1 /* $NetBSD: hci_event.c,v 1.18 2008/04/24 11:38:37 ad Exp $ */ 2 3 /*- 4 * Copyright (c) 2005 Iain Hibbert. 5 * Copyright (c) 2006 Itronix Inc. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of Itronix Inc. may not be used to endorse 17 * or promote products derived from this software without specific 18 * prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.18 2008/04/24 11:38:37 ad Exp $"); 35 36 #include <sys/param.h> 37 #include <sys/kernel.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 #include <sys/proc.h> 41 #include <sys/systm.h> 42 43 #include <netbt/bluetooth.h> 44 #include <netbt/hci.h> 45 #include <netbt/sco.h> 46 47 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *); 48 static void hci_event_rssi_result(struct hci_unit *, struct mbuf *); 49 static void hci_event_command_status(struct hci_unit *, struct mbuf *); 50 static void hci_event_command_compl(struct hci_unit *, struct mbuf *); 51 static void hci_event_con_compl(struct hci_unit *, struct mbuf *); 52 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *); 53 static void hci_event_con_req(struct hci_unit *, struct mbuf *); 54 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *); 55 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *); 56 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *); 57 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *); 58 static void hci_event_read_clock_offset_compl(struct hci_unit *, struct mbuf *); 59 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *); 60 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *); 61 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *); 62 static void hci_cmd_read_local_ver(struct hci_unit *, struct mbuf *); 63 static void hci_cmd_read_local_commands(struct hci_unit *, struct mbuf *); 64 static void hci_cmd_reset(struct hci_unit *, struct mbuf *); 65 static void hci_cmd_create_con(struct hci_unit *unit, uint8_t status); 66 67 #ifdef BLUETOOTH_DEBUG 68 int bluetooth_debug; 69 70 static const char *hci_eventnames[] = { 71 /* 0x00 */ "NULL", 72 /* 0x01 */ "INQUIRY COMPLETE", 73 /* 0x02 */ "INQUIRY RESULT", 74 /* 0x03 */ "CONN COMPLETE", 75 /* 0x04 */ "CONN REQ", 76 /* 0x05 */ "DISCONN COMPLETE", 77 /* 0x06 */ "AUTH COMPLETE", 78 /* 0x07 */ "REMOTE NAME REQ COMPLETE", 79 /* 0x08 */ "ENCRYPTION CHANGE", 80 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE", 81 /* 0x0a */ "MASTER LINK KEY COMPLETE", 82 /* 0x0b */ "READ REMOTE FEATURES COMPLETE", 83 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE", 84 /* 0x0d */ "QoS SETUP COMPLETE", 85 /* 0x0e */ "COMMAND COMPLETE", 86 /* 0x0f */ "COMMAND STATUS", 87 /* 0x10 */ "HARDWARE ERROR", 88 /* 0x11 */ "FLUSH OCCUR", 89 /* 0x12 */ "ROLE CHANGE", 90 /* 0x13 */ "NUM COMPLETED PACKETS", 91 /* 0x14 */ "MODE CHANGE", 92 /* 0x15 */ "RETURN LINK KEYS", 93 /* 0x16 */ "PIN CODE REQ", 94 /* 0x17 */ "LINK KEY REQ", 95 /* 0x18 */ "LINK KEY NOTIFICATION", 96 /* 0x19 */ "LOOPBACK COMMAND", 97 /* 0x1a */ "DATA BUFFER OVERFLOW", 98 /* 0x1b */ "MAX SLOT CHANGE", 99 /* 0x1c */ "READ CLOCK OFFSET COMPLETE", 100 /* 0x1d */ "CONN PKT TYPE CHANGED", 101 /* 0x1e */ "QOS VIOLATION", 102 /* 0x1f */ "PAGE SCAN MODE CHANGE", 103 /* 0x20 */ "PAGE SCAN REP MODE CHANGE", 104 /* 0x21 */ "FLOW SPECIFICATION COMPLETE", 105 /* 0x22 */ "RSSI RESULT", 106 /* 0x23 */ "READ REMOTE EXT FEATURES", 107 /* 0x24 */ "UNKNOWN", 108 /* 0x25 */ "UNKNOWN", 109 /* 0x26 */ "UNKNOWN", 110 /* 0x27 */ "UNKNOWN", 111 /* 0x28 */ "UNKNOWN", 112 /* 0x29 */ "UNKNOWN", 113 /* 0x2a */ "UNKNOWN", 114 /* 0x2b */ "UNKNOWN", 115 /* 0x2c */ "SCO CON COMPLETE", 116 /* 0x2d */ "SCO CON CHANGED", 117 /* 0x2e */ "SNIFF SUBRATING", 118 /* 0x2f */ "EXTENDED INQUIRY RESULT", 119 /* 0x30 */ "ENCRYPTION KEY REFRESH", 120 /* 0x31 */ "IO CAPABILITY REQUEST", 121 /* 0x32 */ "IO CAPABILITY RESPONSE", 122 /* 0x33 */ "USER