1 /* $OpenBSD: hci_event.c,v 1.6 2007/10/01 16:39:30 krw Exp $ */ 2 /* $NetBSD: hci_event.c,v 1.6 2007/04/21 06:15:23 plunky Exp $ */ 3 /* $DragonFly: src/sys/netbt/hci_event.c,v 1.1 2007/12/30 20:02:56 hasso Exp $ */ 4 5 /*- 6 * Copyright (c) 2005 Iain Hibbert. 7 * Copyright (c) 2006 Itronix Inc. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of Itronix Inc. may not be used to endorse 19 * or promote products derived from this software without specific 20 * prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 25 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 26 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 27 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 29 * ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32 * POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <sys/cdefs.h> 36 37 #include <sys/param.h> 38 #include <sys/kernel.h> 39 #include <sys/malloc.h> 40 #include <sys/mbuf.h> 41 #include <sys/proc.h> 42 #include <sys/systm.h> 43 #include <sys/endian.h> 44 #include <sys/bus.h> 45 46 #include <netbt/bluetooth.h> 47 #include <netbt/hci.h> 48 #include <netbt/sco.h> 49 50 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *); 51 static void hci_event_command_status(struct hci_unit *, struct mbuf *); 52 static void hci_event_command_compl(struct hci_unit *, struct mbuf *); 53 static void hci_event_con_compl(struct hci_unit *, struct mbuf *); 54 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *); 55 static void hci_event_con_req(struct hci_unit *, struct mbuf *); 56 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *); 57 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *); 58 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *); 59 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *); 60 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *); 61 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *); 62 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *); 63 static void hci_cmd_reset(struct hci_unit *, struct mbuf *); 64 65 #ifdef BLUETOOTH_DEBUG 66 int bluetooth_debug = BLUETOOTH_DEBUG; 67 68 static const char *hci_eventnames[] = { 69 /* 0x00 */ "NULL", 70 /* 0x01 */ "INQUIRY COMPLETE", 71 /* 0x02 */ "INQUIRY RESULT", 72 /* 0x03 */ "CONN COMPLETE", 73 /* 0x04 */ "CONN REQ", 74 /* 0x05 */ "DISCONN COMPLETE", 75 /* 0x06 */ "AUTH COMPLETE", 76 /* 0x07 */ "REMOTE NAME REQ COMPLETE", 77 /* 0x08 */ "ENCRYPTION CHANGE", 78 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE", 79 /* 0x0a */ "MASTER LINK KEY COMPLETE", 80 /* 0x0b */ "READ REMOTE FEATURES COMPLETE", 81 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE", 82 /* 0x0d */ "QoS SETUP COMPLETE", 83 /* 0x0e */ "COMMAND COMPLETE", 84 /* 0x0f */ "COMMAND STATUS", 85 /* 0x10 */ "HARDWARE ERROR", 86 /* 0x11 */ "FLUSH OCCUR", 87 /* 0x12 */ "ROLE CHANGE", 88 /* 0x13 */ "NUM COMPLETED PACKETS", 89 /* 0x14 */ "MODE CHANGE", 90 /* 0x15 */ "RETURN LINK KEYS", 91 /* 0x16 */ "PIN CODE REQ", 92 /* 0x17 */ "LINK KEY REQ", 93 /* 0x18 */ "LINK KEY NOTIFICATION", 94 /* 0x19 */ "LOOPBACK COMMAND", 95 /* 0x1a */ "DATA BUFFER OVERFLOW", 96 /* 0x1b */ "MAX SLOT CHANGE", 97 /* 0x1c */ "READ CLOCK OFFSET COMPLETE", 98 /* 0x1d */ "CONN PKT TYPE CHANGED", 99 /* 0x1e */ "QOS VIOLATION", 100 /* 0x1f */ "PAGE SCAN MODE CHANGE", 101 /* 0x20 */ "PAGE SCAN REP MODE CHANGE", 102 /* 0x21 */ "FLOW SPECIFICATION COMPLETE", 103 /* 0x22 */ "RSSI RESULT", 104 /* 0x23 */ "READ REMOTE EXT FEATURES" 105 }; 106 107 static const char * 108 hci_eventstr(unsigned int event) 109 { 110 111 if (event < (sizeof(hci_eventnames) / sizeof(*hci_eventnames))) 112 return hci_eventnames[event]; 113 114 switch (event) { 115 case HCI_EVENT_SCO_CON_COMPL: /* 0x2c */ 116 return "SCO CON COMPLETE"; 117 118 case HCI_EVENT_SCO_CON_CHANGED: /* 0x2d */ 119 return "SCO CON CHANGED"; 120 121 case HCI_EVENT_BT_LOGO: /* 0xfe */ 122 return "BT_LOGO"; 123 124 case HCI_EVENT_VENDOR: /* 0xff */ 125 return "VENDOR"; 126 } 127 128 return "UNRECOGNISED"; 129 } 130 #endif /* BLUETOOTH_DEBUG */ 131 132 /* 133 * process HCI Events 134 * 135 * We will free the mbuf at the end, no need for any sub 136 * functions to handle that. We kind of assume that the 137 * device sends us valid events. 