1 /* $NetBSD: hci_event.c,v 1.26 2019/09/28 07:06:33 plunky Exp $ */ 2 3 /*- 4 * Copyright (c) 2005 Iain Hibbert. 5 * Copyright (c) 2006 Itronix Inc. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of Itronix Inc. may not be used to endorse 17 * or promote products derived from this software without specific 18 * prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.26 2019/09/28 07:06:33 plunky Exp $"); 35 36 #include <sys/param.h> 37 #include <sys/kernel.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 #include <sys/proc.h> 41 #include <sys/systm.h> 42 43 #include <netbt/bluetooth.h> 44 #include <netbt/hci.h> 45 #include <netbt/sco.h> 46 47 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *); 48 static void hci_event_rssi_result(struct hci_unit *, struct mbuf *); 49 static void hci_event_extended_result(struct hci_unit *, struct mbuf *); 50 static void hci_event_command_status(struct hci_unit *, struct mbuf *); 51 static void hci_event_command_compl(struct hci_unit *, struct mbuf *); 52 static void hci_event_con_compl(struct hci_unit *, struct mbuf *); 53 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *); 54 static void hci_event_con_req(struct hci_unit *, struct mbuf *); 55 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *); 56 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *); 57 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *); 58 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *); 59 static void hci_event_read_clock_offset_compl(struct hci_unit *, struct mbuf *); 60 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *); 61 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *); 62 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *); 63 static void hci_cmd_read_local_extended_features(struct hci_unit *, struct mbuf *); 64 static void hci_cmd_read_local_ver(struct hci_unit *, struct mbuf *); 65 static void hci_cmd_read_local_commands(struct hci_unit *, struct mbuf *); 66 static void hci_cmd_read_encryption_key_size(struct hci_unit *, struct mbuf *); 67 static void hci_cmd_reset(struct hci_unit *, struct mbuf *); 68 static void hci_cmd_create_con(struct hci_unit *unit, uint8_t status); 69 70 #ifdef BLUETOOTH_DEBUG 71 int bluetooth_debug; 72 73 static const char *hci_eventnames[] = { 74 /* 0x00 */ "NULL", 75 /* 0x01 */ "INQUIRY COMPLETE", 76 /* 0x02 */ "INQUIRY RESULT", 77 /* 0x03 */ "CONN COMPLETE", 78 /* 0x04 */ "CONN REQ", 79 /* 0x05 */ "DISCONN COMPLETE", 80 /* 0x06 */ "AUTH COMPLETE", 81 /* 0x07 */ "REMOTE NAME REQ COMPLETE", 82 /* 0x08 */ "ENCRYPTION CHANGE", 83 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE", 84 /* 0x0a */ "MASTER LINK KEY COMPLETE", 85 /* 0x0b */ "READ REMOTE FEATURES COMPLETE", 86 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE", 87 /* 0x0d */ "QoS SETUP COMPLETE", 88 /* 0x0e */ "COMMAND COMPLETE", 89 /* 0x0f */ "COMMAND STATUS", 90 /* 0x10 */ "HARDWARE ERROR", 91 /* 0x11 */ "FLUSH OCCUR", 92 /* 0x12 */ "ROLE CHANGE", 93 /* 0x13 */ "NUM COMPLETED PACKETS", 94 /* 0x14 */ "MODE CHANGE", 95 /* 0x15 */ "RETURN LINK KEYS", 96 /* 0x16 */ "PIN CODE REQ", 97 /* 0x17 */ "LINK KEY REQ", 98 /* 0x18 */ "LINK KEY NOTIFICATION", 99 /* 0x19 */ "LOOPBACK COMMAND", 100 /* 0x1a */ "DATA BUFFER OVERFLOW", 101 /* 0x1b */ "MAX SLOT CHANGE", 102 /* 0x1c */ "READ CLOCK OFFSET COMPLETE", 103 /* 0x1d */ "CONN PKT TYPE CHANGED", 104 /* 0x1e */ "QOS VIOLATION", 105 /* 0x1f */ "PAGE SCAN MODE CHANGE", 106 /* 0x20 */ "PAGE SCAN REP MODE CHANGE", 107 /* 0x21 */ "FLOW SPECIFICATION COMPLETE", 108 /* 0x22 */ "RSSI RESULT", 109 /* 0x23 */ "READ REMOTE EXT FEATURES", 110 /* 0x24 */ "UNKNOWN", 111 /* 0x25 */ "UNKNOWN", 112 /* 0x26 */ "UNKNOWN", 113 /* 0x27 */ "UNKNOWN", 114 /* 0x28 */ "UNKNOWN", 115 /* 0x29 */ "UNKNOWN", 116 /* 0x2a */ "UNKNOWN", 117 /* 0x2b */ "UNKNOWN", 118 /* 0x2c */ "SCO CON COMPLETE", 119 /* 0x2d */ "SCO CON CHANGED", 120 /* 0x2e */ "SNIFF SUBRATING", 121 /* 0x2f */ "EXTENDED INQUIRY RESULT", 122 /* 0x30 */ "ENCRYPTION KEY REFRESH", 123 /* 0x31 */ "IO CAPABILITY REQUEST", 124 /* 0x32 */ "IO CAPABILITY RESPONSE", 125 /* 0x33 */ "USER CONFIRM REQUEST", 126 /* 0x34 */ "USER PASSKEY REQUEST", 127 /* 0x35 */ "REMOTE OOB DATA REQUEST", 128 /* 0x36 */ "SIMPLE PAIRING COMPLETE", 129 /* 0x37 */ "UNKNOWN", 130 /* 0x38 */ "LINK SUPERVISION TIMEOUT CHANGED", 131 /* 0x39 */ "ENHANCED FLUSH COMPLETE", 132 /* 0x3a */ "UNKNOWN", 133 /* 0x3b */ "USER PASSKEY NOTIFICATION", 134 /* 0x3c */ "KEYPRESS NOTIFICATION", 