CONFIRM REQUEST", 123 /* 0x34 */ "USER PASSKEY REQUEST", 124 /* 0x35 */ "REMOTE OOB DATA REQUEST", 125 /* 0x36 */ "SIMPLE PAIRING COMPLETE", 126 /* 0x37 */ "UNKNOWN", 127 /* 0x38 */ "LINK SUPERVISION TIMEOUT CHANGED", 128 /* 0x39 */ "ENHANCED FLUSH COMPLETE", 129 /* 0x3a */ "UNKNOWN", 130 /* 0x3b */ "USER PASSKEY NOTIFICATION", 131 /* 0x3c */ "KEYPRESS NOTIFICATION", 132 /* 0x3d */ "REMOTE HOST FEATURES NOTIFICATION", 133 }; 134 135 static const char * 136 hci_eventstr(unsigned int event) 137 { 138 139 if (event < __arraycount(hci_eventnames)) 140 return hci_eventnames[event]; 141 142 switch (event) { 143 case HCI_EVENT_BT_LOGO: /* 0xfe */ 144 return "BT_LOGO"; 145 146 case HCI_EVENT_VENDOR: /* 0xff */ 147 return "VENDOR"; 148 } 149 150 return "UNKNOWN"; 151 } 152 #endif /* BLUETOOTH_DEBUG */ 153 154 /* 155 * process HCI Events 156 * 157 * We will free the mbuf at the end, no need for any sub 158 * functions to handle that. We kind of assume that the 159 * device sends us valid events. 160 */ 161 void 162 hci_event(struct mbuf *m, struct hci_unit *unit) 163 { 164 hci_event_hdr_t hdr; 165 166 KASSERT(m->m_flags & M_PKTHDR); 167 168 KASSERT(m->m_pkthdr.len >= sizeof(hdr)); 169 m_copydata(m, 0, sizeof(hdr), &hdr); 170 m_adj(m, sizeof(hdr)); 171 172 KASSERT(hdr.type == HCI_EVENT_PKT); 173 174 DPRINTFN(1, "(%s) event %s\n", 175 device_xname(unit->hci_dev), hci_eventstr(hdr.event)); 176 177 switch(hdr.event) { 178 case HCI_EVENT_COMMAND_STATUS: 179 hci_event_command_status(unit, m); 180 break; 181 182 case HCI_EVENT_COMMAND_COMPL: 183 hci_event_command_compl(unit, m); 184 break; 185 186 case HCI_EVENT_NUM_COMPL_PKTS: 187 hci_event_num_compl_pkts(unit, m); 188 break; 189 190 case HCI_EVENT_INQUIRY_RESULT: 191 hci_event_inquiry_result(unit, m); 192 break; 193 194 case HCI_EVENT_RSSI_RESULT: 195 hci_event_rssi_result(unit, m); 196 break; 197 198 case HCI_EVENT_CON_COMPL: 199 hci_event_con_compl(unit, m); 200 break; 201 202 case HCI_EVENT_DISCON_COMPL: 203 hci_event_discon_compl(unit, m); 204 break; 205 206 case HCI_EVENT_CON_REQ: 207 hci_event_con_req(unit, m); 208 break; 209 210 case HCI_EVENT_AUTH_COMPL: 211 hci_event_auth_compl(unit, m); 212 break; 213 214 case HCI_EVENT_ENCRYPTION_CHANGE: 215 hci_event_encryption_change(unit, m); 216 break; 217 218 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL: 219 hci_event_change_con_link_key_compl(unit, m); 220 break; 221 222 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL: 223 hci_event_read_clock_offset_compl(unit, m); 224 break; 225 226 default: 227 break; 228 } 229 230 m_freem(m); 231 } 232 233 /* 234 * Command Status 235 * 236 * Restart command queue and post-process any pending commands 237 */ 238 static void 239 hci_event_command_status(struct hci_unit *unit, struct mbuf *m) 240 { 241 hci_command_status_ep ep; 242 243 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 244 m_copydata(m, 0, sizeof(ep), &ep); 245 m_adj(m, sizeof(ep)); 246 247 ep.opcode = le16toh(ep.opcode); 248 249 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n", 250 device_xname(unit->hci_dev), 251 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode), 252 ep.status, 253 ep.num_cmd_pkts); 254 255 hci_num_cmds(unit, ep.num_cmd_pkts); 256 257 /* 258 * post processing of pending commands 259 */ 260 switch(ep.opcode) { 261 case HCI_CMD_CREATE_CON: 262 hci_cmd_create_con(unit, ep.status); 263 break; 264 265 default: 266 if (ep.status == 0) 267 break; 268 269 aprint_error_dev(unit->hci_dev, 270 "CommandStatus opcode (%03x|%04x) failed (status=0x%02x)\n", 271 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode), 272 ep.status); 273 274 break; 275 } 276 } 277 278 /* 279 * Command Complete 280 * 281 * Restart command queue and handle the completed command 282 */ 283 static void 284 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m) 