138 * XXX "kind of"? This needs to be fixed. 139 */ 140 void 141 hci_event(struct mbuf *m, struct hci_unit *unit) 142 { 143 hci_event_hdr_t hdr; 144 145 KKASSERT(m->m_flags & M_PKTHDR); 146 147 KKASSERT(m->m_pkthdr.len >= sizeof(hdr)); 148 m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr); 149 m_adj(m, sizeof(hdr)); 150 151 KKASSERT(hdr.type == HCI_EVENT_PKT); 152 153 DPRINTFN(1, "(%s) event %s\n", unit->hci_devname, hci_eventstr(hdr.event)); 154 155 switch(hdr.event) { 156 case HCI_EVENT_COMMAND_STATUS: 157 hci_event_command_status(unit, m); 158 break; 159 160 case HCI_EVENT_COMMAND_COMPL: 161 hci_event_command_compl(unit, m); 162 break; 163 164 case HCI_EVENT_NUM_COMPL_PKTS: 165 hci_event_num_compl_pkts(unit, m); 166 break; 167 168 case HCI_EVENT_INQUIRY_RESULT: 169 hci_event_inquiry_result(unit, m); 170 break; 171 172 case HCI_EVENT_CON_COMPL: 173 hci_event_con_compl(unit, m); 174 break; 175 176 case HCI_EVENT_DISCON_COMPL: 177 hci_event_discon_compl(unit, m); 178 break; 179 180 case HCI_EVENT_CON_REQ: 181 hci_event_con_req(unit, m); 182 break; 183 184 case HCI_EVENT_AUTH_COMPL: 185 hci_event_auth_compl(unit, m); 186 break; 187 188 case HCI_EVENT_ENCRYPTION_CHANGE: 189 hci_event_encryption_change(unit, m); 190 break; 191 192 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL: 193 hci_event_change_con_link_key_compl(unit, m); 194 break; 195 196 case HCI_EVENT_SCO_CON_COMPL: 197 case HCI_EVENT_INQUIRY_COMPL: 198 case HCI_EVENT_REMOTE_NAME_REQ_COMPL: 199 case HCI_EVENT_MASTER_LINK_KEY_COMPL: 200 case HCI_EVENT_READ_REMOTE_FEATURES_COMPL: 201 case HCI_EVENT_READ_REMOTE_VER_INFO_COMPL: 202 case HCI_EVENT_QOS_SETUP_COMPL: 203 case HCI_EVENT_HARDWARE_ERROR: 204 case HCI_EVENT_FLUSH_OCCUR: 205 case HCI_EVENT_ROLE_CHANGE: 206 case HCI_EVENT_MODE_CHANGE: 207 case HCI_EVENT_RETURN_LINK_KEYS: 208 case HCI_EVENT_PIN_CODE_REQ: 209 case HCI_EVENT_LINK_KEY_REQ: 210 case HCI_EVENT_LINK_KEY_NOTIFICATION: 211 case HCI_EVENT_LOOPBACK_COMMAND: 212 case HCI_EVENT_DATA_BUFFER_OVERFLOW: 213 case HCI_EVENT_MAX_SLOT_CHANGE: 214 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL: 215 case HCI_EVENT_CON_PKT_TYPE_CHANGED: 216 case HCI_EVENT_QOS_VIOLATION: 217 case HCI_EVENT_PAGE_SCAN_MODE_CHANGE: 218 case HCI_EVENT_PAGE_SCAN_REP_MODE_CHANGE: 219 case HCI_EVENT_FLOW_SPECIFICATION_COMPL: 220 case HCI_EVENT_RSSI_RESULT: 221 case HCI_EVENT_READ_REMOTE_EXTENDED_FEATURES: 222 case HCI_EVENT_SCO_CON_CHANGED: 223 case HCI_EVENT_BT_LOGO: 224 case HCI_EVENT_VENDOR: 225 break; 226 227 default: 228 UNKNOWN(hdr.event); 229 break; 230 } 231 232 m_freem(m); 233 } 234 235 /* 236 * Command Status 237 * 238 * Update our record of num_cmd_pkts then post-process any pending commands 239 * and optionally restart cmd output on the unit. 240 */ 241 static void 242 hci_event_command_status(struct hci_unit *unit, struct mbuf *m) 243 { 244 hci_command_status_ep ep; 245 struct hci_link *link; 246 247 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 248 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 249 m_adj(m, sizeof(ep)); 250 251 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n", 252 unit->hci_devname, 253 HCI_OGF(letoh16(ep.opcode)), HCI_OCF(letoh16(ep.opcode)), 254 ep.status, 255 ep.num_cmd_pkts); 256 257 unit->hci_num_cmd_pkts = ep.num_cmd_pkts; 258 259 /* 260 * post processing of pending commands 261 */ 262 switch(letoh16(ep.opcode)) { 263 