1 /* $NetBSD: hci_event.c,v 1.21 2009/09/12 18:31:46 plunky Exp $ */ 2 3 /*- 4 * Copyright (c) 2005 Iain Hibbert. 5 * Copyright (c) 2006 Itronix Inc. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of Itronix Inc. may not be used to endorse 17 * or promote products derived from this software without specific 18 * prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.21 2009/09/12 18:31:46 plunky Exp $"); 35 36 #include <sys/param.h> 37 #include <sys/kernel.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 #include <sys/proc.h> 41 #include <sys/systm.h> 42 43 #include <netbt/bluetooth.h> 44 #include <netbt/hci.h> 45 #include <netbt/sco.h> 46 47 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *); 48 static void hci_event_rssi_result(struct hci_unit *, struct mbuf *); 49 static void hci_event_extended_result(struct hci_unit *, struct mbuf *); 50 static void hci_event_command_status(struct hci_unit *, struct mbuf *); 51 static void hci_event_command_compl(struct hci_unit *, struct mbuf *); 52 static void hci_event_con_compl(struct hci_unit *, struct mbuf *); 53 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *); 54 static void hci_event_con_req(struct hci_unit *, struct mbuf *); 55 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *); 56 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *); 57 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *); 58 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *); 59 static void hci_event_read_clock_offset_compl(struct hci_unit *, struct mbuf *); 60 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *); 61 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *); 62 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *); 63 static void hci_cmd_read_local_ver(struct hci_unit *, struct mbuf *); 64 static void hci_cmd_read_local_commands(struct hci_unit *, struct mbuf *); 65 static void hci_cmd_reset(struct hci_unit *, struct mbuf *); 66 static void hci_cmd_create_con(struct hci_unit *unit, uint8_t status); 67 68 #ifdef BLUETOOTH_DEBUG 69 int bluetooth_debug; 70 71 static const char *hci_eventnames[] = { 72 /* 0x00 */ "NULL", 73 /* 0x01 */ "INQUIRY COMPLETE", 74 /* 0x02 */ "INQUIRY RESULT", 75 /* 0x03 */ "CONN COMPLETE", 76 /* 0x04 */ "CONN REQ", 77 /* 0x05 */ "DISCONN COMPLETE", 78 /* 0x06 */ "AUTH COMPLETE", 79 /* 0x07 */ "REMOTE NAME REQ COMPLETE", 80 /* 0x08 */ "ENCRYPTION CHANGE", 81 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE", 82 /* 0x0a */ "MASTER LINK KEY COMPLETE", 83 /* 0x0b */ "READ REMOTE FEATURES COMPLETE", 84 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE", 85 /* 0x0d */ "QoS SETUP COMPLETE", 86 /* 0x0e */ "COMMAND COMPLETE", 87 /* 0x0f */ "COMMAND STATUS", 88 /* 0x10 */ "HARDWARE ERROR", 89 /* 0x11 */ "FLUSH OCCUR", 90 /* 0x12 */ "ROLE CHANGE", 91 /* 0x13 */ "NUM COMPLETED PACKETS", 92 /* 0x14 */ "MODE CHANGE", 93 /* 0x15 */ "RETURN LINK KEYS", 94 /* 0x16 */ "PIN CODE REQ", 95 /* 0x17 */ "LINK KEY REQ", 96 /* 0x18 */ "LINK KEY NOTIFICATION", 97 /* 0x19 */ "LOOPBACK COMMAND", 98 /* 0x1a */ "DATA BUFFER OVERFLOW", 99 /* 0x1b */ "MAX SLOT CHANGE", 100 /* 0x1c */ "READ CLOCK OFFSET COMPLETE", 101 /* 0x1d */ "CONN PKT TYPE CHANGED", 102 /* 0x1e */ "QOS VIOLATION", 103 /* 0x1f */ "PAGE SCAN MODE CHANGE", 104 /* 0x20 */ "PAGE SCAN REP MODE CHANGE", 105 /* 0x21 */ "FLOW SPECIFICATION COMPLETE", 106 /* 0x22 */ "RSSI RESULT", 107 /* 0x23 */ "READ REMOTE EXT FEATURES", 108 /* 0x24 */ "UNKNOWN", 109 /* 0x25 */ "UNKNOWN", 110 /* 0x26 */ "UNKNOWN", 111 /* 