285 { 286 hci_command_compl_ep ep; 287 hci_status_rp rp; 288 289 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 290 m_copydata(m, 0, sizeof(ep), &ep); 291 m_adj(m, sizeof(ep)); 292 293 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n", 294 device_xname(unit->hci_dev), 295 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 296 ep.num_cmd_pkts); 297 298 hci_num_cmds(unit, ep.num_cmd_pkts); 299 300 /* 301 * I am not sure if this is completely correct, it is not guaranteed 302 * that a command_complete packet will contain the status though most 303 * do seem to. 304 */ 305 m_copydata(m, 0, sizeof(rp), &rp); 306 if (rp.status > 0) 307 aprint_error_dev(unit->hci_dev, 308 "CommandComplete opcode (%03x|%04x) failed (status=0x%02x)\n", 309 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 310 rp.status); 311 312 /* 313 * post processing of completed commands 314 */ 315 switch(le16toh(ep.opcode)) { 316 case HCI_CMD_READ_BDADDR: 317 hci_cmd_read_bdaddr(unit, m); 318 break; 319 320 case HCI_CMD_READ_BUFFER_SIZE: 321 hci_cmd_read_buffer_size(unit, m); 322 break; 323 324 case HCI_CMD_READ_LOCAL_FEATURES: 325 hci_cmd_read_local_features(unit, m); 326 break; 327 328 case HCI_CMD_READ_LOCAL_VER: 329 hci_cmd_read_local_ver(unit, m); 330 break; 331 332 case HCI_CMD_READ_LOCAL_COMMANDS: 333 hci_cmd_read_local_commands(unit, m); 334 break; 335 336 case HCI_CMD_RESET: 337 hci_cmd_reset(unit, m); 338 break; 339 340 default: 341 break; 342 } 343 } 344 345 /* 346 * Number of Completed Packets 347 * 348 * This is sent periodically by the Controller telling us how many 349 * buffers are now freed up and which handle was using them. From 350 * this we determine which type of buffer it was and add the qty 351 * back into the relevant packet counter, then restart output on 352 * links that have halted. 353 */ 354 static void 355 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m) 356 { 357 hci_num_compl_pkts_ep ep; 358 struct hci_link *link, *next; 359 uint16_t handle, num; 360 int num_acl = 0, num_sco = 0; 361 362 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 363 m_copydata(m, 0, sizeof(ep), &ep); 364 m_adj(m, sizeof(ep)); 365 366 while (ep.num_con_handles--) { 367 m_copydata(m, 0, sizeof(handle), &handle); 368 m_adj(m, sizeof(handle)); 369 handle = le16toh(handle); 370 371 m_copydata(m, 0, sizeof(num), &num); 372 m_adj(m, sizeof(num)); 373 num = le16toh(num); 374 375 link = hci_link_lookup_handle(unit, handle); 376 if (link) { 377 if (link->hl_type == HCI_LINK_ACL) { 378 num_acl += num; 379 hci_acl_complete(link, num); 380 } else { 381 num_sco += num; 382 hci_sco_complete(link, num); 383 } 384 } else { 385 /* XXX need to issue Read_Buffer_Size or Reset? */ 386 aprint_error_dev(unit->hci_dev, 387 "unknown handle %d! (losing track of %d packet buffer%s)\n", 388 handle, num, (num == 1 ? "" : "s")); 389 } 390 } 391 392 /* 393 * Move up any queued packets. When a link has sent data, it will move 394 * to the back of the queue - technically then if a link had something 395 * to send and there were still buffers available it could get started 396 * twice but it seemed more important to to handle higher loads fairly 397 * than worry about wasting cycles when we are not busy. 398 */ 399 400 unit->hci_num_acl_pkts += num_acl; 401 unit->hci_num_sco_pkts += num_sco; 402 403 link = TAILQ_FIRST(&unit->hci_links); 404 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) { 405 next = TAILQ_NEXT(link, hl_next); 406 407 if (link->hl_type == HCI_LINK_ACL) { 408 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0) 409 hci_acl_start(link); 410 } else { 411 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0) 412 hci_sco_start(link); 413 } 414 415 link = next; 416 } 417 } 418 419 /* 420 * Inquiry Result 421 * 422 * keep a note of devices seen, so we know which