在蓝牙enable的过程中会进行多个线程的创建以及将线程与队列进行绑定的工作。该篇文章主要分析一下处理hci数据这个 线程。
void BTU_StartUp(void)
{
...
btu_bta_msg_queue = fixed_queue_new(SIZE_MAX); btu_general_alarm_hash_map = hash_map_new(BTU_GENERAL_ALARM_HASH_MAP_SIZE,
hash_function_pointer, NULL, (data_free_fn)alarm_free, NULL); btu_general_alarm_queue = fixed_queue_new(SIZE_MAX);
btu_oneshot_alarm_hash_map = hash_map_new(BTU_ONESHOT_ALARM_HASH_MAP_SIZE,
hash_function_pointer, NULL, (data_free_fn)alarm_free, NULL); btu_oneshot_alarm_queue = fixed_queue_new(SIZE_MAX); btu_l2cap_alarm_hash_map = hash_map_new(BTU_L2CAP_ALARM_HASH_MAP_SIZE,
hash_function_pointer, NULL, (data_free_fn)alarm_free, NULL); btu_l2cap_alarm_queue = fixed_queue_new(SIZE_MAX); bt_workqueue_thread = thread_new(BT_WORKQUEUE_NAME);//该线程为处理各个task 的线程,之后会与多个队列绑定
// Continue startup on bt workqueue thread.
thread_post(bt_workqueue_thread, btu_task_start_up, NULL);//在bt_workqueue_thread中继续startup的工作
return;
}
剩下的enable 的工作会在这个函数中btu_task_start_up继续做:
void btu_task_start_up(UNUSED_ATTR void *context) {
...
/* Initialize the mandatory core stack control blocks
(BTU, BTM, L2CAP, and SDP)
*/
btu_init_core();
/* Initialize any optional stack components */
BTE_InitStack();
bta_sys_init();
// Inform the bt jni thread initialization is ok.
btif_transfer_context(btif_init_ok, , NULL, , NULL);
fixed_queue_register_dequeue(btu_bta_msg_queue,//绑定btu_bta_msg_queue
thread_get_reactor(bt_workqueue_thread),
btu_bta_msg_ready,
NULL);
fixed_queue_register_dequeue(btu_hci_msg_queue,//绑定btu_hci_msg_queue
thread_get_reactor(bt_workqueue_thread),
btu_hci_msg_ready,
NULL);
fixed_queue_register_dequeue(btu_general_alarm_queue,//绑定btu_general_alarm_queue
thread_get_reactor(bt_workqueue_thread),
btu_general_alarm_ready,
NULL);
fixed_queue_register_dequeue(btu_oneshot_alarm_queue,//绑定btu_oneshot_alarm_queue
thread_get_reactor(bt_workqueue_thread),
btu_oneshot_alarm_ready,
NULL);
fixed_queue_register_dequeue(btu_l2cap_alarm_queue,//绑定btu_l2cap_alarm_queue
thread_get_reactor(bt_workqueue_thread),
btu_l2cap_alarm_ready,
NULL);
}
这里绑定的含义就是当被绑定的队列里面有数据可以读写的时候,就会在该线程中处理,处理的函数就是fixed_queue_register_dequeue函数的第三个参数和第四个参数,分别对应于读和写的函数。
从上面的注册信息来看,都是当队列里面有数据的时候,调用函数来处理这些队列中的消息。
现在具体分析一下btu_hci_msg_queue 这个队列的处理流程。
稍微思考一下,可以想到从controller 传上来的消息都会塞到这个队列里面。现在具体的分析,controller传上来的数据 都是通过bt driver来上传的,上传上来的数据有event以及acl data,这两者应该都是放置到这个队列进行处理的。
在协议栈中,当底层有数据的时候,会调用该函数:
hci_layer.c中:
static void hal_says_data_ready(serial_data_type_t type) {
packet_receive_data_t *incoming = &incoming_packets[PACKET_TYPE_TO_INBOUND_INDEX(type)];
uint8_t byte;
while (hal->read_data(type, &byte, , false) != ) {
switch (incoming->state) {
case BRAND_NEW:
// Initialize and prepare to jump to the preamble reading state
incoming->bytes_remaining = preamble_sizes[PACKET_TYPE_TO_INDEX(type)];
memset(incoming->preamble, , PREAMBLE_BUFFER_SIZE);
incoming->index = ;
incoming->state = PREAMBLE;
// INTENTIONAL FALLTHROUGH
case PREAMBLE:
incoming->preamble[incoming->index] = byte;
incoming->index++;
incoming->bytes_remaining--;
if (incoming->bytes_remaining == ) {
// For event and sco preambles, the last byte we read is the length