0x27 */ "UNKNOWN", 112 /* 0x28 */ "UNKNOWN", 113 /* 0x29 */ "UNKNOWN", 114 /* 0x2a */ "UNKNOWN", 115 /* 0x2b */ "UNKNOWN", 116 /* 0x2c */ "SCO CON COMPLETE", 117 /* 0x2d */ "SCO CON CHANGED", 118 /* 0x2e */ "SNIFF SUBRATING", 119 /* 0x2f */ "EXTENDED INQUIRY RESULT", 120 /* 0x30 */ "ENCRYPTION KEY REFRESH", 121 /* 0x31 */ "IO CAPABILITY REQUEST", 122 /* 0x32 */ "IO CAPABILITY RESPONSE", 123 /* 0x33 */ "USER CONFIRM REQUEST", 124 /* 0x34 */ "USER PASSKEY REQUEST", 125 /* 0x35 */ "REMOTE OOB DATA REQUEST", 126 /* 0x36 */ "SIMPLE PAIRING COMPLETE", 127 /* 0x37 */ "UNKNOWN", 128 /* 0x38 */ "LINK SUPERVISION TIMEOUT CHANGED", 129 /* 0x39 */ "ENHANCED FLUSH COMPLETE", 130 /* 0x3a */ "UNKNOWN", 131 /* 0x3b */ "USER PASSKEY NOTIFICATION", 132 /* 0x3c */ "KEYPRESS NOTIFICATION", 133 /* 0x3d */ "REMOTE HOST FEATURES NOTIFICATION", 134 }; 135 136 static const char * 137 hci_eventstr(unsigned int event) 138 { 139 140 if (event < __arraycount(hci_eventnames)) 141 return hci_eventnames[event]; 142 143 switch (event) { 144 case HCI_EVENT_BT_LOGO: /* 0xfe */ 145 return "BT_LOGO"; 146 147 case HCI_EVENT_VENDOR: /* 0xff */ 148 return "VENDOR"; 149 } 150 151 return "UNKNOWN"; 152 } 153 #endif /* BLUETOOTH_DEBUG */ 154 155 /* 156 * process HCI Events 157 * 158 * We will free the mbuf at the end, no need for any sub 159 * functions to handle that. We kind of assume that the 160 * device sends us valid events. 161 */ 162 void 163 hci_event(struct mbuf *m, struct hci_unit *unit) 164 { 165 hci_event_hdr_t hdr; 166 167 KASSERT(m->m_flags & M_PKTHDR); 168 169 KASSERT(m->m_pkthdr.len >= sizeof(hdr)); 170 m_copydata(m, 0, sizeof(hdr), &hdr); 171 m_adj(m, sizeof(hdr)); 172 173 KASSERT(hdr.type == HCI_EVENT_PKT); 174 175 DPRINTFN(1, "(%s) event %s\n", 176 device_xname(unit->hci_dev), hci_eventstr(hdr.event)); 177 178 switch(hdr.event) { 179 case HCI_EVENT_COMMAND_STATUS: 180 hci_event_command_status(unit, m); 181 break; 182 183 case HCI_EVENT_COMMAND_COMPL: 184 hci_event_command_compl(unit, m); 185 break; 186 187 case HCI_EVENT_NUM_COMPL_PKTS: 188 hci_event_num_compl_pkts(unit, m); 189 break; 190 191 case HCI_EVENT_INQUIRY_RESULT: 192 hci_event_inquiry_result(unit, m); 193 break; 194 195 case HCI_EVENT_RSSI_RESULT: 196 hci_event_rssi_result(unit, m); 197 break; 198 199 case HCI_EVENT_EXTENDED_RESULT: 200 hci_event_extended_result(unit, m); 201 break; 202 203 case HCI_EVENT_CON_COMPL: 204 hci_event_con_compl(unit, m); 205 break; 206 207 case HCI_EVENT_DISCON_COMPL: 208 hci_event_discon_compl(unit, m); 209 break; 210 211 case HCI_EVENT_CON_REQ: 212 hci_event_con_req(unit, m); 213 break; 214 215 case HCI_EVENT_AUTH_COMPL: 216 hci_event_auth_compl(unit, m); 217 break; 218 219 case HCI_EVENT_ENCRYPTION_CHANGE: 220 hci_event_encryption_change(unit, m); 221 break; 222 223 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL: 224 hci_event_change_con_link_key_compl(unit, m); 225 break; 226 227 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL: 228 hci_event_read_clock_offset_compl(unit, m); 229 break; 230 231 default: 232 break; 233 } 234 235 m_freem(m); 236 } 237 238 /* 239 * Command Status 240 * 241 * Restart command queue and post-process any pending commands 242 */ 243 static void 244 hci_event_command_status(struct hci_unit *unit, struct mbuf *m) 245 { 246 hci_command_status_ep ep; 247 248 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 249 m_copydata(m, 0, sizeof(ep), &ep); 250 m_adj(m, sizeof(ep)); 251 252 ep.opcode = le16toh(ep.opcode); 253 254 