135 /* 0x3d */ "REMOTE HOST FEATURES NOTIFICATION", 136 }; 137 138 static const char * 139 hci_eventstr(unsigned int event) 140 { 141 142 if (event < __arraycount(hci_eventnames)) 143 return hci_eventnames[event]; 144 145 switch (event) { 146 case HCI_EVENT_BT_LOGO: /* 0xfe */ 147 return "BT_LOGO"; 148 149 case HCI_EVENT_VENDOR: /* 0xff */ 150 return "VENDOR"; 151 } 152 153 return "UNKNOWN"; 154 } 155 #endif /* BLUETOOTH_DEBUG */ 156 157 /* 158 * process HCI Events 159 * 160 * We will free the mbuf at the end, no need for any sub 161 * functions to handle that. 162 */ 163 void 164 hci_event(struct mbuf *m, struct hci_unit *unit) 165 { 166 hci_event_hdr_t hdr; 167 168 KASSERT(m->m_flags & M_PKTHDR); 169 170 if (m->m_pkthdr.len < sizeof(hdr)) 171 goto done; 172 173 m_copydata(m, 0, sizeof(hdr), &hdr); 174 m_adj(m, sizeof(hdr)); 175 176 KASSERT(hdr.type == HCI_EVENT_PKT); 177 if (m->m_pkthdr.len != hdr.length) 178 goto done; 179 180 DPRINTFN(1, "(%s) event %s\n", 181 device_xname(unit->hci_dev), hci_eventstr(hdr.event)); 182 183 switch(hdr.event) { 184 case HCI_EVENT_COMMAND_STATUS: 185 hci_event_command_status(unit, m); 186 break; 187 188 case HCI_EVENT_COMMAND_COMPL: 189 hci_event_command_compl(unit, m); 190 break; 191 192 case HCI_EVENT_NUM_COMPL_PKTS: 193 hci_event_num_compl_pkts(unit, m); 194 break; 195 196 case HCI_EVENT_INQUIRY_RESULT: 197 hci_event_inquiry_result(unit, m); 198 break; 199 200 case HCI_EVENT_RSSI_RESULT: 201 hci_event_rssi_result(unit, m); 202 break; 203 204 case HCI_EVENT_EXTENDED_RESULT: 205 hci_event_extended_result(unit, m); 206 break; 207 208 case HCI_EVENT_CON_COMPL: 209 hci_event_con_compl(unit, m); 210 break; 211 212 case HCI_EVENT_DISCON_COMPL: 213 hci_event_discon_compl(unit, m); 214 break; 215 216 case HCI_EVENT_CON_REQ: 217 hci_event_con_req(unit, m); 218 break; 219 220 case HCI_EVENT_AUTH_COMPL: 221 hci_event_auth_compl(unit, m); 222 break; 223 224 case HCI_EVENT_ENCRYPTION_CHANGE: 225 hci_event_encryption_change(unit, m); 226 break; 227 228 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL: 229 hci_event_change_con_link_key_compl(unit, m); 230 break; 231 232 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL: 233 hci_event_read_clock_offset_compl(unit, m); 234 break; 235 236 default: 237 break; 238 } 239 240 done: 241 m_freem(m); 242 } 243 244 /* 245 * Command Status 246 * 247 * Restart command queue and post-process any pending commands 248 */ 249 static void 250 hci_event_command_status(struct hci_unit *unit, struct mbuf *m) 251 { 252 hci_command_status_ep ep; 253 254 if (m->m_pkthdr.len < sizeof(ep)) 255 return; 256 257 m_copydata(m, 0, sizeof(ep), &ep); 258 m_adj(m, sizeof(ep)); 259 260 ep.opcode = le16toh(ep.opcode); 261 262 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n", 263 device_xname(unit->hci_dev), 264 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode), 265 ep.status, 266 ep.num_cmd_pkts); 267 268 hci_num_cmds(unit, ep.num_cmd_pkts); 269 270 /* 271 * post processing of pending commands 272 */ 273 switch(ep.opcode) { 274 case HCI_CMD_CREATE_CON: 275 hci_cmd_create_con(unit, ep.status); 276 break; 277 278 default: 279 if (ep.status == 0) 280 break; 281 282 aprint_error_dev(unit->hci_dev, 283 "CommandStatus opcode (%03x|%04x) failed (status=0x%02x)\n", 284 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode), 285 ep.status); 286 287 break; 288 } 289 } 290 291 /* 292 * Command Complete 293 * 294 * Restart command queue and handle the completed command 295 */ 296 static void 297 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m) 298 { 299 hci_command_compl_ep ep; 300 hci_status_rp rp; 301 302 if (m->m_pkthdr.len < sizeof(ep)) 303 return; 304 305 m_copydata(m, 0, sizeof(ep), &ep); 306 m_adj(m, sizeof(ep)); 307 308 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n", 309 device_xname(unit->hci_dev), 310 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 311 ep.num_cmd_pkts); 312 313 hci_num_cmds(unit, ep.num_cmd_pkts); 314 315 /* 316 * I am not sure if this is completely correct, it is not guaranteed 317 * that a command_complete packet will contain the status though most 318 * do seem to. 319 */ 320 if (m->m_pkthdr.len >= sizeof(rp)) { 321 m_copydata(m, 0, sizeof(rp), &rp); 322 if (rp.status > 0) 323 aprint_error_dev(unit->hci_dev, 324 "CommandComplete opcode (%03x|%04x) failed (status=0x%02x)\n", 325 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 326 rp.status); 327 } 328 329 /* 330 * post processing of completed commands 331 */ 332 switch(le16toh(ep.opcode)) { 333 case HCI_CMD_READ_BDADDR: 334 hci_cmd_read_bdaddr(unit, m); 335 break; 336 337 case HCI_CMD_READ_BUFFER_SIZE: 338 hci_cmd_read_buffer_size(unit, m); 339 break; 340 341 case HCI_CMD_READ_LOCAL_FEATURES: 342 hci_cmd_read_local_features(unit, m); 343 break; 344 345 case HCI_CMD_READ_LOCAL_EXTENDED_FEATURES: 346 hci_cmd_read_local_extended_features(unit, m); 347 break; 348 349 case HCI_CMD_READ_LOCAL_VER: 350 hci_cmd_read_local_ver(unit, m); 351 break; 352 353 case HCI_CMD_READ_LOCAL_COMMANDS: 354 hci_cmd_read_local_commands(unit, m); 355 break; 356 357 case HCI_CMD_READ_ENCRYPTION_KEY_SIZE: 358 hci_cmd_read_encryption_key_size(unit, m); 359 break; 360 361 case HCI_CMD_RESET: 362 hci_cmd_reset(unit, m); 363 break; 364 365 default: 366 break; 367 } 368 } 369 370 /* 371 * Number of Completed Packets 372 * 373 * This is sent periodically by the Controller telling us how many 374 * buffers are now freed up and which handle was using them. From 375 * this we determine which type of buffer it was and add the qty 376 * back into the relevant packet counter, then restart output on 377 * links that have halted. 378 */ 379 static void 380 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m) 381 { 382 hci_num_compl_pkts_ep ep; 383 struct hci_link *link, *next; 384 uint16_t handle, num; 385 int num_acl = 0, num_sco = 0; 386 387 if (m->m_pkthdr.len < sizeof(ep)) 388 return; 389 390 m_copydata(m, 0, sizeof(ep), &ep); 391 m_adj(m, sizeof(ep)); 392 393 if (m->m_pkthdr.len < ep.num_con_handles * (sizeof(handle) + sizeof(num))) 394 return; 395 396 while (ep.num_con_handles--) { 397 m_copydata(m, 0, sizeof(handle), &handle); 398 m_adj(m, sizeof(handle)); 399 handle = le16toh(handle); 400 401 m_copydata(m, 0, sizeof(num), &num); 402 m_adj(m, sizeof(num)); 403 num = le16toh(num); 404 405 link = hci_link_lookup_handle(unit, handle); 406 if (link) { 407 if (link->hl_type == HCI_LINK_ACL) { 408 num_acl += num; 409 hci_acl_complete(link, num); 410 } else { 411 num_sco += num; 412 hci_sco_complete(link, num); 413 } 414 } else { 415 /* XXX need to issue Read_Buffer_Size or Reset? */ 416 aprint_error_dev(unit->hci_dev, 417 "unknown handle %d! (losing track of %d packet buffer%s)\n", 418 handle, num, (num == 1 ? "" : "s")); 419 } 420 } 421 422 /* 423 * Move up any queued packets. When a link has sent data, it will move 424 * to the back of the queue - technically then if a link had something 425 * to send and there were still buffers available it could get started 426 * twice but it seemed more important to to handle higher loads fairly 427 * than worry about wasting cycles when we are not busy. 428 */ 429 430 unit->hci_num_acl_pkts += num_acl; 431 unit->hci_num_sco_pkts += num_sco; 432 433 link = TAILQ_FIRST(&unit->hci_links); 434 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) { 435 next = TAILQ_NEXT(link, hl_next); 436 437 if (link->hl_type == HCI_LINK_ACL) { 438 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0) 439 hci_acl_start(link); 440 } else { 441 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0) 442 hci_sco_start(link); 443 } 444 445 link = next; 446 } 447 } 448 449 /* 450 * Inquiry Result 451 * 452 * keep a note of devices seen, so we know which unit to use 453 * on outgoing connections 454 */ 455 static void 456 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m) 457 { 458 hci_inquiry_result_ep ep; 459 hci_inquiry_response ir; 460 struct hci_memo *memo; 461 462 if (m->m_pkthdr.len < sizeof(ep)) 463 return; 464 465 m_copydata(m, 0, sizeof(ep), &ep); 466 m_adj(m, sizeof(ep)); 467 468 DPRINTFN(1, "%d response%s\n", ep.num_responses, 469 (ep.num_responses == 1 ? "" : "s")); 470 471 while(ep.num_responses--) { 472 if (m->m_pkthdr.len < sizeof(ir)) 473 return; 474 475 m_copydata(m, 0, sizeof(ir), &ir); 476 m_adj(m, sizeof(ir)); 477 478 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 479 ir.bdaddr.b[5], ir.bdaddr.b[4], ir.bdaddr.b[3], 480 ir.bdaddr.b[2], ir.bdaddr.b[1], ir.bdaddr.b[0]); 481 482 memo = hci_memo_new(unit, &ir.bdaddr); 483 if (memo != NULL) { 484 memo->page_scan_rep_mode = ir.page_scan_rep_mode; 485 memo->page_scan_mode = ir.page_scan_mode; 486 memo->clock_offset = ir.clock_offset; 487 } 488 } 489 } 490 491 /* 492 * Inquiry Result with RSSI 493 * 494 * as above but different packet when RSSI result is enabled 495 */ 496 static void 497 hci_event_rssi_result(struct