1 /* $OpenBSD: hci_socket.c,v 1.4 2007/09/17 01:33:33 krw Exp $ */ 2 /* $NetBSD: hci_socket.c,v 1.10 2007/03/31 18:17:13 plunky Exp $ */ 3 /* $DragonFly: src/sys/netbt/hci_socket.c,v 1.1 2007/12/30 20:02:56 hasso Exp $ */ 4 5 /*- 6 * Copyright (c) 2005 Iain Hibbert. 7 * Copyright (c) 2006 Itronix Inc. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of Itronix Inc. may not be used to endorse 19 * or promote products derived from this software without specific 20 * prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 25 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 26 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 27 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 29 * ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32 * POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <sys/cdefs.h> 36 37 /* load symbolic names */ 38 #ifdef BLUETOOTH_DEBUG 39 #define PRUREQUESTS 40 #define PRCOREQUESTS 41 #endif 42 43 #include <sys/param.h> 44 #include <sys/domain.h> 45 #include <sys/kernel.h> 46 #include <sys/mbuf.h> 47 #include <sys/proc.h> 48 #include <sys/protosw.h> 49 #include <sys/socket.h> 50 #include <sys/socketvar.h> 51 #include <sys/systm.h> 52 #include <sys/endian.h> 53 #include <net/if.h> 54 #include <net/if_var.h> 55 #include <sys/sysctl.h> 56 #include <sys/thread2.h> 57 58 #include <netbt/bluetooth.h> 59 #include <netbt/hci.h> 60 61 /******************************************************************************* 62 * 63 * HCI SOCK_RAW Sockets - for control of Bluetooth Devices 64 * 65 */ 66 67 /* 68 * the raw HCI protocol control block 69 */ 70 struct hci_pcb { 71 struct socket *hp_socket; /* socket */ 72 unsigned int hp_flags; /* flags */ 73 bdaddr_t hp_laddr; /* local address */ 74 bdaddr_t hp_raddr; /* remote address */ 75 struct hci_filter hp_efilter; /* user event filter */ 76 struct hci_filter hp_pfilter; /* user packet filter */ 77 LIST_ENTRY(hci_pcb) hp_next; /* next HCI pcb */ 78 }; 79 80 /* hp_flags */ 81 #define HCI_PRIVILEGED (1<<0) /* no security filter for root */ 82 #define HCI_DIRECTION (1<<1) /* direction control messages */ 83 #define HCI_PROMISCUOUS (1<<2) /* listen to all units */ 84 85 LIST_HEAD(hci_pcb_list, hci_pcb) hci_pcb = LIST_HEAD_INITIALIZER(hci_pcb); 86 87 /* sysctl defaults */ 88 int hci_sendspace = HCI_CMD_PKT_SIZE; 89 int hci_recvspace = 4096; 90 91 extern struct pr_usrreqs hci_usrreqs; 92 93 /* Prototypes for usrreqs methods. */ 94 static int hci_sabort (struct socket *so); 95 static int hci_sdetach(struct socket *so); 96 static int hci_sdisconnect (struct socket *so); 97 static int hci_scontrol (struct socket *so, u_long cmd, caddr_t data, 98 struct ifnet *ifp, struct thread *td); 99 static int hci_sattach (struct socket *so, int proto, 100 struct pru_attach_info *ai); 101 static int hci_sbind (struct socket *so, struct sockaddr *nam, 102 struct thread *td); 103 static int hci_sconnect (struct socket *so, struct sockaddr *nam, 104 struct thread *td); 105 static int hci_speeraddr (struct socket *so, struct sockaddr **nam); 106 static int hci_ssockaddr (struct socket *so, struct sockaddr **nam); 107 static int hci_sshutdown (struct socket *so); 108 static int hci_ssend (struct socket *so, int flags, struct mbuf *m, 109 struct sockaddr *addr, struct mbuf *control, 110 struct thread *td); 111 112 /* 113 * Security filter routines for unprivileged users. 