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n", 255 device_xname(unit->hci_dev), 256 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode), 257 ep.status, 258 ep.num_cmd_pkts); 259 260 hci_num_cmds(unit, ep.num_cmd_pkts); 261 262 /* 263 * post processing of pending commands 264 */ 265 switch(ep.opcode) { 266 case HCI_CMD_CREATE_CON: 267 hci_cmd_create_con(unit, ep.status); 268 break; 269 270 default: 271 if (ep.status == 0) 272 break; 273 274 aprint_error_dev(unit->hci_dev, 275 "CommandStatus opcode (%03x|%04x) failed (status=0x%02x)\n", 276 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode), 277 ep.status); 278 279 break; 280 } 281 } 282 283 /* 284 * Command Complete 285 * 286 * Restart command queue and handle the completed command 287 */ 288 static void 289 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m) 290 { 291 hci_command_compl_ep ep; 292 hci_status_rp rp; 293 294 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 295 m_copydata(m, 0, sizeof(ep), &ep); 296 m_adj(m, sizeof(ep)); 297 298 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n", 299 device_xname(unit->hci_dev), 300 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 301 ep.num_cmd_pkts); 302 303 hci_num_cmds(unit, ep.num_cmd_pkts); 304 305 /* 306 * I am not sure if this is completely correct, it is not guaranteed 307 * that a command_complete packet will contain the status though most 308 * do seem to. 309 */ 310 m_copydata(m, 0, sizeof(rp), &rp); 311 if (rp.status > 0) 312 aprint_error_dev(unit->hci_dev, 313 "CommandComplete opcode (%03x|%04x) failed (status=0x%02x)\n", 314 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 315 rp.status); 316 317 /* 318 * post processing of completed commands 319 */ 320 switch(le16toh(ep.opcode)) { 321 case HCI_CMD_READ_BDADDR: 322 hci_cmd_read_bdaddr(unit, m); 323 break; 324 325 case HCI_CMD_READ_BUFFER_SIZE: 326 hci_cmd_read_buffer_size(unit, m); 327 break; 328 329 case HCI_CMD_READ_LOCAL_FEATURES: 330 hci_cmd_read_local_features(unit, m); 331 break; 332 333 case HCI_CMD_READ_LOCAL_VER: 334 hci_cmd_read_local_ver(unit, m); 335 break; 336 337 case HCI_CMD_READ_LOCAL_COMMANDS: 338 hci_cmd_read_local_commands(unit, m); 339 break; 340 341 case HCI_CMD_RESET: 342 hci_cmd_reset(unit, m); 343 break; 344 345 default: 346 break; 347 } 348 } 349 350 /* 351 * Number of Completed Packets 352 * 353 * This is sent periodically by the Controller telling us how many 354 * buffers are now freed up and which handle was using them. From 355 * this we determine which type of buffer it was and add the qty 356 * back into the relevant packet counter, then restart output on 357 * links that have halted. 358 */ 359 static void 360 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m) 361 { 362 hci_num_compl_pkts_ep ep; 363 struct hci_link *link, *next; 364 uint16_t handle, num; 365 int num_acl = 0, num_sco = 0; 366 367 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 368 m_copydata(m, 0, sizeof(ep), &ep); 369 m_adj(m, sizeof(ep)); 370 371 while (ep.num_con_handles--) { 372 m_copydata(m, 0, sizeof(handle), &handle); 373 m_adj(m, sizeof(handle)); 374 handle = le16toh(handle); 375 376 m_copydata(m, 0, sizeof(num), &num); 377 m_adj(m, sizeof(num)); 378 num = le16toh(num); 379 380 link = hci_link_lookup_handle(unit, handle); 381 if (link) { 382 if (link->hl_type == HCI_LINK_ACL) { 383 num_acl += num; 384 hci_acl_complete(link, num); 385 } else { 386 num_sco += num; 387 hci_sco_complete(link, num); 388 } 389 } else { 390 /* XXX need to