hci_unit *unit, struct mbuf *m) 498 { 499 hci_rssi_result_ep ep; 500 hci_rssi_response rr; 501 struct hci_memo *memo; 502 503 if (m->m_pkthdr.len < sizeof(ep)) 504 return; 505 506 m_copydata(m, 0, sizeof(ep), &ep); 507 m_adj(m, sizeof(ep)); 508 509 DPRINTFN(1, "%d response%s\n", ep.num_responses, 510 (ep.num_responses == 1 ? "" : "s")); 511 512 while(ep.num_responses--) { 513 if (m->m_pkthdr.len < sizeof(rr)) 514 return; 515 516 m_copydata(m, 0, sizeof(rr), &rr); 517 m_adj(m, sizeof(rr)); 518 519 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 520 rr.bdaddr.b[5], rr.bdaddr.b[4], rr.bdaddr.b[3], 521 rr.bdaddr.b[2], rr.bdaddr.b[1], rr.bdaddr.b[0]); 522 523 memo = hci_memo_new(unit, &rr.bdaddr); 524 if (memo != NULL) { 525 memo->page_scan_rep_mode = rr.page_scan_rep_mode; 526 memo->page_scan_mode = 0; 527 memo->clock_offset = rr.clock_offset; 528 } 529 } 530 } 531 532 /* 533 * Extended Inquiry Result 534 * 535 * as above but provides only one response and extended service info 536 */ 537 static void 538 hci_event_extended_result(struct hci_unit *unit, struct mbuf *m) 539 { 540 hci_extended_result_ep ep; 541 struct hci_memo *memo; 542 543 if (m->m_pkthdr.len < sizeof(ep)) 544 return; 545 546 m_copydata(m, 0, sizeof(ep), &ep); 547 m_adj(m, sizeof(ep)); 548 549 if (ep.num_responses != 1) 550 return; 551 552 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 553 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 554 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0]); 555 556 memo = hci_memo_new(unit, &ep.bdaddr); 557 if (memo != NULL) { 558 memo->page_scan_rep_mode = ep.page_scan_rep_mode; 559 memo->page_scan_mode = 0; 560 memo->clock_offset = ep.clock_offset; 561 } 562 } 563 564 /* 565 * Connection Complete 566 * 567 * Sent to us when a connection is made. If there is no link 568 * structure already allocated for this, we must have changed 569 * our mind, so just disconnect. 570 */ 571 static void 572 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m) 573 { 574 hci_con_compl_ep ep; 575 hci_write_link_policy_settings_cp cp; 576 struct hci_link *link; 577 int err; 578 579 if (m->m_pkthdr.len < sizeof(ep)) 580 return; 581 582 m_copydata(m, 0, sizeof(ep), &ep); 583 m_adj(m, sizeof(ep)); 584 585 DPRINTFN(1, "(%s) %s connection complete for " 586 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n", 587 device_xname(unit->hci_dev), 588 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"), 589 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 590 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 591 ep.status); 592 593 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type); 594 595 if (ep.status) { 596 if (link != NULL) { 597 switch (ep.status) { 598 case 0x04: /* "Page Timeout" */ 599 err = EHOSTDOWN; 600 break; 601 602 case 0x08: /* "Connection Timed Out" */ 603 err = ETIMEDOUT; 604 break; 605 606 case 0x16: /* "Connection Terminated by Local Host" */ 607 err = 0; 608 break; 609 610 default: 611 err = ECONNREFUSED; 612 break; 613 } 614 615 hci_link_free(link, err); 616 } 617 618 return; 619 } 620 621 if (link == NULL) { 622 hci_discon_cp dp; 623 624 dp.con_handle = ep.con_handle; 625 dp.reason = 0x13; /* "Remote User Terminated Connection" */ 626 627 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp)); 628 return; 629 } 630 631 /* 632 * We purposefully ignore ep.encryption_mode here - if that is set then 633 * the link will be authenticated and encrypted, but we still want to 634 * verify the key size and setmode sets the right flags 635 */ 636 637 link->hl_state = HCI_LINK_OPEN; 638 link->hl_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 639 640 if (ep.link_type == HCI_LINK_ACL) { 641 cp.con_handle = ep.con_handle; 642 cp.settings = htole16(unit->hci_link_policy); 643 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS, 644 &cp, sizeof(cp)); 645 if (err) 646 aprint_error_dev(unit->hci_dev, 647 "Warning, could not write link policy\n"); 648 649 err = hci_send_cmd(unit, HCI_CMD_READ_CLOCK_OFFSET, 650 &cp.con_handle, sizeof(cp.con_handle)); 651 if (err) 652 aprint_error_dev(unit->hci_dev, 653 "Warning, could not read clock offset\n"); 654 655 err = hci_acl_setmode(link); 656 if (err == EINPROGRESS) 657 return; 658 659 hci_acl_linkmode(link); 660 } else { 661 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper); 662 } 663 } 664 665 /* 666 * Disconnection Complete 667 * 668 * This is sent in response to a disconnection request, but also if 669 * the remote device goes out of range. 