114 * Allow all but a few critical events, and only permit read commands. 115 */ 116 117 static int 118 hci_security_check_opcode(uint16_t opcode) 119 { 120 121 switch (opcode) { 122 /* Link control */ 123 case HCI_CMD_INQUIRY: 124 return sizeof(hci_inquiry_cp); 125 case HCI_CMD_REMOTE_NAME_REQ: 126 return sizeof(hci_remote_name_req_cp); 127 case HCI_CMD_READ_REMOTE_FEATURES: 128 return sizeof(hci_read_remote_features_cp); 129 case HCI_CMD_READ_REMOTE_EXTENDED_FEATURES: 130 return sizeof(hci_read_remote_extended_features_cp); 131 case HCI_CMD_READ_REMOTE_VER_INFO: 132 return sizeof(hci_read_remote_ver_info_cp); 133 case HCI_CMD_READ_CLOCK_OFFSET: 134 return sizeof(hci_read_clock_offset_cp); 135 case HCI_CMD_READ_LMP_HANDLE: 136 return sizeof(hci_read_lmp_handle_cp); 137 138 /* Link policy */ 139 case HCI_CMD_ROLE_DISCOVERY: 140 return sizeof(hci_role_discovery_cp); 141 case HCI_CMD_READ_LINK_POLICY_SETTINGS: 142 return sizeof(hci_read_link_policy_settings_cp); 143 case HCI_CMD_READ_DEFAULT_LINK_POLICY_SETTINGS: 144 return 0; /* No command parameters */ 145 146 /* Host controller and baseband */ 147 case HCI_CMD_READ_PIN_TYPE: 148 case HCI_CMD_READ_LOCAL_NAME: 149 case HCI_CMD_READ_CON_ACCEPT_TIMEOUT: 150 case HCI_CMD_READ_PAGE_TIMEOUT: 151 case HCI_CMD_READ_SCAN_ENABLE: 152 case HCI_CMD_READ_PAGE_SCAN_ACTIVITY: 153 case HCI_CMD_READ_INQUIRY_SCAN_ACTIVITY: 154 case HCI_CMD_READ_AUTH_ENABLE: 155 case HCI_CMD_READ_ENCRYPTION_MODE: 156 case HCI_CMD_READ_UNIT_CLASS: 157 case HCI_CMD_READ_VOICE_SETTING: 158 return 0; /* No command parameters */ 159 case HCI_CMD_READ_AUTO_FLUSH_TIMEOUT: 160 return sizeof(hci_read_auto_flush_timeout_cp); 161 case HCI_CMD_READ_NUM_BROADCAST_RETRANS: 162 case HCI_CMD_READ_HOLD_MODE_ACTIVITY: 163 return 0; /* No command parameters */ 164 case HCI_CMD_READ_XMIT_LEVEL: 165 return sizeof(hci_read_xmit_level_cp); 166 case HCI_CMD_READ_SCO_FLOW_CONTROL: 167 return 0; /* No command parameters */ 168 case HCI_CMD_READ_LINK_SUPERVISION_TIMEOUT: 169 return sizeof(hci_read_link_supervision_timeout_cp); 170 case HCI_CMD_READ_NUM_SUPPORTED_IAC: 171 case HCI_CMD_READ_IAC_LAP: 172 case HCI_CMD_READ_PAGE_SCAN_PERIOD: 173 case HCI_CMD_READ_PAGE_SCAN: 174 case HCI_CMD_READ_INQUIRY_SCAN_TYPE: 175 case HCI_CMD_READ_INQUIRY_MODE: 176 case HCI_CMD_READ_PAGE_SCAN_TYPE: 177 case HCI_CMD_READ_AFH_ASSESSMENT: 178 return 0; /* No command parameters */ 179 180 /* Informational */ 181 case HCI_CMD_READ_LOCAL_VER: 182 case HCI_CMD_READ_LOCAL_COMMANDS: 183 case HCI_CMD_READ_LOCAL_FEATURES: 184 return 0; /* No command parameters */ 185 case HCI_CMD_READ_LOCAL_EXTENDED_FEATURES: 186 return sizeof(hci_read_local_extended_features_cp); 187 case HCI_CMD_READ_BUFFER_SIZE: 188 case HCI_CMD_READ_COUNTRY_CODE: 189 case HCI_CMD_READ_BDADDR: 190 return 0; /* No command parameters */ 191 192 /* Status */ 193 case HCI_CMD_READ_FAILED_CONTACT_CNTR: 194 return sizeof(hci_read_failed_contact_cntr_cp); 195 case HCI_CMD_READ_LINK_QUALITY: 196 return sizeof(hci_read_link_quality_cp); 197 case HCI_CMD_READ_RSSI: 198 return sizeof(hci_read_rssi_cp); 199 case HCI_CMD_READ_AFH_CHANNEL_MAP: 200 return sizeof(hci_read_afh_channel_map_cp); 201 case HCI_CMD_READ_CLOCK: 202 return sizeof(hci_read_clock_cp); 203 204 /* Testing */ 205 case