case HCI_CMD_CREATE_CON: 264 switch (ep.status) { 265 case 0x12: /* Invalid HCI command parameters */ 266 DPRINTF("(%s) Invalid HCI command parameters\n", 267 unit->hci_devname); 268 while ((link = hci_link_lookup_state(unit, 269 HCI_LINK_ACL, HCI_LINK_WAIT_CONNECT)) != NULL) 270 hci_link_free(link, ECONNABORTED); 271 break; 272 } 273 break; 274 default: 275 break; 276 } 277 278 while (unit->hci_num_cmd_pkts > 0 && !IF_QEMPTY(&unit->hci_cmdwait)) { 279 IF_DEQUEUE(&unit->hci_cmdwait, m); 280 hci_output_cmd(unit, m); 281 } 282 } 283 284 /* 285 * Command Complete 286 * 287 * Update our record of num_cmd_pkts then handle the completed command, 288 * and optionally restart cmd output on the unit. 289 */ 290 static void 291 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m) 292 { 293 hci_command_compl_ep ep; 294 295 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 296 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 297 m_adj(m, sizeof(ep)); 298 299 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n", 300 unit->hci_devname, 301 HCI_OGF(letoh16(ep.opcode)), HCI_OCF(letoh16(ep.opcode)), 302 ep.num_cmd_pkts); 303 304 unit->hci_num_cmd_pkts = ep.num_cmd_pkts; 305 306 /* 307 * post processing of completed commands 308 */ 309 switch(letoh16(ep.opcode)) { 310 case HCI_CMD_READ_BDADDR: 311 hci_cmd_read_bdaddr(unit, m); 312 break; 313 314 case HCI_CMD_READ_BUFFER_SIZE: 315 hci_cmd_read_buffer_size(unit, m); 316 break; 317 318 case HCI_CMD_READ_LOCAL_FEATURES: 319 hci_cmd_read_local_features(unit, m); 320 break; 321 322 case HCI_CMD_RESET: 323 hci_cmd_reset(unit, m); 324 break; 325 326 default: 327 break; 328 } 329 330 while (unit->hci_num_cmd_pkts > 0 && !IF_QEMPTY(&unit->hci_cmdwait)) { 331 IF_DEQUEUE(&unit->hci_cmdwait, m); 332 hci_output_cmd(unit, m); 333 } 334 } 335 336 /* 337 * Number of Completed Packets 338 * 339 * This is sent periodically by the Controller telling us how many 340 * buffers are now freed up and which handle was using them. From 341 * this we determine which type of buffer it was and add the qty 342 * back into the relevant packet counter, then restart output on 343 * links that have halted. 344 */ 345 static void 346 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m) 347 { 348 hci_num_compl_pkts_ep ep; 349 struct hci_link *link, *next; 350 uint16_t handle, num; 351 int num_acl = 0, num_sco = 0; 352 353 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 354 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 355 m_adj(m, sizeof(ep)); 356 357 while (ep.num_con_handles--) { 358 m_copydata(m, 0, sizeof(handle), (caddr_t)&handle); 359 m_adj(m, sizeof(handle)); 360 handle = letoh16(handle); 361 362 m_copydata(m, 0, sizeof(num), (caddr_t)&num); 363 m_adj(m, sizeof(num)); 364 num = letoh16(num); 365 366 link = hci_link_lookup_handle(unit, handle); 367 if (link) { 368 if (link->hl_type == HCI_LINK_ACL) { 369 num_acl += num; 370 hci_acl_complete(link, num); 371 } else { 372 num_sco += num; 373 hci_sco_complete(link, num); 374 } 375 } else { 376 /* XXX need to issue Read_Buffer_Size or Reset? */ 377 kprintf("%s: unknown handle %d! " 378 "(losing track of %d packet buffer%s)\n", 379 unit->hci_devname, handle, 380 num, (num == 1 ? "" : "s")); 381 } 382 } 383 384 /* 385 * Move up any queued packets. When a link has sent data, it will move 386 * to the back of the queue - technically then if a link had something 387 * to send and there were still buffers available it could get started 388 * twice but it seemed more important to to handle higher loads fairly 389 * than worry about wasting cycles when we are not busy. 390 */ 391 392 unit->hci_num_acl_pkts += num_acl; 393 unit->hci_num_sco_pkts += num_sco; 394 395 link = TAILQ_FIRST(&unit->hci_links); 396 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) { 