这个函数的作用:
- 如果找到cache,并且找到clcb,那么继续进行服务搜索,
- 否则删除cache,包括data/misc/bluedroid/下面的文件,重新开始。
我们这里只分析第一次配对之后的服务搜索。
下面继续看btif_dm_get_remote_services_by_transport :
/******************************************************************************* ** ** Function btif_dm_get_remote_services_transport ** ** Description Start SDP to get remote services by transport ** ** Returns bt_status_t ** *******************************************************************************/ bt_status_t btif_dm_get_remote_services_by_transport(bt_bdaddr_t *remote_addr, const int transport) { /* Set the mask extension */ tBTA_SERVICE_MASK_EXT mask_ext; mask_ext.num_uuid = 0;//搜索全部服务 mask_ext.p_uuid = NULL; mask_ext.srvc_mask = BTA_ALL_SERVICE_MASK; BTA_DmDiscoverByTransport(remote_addr->address, &mask_ext, bte_dm_search_services_evt, TRUE, transport); //bte_dm_search_services_evt回调函数 return BT_STATUS_SUCCESS; }
看看BTA_DmDiscoverByTransport:
/******************************************************************************* ** ** Function BTA_DmDiscoverByTransport ** ** Description This function does service discovery on particular transport ** for services of a ** peer device. When services.num_uuid is 0, it indicates all ** GATT based services are to be searched; otherwise a list of ** UUID of interested services should be provided through ** p_services->p_uuid. ** ** ** ** Returns void ** *******************************************************************************/ void BTA_DmDiscoverByTransport(BD_ADDR bd_addr, tBTA_SERVICE_MASK_EXT *p_services, tBTA_DM_SEARCH_CBACK *p_cback, BOOLEAN sdp_search, tBTA_TRANSPORT transport) { #if BLE_INCLUDED == TRUE && BTA_GATT_INCLUDED == TRUE bta_dm_discover_send_msg(bd_addr, p_services, p_cback, sdp_search, transport); #endif }
继续往下看:
/******************************************************************************* ** ** Function bta_dm_discover_send_msg ** ** Description This function send discover message to BTA task. ** ** Returns void ** *******************************************************************************/ #if BLE_INCLUDED == TRUE && BTA_GATT_INCLUDED == TRUE static void bta_dm_discover_send_msg(BD_ADDR bd_addr, tBTA_SERVICE_MASK_EXT *p_services, tBTA_DM_SEARCH_CBACK *p_cback, BOOLEAN sdp_search, tBTA_TRANSPORT transport) { tBTA_DM_API_DISCOVER *p_msg; UINT16 len = p_services ? (sizeof(tBTA_DM_API_DISCOVER) + sizeof(tBT_UUID) * p_services->num_uuid) : sizeof(tBTA_DM_API_DISCOVER); if ((p_msg = (tBTA_DM_API_DISCOVER *) GKI_getbuf(len)) != NULL) { memset(p_msg, 0, len); p_msg->hdr.event = BTA_DM_API_DISCOVER_EVT;//发送该事件 bdcpy(p_msg->bd_addr, bd_addr); p_msg->p_cback = p_cback; p_msg->sdp_search = sdp_search; p_msg->transport = transport;
这里发现他发送了事件到BTA task进行搜索的流程:函数功能正如注释“This function send discover message to BTA task.”