unit to use 423 * on outgoing connections 424 */ 425 static void 426 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m) 427 { 428 hci_inquiry_result_ep ep; 429 hci_inquiry_response ir; 430 struct hci_memo *memo; 431 432 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 433 m_copydata(m, 0, sizeof(ep), &ep); 434 m_adj(m, sizeof(ep)); 435 436 DPRINTFN(1, "%d response%s\n", ep.num_responses, 437 (ep.num_responses == 1 ? "" : "s")); 438 439 while(ep.num_responses--) { 440 KASSERT(m->m_pkthdr.len >= sizeof(ir)); 441 m_copydata(m, 0, sizeof(ir), &ir); 442 m_adj(m, sizeof(ir)); 443 444 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 445 ir.bdaddr.b[5], ir.bdaddr.b[4], ir.bdaddr.b[3], 446 ir.bdaddr.b[2], ir.bdaddr.b[1], ir.bdaddr.b[0]); 447 448 memo = hci_memo_new(unit, &ir.bdaddr); 449 if (memo != NULL) { 450 memo->page_scan_rep_mode = ir.page_scan_rep_mode; 451 memo->page_scan_mode = ir.page_scan_mode; 452 memo->clock_offset = ir.clock_offset; 453 } 454 } 455 } 456 457 /* 458 * Inquiry Result with RSSI 459 * 460 * as above but different packet when RSSI result is enabled 461 */ 462 static void 463 hci_event_rssi_result(struct hci_unit *unit, struct mbuf *m) 464 { 465 hci_rssi_result_ep ep; 466 hci_rssi_response rr; 467 struct hci_memo *memo; 468 469 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 470 m_copydata(m, 0, sizeof(ep), &ep); 471 m_adj(m, sizeof(ep)); 472 473 DPRINTFN(1, "%d response%s\n", ep.num_responses, 474 (ep.num_responses == 1 ? "" : "s")); 475 476 while(ep.num_responses--) { 477 KASSERT(m->m_pkthdr.len >= sizeof(rr)); 478 m_copydata(m, 0, sizeof(rr), &rr); 479 m_adj(m, sizeof(rr)); 480 481 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 482 rr.bdaddr.b[5], rr.bdaddr.b[4], rr.bdaddr.b[3], 483 rr.bdaddr.b[2], rr.bdaddr.b[1], rr.bdaddr.b[0]); 484 485 memo = hci_memo_new(unit, &rr.bdaddr); 486 if (memo != NULL) { 487 memo->page_scan_rep_mode = rr.page_scan_rep_mode; 488 memo->page_scan_mode = 0; 489 memo->clock_offset = rr.clock_offset; 490 } 491 } 492 } 493 494 /* 495 * Connection Complete 496 * 497 * Sent to us when a connection is made. If there is no link 498 * structure already allocated for this, we must have changed 499 * our mind, so just disconnect. 500 */ 501 static void 502 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m) 503 { 504 hci_con_compl_ep ep; 505 hci_write_link_policy_settings_cp cp; 506 struct hci_link *link; 507 int err; 508 509 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 510 m_copydata(m, 0, sizeof(ep), &ep); 511 m_adj(m, sizeof(ep)); 512 513 DPRINTFN(1, "(%s) %s connection complete for " 514 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n", 515 device_xname(unit->hci_dev), 516 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"), 517 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 518 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 519 ep.status); 520 521 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type); 522 523 if (ep.status) { 524 if (link != NULL) { 525 switch (ep.status) { 526 case 0x04: /* "Page Timeout" */ 527 err = EHOSTDOWN; 528 break; 529 530 case 0x08: /* "Connection Timed Out" */ 531 err = ETIMEDOUT; 532 break; 533 534 case 0x16: /* "Connection Terminated by Local Host" */ 535 err = 0; 536 break; 537 538 default: 539 err = ECONNREFUSED; 540 break; 541 } 542 543 hci_link_free(link, err); 544 } 545 546 return; 547 } 548 549 if (link == NULL) { 550 hci_discon_cp dp; 551 552 dp.con_handle = ep.con_handle; 553 dp.reason = 0x13; /* "Remote User Terminated Connection" */ 554 555 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp)); 556 return; 557 } 558 559 /* XXX could check auth_enable here */ 560 561 if (ep.encryption_mode) 562 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 563 564 link->hl_state = HCI_LINK_OPEN; 565 