issue Read_Buffer_Size or Reset? */ 391 aprint_error_dev(unit->hci_dev, 392 "unknown handle %d! (losing track of %d packet buffer%s)\n", 393 handle, num, (num == 1 ? "" : "s")); 394 } 395 } 396 397 /* 398 * Move up any queued packets. When a link has sent data, it will move 399 * to the back of the queue - technically then if a link had something 400 * to send and there were still buffers available it could get started 401 * twice but it seemed more important to to handle higher loads fairly 402 * than worry about wasting cycles when we are not busy. 403 */ 404 405 unit->hci_num_acl_pkts += num_acl; 406 unit->hci_num_sco_pkts += num_sco; 407 408 link = TAILQ_FIRST(&unit->hci_links); 409 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) { 410 next = TAILQ_NEXT(link, hl_next); 411 412 if (link->hl_type == HCI_LINK_ACL) { 413 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0) 414 hci_acl_start(link); 415 } else { 416 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0) 417 hci_sco_start(link); 418 } 419 420 link = next; 421 } 422 } 423 424 /* 425 * Inquiry Result 426 * 427 * keep a note of devices seen, so we know which unit to use 428 * on outgoing connections 429 */ 430 static void 431 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m) 432 { 433 hci_inquiry_result_ep ep; 434 hci_inquiry_response ir; 435 struct hci_memo *memo; 436 437 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 438 m_copydata(m, 0, sizeof(ep), &ep); 439 m_adj(m, sizeof(ep)); 440 441 DPRINTFN(1, "%d response%s\n", ep.num_responses, 442 (ep.num_responses == 1 ? "" : "s")); 443 444 while(ep.num_responses--) { 445 KASSERT(m->m_pkthdr.len >= sizeof(ir)); 446 m_copydata(m, 0, sizeof(ir), &ir); 447 m_adj(m, sizeof(ir)); 448 449 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 450 ir.bdaddr.b[5], ir.bdaddr.b[4], ir.bdaddr.b[3], 451 ir.bdaddr.b[2], ir.bdaddr.b[1], ir.bdaddr.b[0]); 452 453 memo = hci_memo_new(unit, &ir.bdaddr); 454 if (memo != NULL) { 455 memo->page_scan_rep_mode = ir.page_scan_rep_mode; 456 memo->page_scan_mode = ir.page_scan_mode; 457 memo->clock_offset = ir.clock_offset; 458 } 459 } 460 } 461 462 /* 463 * Inquiry Result with RSSI 464 * 465 * as above but different packet when RSSI result is enabled 466 */ 467 static void 468 hci_event_rssi_result(struct hci_unit *unit, struct mbuf *m) 469 { 470 hci_rssi_result_ep ep; 471 hci_rssi_response rr; 472 struct hci_memo *memo; 473 474 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 475 m_copydata(m, 0, sizeof(ep), &ep); 476 m_adj(m, sizeof(ep)); 477 478 DPRINTFN(1, "%d response%s\n", ep.num_responses, 479 (ep.num_responses == 1 ? "" : "s")); 480 481 while(ep.num_responses--) { 482 KASSERT(m->m_pkthdr.len >= sizeof(rr)); 483 m_copydata(m, 0, sizeof(rr), &rr); 484 m_adj(m, sizeof(rr)); 485 486 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 487 rr.bdaddr.b[5], rr.bdaddr.b[4], rr.bdaddr.b[3], 488 rr.bdaddr.b[2], rr.bdaddr.b[1], rr.bdaddr.b[0]); 489 490 memo = hci_memo_new(unit, &rr.bdaddr); 491 if (memo != NULL) { 492 memo->page_scan_rep_mode = rr.page_scan_rep_mode; 493 memo->page_scan_mode = 0; 494 memo->clock_offset = rr.clock_offset; 495 } 496 } 497 } 498 499 /* 500 * Extended Inquiry Result 501 * 502 * as above but provides only one response and extended service info 503 */ 504 static void 505 hci_event_extended_result(struct hci_unit *unit, struct mbuf *m) 506 { 507 hci_extended_result_ep ep; 508 struct hci_memo *memo; 509 510 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 