最终BTA执行的函数是:
/******************************************************************************* ** ** Function bta_dm_discover ** ** Description Discovers services on a remote device ** ** ** Returns void ** *******************************************************************************/ void bta_dm_discover (tBTA_DM_MSG *p_data) { #if BLE_INCLUDED == TRUE && BTA_GATT_INCLUDED == TRUE UINT16 len = (UINT16)(sizeof(tBT_UUID) * p_data->discover.num_uuid); #endif /* save the search condition */ bta_dm_search_cb.services = p_data->discover.services; #if BLE_INCLUDED == TRUE && BTA_GATT_INCLUDED == TRUE bta_dm_gattc_register(); utl_freebuf((void **)&bta_dm_search_cb.p_srvc_uuid); if ((bta_dm_search_cb.num_uuid = p_data->discover.num_uuid) != 0 && p_data->discover.p_uuid != NULL) { if ((bta_dm_search_cb.p_srvc_uuid = (tBT_UUID *)GKI_getbuf(len)) == NULL) { p_data->discover.p_cback(BTA_DM_DISC_CMPL_EVT, NULL); return; } memcpy(bta_dm_search_cb.p_srvc_uuid, p_data->discover.p_uuid, len); } bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid; #endif bta_dm_search_cb.p_search_cback = p_data->discover.p_cback; bta_dm_search_cb.sdp_search = p_data->discover.sdp_search; bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;//mask bta_dm_search_cb.service_index = 0; bta_dm_search_cb.services_found = 0; bta_dm_search_cb.peer_name[0] = 0; bta_dm_search_cb.sdp_search = p_data->discover.sdp_search; bta_dm_search_cb.p_btm_inq_info = BTM_InqDbRead (p_data->discover.bd_addr); bta_dm_search_cb.transport = p_data->discover.transport; bta_dm_search_cb.name_discover_done = FALSE; memcpy(&bta_dm_search_cb.uuid, &p_data->discover.uuid, sizeof(tSDP_UUID)); bta_dm_discover_device(p_data->discover.bd_addr);//action }
这里注意bta_dm_search_cb.p_search_cback = p_data->discover.p_cback = bte_dm_search_services_evt,后期搜索到结果的相关的处理,肯定会调用到这个回调函数。这里要非常注意的是当进行服务搜索的时候bta_dm_search_cb.p_search_cback = bte_dm_search_services_evt,当进行设备搜索的时候bta_dm_search_cb.p_search_cback = bte_search_devices_evt,注意不要搞混。
bta_dm_discover 主要做了三件事:
- bta_dm_gattc_register ,这里其实在蓝牙enable的时候就已经注册好了,关于该函数分析:bta_dm_gattc_register
- 组建bta_dm_search_cb 结构
- bta_dm_discover_device
下面分别来分析:
下面来看一下bta_dm_discover_device :
这是一个 服务发现的总的函数接口,涉及 到BREDR 以及BLE 的部分,我们这里只关注BLE的情况:
if (transport == BT_TRANSPORT_LE) { if (bta_dm_search_cb.services_to_search & BTA_BLE_SERVICE_MASK) { //set the raw data buffer here memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf)); bta_dm_search_cb.p_ble_rawdata = g_disc_raw_data_buf; bta_dm_search_cb.ble_raw_size = MAX_DISC_RAW_DATA_BUF; bta_dm_search_cb.ble_raw_used = 0; /* start GATT for service discovery */ btm_dm_start_gatt_discovery(bta_dm_search_cb.peer_bdaddr);//进行GATT 搜索 return; } }
继续看btm_dm_start_gatt_discovery:
/******************************************************************************* ** ** Function btm_dm_start_gatt_discovery ** ** Description This is GATT initiate the service search by open a GATT connection ** first. ** ** Parameters: ** *******************************************************************************/ void btm_dm_start_gatt_discovery (BD_ADDR bd_addr) { bta_dm_search_cb.gatt_disc_active = TRUE; /* connection is already open */ if (bdcmp(bta_dm_search_cb.pending_close_bda, bd_addr) == 0 && bta_dm_search_cb.conn_id != BTA_GATT_INVALID_CONN_ID) { memset(bta_dm_search_cb.pending_close_bda, 0, BD_ADDR_LEN); bta_sys_stop_timer(&bta_dm_search_cb.gatt_close_timer); btm_dm_start_disc_gatt_services(bta_dm_search_cb.conn_id);//如果已经打开,那么直接进行搜索 } else BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, TRUE, BTA_GATT_TRANSPORT_LE);//打开GATT 通道 }
这是一个服务搜索的函数,但是当 GATT 通道没有打开的时候,我们只要调用 BTA_GATTC_Open就可以了,那说明这个函数在打开GATT通道之后会自动进行搜索。
那这里关于BTA_GATTC_Open的流程分析,请参考:这里