HCI_CMD_READ_LOOPBACK_MODE: 206 return 0; /* No command parameters */ 207 } 208 209 return -1; /* disallowed */ 210 } 211 212 static int 213 hci_security_check_event(uint8_t event) 214 { 215 216 switch (event) { 217 case HCI_EVENT_RETURN_LINK_KEYS: 218 case HCI_EVENT_LINK_KEY_NOTIFICATION: 219 case HCI_EVENT_VENDOR: 220 return -1; /* disallowed */ 221 } 222 223 return 0; /* ok */ 224 } 225 226 /* 227 * When command packet reaches the device, we can drop 228 * it from the socket buffer (called from hci_output_acl) 229 */ 230 void 231 hci_drop(void *arg) 232 { 233 struct socket *so = arg; 234 235 sbdroprecord(&so->so_snd.sb); 236 sowwakeup(so); 237 } 238 239 /* 240 * HCI socket is going away and has some pending packets. We let them 241 * go by design, but remove the context pointer as it will be invalid 242 * and we no longer need to be notified. 243 */ 244 static void 245 hci_cmdwait_flush(struct socket *so) 246 { 247 struct hci_unit *unit; 248 struct socket *ctx; 249 struct mbuf *m; 250 251 DPRINTF("flushing %p\n", so); 252 253 TAILQ_FOREACH(unit, &hci_unit_list, hci_next) { 254 IF_POLL(&unit->hci_cmdwait, m); 255 while (m != NULL) { 256 ctx = M_GETCTX(m, struct socket *); 257 if (ctx == so) 258 M_SETCTX(m, NULL); 259 260 m = m->m_nextpkt; 261 } 262 } 263 } 264 265 /* 266 * HCI send packet 267 * This came from userland, so check it out. 268 */ 269 static int 270 hci_send(struct hci_pcb *pcb, struct mbuf *m, bdaddr_t *addr) 271 { 272 struct hci_unit *unit; 273 struct mbuf *m0; 274 hci_cmd_hdr_t hdr; 275 int err; 276 277 KKASSERT(m != NULL); 278 KKASSERT(addr != NULL); 279 280 /* wants at least a header to start with */ 281 if (m->m_pkthdr.len < sizeof(hdr)) { 282 err = EMSGSIZE; 283 goto bad; 284 } 285 m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr); 286 287 /* only allows CMD packets to be sent */ 288 if (hdr.type != HCI_CMD_PKT) { 289 err = EINVAL; 290 goto bad; 291 } 292 293 /* validates packet length */ 294 if (m->m_pkthdr.len != sizeof(hdr) + hdr.length) { 295 err = EMSGSIZE; 296 goto bad; 297 } 298 299 /* security checks for unprivileged users */ 300 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0 301 && hci_security_check_opcode(letoh16(hdr.opcode)) != hdr.length) { 302 err = EPERM; 303 goto bad; 304 } 305 306 /* finds destination */ 307 unit = hci_unit_lookup(addr); 308 if (unit == NULL) { 309 err = ENETDOWN; 310 goto bad; 311 } 312 313 /* makes a copy for precious to keep */ 314 m0 = m_copym(m, 0, M_COPYALL, MB_DONTWAIT); 315 if (m0 == NULL) { 316 err = ENOMEM; 317 goto bad; 318 } 319 sbappendrecord(&pcb->hp_socket->so_snd.sb, m0); 320 M_SETCTX(m, pcb->hp_socket); /* enable drop callback */ 321 322 DPRINTFN(2, "(%s) opcode (%03x|%04x)\n", unit->hci_devname, 323 HCI_OGF(letoh16(hdr.opcode)), HCI_OCF(letoh16(hdr.opcode))); 324 325 /* Sendss it */ 326 if (unit->hci_num_cmd_pkts == 0) { 327 IF_ENQUEUE(&unit->hci_cmdwait, m); 328 } else 329 hci_output_cmd(unit, m); 330 331 return 0; 332 333 bad: 334 DPRINTF("packet (%d bytes) not sent (error %d)\n", 335 m->m_pkthdr.len, err); 336 if (m) m_freem(m); 337 return err; 338 } 339 340 /* 341 * Implementation of usrreqs. 