397 next = TAILQ_NEXT(link, hl_next); 398 399 if (link->hl_type == HCI_LINK_ACL) { 400 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0) 401 hci_acl_start(link); 402 } else { 403 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0) 404 hci_sco_start(link); 405 } 406 407 link = next; 408 } 409 } 410 411 /* 412 * Inquiry Result 413 * 414 * keep a note of devices seen, so we know which unit to use 415 * on outgoing connections 416 */ 417 static void 418 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m) 419 { 420 hci_inquiry_result_ep ep; 421 struct hci_memo *memo; 422 bdaddr_t bdaddr; 423 424 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 425 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 426 m_adj(m, sizeof(ep)); 427 428 DPRINTFN(1, "%d response%s\n", ep.num_responses, 429 (ep.num_responses == 1 ? "" : "s")); 430 431 while(ep.num_responses--) { 432 m_copydata(m, 0, sizeof(bdaddr_t), (caddr_t)&bdaddr); 433 434 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 435 bdaddr.b[5], bdaddr.b[4], bdaddr.b[3], 436 bdaddr.b[2], bdaddr.b[1], bdaddr.b[0]); 437 438 memo = hci_memo_find(unit, &bdaddr); 439 if (memo == NULL) { 440 memo = kmalloc(sizeof(*memo), M_BLUETOOTH, 441 M_NOWAIT | M_ZERO); 442 if (memo == NULL) { 443 DPRINTFN(0, "out of memo memory!\n"); 444 break; 445 } 446 447 LIST_INSERT_HEAD(&unit->hci_memos, memo, next); 448 } 449 450 microtime(&memo->time); 451 m_copydata(m, 0, sizeof(hci_inquiry_response), 452 (caddr_t)&memo->response); 453 m_adj(m, sizeof(hci_inquiry_response)); 454 455 memo->response.clock_offset = 456 letoh16(memo->response.clock_offset); 457 } 458 } 459 460 /* 461 * Connection Complete 462 * 463 * Sent to us when a connection is made. If there is no link 464 * structure already allocated for this, we must have changed 465 * our mind, so just disconnect. 466 */ 467 static void 468 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m) 469 { 470 hci_con_compl_ep ep; 471 hci_write_link_policy_settings_cp cp; 472 struct hci_link *link; 473 int err; 474 475 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 476 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 477 m_adj(m, sizeof(ep)); 478 479 DPRINTFN(1, "(%s) %s connection complete for " 480 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n", 481 unit->hci_devname, 482 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"), 483 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 484 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 485 ep.status); 486 487 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type); 488 489 if (ep.status) { 490 if (link != NULL) { 491 switch (ep.status) { 492 case 0x04: /* "Page Timeout" */ 493 err = EHOSTDOWN; 494 break; 495 496 case 0x08: /* "Connection Timed Out" */ 497 case 0x10: /* "Connection Accept Timeout Exceeded" */ 498 err = ETIMEDOUT; 499 break; 500 501 case 0x16: /* "Connection Terminated by Local Host" */ 502 err = 0; 503 break; 504 505 default: 506 err = ECONNREFUSED; 507 break; 508 } 509 510 hci_link_free(link, err); 511 } 512 513 return; 514 } 515 516 if (link == NULL) { 517 hci_discon_cp dp; 518 519 dp.con_handle = ep.con_handle; 520 dp.reason = 0x13; /* "Remote User Terminated Connection" */ 521 522 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp)); 523 return; 524 } 525 526 /* XXX could check auth_enable here */ 527 528 if (ep.encryption_mode) 529 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 530 531 link->hl_state = HCI_LINK_OPEN; 532 link->hl_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 533 534 if (ep.link_type == HCI_LINK_ACL) { 535 cp.con_handle = ep.con_handle; 536 cp.settings = htole16(unit->hci_link_policy); 537 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS, 538 &cp, sizeof(cp)); 539 if (err) 540 kprintf("%s: Warning, could not write link policy\n", 541 unit->hci_devname); 542 543 err = hci_acl_setmode(link); 544 if (err == EINPROGRESS) 545 return; 546 547 hci_acl_linkmode(link); 548 } else { 549 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper); 550 } 551 } 552 553 /* 554 * Disconnection Complete 555 * 556 * This is sent in response to a disconnection request, but also if 557 * the remote device goes out of range. 