link->hl_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 566 567 if (ep.link_type == HCI_LINK_ACL) { 568 cp.con_handle = ep.con_handle; 569 cp.settings = htole16(unit->hci_link_policy); 570 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS, 571 &cp, sizeof(cp)); 572 if (err) 573 aprint_error_dev(unit->hci_dev, 574 "Warning, could not write link policy\n"); 575 576 err = hci_send_cmd(unit, HCI_CMD_READ_CLOCK_OFFSET, 577 &cp.con_handle, sizeof(cp.con_handle)); 578 if (err) 579 aprint_error_dev(unit->hci_dev, 580 "Warning, could not read clock offset\n"); 581 582 err = hci_acl_setmode(link); 583 if (err == EINPROGRESS) 584 return; 585 586 hci_acl_linkmode(link); 587 } else { 588 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper); 589 } 590 } 591 592 /* 593 * Disconnection Complete 594 * 595 * This is sent in response to a disconnection request, but also if 596 * the remote device goes out of range. 597 */ 598 static void 599 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m) 600 { 601 hci_discon_compl_ep ep; 602 struct hci_link *link; 603 604 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 605 m_copydata(m, 0, sizeof(ep), &ep); 606 m_adj(m, sizeof(ep)); 607 608 ep.con_handle = le16toh(ep.con_handle); 609 610 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 611 612 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle)); 613 if (link) 614 hci_link_free(link, ENOLINK); 615 } 616 617 /* 618 * Connect Request 619 * 620 * We check upstream for appropriate listeners and accept connections 621 * that are wanted. 622 */ 623 static void 624 hci_event_con_req(struct hci_unit *unit, struct mbuf *m) 625 { 626 hci_con_req_ep ep; 627 hci_accept_con_cp ap; 628 hci_reject_con_cp rp; 629 struct hci_link *link; 630 631 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 632 m_copydata(m, 0, sizeof(ep), &ep); 633 m_adj(m, sizeof(ep)); 634 635 DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x " 636 "class %2.2x%2.2x%2.2x type %s\n", 637 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 638 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 639 ep.uclass[0], ep.uclass[1], ep.uclass[2], 640 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"); 641 642 if (ep.link_type == HCI_LINK_ACL) 643 link = hci_acl_newconn(unit, &ep.bdaddr); 644 else 645 link = hci_sco_newconn(unit, &ep.bdaddr); 646 647 if (link == NULL) { 648 memset(&rp, 0, sizeof(rp)); 649 bdaddr_copy(&rp.bdaddr, &ep.bdaddr); 650 rp.reason = 0x0f; /* Unacceptable BD_ADDR */ 651 652 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp)); 653 } else { 654 memset(&ap, 0, sizeof(ap)); 655 bdaddr_copy(&ap.bdaddr, &ep.bdaddr); 656 if (unit->hci_link_policy & HCI_LINK_POLICY_ENABLE_ROLE_SWITCH) 657 ap.role = HCI_ROLE_MASTER; 658 else 659 ap.role = HCI_ROLE_SLAVE; 660 661 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap)); 662 } 663 } 664 665 /* 666 * Auth Complete 667 * 668 * Authentication has been completed on an ACL link. We can notify the 669 * upper layer protocols unless further mode changes are pending. 670 */ 671 static void 672 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m) 673 { 674 hci_auth_compl_ep ep; 675 struct hci_link *link; 676 int err; 677 678 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 679 m_copydata(m, 0, sizeof(ep), &ep); 680 m_adj(m, sizeof(ep)); 681 682 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 683 684 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 685 686 link = hci_link_lookup_handle(unit, ep.con_handle); 687 if (link == NULL || link->hl_type != HCI_LINK_ACL) 688 return; 689 690 if (ep.status == 0) { 691 link->hl_flags |= HCI_LINK_AUTH; 692 693 if (link->hl_state == HCI_LINK_WAIT_AUTH) 694 link->hl_state = HCI_LINK_OPEN; 695 696 err = hci_acl_setmode(link); 697 if (err == EINPROGRESS) 698 return; 699 } 700 701 hci_acl_linkmode(link); 702 } 703 704 /* 705 * Encryption Change 706 * 707 * The encryption status has changed. Basically, we note the change 708 * then notify the upper layer protocol unless further mode changes 709 * are pending. 