[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bluetooth-dev] rfcomm: pn_pkt definition





Hi again,
maybe I need to add more information to get a response back. When I issue an
rf_conn 00:d0:b7:03:4b:e7 1 0, everything goes fine till send_pn_msg and after
the program comes back, it crashes on both side. So both try to send out pn
message and then both crash. Please read my previous email for details on PN
packet. I appreciate anyone's help on this issue.
THanks,
mandana
here is a dump of the client side:

rfcomm_receive_data: (4)
   0x03 0x73 0x01 0xd7
          RFCOMM rfcomm_receive_data: 4 bytes, our cid is 64
          RFCOMM rfcomm_receive_data: UA packet received
          RFCOMM send_pn_msg: DLCI 0x02, prior:0x07, frame_size:127,
credit_flow:0, credit
s:0, cr:1
    BTMEM subscribe_bt_buf : buf_len 47
    BTMEM get_bt_buf : no data in buffer
    BTMEM Buffer empty, reset buffer and subsc at 0
     L2CAP l2cap_send_data : hdl : 1, rcid : 64, len:14
l2cap_send_data :  (18)
   0x0e 0x00 0x40 0x00 0x03 0xef 0x15 0x83 0x11 0x02 0x00 0x07 0x00 0x7f 0x00
0x00
   0x00 0x70
HCI: , 18 bytes
    BTMEM get_bt_buf : returning 6810080
HCI: , 18 bytes
HCI: , send 18 bytes (excl HCI header) out of 18
HCI: , There are 5 bytes space for the headers
,  (23)
   0x02 0x01 0x20 0x12 0x00 0x0e 0x00 0x40 0x00 0x03 0xef 0x15 0x83 0x11 0x02
0x00
   0x07 0x00 0x7f 0x00 0x00 0x00 0x70
BT DATA <--|X|     23
bt_write_lower_driver  (23)
   0x02 0x01 0x20 0x12 0x00 0x0e 0x00 0x40 0x00 0x03 0xef 0x15 0x83 0x11 0x02
0x00
   0x07 0x00 0x7f 0x00 0x00 0x00 0x70
HCI: , now c = 18
HCI: , unsubscribing tx_buf.
    BTMEM unsubscribe_bt_buf : 23 bytes (not incl hdrs) at pos 0
HCI: <--0 (5)

---------------------- Forwarded by Mandana Amiri/Inc/Celestica on 02/26/2001
02:47 PM ---------------------------


"Mandana Amiri" <mamiri@xxxxxxx.com> on 02/21/2001 02:33:47 PM
                                                              
                                                              
                                                              
 To:      bluetooth-dev@xxxxxxx.com                              
                                                              
 cc:      (bcc: Mandana Amiri/Inc/Celestica)                  
                                                              
                                                              
                                                              
 Subject: [bluetooth-dev] rfcomm: pn_pkt definition           
                                                              









Hi,
I'm trying to debug rf_conn on my slightly modified version of the stack. (based
on 01/08 stack usermode). everything goes fine till the first PN packet.
On the receiving end wrong byte is picked as checksum and on the initiator end,
program crashes after returning from send_pn_msg.
When debugging, noticed that send_pn_msg is causing the crash and the packet is
not allocated(sent) properly. here are my questions and I wonder if someone can
clarify it for me:

1. Why frame_size in pkt_msg structure is defined as: 'u32 framesize:16' and not
just 'u16 framesize'? This is going to take 4 bytes and affect the packet size
down the road. rigth?
(I checked the spec and frame size is only 16 bit.)
2. In send_pn_msg there is the following comment:
/* FIXME: Can't use structures here, sizeof doesn't work... */
     rfcomm_frame_size = 14; //sizeof(pn_msg);

If I use sizeof(pn_msg) it's more than 14, so is the actual packet and things
don't line up on the receiving end. meaning fcs is offseted.
any idea?
mandana


-
To unsubscribe from this list: send the line "unsubscribe bluetooth-dev" in
the body of a message to majordomo@xxxxxxx.com

att1.eml