558 */ 559 static void 560 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m) 561 { 562 hci_discon_compl_ep ep; 563 struct hci_link *link; 564 565 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 566 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 567 m_adj(m, sizeof(ep)); 568 569 ep.con_handle = letoh16(ep.con_handle); 570 571 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 572 573 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle)); 574 if (link) 575 hci_link_free(link, ENOENT); /* XXX NetBSD used ENOLINK here */ 576 } 577 578 /* 579 * Connect Request 580 * 581 * We check upstream for appropriate listeners and accept connections 582 * that are wanted. 583 */ 584 static void 585 hci_event_con_req(struct hci_unit *unit, struct mbuf *m) 586 { 587 hci_con_req_ep ep; 588 hci_accept_con_cp ap; 589 hci_reject_con_cp rp; 590 struct hci_link *link; 591 592 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 593 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 594 m_adj(m, sizeof(ep)); 595 596 DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x " 597 "class %2.2x%2.2x%2.2x type %s\n", 598 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 599 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 600 ep.uclass[0], ep.uclass[1], ep.uclass[2], 601 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"); 602 603 if (ep.link_type == HCI_LINK_ACL) 604 link = hci_acl_newconn(unit, &ep.bdaddr); 605 else 606 link = hci_sco_newconn(unit, &ep.bdaddr); 607 608 if (link == NULL) { 609 memset(&rp, 0, sizeof(rp)); 610 bdaddr_copy(&rp.bdaddr, &ep.bdaddr); 611 rp.reason = 0x0f; /* Unacceptable BD_ADDR */ 612 613 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp)); 614 } else { 615 memset(&ap, 0, sizeof(ap)); 616 bdaddr_copy(&ap.bdaddr, &ep.bdaddr); 617 if (unit->hci_link_policy & HCI_LINK_POLICY_ENABLE_ROLE_SWITCH) 618 ap.role = HCI_ROLE_MASTER; 619 else 620 ap.role = HCI_ROLE_SLAVE; 621 622 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap)); 623 } 624 } 625 626 /* 627 * Auth Complete 628 * 629 * Authentication has been completed on an ACL link. We can notify the 630 * upper layer protocols unless further mode changes are pending. 631 */ 632 static void 633 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m) 634 { 635 hci_auth_compl_ep ep; 636 struct hci_link *link; 637 int err; 638 639 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 640 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 641 m_adj(m, sizeof(ep)); 642 643 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 644 645 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 646 647 link = hci_link_lookup_handle(unit, ep.con_handle); 648 if (link == NULL || link->hl_type != HCI_LINK_ACL) 649 return; 650 651 if (ep.status == 0) { 652 link->hl_flags |= HCI_LINK_AUTH; 653 654 if (link->hl_state == HCI_LINK_WAIT_AUTH) 655 link->hl_state = HCI_LINK_OPEN; 656 657 err = hci_acl_setmode(link); 658 if (err == EINPROGRESS) 659 return; 660 } 661 662 hci_acl_linkmode(link); 663 } 664 665 /* 666 * Encryption Change 667 * 668 * The encryption status has changed. Basically, we note the change 669 * then notify the upper layer protocol unless further mode changes 670 * are pending. 