incoming->bytes_remaining = (type == DATA_TYPE_ACL) ? RETRIEVE_ACL_LENGTH(incoming->preamble) : byte;
size_t buffer_size = BT_HDR_SIZE + incoming->index + incoming->bytes_remaining;
incoming->buffer = (BT_HDR *)buffer_allocator->alloc(buffer_size);
if (!incoming->buffer) {
LOG_ERROR("%s error getting buffer for incoming packet of type %d and size %zd", __func__, type, buffer_size);
// Can't read any more of this current packet, so jump out
incoming->state = incoming->bytes_remaining == ? BRAND_NEW : IGNORE;
break;
}
// Initialize the buffer
incoming->buffer->offset = ;
incoming->buffer->layer_specific = ;
incoming->buffer->event = outbound_event_types[PACKET_TYPE_TO_INDEX(type)];
memcpy(incoming->buffer->data, incoming->preamble, incoming->index);
incoming->state = incoming->bytes_remaining > ? BODY : FINISHED;
}
break;
case BODY:
incoming->buffer->data[incoming->index] = byte;
incoming->index++;
incoming->bytes_remaining--;
size_t bytes_read = hal->read_data(type, (incoming->buffer->data + incoming->index), incoming->bytes_remaining, false);
incoming->index += bytes_read;
incoming->bytes_remaining -= bytes_read;
incoming->state = incoming->bytes_remaining == ? FINISHED : incoming->state;
break;
case IGNORE:
incoming->bytes_remaining--;
if (incoming->bytes_remaining == ) {
incoming->state = BRAND_NEW;
// Don't forget to let the hal know we finished the packet we were ignoring.
// Otherwise we'll get out of sync with hals that embed extra information
// in the uart stream (like H4). #badnewsbears
hal->packet_finished(type);
return;
}
break;
case FINISHED:
LOG_ERROR("%s the state machine should not have been left in the finished state.", __func__);
break;
}
if (incoming->state == FINISHED) {
incoming->buffer->len = incoming->index;
btsnoop->capture(incoming->buffer, true);//capture btsnoop
if (type != DATA_TYPE_EVENT) {
packet_fragmenter->reassemble_and_dispatch(incoming->buffer);//acl data的处理
} else if (!filter_incoming_event(incoming->buffer)) {//event 的处理
// Dispatch the event by event code
uint8_t *stream = incoming->buffer->data;
uint8_t event_code;
STREAM_TO_UINT8(event_code, stream);
data_dispatcher_dispatch(
interface.event_dispatcher,
event_code,
incoming->buffer
);
}
// We don't control the buffer anymore
incoming->buffer = NULL;
incoming->state = BRAND_NEW;
hal->packet_finished(type);
// We return after a packet is finished for two reasons:
// 1. The type of the next packet could be different.
// 2. We don't want to hog cpu time.
return;
}
}
}
从上面的函数可以看出,如果封包接收没有结束会继续接收,直到incoming->state == FINISHED ,这个时候说明封包完整的接收到了。对于封包的处理,做了如下的事情:
- 录制btsnoop
- 根据不同数据类型分别路由到不同的处理函数,acl data 以及其他的封包由packet_fragmenter->reassemble_and_dispatch(incoming->buffer) 来处理。event事件由
data_dispatcher_dispatch(interface.event_dispatcher,event_code,incoming->buffer)
这里分别看看两个函数的具体处理流程:
packet_fragmenter->reassemble_and_dispatch
先看看这个packet_fragmenter_t结构:
static const packet_fragmenter_t interface = {
init,
cleanup,
fragment_and_dispatch,
reassemble_and_dispatch
};
其中的具体实现,我这里
static void reassemble_and_dispatch(UNUSED_ATTR BT_HDR *packet) {
if ((packet->event & MSG_EVT_MASK) == MSG_HC_TO_STACK_HCI_ACL) {
...