342 */ 343 static int 344 hci_sabort (struct socket *so) 345 { 346 /* struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; */ 347 348 soisdisconnected(so); 349 return hci_sdetach(so); 350 } 351 352 static int 353 hci_sdetach(struct socket *so) 354 { 355 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; 356 357 if (pcb == NULL) 358 return EINVAL; 359 if (so->so_snd.ssb_mb != NULL) 360 hci_cmdwait_flush(so); 361 362 so->so_pcb = NULL; 363 LIST_REMOVE(pcb, hp_next); 364 kfree(pcb, M_PCB); 365 366 return 0; 367 } 368 369 static int 370 hci_sdisconnect (struct socket *so) 371 { 372 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; 373 374 if (pcb==NULL) 375 return EINVAL; 376 377 bdaddr_copy(&pcb->hp_raddr, BDADDR_ANY); 378 /* 379 * XXX We cannot call soisdisconnected() here, as it sets 380 * SS_CANTRCVMORE and SS_CANTSENDMORE. The problem is that 381 * soisconnected() does not clear these and if you try to reconnect 382 * this socket (which is permitted) you get a broken pipe when you 383 * try to write any data. 384 */ 385 so->so_state &= ~SS_ISCONNECTED; 386 387 return 0; 388 } 389 390 static int 391 hci_scontrol (struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp, 392 struct thread *td) 393 { 394 return hci_ioctl(cmd, (void*)data, NULL); 395 } 396 397 static int 398 hci_sattach (struct socket *so, int proto, struct pru_attach_info *ai) 399 { 400 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; 401 int err = 0; 402 403 if (pcb) 404 return EINVAL; 405 406 err = soreserve(so, hci_sendspace, hci_recvspace,NULL); 407 if (err) 408 return err; 409 410 pcb = kmalloc(sizeof *pcb, M_PCB, M_NOWAIT | M_ZERO); 411 if (pcb == NULL) 412 return ENOMEM; 413 414 so->so_pcb = pcb; 415 pcb->hp_socket = so; 416 417 if (curproc == NULL || suser(curthread) == 0) 418 pcb->hp_flags |= HCI_PRIVILEGED; 419 420 /* 421 * Set default user filter. By default, socket only passes 422 * Command_Complete and Command_Status Events. 423 */ 424 hci_filter_set(HCI_EVENT_COMMAND_COMPL, &pcb->hp_efilter); 425 hci_filter_set(HCI_EVENT_COMMAND_STATUS, &pcb->hp_efilter); 426 hci_filter_set(HCI_EVENT_PKT, &pcb->hp_pfilter); 427 428 crit_enter(); 429 LIST_INSERT_HEAD(&hci_pcb, pcb, hp_next); 430 crit_exit(); 431 432 return 0; 433 } 434 435 static int 436 hci_sbind (struct socket *so, struct sockaddr *nam, 437 struct thread *td) 438 { 439 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; 440 struct sockaddr_bt *sa; 441 442 KKASSERT(nam != NULL); 443 sa = (struct sockaddr_bt *)nam; 444 445 if (sa->bt_len != sizeof(struct sockaddr_bt)) 446 return EINVAL; 447 448 if (sa->bt_family != AF_BLUETOOTH) 449 return EAFNOSUPPORT; 450 451 bdaddr_copy(&pcb->hp_laddr, &sa->bt_bdaddr); 452 453 if (bdaddr_any(&sa->bt_bdaddr)) 454 pcb->hp_flags |= HCI_PROMISCUOUS; 455 else 456 pcb->hp_flags &= ~HCI_PROMISCUOUS; 457 458 return 0; 459 } 460 461 static int 462 hci_sconnect (struct socket *so, struct sockaddr *nam, 463 struct thread *td) 464 { 465 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; 466 struct sockaddr_bt *sa; 467 KKASSERT(nam != NULL); 468 sa = (struct sockaddr_bt *)nam; 469 470 if (sa->bt_len != sizeof(struct sockaddr_bt)) 471 return EINVAL; 472 473 if (sa->bt_family != AF_BLUETOOTH) 474 return EAFNOSUPPORT; 475 476 if (hci_unit_lookup(&sa->bt_bdaddr) == NULL) 477 return EADDRNOTAVAIL; 478 479 bdaddr_copy(&pcb->hp_raddr, &sa->bt_bdaddr); 480 soisconnected(so); 481 482 return 0; 483 } 484 485 static int 486 hci_speeraddr (struct socket *so, struct sockaddr **nam) 487 { 488 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; 489 struct sockaddr_bt *sa; 490 491 KKASSERT(nam != NULL); 492 sa = (struct sockaddr_bt *)nam; 493 494 memset(sa, 0, sizeof(struct sockaddr_bt)); 495 sa->bt_len = sizeof(struct sockaddr_bt); 496 sa->bt_family = AF_BLUETOOTH; 497 bdaddr_copy(&sa->bt_bdaddr, &pcb->hp_raddr); 498 499 return 0; 500 } 501 502 static int 503 hci_ssockaddr (struct socket *so, struct sockaddr **nam) 504 { 505 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; 506 struct sockaddr_bt *sa; 507 508 KKASSERT(nam != NULL); 509 sa = (struct sockaddr_bt *)nam; 510 511 memset(sa, 0, sizeof(struct sockaddr_bt)); 512 sa->bt_len = sizeof(struct sockaddr_bt); 513 sa->bt_family = AF_BLUETOOTH; 514 bdaddr_copy(&sa->bt_bdaddr, &pcb->hp_laddr); 515 516 return 0; 517 } 518 519 static int 520 hci_sshutdown (struct socket *so) 521 { 522 socantsendmore(so); 523 return 0; 524 } 525 526 static int 527 hci_ssend (struct socket *so, int flags, struct mbuf *m, 528 struct sockaddr *addr, struct mbuf *control, 529 struct thread *td) 530 { 531 int err = 0; 532 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; 533 struct sockaddr_bt *sa; 534 535 sa = NULL; 536 if (addr) { 537 sa = (struct sockaddr_bt *)addr; 538 539 if (sa->bt_len != sizeof(struct sockaddr_bt)) { 540 err = EINVAL; 541 if (m) m_freem(m); 542 if (control) m_freem(control); 543 return err; 544 } 545 546 if (sa->bt_family != AF_BLUETOOTH) { 547 err = EAFNOSUPPORT; 548 if (m) m_freem(m); 549 if (control) m_freem(control); 550 return err; 551 } 552 } 553 554 if (control) /* have no use for this */ 555 m_freem(control); 556 557 return hci_send(pcb, m, (sa ? &sa->bt_bdaddr : &pcb->hp_raddr)); 558 } 559 560 /* 561 * get/set socket options 562 */ 563 int 564 hci_ctloutput (struct socket *so, struct sockopt *sopt) 565 { 566 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; 567 int idir = 0; 568 int err = 0; 569 570 #ifdef notyet /* XXX */ 571 DPRINTFN(2, "req %s\n", prcorequests[req]); 572 #endif 573 574 if (pcb == NULL) 575 return EINVAL; 576 577 if (sopt->sopt_level != BTPROTO_HCI) 578 return ENOPROTOOPT; 579 580 switch(sopt->sopt_dir) { 581 case PRCO_GETOPT: 582 switch (sopt->sopt_name) { 583 case SO_HCI_EVT_FILTER: 584 err = sooptcopyout(sopt, &pcb->hp_efilter, 585 sizeof(struct hci_filter)); 586 break; 587 588 case SO_HCI_PKT_FILTER: 589 err = sooptcopyout(sopt, &pcb->hp_pfilter, 590 sizeof(struct hci_filter)); 591 break; 592 593 case SO_HCI_DIRECTION: 594 if (pcb->hp_flags & HCI_DIRECTION) 595 idir = 1; 596 else 597 idir = 0; 598 err = sooptcopyout(sopt, &idir, sizeof(int)); 599 break; 600 601 default: 602 err = ENOPROTOOPT; 603 break; 604 } 605 break; 606 607 case PRCO_SETOPT: 608 switch (sopt->sopt_name) { 609 case SO_HCI_EVT_FILTER: /* set event filter */ 610 err = sooptcopyin(sopt, &pcb->hp_efilter, 611 sizeof(struct hci_filter), 612 sizeof(struct hci_filter)); 613 break; 614 615 case SO_HCI_PKT_FILTER: /* set packet filter */ 616 err = sooptcopyin(sopt, &pcb->hp_pfilter, 617 sizeof(struct hci_filter), 618 sizeof(struct hci_filter)); 619 break; 620 621 case SO_HCI_DIRECTION: /* request direction ctl messages */ 622 err = sooptcopyin(sopt, &idir, sizeof(int), 623 sizeof(int)); 624 if (err) break; 625 if (idir) 626 pcb->hp_flags |= HCI_DIRECTION; 627 else 628 