671 * Note that if encryption gets disabled when it has been requested, 672 * we will attempt to enable it again.. (its a feature not a bug :) 673 */ 674 static void 675 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m) 676 { 677 hci_encryption_change_ep ep; 678 struct hci_link *link; 679 int err; 680 681 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 682 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 683 m_adj(m, sizeof(ep)); 684 685 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 686 687 DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n", 688 ep.con_handle, ep.status, ep.encryption_enable); 689 690 link = hci_link_lookup_handle(unit, ep.con_handle); 691 if (link == NULL || link->hl_type != HCI_LINK_ACL) 692 return; 693 694 if (ep.status == 0) { 695 if (ep.encryption_enable == 0) 696 link->hl_flags &= ~HCI_LINK_ENCRYPT; 697 else 698 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 699 700 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT) 701 link->hl_state = HCI_LINK_OPEN; 702 703 err = hci_acl_setmode(link); 704 if (err == EINPROGRESS) 705 return; 706 } 707 708 hci_acl_linkmode(link); 709 } 710 711 /* 712 * Change Connection Link Key Complete 713 * 714 * Link keys are handled in userland but if we are waiting to secure 715 * this link, we should notify the upper protocols. A SECURE request 716 * only needs a single key change, so we can cancel the request. 717 */ 718 static void 719 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m) 720 { 721 hci_change_con_link_key_compl_ep ep; 722 struct hci_link *link; 723 int err; 724 725 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 726 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 727 m_adj(m, sizeof(ep)); 728 729 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 730 731 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 732 733 link = hci_link_lookup_handle(unit, ep.con_handle); 734 if (link == NULL || link->hl_type != HCI_LINK_ACL) 735 return; 736 737 link->hl_flags &= ~HCI_LINK_SECURE_REQ; 738 739 if (ep.status == 0) { 740 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE); 741 742 if (link->hl_state == HCI_LINK_WAIT_SECURE) 743 link->hl_state = HCI_LINK_OPEN; 744 745 err = hci_acl_setmode(link); 746 if (err == EINPROGRESS) 747 return; 748 } 749 750 hci_acl_linkmode(link); 751 } 752 753 /* 754 * process results of read_bdaddr command_complete event 755 */ 756 static void 757 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m) 758 { 759 hci_read_bdaddr_rp rp; 760 761 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 762 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 763 m_adj(m, sizeof(rp)); 764 765 if (rp.status > 0) 766 return; 767 768 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0) 769 return; 770 771 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr); 772 773 crit_enter(); 774 unit->hci_flags &= ~BTF_INIT_BDADDR; 775 crit_exit(); 776 777 wakeup(unit); 778 } 779 780 /* 781 * process results of read_buffer_size command_complete event 782 */ 783 static void 784 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m) 785 { 786 hci_read_buffer_size_rp rp; 787 788 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 789 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 790 m_adj(m, sizeof(rp)); 791 792 if (rp.status > 0) 793 return; 794 795 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0) 796 return; 797 798 unit->hci_max_acl_size = letoh16(rp.max_acl_size); 799 unit->hci_num_acl_pkts = letoh16(rp.num_acl_pkts); 800 unit->hci_max_sco_size = rp.max_sco_size; 801 unit->hci_num_sco_pkts = letoh16(rp.num_sco_pkts); 802 803 crit_enter(); 804 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE; 805 crit_exit(); 806 807 wakeup(unit); 808 } 809 810 /* 811 * process results of read_local_features command_complete event 812 */ 813 static void 814 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m) 815 { 816 hci_read_local_features_rp rp; 817 818 