670 */ 671 static void 672 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m) 673 { 674 hci_discon_compl_ep ep; 675 struct hci_link *link; 676 677 if (m->m_pkthdr.len < sizeof(ep)) 678 return; 679 680 m_copydata(m, 0, sizeof(ep), &ep); 681 m_adj(m, sizeof(ep)); 682 683 ep.con_handle = le16toh(ep.con_handle); 684 685 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 686 687 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle)); 688 if (link) 689 hci_link_free(link, ENOLINK); 690 } 691 692 /* 693 * Connect Request 694 * 695 * We check upstream for appropriate listeners and accept connections 696 * that are wanted. 697 */ 698 static void 699 hci_event_con_req(struct hci_unit *unit, struct mbuf *m) 700 { 701 hci_con_req_ep ep; 702 hci_accept_con_cp ap; 703 hci_reject_con_cp rp; 704 struct hci_link *link; 705 706 if (m->m_pkthdr.len < sizeof(ep)) 707 return; 708 709 m_copydata(m, 0, sizeof(ep), &ep); 710 m_adj(m, sizeof(ep)); 711 712 DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x " 713 "class %2.2x%2.2x%2.2x type %s\n", 714 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 715 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 716 ep.uclass[0], ep.uclass[1], ep.uclass[2], 717 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"); 718 719 if (ep.link_type == HCI_LINK_ACL) 720 link = hci_acl_newconn(unit, &ep.bdaddr); 721 else 722 link = hci_sco_newconn(unit, &ep.bdaddr); 723 724 if (link == NULL) { 725 memset(&rp, 0, sizeof(rp)); 726 bdaddr_copy(&rp.bdaddr, &ep.bdaddr); 727 rp.reason = 0x0f; /* Unacceptable BD_ADDR */ 728 729 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp)); 730 } else { 731 memset(&ap, 0, sizeof(ap)); 732 bdaddr_copy(&ap.bdaddr, &ep.bdaddr); 733 if (unit->hci_flags & BTF_MASTER) 734 ap.role = HCI_ROLE_MASTER; 735 else 736 ap.role = HCI_ROLE_SLAVE; 737 738 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap)); 739 } 740 } 741 742 /* 743 * Auth Complete 744 * 745 * Authentication has been completed on an ACL link. We can notify the 746 * upper layer protocols unless further mode changes are pending. 747 */ 748 static void 749 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m) 750 { 751 hci_auth_compl_ep ep; 752 struct hci_link *link; 753 int err; 754 755 if (m->m_pkthdr.len < sizeof(ep)) 756 return; 757 758 m_copydata(m, 0, sizeof(ep), &ep); 759 m_adj(m, sizeof(ep)); 760 761 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 762 763 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 764 765 link = hci_link_lookup_handle(unit, ep.con_handle); 766 if (link == NULL || link->hl_type != HCI_LINK_ACL) 767 return; 768 769 if (ep.status == 0) { 770 link->hl_flags |= HCI_LINK_AUTH; 771 772 if (link->hl_state == HCI_LINK_WAIT_AUTH) 773 link->hl_state = HCI_LINK_OPEN; 774 775 err = hci_acl_setmode(link); 776 if (err == EINPROGRESS) 777 return; 778 } 779 780 hci_acl_linkmode(link); 781 } 782 783 /* 784 * Encryption Change 785 * 786 * The encryption status has changed. Make a note if disabled, or 787 * check the key size if possible before allowing it is enabled. 788 * (checking of key size was enabled in 3.0 spec) 789 */ 790 static void 791 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m) 792 { 793 hci_encryption_change_ep ep; 794 struct hci_link *link; 795 uint16_t con_handle; 796 int err; 797 798 if (m->m_pkthdr.len < sizeof(ep)) 799 return; 800 801 m_copydata(m, 0, sizeof(ep), &ep); 802 m_adj(m, sizeof(ep)); 803 804 con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 805 806 DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n", 807 con_handle, ep.status, ep.encryption_enable); 808 809 link = hci_link_lookup_handle(unit, con_handle); 810 if (link == NULL || link->hl_type != HCI_LINK_ACL) 811 return; 812 813 if (ep.status == 0) { 814 if (ep.encryption_enable == 0) { 815 link->hl_flags &= ~HCI_LINK_ENCRYPT; 816 } else if (unit->hci_cmds[20] & (1<<4)) { 817 err = hci_send_cmd(unit, HCI_CMD_READ_ENCRYPTION_KEY_SIZE, 818 &ep.con_handle, sizeof(ep.con_handle)); 819 820 if (err == 0) 821 return; 822 } else { 823 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 824 825 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT) 826 link->hl_state = HCI_LINK_OPEN; 827 828 err = hci_acl_setmode(link); 829 if (err == EINPROGRESS) 830 return; 831 } 832 } 833 834 hci_acl_linkmode(link); 835 } 836 837 /* 838 * Change Connection Link Key Complete 839 * 840 * Link keys are handled in userland but if we are waiting to secure 841 * this link, we should notify the upper protocols. A SECURE request 842 * only needs a single key change, so we can cancel the request. 