710 * Note that if encryption gets disabled when it has been requested, 711 * we will attempt to enable it again.. (its a feature not a bug :) 712 */ 713 static void 714 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m) 715 { 716 hci_encryption_change_ep ep; 717 struct hci_link *link; 718 int err; 719 720 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 721 m_copydata(m, 0, sizeof(ep), &ep); 722 m_adj(m, sizeof(ep)); 723 724 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 725 726 DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n", 727 ep.con_handle, ep.status, ep.encryption_enable); 728 729 link = hci_link_lookup_handle(unit, ep.con_handle); 730 if (link == NULL || link->hl_type != HCI_LINK_ACL) 731 return; 732 733 if (ep.status == 0) { 734 if (ep.encryption_enable == 0) 735 link->hl_flags &= ~HCI_LINK_ENCRYPT; 736 else 737 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 738 739 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT) 740 link->hl_state = HCI_LINK_OPEN; 741 742 err = hci_acl_setmode(link); 743 if (err == EINPROGRESS) 744 return; 745 } 746 747 hci_acl_linkmode(link); 748 } 749 750 /* 751 * Change Connection Link Key Complete 752 * 753 * Link keys are handled in userland but if we are waiting to secure 754 * this link, we should notify the upper protocols. A SECURE request 755 * only needs a single key change, so we can cancel the request. 756 */ 757 static void 758 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m) 759 { 760 hci_change_con_link_key_compl_ep ep; 761 struct hci_link *link; 762 int err; 763 764 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 765 m_copydata(m, 0, sizeof(ep), &ep); 766 m_adj(m, sizeof(ep)); 767 768 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 769 770 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 771 772 link = hci_link_lookup_handle(unit, ep.con_handle); 773 if (link == NULL || link->hl_type != HCI_LINK_ACL) 774 return; 775 776 link->hl_flags &= ~HCI_LINK_SECURE_REQ; 777 778 if (ep.status == 0) { 779 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE); 780 781 if (link->hl_state == HCI_LINK_WAIT_SECURE) 782 link->hl_state = HCI_LINK_OPEN; 783 784 err = hci_acl_setmode(link); 785 if (err == EINPROGRESS) 786 return; 787 } 788 789 hci_acl_linkmode(link); 790 } 791 792 /* 793 * Read Clock Offset Complete 794 * 795 * We keep a note of the clock offset of remote devices when a 796 * link is made, in order to facilitate reconnections to the device 797 */ 798 static void 799 hci_event_read_clock_offset_compl(struct hci_unit *unit, struct mbuf *m) 800 { 801 hci_read_clock_offset_compl_ep ep; 802 struct hci_link *link; 803 804 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 805 m_copydata(m, 0, sizeof(ep), &ep); 806 m_adj(m, sizeof(ep)); 807 808 DPRINTFN(1, "handle #%d, offset=%u, status=0x%x\n", 809 le16toh(ep.con_handle), le16toh(ep.clock_offset), ep.status); 810 811 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 812 link = hci_link_lookup_handle(unit, ep.con_handle); 813 814 if (ep.status != 0 || link == NULL) 815 return; 816 817 link->hl_clock = ep.clock_offset; 818 } 819 820 /* 821 * process results of read_bdaddr command_complete event 822 */ 823 static void 824 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m) 825 { 826 hci_read_bdaddr_rp rp; 827 828 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 829 m_copydata(m, 0, sizeof(rp), &rp); 830 m_adj(m, sizeof(rp)); 831 832 if (rp.status > 0) 833 return; 834 835 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0) 836 return; 837 838 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr); 