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 819 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 820 m_adj(m, sizeof(rp)); 821 822 if (rp.status > 0) 823 return; 824 825 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 826 return; 827 828 unit->hci_lmp_mask = 0; 829 830 if (rp.features[0] & HCI_LMP_ROLE_SWITCH) 831 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH; 832 833 if (rp.features[0] & HCI_LMP_HOLD_MODE) 834 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE; 835 836 if (rp.features[0] & HCI_LMP_SNIFF_MODE) 837 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE; 838 839 if (rp.features[1] & HCI_LMP_PARK_MODE) 840 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE; 841 842 /* ACL packet mask */ 843 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1; 844 845 if (rp.features[0] & HCI_LMP_3SLOT) 846 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3; 847 848 if (rp.features[0] & HCI_LMP_5SLOT) 849 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5; 850 851 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0) 852 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1 853 | HCI_PKT_2MBPS_DH3 854 | HCI_PKT_2MBPS_DH5; 855 856 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0) 857 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1 858 | HCI_PKT_3MBPS_DH3 859 | HCI_PKT_3MBPS_DH5; 860 861 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0) 862 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3 863 | HCI_PKT_3MBPS_DH3; 864 865 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0) 866 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5 867 | HCI_PKT_3MBPS_DH5; 868 869 unit->hci_packet_type = unit->hci_acl_mask; 870 871 /* SCO packet mask */ 872 unit->hci_sco_mask = 0; 873 if (rp.features[1] & HCI_LMP_SCO_LINK) 874 unit->hci_sco_mask |= HCI_PKT_HV1; 875 876 if (rp.features[1] & HCI_LMP_HV2_PKT) 877 unit->hci_sco_mask |= HCI_PKT_HV2; 878 879 if (rp.features[1] & HCI_LMP_HV3_PKT) 880 unit->hci_sco_mask |= HCI_PKT_HV3; 881 882 if (rp.features[3] & HCI_LMP_EV3_PKT) 883 unit->hci_sco_mask |= HCI_PKT_EV3; 884 885 if (rp.features[4] & HCI_LMP_EV4_PKT) 886 unit->hci_sco_mask |= HCI_PKT_EV4; 887 888 if (rp.features[4] & HCI_LMP_EV5_PKT) 889 unit->hci_sco_mask |= HCI_PKT_EV5; 890 891 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */ 892 893 crit_enter(); 894 unit->hci_flags &= ~BTF_INIT_FEATURES; 895 crit_exit(); 896 897 wakeup(unit); 898 899 DPRINTFN(1, "%s: lmp_mask %4.4x, acl_mask %4.4x, sco_mask %4.4x\n", 900 unit->hci_devname, unit->hci_lmp_mask, 901 unit->hci_acl_mask, unit->hci_sco_mask); 902 } 903 904 /* 905 * process results of reset command_complete event 906 * 907 * This has killed all the connections, so close down anything we have left, 908 * and reinitialise the unit. 909 */ 910 static void 911 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m) 912 { 913 hci_reset_rp rp; 914 struct hci_link *link, *next; 915 int acl; 916 917 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 918 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 919 m_adj(m, sizeof(rp)); 920 921 if (rp.status != 0) 922 return; 923 924 /* 925 * release SCO links first, since they may be holding 926 * an ACL link reference. 927 */ 928 for (acl = 0 ; acl < 2 ; acl++) { 929 next = TAILQ_FIRST(&unit->hci_links); 930 while ((link = next) != NULL) { 931 next = TAILQ_NEXT(link, hl_next); 932 if (acl || link->hl_type != HCI_LINK_ACL) 933 hci_link_free(link, ECONNABORTED); 934 } 935 } 936 937 unit->hci_num_acl_pkts = 0; 938 unit->hci_num_sco_pkts = 0; 939 940 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0)) 941 return; 942 943 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0)) 944 return; 945 946 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0)) 947 return; 948 } 949