STREAM_TO_UINT16(handle, stream);
STREAM_TO_UINT16(acl_length, stream);
STREAM_TO_UINT16(l2cap_length, stream);
BT_HDR *partial_packet = (BT_HDR *)hash_map_get(partial_packets, (void *)(uintptr_t)handle);
memcpy(partial_packet->data, packet->data, packet->len);
...
packet->offset = HCI_ACL_PREAMBLE_SIZE;
...
memcpy(
partial_packet->data + partial_packet->offset,
packet->data + packet->offset,
packet->len - packet->offset
);
...
if (partial_packet->offset == partial_packet->len) {
hash_map_erase(partial_packets, (void *)(uintptr_t)handle);
partial_packet->offset = ;
callbacks->reassembled(partial_packet);//最终调用hci_hal_callbacks_t的
}
}
} else {
callbacks->reassembled(packet);
}
}
上面看到最终调用callbacks->reassembled(partial_packet);来处理,实现在hci_layer.c
static const packet_fragmenter_callbacks_t packet_fragmenter_callbacks = {
transmit_fragment,
dispatch_reassembled,//实际调用的是这个函数
fragmenter_transmit_finished,
filter_incoming_event
fragmenter_transmit_finished
#endif
};
看具体实现:
// Callback for the fragmenter to dispatch up a completely reassembled packet
static void dispatch_reassembled(BT_HDR *packet) {
// Events should already have been dispatched before this point
assert(upwards_data_queue != NULL); if (upwards_data_queue) {//放置都这个queue
fixed_queue_enqueue(upwards_data_queue, packet);
} else {
LOG_ERROR("%s had no queue to place upwards data packet in. Dropping it on the floor.", __func__);
buffer_allocator->free(packet);
}
}
static void set_data_queue(fixed_queue_t *queue) { //这个函数对该队列赋值
upwards_data_queue = queue;
}
static void init_layer_interface() {
if (!interface_created) {
interface.send_low_power_command = low_power_manager->post_command;
interface.do_postload = do_postload;
interface.event_dispatcher = data_dispatcher_new("hci_layer");
interface.set_data_queue = set_data_queue;//肯定是别的地方调用hci 的interface来设置这个队列的
interface.transmit_command = transmit_command;
interface.transmit_command_futured = transmit_command_futured;
interface.transmit_downward = transmit_downward;
interface_created = true;
}
}
这里其实是在蓝牙初始化的时候就已经做了,
void bte_main_boot_entry(void)
{
module_init(get_module(GKI_MODULE));
module_init(get_module(COUNTER_MODULE)); hci = hci_layer_get_interface();//获取hci的interface btu_hci_msg_queue = fixed_queue_new(SIZE_MAX);
if (btu_hci_msg_queue == NULL) {
LOG_ERROR("%s unable to allocate hci message queue.", __func__);
return;
}
data_dispatcher_register_default(hci->event_dispatcher, btu_hci_msg_queue);
hci->set_data_queue(btu_hci_msg_queue);//将btu_hci_msg_queue传入,也就是后来的upwards_data_queue
...
}
到这里,我们知道了,其实acl的数据都最终会放置到这个btu_hci_msg_queue 队列来处理。
现在我们看看
data_dispatcher_dispatch(interface.event_dispatcher,event_code,incoming->buffer) 的处理流程:
我们先看看data_dispatcher_dispatch的实现:
bool data_dispatcher_dispatch(data_dispatcher_t *dispatcher, data_dispatcher_type_t type, void *data) {
fixed_queue_t *queue = hash_map_get(dispatcher->dispatch_table, (void *)type);
if (!queue)
queue = dispatcher->default_queue;//如果没有获取到专用的队列,就用默认的队列
if (queue)
fixed_queue_enqueue(queue, data);//将数据加入到队列里面
return queue != NULL;
}
当前不清楚 dispatcher->dispatch_table 的队列的情况,在init_layer_interface中:
interface.event_dispatcher = data_dispatcher_new("hci_layer");
这里没有设置专用的队列,那在哪里有设置呢?其实还是在上面的蓝牙init的时候:
void bte_main_boot_entry(void)
{
module_init(get_module(GKI_MODULE));
module_init(get_module(COUNTER_MODULE)); hci = hci_layer_get_interface();//获取hci的interface btu_hci_msg_queue = fixed_queue_new(SIZE_MAX);
if (btu_hci_msg_queue == NULL) {
LOG_ERROR("%s unable to allocate hci message queue.", __func__);
return;
}
data_dispatcher_register_default(hci->event_dispatcher, btu_hci_msg_queue);//将btu_hci_msg_queue 注册给hci的event_dispatcher,
hci->set_data_queue(btu_hci_msg_queue);//将btu_hci_msg_queue传入,也就是后来的upwards_data_queue
...
}
void data_dispatcher_register_default(data_dispatcher_t *dispatcher, fixed_queue_t *queue) {
assert(dispatcher != NULL);
dispatcher->default_queue = queue;
}
到这里,我们发现,的确是所有的controller上来的数据都是放置到btu_hci_msg_queue来等待处理,
后续的具体的处理流程很简单,根据不同的数据类型,发配给不同的函数来处理。