843 */ 844 static void 845 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m) 846 { 847 hci_change_con_link_key_compl_ep ep; 848 struct hci_link *link; 849 int err; 850 851 if (m->m_pkthdr.len < sizeof(ep)) 852 return; 853 854 m_copydata(m, 0, sizeof(ep), &ep); 855 m_adj(m, sizeof(ep)); 856 857 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 858 859 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 860 861 link = hci_link_lookup_handle(unit, ep.con_handle); 862 if (link == NULL || link->hl_type != HCI_LINK_ACL) 863 return; 864 865 link->hl_flags &= ~HCI_LINK_SECURE_REQ; 866 867 if (ep.status == 0) { 868 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE); 869 870 if (link->hl_state == HCI_LINK_WAIT_SECURE) 871 link->hl_state = HCI_LINK_OPEN; 872 873 err = hci_acl_setmode(link); 874 if (err == EINPROGRESS) 875 return; 876 } 877 878 hci_acl_linkmode(link); 879 } 880 881 /* 882 * Read Clock Offset Complete 883 * 884 * We keep a note of the clock offset of remote devices when a 885 * link is made, in order to facilitate reconnections to the device 886 */ 887 static void 888 hci_event_read_clock_offset_compl(struct hci_unit *unit, struct mbuf *m) 889 { 890 hci_read_clock_offset_compl_ep ep; 891 struct hci_link *link; 892 893 if (m->m_pkthdr.len < sizeof(ep)) 894 return; 895 896 m_copydata(m, 0, sizeof(ep), &ep); 897 m_adj(m, sizeof(ep)); 898 899 DPRINTFN(1, "handle #%d, offset=%u, status=0x%x\n", 900 le16toh(ep.con_handle), le16toh(ep.clock_offset), ep.status); 901 902 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 903 link = hci_link_lookup_handle(unit, ep.con_handle); 904 if (link == NULL || link->hl_type != HCI_LINK_ACL) 905 return; 906 907 if (ep.status == 0) 908 link->hl_clock = ep.clock_offset; 909 } 910 911 /* 912 * process results of read_bdaddr command_complete event 913 */ 914 static void 915 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m) 916 { 917 hci_read_bdaddr_rp rp; 918 919 if (m->m_pkthdr.len < sizeof(rp)) 920 return; 921 922 m_copydata(m, 0, sizeof(rp), &rp); 923 m_adj(m, sizeof(rp)); 924 925 if (rp.status > 0) 926 return; 927 928 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0) 929 return; 930 931 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr); 932 933 unit->hci_flags &= ~BTF_INIT_BDADDR; 934 935 cv_broadcast(&unit->hci_init); 936 } 937 938 /* 939 * process results of read_buffer_size command_complete event 940 */ 941 static void 942 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m) 943 { 944 hci_read_buffer_size_rp rp; 945 946 if (m->m_pkthdr.len < sizeof(rp)) 947 return; 948 949 m_copydata(m, 0, sizeof(rp), &rp); 950 m_adj(m, sizeof(rp)); 951 952 if (rp.status > 0) 953 return; 954 955 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0) 956 return; 957 958 unit->hci_max_acl_size = le16toh(rp.max_acl_size); 959 unit->hci_num_acl_pkts = le16toh(rp.num_acl_pkts); 960 unit->hci_max_acl_pkts = le16toh(rp.num_acl_pkts); 961 unit->hci_max_sco_size = rp.max_sco_size; 962 unit->hci_num_sco_pkts = le16toh(rp.num_sco_pkts); 963 unit->hci_max_sco_pkts = le16toh(rp.num_sco_pkts); 964 965 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE; 966 967 cv_broadcast(&unit->hci_init); 968 } 969 970 /* 971 * process results of read_local_features command_complete event 972 */ 973 static void 974 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m) 975 { 976 hci_read_local_features_rp rp; 977 978 if (m->m_pkthdr.len < sizeof(rp)) 979 return; 980 981 m_copydata(m, 0, sizeof(rp), &rp); 982 m_adj(m, sizeof(rp)); 983 984 if (rp.status > 0) 985 return; 986 987 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 988 return; 989 990 memcpy(unit->hci_feat0, rp.features, HCI_FEATURES_SIZE); 991 992 unit->hci_lmp_mask = 0; 993 994 if (rp.features[0] & HCI_LMP_ROLE_SWITCH) 995 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH; 996 997 if (rp.features[0] & HCI_LMP_HOLD_MODE) 998 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE; 999 1000 if (rp.features[0] & HCI_LMP_SNIFF_MODE) 1001 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE; 1002 1003 if (rp.features[1] & HCI_LMP_PARK_MODE) 1004 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE; 1005 1006 DPRINTFN(1, "%s: lmp_mask %4.4x\n", 1007 