511 m_copydata(m, 0, sizeof(ep), &ep); 512 m_adj(m, sizeof(ep)); 513 514 if (ep.num_responses != 1) 515 return; 516 517 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 518 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 519 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0]); 520 521 memo = hci_memo_new(unit, &ep.bdaddr); 522 if (memo != NULL) { 523 memo->page_scan_rep_mode = ep.page_scan_rep_mode; 524 memo->page_scan_mode = 0; 525 memo->clock_offset = ep.clock_offset; 526 } 527 } 528 529 /* 530 * Connection Complete 531 * 532 * Sent to us when a connection is made. If there is no link 533 * structure already allocated for this, we must have changed 534 * our mind, so just disconnect. 535 */ 536 static void 537 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m) 538 { 539 hci_con_compl_ep ep; 540 hci_write_link_policy_settings_cp cp; 541 struct hci_link *link; 542 int err; 543 544 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 545 m_copydata(m, 0, sizeof(ep), &ep); 546 m_adj(m, sizeof(ep)); 547 548 DPRINTFN(1, "(%s) %s connection complete for " 549 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n", 550 device_xname(unit->hci_dev), 551 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"), 552 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 553 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 554 ep.status); 555 556 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type); 557 558 if (ep.status) { 559 if (link != NULL) { 560 switch (ep.status) { 561 case 0x04: /* "Page Timeout" */ 562 err = EHOSTDOWN; 563 break; 564 565 case 0x08: /* "Connection Timed Out" */ 566 err = ETIMEDOUT; 567 break; 568 569 case 0x16: /* "Connection Terminated by Local Host" */ 570 err = 0; 571 break; 572 573 default: 574 err = ECONNREFUSED; 575 break; 576 } 577 578 hci_link_free(link, err); 579 } 580 581 return; 582 } 583 584 if (link == NULL) { 585 hci_discon_cp dp; 586 587 dp.con_handle = ep.con_handle; 588 dp.reason = 0x13; /* "Remote User Terminated Connection" */ 589 590 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp)); 591 return; 592 } 593 594 /* XXX could check auth_enable here */ 595 596 if (ep.encryption_mode) 597 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 598 599 link->hl_state = HCI_LINK_OPEN; 600 link->hl_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 601 602 if (ep.link_type == HCI_LINK_ACL) { 603 cp.con_handle = ep.con_handle; 604 cp.settings = htole16(unit->hci_link_policy); 605 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS, 606 &cp, sizeof(cp)); 607 if (err) 608 aprint_error_dev(unit->hci_dev, 609 "Warning, could not write link policy\n"); 610 611 err = hci_send_cmd(unit, HCI_CMD_READ_CLOCK_OFFSET, 612 &cp.con_handle, sizeof(cp.con_handle)); 613 if (err) 614 aprint_error_dev(unit->hci_dev, 615 "Warning, could not read clock offset\n"); 616 617 err = hci_acl_setmode(link); 618 if (err == EINPROGRESS) 619 return; 620 621 hci_acl_linkmode(link); 622 } else { 623 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper); 624 } 625 } 626 627 /* 628 * Disconnection Complete 629 * 630 * This is sent in response to a disconnection request, but also if 631 * the remote device goes out of range. 