pcb->hp_flags &= ~HCI_DIRECTION; 629 break; 630 631 default: 632 err = ENOPROTOOPT; 633 break; 634 } 635 break; 636 637 default: 638 err = ENOPROTOOPT; 639 break; 640 } 641 642 return err; 643 } 644 645 /* 646 * HCI mbuf tap routine 647 * 648 * copy packets to any raw HCI sockets that wish (and are 649 * permitted) to see them 650 */ 651 void 652 hci_mtap(struct mbuf *m, struct hci_unit *unit) 653 { 654 struct hci_pcb *pcb; 655 struct mbuf *m0, *ctlmsg, **ctl; 656 struct sockaddr_bt sa; 657 uint8_t type; 658 uint8_t event; 659 uint16_t opcode; 660 661 KKASSERT(m->m_len >= sizeof(type)); 662 663 type = *mtod(m, uint8_t *); 664 665 memset(&sa, 0, sizeof(sa)); 666 sa.bt_len = sizeof(struct sockaddr_bt); 667 sa.bt_family = AF_BLUETOOTH; 668 bdaddr_copy(&sa.bt_bdaddr, &unit->hci_bdaddr); 669 670 LIST_FOREACH(pcb, &hci_pcb, hp_next) { 671 /* 672 * filter according to source address 673 */ 674 if ((pcb->hp_flags & HCI_PROMISCUOUS) == 0 675 && bdaddr_same(&pcb->hp_laddr, &sa.bt_bdaddr) == 0) 676 continue; 677 678 /* 679 * filter according to packet type filter 680 */ 681 if (hci_filter_test(type, &pcb->hp_pfilter) == 0) 682 continue; 683 684 /* 685 * filter according to event/security filters 686 */ 687 switch(type) { 688 case HCI_EVENT_PKT: 689 KKASSERT(m->m_len >= sizeof(hci_event_hdr_t)); 690 691 event = mtod(m, hci_event_hdr_t *)->event; 692 693 if (hci_filter_test(event, &pcb->hp_efilter) == 0) 694 continue; 695 696 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0 697 && hci_security_check_event(event) == -1) 698 continue; 699 break; 700 701 case HCI_CMD_PKT: 702 KKASSERT(m->m_len >= sizeof(hci_cmd_hdr_t)); 703 704 opcode = letoh16(mtod(m, hci_cmd_hdr_t *)->opcode); 705 706 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0 707 && hci_security_check_opcode(opcode) == -1) 708 continue; 709 break; 710 711 case HCI_ACL_DATA_PKT: 712 case HCI_SCO_DATA_PKT: 713 default: 714 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0) 715 continue; 716 717 break; 718 } 719 720 /* 721 * create control messages 722 */ 723 ctlmsg = NULL; 724 ctl = &ctlmsg; 725 if (pcb->hp_flags & HCI_DIRECTION) { 726 int dir = m->m_flags & IFF_LINK0 ? 1 : 0; 727 728 *ctl = sbcreatecontrol((void *)&dir, sizeof(dir), 729 SCM_HCI_DIRECTION, BTPROTO_HCI); 730 731 if (*ctl != NULL) 732 ctl = &((*ctl)->m_next); 733 } 734 735 /* 736 * copy to socket 737 */ 738 m0 = m_copym(m, 0, M_COPYALL, MB_DONTWAIT); 739 if (m0 && sbappendaddr(&pcb->hp_socket->so_rcv.sb, 740 (struct sockaddr *)&sa, m0, ctlmsg)) { 741 sorwakeup(pcb->hp_socket); 742 } else { 743 m_freem(ctlmsg); 744 m_freem(m0); 745 } 746 } 747 } 748 749 struct pr_usrreqs hci_usrreqs = { 750 .pru_abort = hci_sabort, 751 .pru_accept = pru_accept_notsupp, 752 .pru_attach = hci_sattach, 753 .pru_bind = hci_sbind, 754 .pru_connect = hci_sconnect, 755 .pru_connect2 = pru_connect2_notsupp, 756 .pru_control = hci_scontrol, 757 .pru_detach = hci_sdetach, 758 .pru_disconnect = hci_sdisconnect, 759 .pru_listen = pru_listen_notsupp, 760 .pru_peeraddr = hci_speeraddr, 761 .pru_rcvd = pru_rcvd_notsupp, 762 .pru_rcvoob = pru_rcvoob_notsupp, 763 .pru_send = hci_ssend, 764 .pru_sense = pru_sense_null, 765 .pru_shutdown = hci_sshutdown, 766 .pru_sockaddr = hci_ssockaddr, 767 .pru_sosend = sosend, 768 .pru_soreceive = soreceive, 769 .pru_sopoll = sopoll 770 }; 771