839 840 unit->hci_flags &= ~BTF_INIT_BDADDR; 841 842 cv_broadcast(&unit->hci_init); 843 } 844 845 /* 846 * process results of read_buffer_size command_complete event 847 */ 848 static void 849 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m) 850 { 851 hci_read_buffer_size_rp rp; 852 853 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 854 m_copydata(m, 0, sizeof(rp), &rp); 855 m_adj(m, sizeof(rp)); 856 857 if (rp.status > 0) 858 return; 859 860 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0) 861 return; 862 863 unit->hci_max_acl_size = le16toh(rp.max_acl_size); 864 unit->hci_num_acl_pkts = le16toh(rp.num_acl_pkts); 865 unit->hci_max_sco_size = rp.max_sco_size; 866 unit->hci_num_sco_pkts = le16toh(rp.num_sco_pkts); 867 868 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE; 869 870 cv_broadcast(&unit->hci_init); 871 } 872 873 /* 874 * process results of read_local_features command_complete event 875 */ 876 static void 877 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m) 878 { 879 hci_read_local_features_rp rp; 880 881 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 882 m_copydata(m, 0, sizeof(rp), &rp); 883 m_adj(m, sizeof(rp)); 884 885 if (rp.status > 0) 886 return; 887 888 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 889 return; 890 891 unit->hci_lmp_mask = 0; 892 893 if (rp.features[0] & HCI_LMP_ROLE_SWITCH) 894 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH; 895 896 if (rp.features[0] & HCI_LMP_HOLD_MODE) 897 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE; 898 899 if (rp.features[0] & HCI_LMP_SNIFF_MODE) 900 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE; 901 902 if (rp.features[1] & HCI_LMP_PARK_MODE) 903 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE; 904 905 /* ACL packet mask */ 906 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1; 907 908 if (rp.features[0] & HCI_LMP_3SLOT) 909 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3; 910 911 if (rp.features[0] & HCI_LMP_5SLOT) 912 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5; 913 914 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0) 915 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1 916 | HCI_PKT_2MBPS_DH3 917 | HCI_PKT_2MBPS_DH5; 918 919 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0) 920 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1 921 | HCI_PKT_3MBPS_DH3 922 | HCI_PKT_3MBPS_DH5; 923 924 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0) 925 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3 926 | HCI_PKT_3MBPS_DH3; 927 928 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0) 929 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5 930 | HCI_PKT_3MBPS_DH5; 931 932 unit->hci_packet_type = unit->hci_acl_mask; 933 934 /* SCO packet mask */ 935 unit->hci_sco_mask = 0; 936 if (rp.features[1] & HCI_LMP_SCO_LINK) 937 unit->hci_sco_mask |= HCI_PKT_HV1; 938 939 if (rp.features[1] & HCI_LMP_HV2_PKT) 940 unit->hci_sco_mask |= HCI_PKT_HV2; 941 942 if (rp.features[1] & HCI_LMP_HV3_PKT) 943 unit->hci_sco_mask |= HCI_PKT_HV3; 944 945 if (rp.features[3] & HCI_LMP_EV3_PKT) 946 unit->hci_sco_mask |= HCI_PKT_EV3; 947 948 if (rp.features[4] & HCI_LMP_EV4_PKT) 949 unit->hci_sco_mask |= HCI_PKT_EV4; 950 951 if (rp.features[4] & HCI_LMP_EV5_PKT) 952 unit->hci_sco_mask |= HCI_PKT_EV5; 953 954 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */ 955 956 unit->hci_flags &= ~BTF_INIT_FEATURES; 957 958 cv_broadcast(&unit->hci_init); 959 960 DPRINTFN(1, "%s: lmp_mask %4.4x, acl_mask %4.4x, sco_mask %4.4x\n", 961 device_xname(unit->hci_dev), unit->hci_lmp_mask, 962 unit->hci_acl_mask, unit->hci_sco_mask); 963 } 964 965 /* 966 * process results of read_local_ver command_complete event 967 * 968 * reading local supported commands is only supported from 1.2 spec 969 */ 970 