632 */ 633 static void 634 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m) 635 { 636 hci_discon_compl_ep ep; 637 struct hci_link *link; 638 639 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 640 m_copydata(m, 0, sizeof(ep), &ep); 641 m_adj(m, sizeof(ep)); 642 643 ep.con_handle = le16toh(ep.con_handle); 644 645 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 646 647 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle)); 648 if (link) 649 hci_link_free(link, ENOLINK); 650 } 651 652 /* 653 * Connect Request 654 * 655 * We check upstream for appropriate listeners and accept connections 656 * that are wanted. 657 */ 658 static void 659 hci_event_con_req(struct hci_unit *unit, struct mbuf *m) 660 { 661 hci_con_req_ep ep; 662 hci_accept_con_cp ap; 663 hci_reject_con_cp rp; 664 struct hci_link *link; 665 666 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 667 m_copydata(m, 0, sizeof(ep), &ep); 668 m_adj(m, sizeof(ep)); 669 670 DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x " 671 "class %2.2x%2.2x%2.2x type %s\n", 672 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 673 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 674 ep.uclass[0], ep.uclass[1], ep.uclass[2], 675 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"); 676 677 if (ep.link_type == HCI_LINK_ACL) 678 link = hci_acl_newconn(unit, &ep.bdaddr); 679 else 680 link = hci_sco_newconn(unit, &ep.bdaddr); 681 682 if (link == NULL) { 683 memset(&rp, 0, sizeof(rp)); 684 bdaddr_copy(&rp.bdaddr, &ep.bdaddr); 685 rp.reason = 0x0f; /* Unacceptable BD_ADDR */ 686 687 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp)); 688 } else { 689 memset(&ap, 0, sizeof(ap)); 690 bdaddr_copy(&ap.bdaddr, &ep.bdaddr); 691 if (unit->hci_flags & BTF_MASTER) 692 ap.role = HCI_ROLE_MASTER; 693 else 694 ap.role = HCI_ROLE_SLAVE; 695 696 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap)); 697 } 698 } 699 700 /* 701 * Auth Complete 702 * 703 * Authentication has been completed on an ACL link. We can notify the 704 * upper layer protocols unless further mode changes are pending. 705 */ 706 static void 707 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m) 708 { 709 hci_auth_compl_ep ep; 710 struct hci_link *link; 711 int err; 712 713 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 714 m_copydata(m, 0, sizeof(ep), &ep); 715 m_adj(m, sizeof(ep)); 716 717 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 718 719 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 720 721 link = hci_link_lookup_handle(unit, ep.con_handle); 722 if (link == NULL || link->hl_type != HCI_LINK_ACL) 723 return; 724 725 if (ep.status == 0) { 726 link->hl_flags |= HCI_LINK_AUTH; 727 728 if (link->hl_state == HCI_LINK_WAIT_AUTH) 729 link->hl_state = HCI_LINK_OPEN; 730 731 err = hci_acl_setmode(link); 732 if (err == EINPROGRESS) 733 return; 734 } 735 736 hci_acl_linkmode(link); 737 } 738 739 /* 740 * Encryption Change 741 * 742 * The encryption status has changed. Basically, we note the change 743 * then notify the upper layer protocol unless further mode changes 744 * are pending. 745 * Note that if encryption gets disabled when it has been requested, 746 * we will attempt to enable it again.. (its a feature not a bug :) 747 */ 748 static void 749 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m) 750 { 751 hci_encryption_change_ep ep; 752 struct hci_link *link; 753 int err; 754 755 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 756 m_copydata(m, 0, sizeof(ep), &ep); 757 m_adj(m, sizeof(ep)); 758 759 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 760 761 DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n", 762 ep.con_handle, ep.status, ep.encryption_enable); 763 764 link = hci_link_lookup_handle(unit, ep.con_handle); 765 if (link == NULL || link->hl_type != HCI_LINK_ACL) 766 return; 767 768 if (ep.status == 0) { 769 if (ep.encryption_enable == 0) 770 link->hl_flags &= ~HCI_LINK_ENCRYPT; 771 else 772 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 773 774 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT) 775 link->hl_state = HCI_LINK_OPEN; 776 777 err = hci_acl_setmode(link); 778 if (err == EINPROGRESS) 779 return; 780 } 781 782 hci_acl_linkmode(link); 783 } 784 785 /* 786 * Change Connection Link Key Complete 787 * 788 * Link keys are handled in userland but if we are waiting to secure 789 * this link, we should notify the upper protocols. A SECURE request 790 * only needs a single key change, so we can cancel the request. 791 */ 792 static void 793 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m) 794 { 795 hci_change_con_link_key_compl_ep ep; 796 struct hci_link *link; 797 int err; 798 799 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 800 m_copydata(m, 0, sizeof(ep), &ep); 801 m_adj(m, sizeof(ep)); 802 803 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 804 805 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 806 807 link = hci_link_lookup_handle(unit, ep.con_handle); 808 if (link == NULL || link->hl_type != HCI_LINK_ACL) 809 return; 810 811 link->hl_flags &= ~HCI_LINK_SECURE_REQ; 812 813 if (ep.status == 0) { 814 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE); 815 816 if (link->hl_state == HCI_LINK_WAIT_SECURE) 817 link->hl_state = HCI_LINK_OPEN; 818 819 err = hci_acl_setmode(link); 820 if (err == EINPROGRESS) 821 return; 822 } 823 824 hci_acl_linkmode(link); 825 } 826 827 /* 828 * Read Clock Offset Complete 829 * 830 * We keep a note of the clock offset of remote devices when a 831 * link is made, in order to facilitate reconnections to the device 832 */ 833 static void 834 hci_event_read_clock_offset_compl(struct hci_unit *unit, struct mbuf *m) 835 { 836 hci_read_clock_offset_compl_ep ep; 837 struct hci_link *link; 838 839 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 840 m_copydata(m, 0, sizeof(ep), &ep); 841 m_adj(m, sizeof(ep)); 842 843 DPRINTFN(1, "handle #%d, offset=%u, status=0x%x\n", 844 le16toh(ep.con_handle), le16toh(ep.clock_offset), ep.status); 845 846 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 847 link = hci_link_lookup_handle(unit, ep.con_handle); 848 if (link == NULL || link->hl_type != HCI_LINK_ACL) 849 return; 850 851 if (ep.status == 0) 852 link->hl_clock = ep.clock_offset; 853 } 854 855 /* 856 * process results of read_bdaddr command_complete event 857 */ 858 static void 859 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m) 860 { 861 hci_read_bdaddr_rp rp; 862 863 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 864 m_copydata(m, 0, sizeof(rp), &rp); 865 m_adj(m, sizeof(rp)); 866 867 if (rp.status > 0) 868 return; 869 870 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0) 871 return; 872 873 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr); 874 875 unit->hci_flags &= ~BTF_INIT_BDADDR; 876 877 cv_broadcast(&unit->hci_init); 878 } 879 880 /* 881 * process results of read_buffer_size command_complete event 882 */ 883 static void 884 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m) 885 { 886 hci_read_buffer_size_rp rp; 887 888 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 889 m_copydata(m, 0, sizeof(rp), &rp); 890 m_adj(m, sizeof(rp)); 891 892 if (rp.status > 0) 893 return; 894 895 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0) 896 