device_xname(unit->hci_dev), unit->hci_lmp_mask); 1008 1009 /* ACL packet mask */ 1010 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1; 1011 1012 if (rp.features[0] & HCI_LMP_3SLOT) 1013 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3; 1014 1015 if (rp.features[0] & HCI_LMP_5SLOT) 1016 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5; 1017 1018 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0) 1019 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1 1020 | HCI_PKT_2MBPS_DH3 1021 | HCI_PKT_2MBPS_DH5; 1022 1023 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0) 1024 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1 1025 | HCI_PKT_3MBPS_DH3 1026 | HCI_PKT_3MBPS_DH5; 1027 1028 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0) 1029 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3 1030 | HCI_PKT_3MBPS_DH3; 1031 1032 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0) 1033 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5 1034 | HCI_PKT_3MBPS_DH5; 1035 1036 DPRINTFN(1, "%s: acl_mask %4.4x\n", 1037 device_xname(unit->hci_dev), unit->hci_acl_mask); 1038 1039 unit->hci_packet_type = unit->hci_acl_mask; 1040 1041 /* SCO packet mask */ 1042 unit->hci_sco_mask = 0; 1043 if (rp.features[1] & HCI_LMP_SCO_LINK) 1044 unit->hci_sco_mask |= HCI_PKT_HV1; 1045 1046 if (rp.features[1] & HCI_LMP_HV2_PKT) 1047 unit->hci_sco_mask |= HCI_PKT_HV2; 1048 1049 if (rp.features[1] & HCI_LMP_HV3_PKT) 1050 unit->hci_sco_mask |= HCI_PKT_HV3; 1051 1052 if (rp.features[3] & HCI_LMP_EV3_PKT) 1053 unit->hci_sco_mask |= HCI_PKT_EV3; 1054 1055 if (rp.features[4] & HCI_LMP_EV4_PKT) 1056 unit->hci_sco_mask |= HCI_PKT_EV4; 1057 1058 if (rp.features[4] & HCI_LMP_EV5_PKT) 1059 unit->hci_sco_mask |= HCI_PKT_EV5; 1060 1061 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */ 1062 1063 DPRINTFN(1, "%s: sco_mask %4.4x\n", 1064 device_xname(unit->hci_dev), unit->hci_sco_mask); 1065 1066 /* extended feature masks */ 1067 if (rp.features[7] & HCI_LMP_EXTENDED_FEATURES) { 1068 hci_read_local_extended_features_cp cp; 1069 1070 cp.page = 0; 1071 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_EXTENDED_FEATURES, 1072 &cp, sizeof(cp)); 1073 1074 return; 1075 } 1076 1077 unit->hci_flags &= ~BTF_INIT_FEATURES; 1078 cv_broadcast(&unit->hci_init); 1079 } 1080 1081 /* 1082 * process results of read_local_extended_features command_complete event 1083 */ 1084 static void 1085 hci_cmd_read_local_extended_features(struct hci_unit *unit, struct mbuf *m) 1086 { 1087 hci_read_local_extended_features_rp rp; 1088 1089 if (m->m_pkthdr.len < sizeof(rp)) 1090 return; 1091 1092 m_copydata(m, 0, sizeof(rp), &rp); 1093 m_adj(m, sizeof(rp)); 1094 1095 if (rp.status > 0) 1096 return; 1097 1098 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 1099 return; 1100 1101 DPRINTFN(1, "%s: page %d of %d\n", device_xname(unit->hci_dev), 1102 rp.page, rp.max_page); 1103 1104 switch (rp.page) { 1105 case 2: 1106 memcpy(unit->hci_feat2, rp.features, HCI_FEATURES_SIZE); 1107 break; 1108 1109 case 1: 1110 memcpy(unit->hci_feat1, rp.features, HCI_FEATURES_SIZE); 1111 break; 1112 1113 case 0: /* (already handled) */ 1114 default: 1115 break; 1116 } 1117 1118 if (rp.page < rp.max_page) { 1119 hci_read_local_extended_features_cp cp; 1120 1121 cp.page = rp.page + 1; 1122 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_EXTENDED_FEATURES, 1123 &cp, sizeof(cp)); 1124 1125 return; 1126 } 1127 1128 unit->hci_flags &= ~BTF_INIT_FEATURES; 1129 cv_broadcast(&unit->hci_init); 1130 } 1131 1132 /* 1133 * process results of read_local_ver command_complete event 1134 * 1135 * reading local supported commands is only supported from 1.2 spec 1136 */ 1137 static void 1138 hci_cmd_read_local_ver(struct hci_unit *unit, struct mbuf *m) 1139 { 1140 hci_read_local_ver_rp rp; 1141 1142 if (m->m_pkthdr.len < sizeof(rp)) 1143 return; 1144 1145 m_copydata(m, 0, sizeof(rp), &rp); 1146 m_adj(m, sizeof(rp)); 1147 1148 if (rp.status != 0) 1149 return; 1150 1151 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1152 return; 1153 1154 if (rp.hci_version < HCI_SPEC_V12) { 1155 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1156 cv_broadcast(&unit->hci_init); 1157 return; 1158 } 1159 1160 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_COMMANDS, NULL, 0); 1161 } 1162 1163 /* 1164 * process results of read_local_commands command_complete event 1165 */ 1166 static void 1167 hci_cmd_read_local_commands(struct hci_unit *unit, struct mbuf *m) 1168 { 1169 hci_read_local_commands_rp rp; 1170 1171 if (m->m_pkthdr.len < sizeof(rp)) 1172 return; 1173 1174 m_copydata(m, 0, sizeof(rp), &rp); 1175 m_adj(m, sizeof(rp)); 1176 1177 if (rp.status != 0) 1178 return; 1179 1180 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1181 return; 1182 1183 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1184 memcpy(unit->hci_cmds, rp.commands, HCI_COMMANDS_SIZE); 1185 1186 cv_broadcast(&unit->hci_init); 1187 } 1188 1189 /* 1190 * process results of read_encryption_key_size command_complete event 1191 */ 1192 static void 1193 hci_cmd_read_encryption_key_size(struct hci_unit *unit, struct mbuf *m) 1194 { 1195 hci_read_encryption_key_size_rp rp; 1196 struct hci_link *link; 1197 int err; 1198 1199 if (m->m_pkthdr.len < sizeof(rp)) 1200 return; 1201 1202 m_copydata(m, 0, sizeof(rp), &rp); 1203 m_adj(m, sizeof(rp)); 1204 1205 if (rp.status != 0) 1206 return; 1207 1208 rp.con_handle = HCI_CON_HANDLE(le16toh(rp.con_handle)); 1209 1210 DPRINTFN(1, "handle #%d, status=0x%x, key_size=0x%x\n", 1211 rp.con_handle, rp.status, rp.size); 1212 1213 link = hci_link_lookup_handle(unit, rp.con_handle); 1214 if (link == NULL || link->hl_type != HCI_LINK_ACL) 1215 return; 1216 1217 /* 1218 * if the key size is less than minimum standard, go straight to 1219 * linkmode as this is non-recoverable. Otherwise, we are encrypted 1220 * so can proceed with setmode. 1221 */ 1222 if (rp.status == 0) { 1223 if (rp.size < 7) { 1224 link->hl_flags &= ~HCI_LINK_ENCRYPT; 1225 } else { 1226 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 1227 1228 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT) 1229 link->hl_state = HCI_LINK_OPEN; 1230 1231 err = hci_acl_setmode(link); 1232 if (err == EINPROGRESS) 1233 return; 1234 } 1235 } 1236 1237 hci_acl_linkmode(link); 1238 } 1239 1240 /* 1241 * process results of reset command_complete event 1242 * 1243 * This has killed all the connections, so close down anything we have left, 1244 * and reinitialise the unit. 1245 */ 1246 static void 1247 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m) 1248 { 1249 hci_reset_rp rp; 1250 struct hci_link *link, *next; 1251 int acl; 1252 1253 if (m->m_pkthdr.len < sizeof(rp)) 1254 return; 1255 1256 m_copydata(m, 0, sizeof(rp), &rp); 1257 m_adj(m, sizeof(rp)); 1258 1259 if (rp.status != 0) 1260 return; 1261 1262 /* 1263 * release SCO links first, since they may be holding 1264 * an ACL link reference. 1265 */ 1266 for (acl = 0 ; acl < 2 ; acl++) { 1267 next = TAILQ_FIRST(&unit->hci_links); 1268 while ((link = next) != NULL) { 1269 next = TAILQ_NEXT(link, hl_next); 1270 if (acl || link->hl_type != HCI_LINK_ACL) 1271 hci_link_free(link, ECONNABORTED); 1272 } 1273 } 1274 1275 unit->hci_num_acl_pkts = 0; 1276 unit->hci_num_sco_pkts = 0; 1277 1278 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0)) 1279 return; 1280 1281 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0)) 1282 return; 1283 1284 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0)) 1285 return; 1286 1287 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_VER, NULL, 0)) 1288 return; 1289 } 1290 1291 /* 1292 * process command_status event for create_con command 1293 * 1294 * a "Create Connection" command can sometimes fail to start for whatever 1295 * reason and the command_status event returns failure but we get no 1296 * indication of which connection failed (for instance in the case where 1297 * we tried to open too many connections all at once) So, we keep a flag 1298 * on the link to indicate pending status until the command_status event 1299 * is returned to help us decide which needs to be failed. 1300 * 1301 * since created links are inserted at the tail of hci_links, we know that 1302 * the first pending link we find will be the one that this command status 1303 * refers to. 1304 */ 1305 static void 1306 hci_cmd_create_con(struct hci_unit *unit, uint8_t status) 1307 { 1308 struct hci_link *link; 1309 1310 TAILQ_FOREACH(link, &unit->hci_links, hl_next) { 1311 if ((link->hl_flags & HCI_LINK_CREATE_CON) == 0) 1312 continue; 1313 1314 link->hl_flags &= ~HCI_LINK_CREATE_CON; 1315 1316 switch(status) { 1317 case 0x00: /* success */ 1318 break; 1319 1320 case 0x0c: /* "Command Disallowed" */ 1321 hci_link_free(link, EBUSY); 1322 break; 1323 1324 default: /* some other trouble */ 1325 hci_link_free(link, EPROTO); 1326 break; 1327 } 1328 1329 return; 1330 } 1331 } 1332