static void 971 hci_cmd_read_local_ver(struct hci_unit *unit, struct mbuf *m) 972 { 973 hci_read_local_ver_rp rp; 974 975 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 976 m_copydata(m, 0, sizeof(rp), &rp); 977 m_adj(m, sizeof(rp)); 978 979 if (rp.status != 0) 980 return; 981 982 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 983 return; 984 985 if (rp.hci_version < HCI_SPEC_V12) { 986 unit->hci_flags &= ~BTF_INIT_COMMANDS; 987 cv_broadcast(&unit->hci_init); 988 return; 989 } 990 991 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_COMMANDS, NULL, 0); 992 } 993 994 /* 995 * process results of read_local_commands command_complete event 996 */ 997 static void 998 hci_cmd_read_local_commands(struct hci_unit *unit, struct mbuf *m) 999 { 1000 hci_read_local_commands_rp rp; 1001 1002 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 1003 m_copydata(m, 0, sizeof(rp), &rp); 1004 m_adj(m, sizeof(rp)); 1005 1006 if (rp.status != 0) 1007 return; 1008 1009 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1010 return; 1011 1012 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1013 memcpy(unit->hci_cmds, rp.commands, HCI_COMMANDS_SIZE); 1014 1015 cv_broadcast(&unit->hci_init); 1016 } 1017 1018 /* 1019 * process results of reset command_complete event 1020 * 1021 * This has killed all the connections, so close down anything we have left, 1022 * and reinitialise the unit. 1023 */ 1024 static void 1025 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m) 1026 { 1027 hci_reset_rp rp; 1028 struct hci_link *link, *next; 1029 int acl; 1030 1031 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 1032 m_copydata(m, 0, sizeof(rp), &rp); 1033 m_adj(m, sizeof(rp)); 1034 1035 if (rp.status != 0) 1036 return; 1037 1038 /* 1039 * release SCO links first, since they may be holding 1040 * an ACL link reference. 1041 */ 1042 for (acl = 0 ; acl < 2 ; acl++) { 1043 next = TAILQ_FIRST(&unit->hci_links); 1044 while ((link = next) != NULL) { 1045 next = TAILQ_NEXT(link, hl_next); 1046 if (acl || link->hl_type != HCI_LINK_ACL) 1047 hci_link_free(link, ECONNABORTED); 1048 } 1049 } 1050 1051 unit->hci_num_acl_pkts = 0; 1052 unit->hci_num_sco_pkts = 0; 1053 1054 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0)) 1055 return; 1056 1057 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0)) 1058 return; 1059 1060 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0)) 1061 return; 1062 1063 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_VER, NULL, 0)) 1064 return; 1065 } 1066 1067 /* 1068 * process command_status event for create_con command 1069 * 1070 * a "Create Connection" command can sometimes fail to start for whatever 1071 * reason and the command_status event returns failure but we get no 1072 * indication of which connection failed (for instance in the case where 1073 * we tried to open too many connections all at once) So, we keep a flag 1074 * on the link to indicate pending status until the command_status event 1075 * is returned to help us decide which needs to be failed. 1076 * 1077 * since created links are inserted at the tail of hci_links, we know that 1078 * the first pending link we find will be the one that this command status 1079 * refers to. 1080 */ 1081 static void 1082 hci_cmd_create_con(struct hci_unit *unit, uint8_t status) 1083 { 1084 struct hci_link *link; 1085 1086 TAILQ_FOREACH(link, &unit->hci_links, hl_next) { 1087 if ((link->hl_flags & HCI_LINK_CREATE_CON) == 0) 1088 continue; 1089 1090 link->hl_flags &= ~HCI_LINK_CREATE_CON; 1091 1092 switch(status) { 1093 case 0x00: /* success */ 1094 break; 1095 1096 case 0x0c: /* "Command Disallowed" */ 1097 hci_link_free(link, EBUSY); 1098 break; 1099 1100 default: /* some other trouble */ 1101 hci_link_free(link, EPROTO); 1102 break; 1103 } 1104 1105 return; 1106 } 1107 } 1108