return; 897 898 unit->hci_max_acl_size = le16toh(rp.max_acl_size); 899 unit->hci_num_acl_pkts = le16toh(rp.num_acl_pkts); 900 unit->hci_max_sco_size = rp.max_sco_size; 901 unit->hci_num_sco_pkts = le16toh(rp.num_sco_pkts); 902 903 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE; 904 905 cv_broadcast(&unit->hci_init); 906 } 907 908 /* 909 * process results of read_local_features command_complete event 910 */ 911 static void 912 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m) 913 { 914 hci_read_local_features_rp rp; 915 916 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 917 m_copydata(m, 0, sizeof(rp), &rp); 918 m_adj(m, sizeof(rp)); 919 920 if (rp.status > 0) 921 return; 922 923 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 924 return; 925 926 unit->hci_lmp_mask = 0; 927 928 if (rp.features[0] & HCI_LMP_ROLE_SWITCH) 929 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH; 930 931 if (rp.features[0] & HCI_LMP_HOLD_MODE) 932 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE; 933 934 if (rp.features[0] & HCI_LMP_SNIFF_MODE) 935 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE; 936 937 if (rp.features[1] & HCI_LMP_PARK_MODE) 938 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE; 939 940 /* ACL packet mask */ 941 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1; 942 943 if (rp.features[0] & HCI_LMP_3SLOT) 944 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3; 945 946 if (rp.features[0] & HCI_LMP_5SLOT) 947 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5; 948 949 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0) 950 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1 951 | HCI_PKT_2MBPS_DH3 952 | HCI_PKT_2MBPS_DH5; 953 954 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0) 955 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1 956 | HCI_PKT_3MBPS_DH3 957 | HCI_PKT_3MBPS_DH5; 958 959 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0) 960 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3 961 | HCI_PKT_3MBPS_DH3; 962 963 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0) 964 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5 965 | HCI_PKT_3MBPS_DH5; 966 967 unit->hci_packet_type = unit->hci_acl_mask; 968 969 /* SCO packet mask */ 970 unit->hci_sco_mask = 0; 971 if (rp.features[1] & HCI_LMP_SCO_LINK) 972 unit->hci_sco_mask |= HCI_PKT_HV1; 973 974 if (rp.features[1] & HCI_LMP_HV2_PKT) 975 unit->hci_sco_mask |= HCI_PKT_HV2; 976 977 if (rp.features[1] & HCI_LMP_HV3_PKT) 978 unit->hci_sco_mask |= HCI_PKT_HV3; 979 980 if (rp.features[3] & HCI_LMP_EV3_PKT) 981 unit->hci_sco_mask |= HCI_PKT_EV3; 982 983 if (rp.features[4] & HCI_LMP_EV4_PKT) 984 unit->hci_sco_mask |= HCI_PKT_EV4; 985 986 if (rp.features[4] & HCI_LMP_EV5_PKT) 987 unit->hci_sco_mask |= HCI_PKT_EV5; 988 989 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */ 990 991 unit->hci_flags &= ~BTF_INIT_FEATURES; 992 993 cv_broadcast(&unit->hci_init); 994 995 DPRINTFN(1, "%s: lmp_mask %4.4x, acl_mask %4.4x, sco_mask %4.4x\n", 996 device_xname(unit->hci_dev), unit->hci_lmp_mask, 997 unit->hci_acl_mask, unit->hci_sco_mask); 998 } 999 1000 /* 1001 * process results of read_local_ver command_complete event 1002 * 1003 * reading local supported commands is only supported from 1.2 spec 1004 */ 1005 static void 1006 hci_cmd_read_local_ver(struct hci_unit *unit, struct mbuf *m) 1007 { 1008 hci_read_local_ver_rp rp; 1009 1010 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 1011 m_copydata(m, 0, sizeof(rp), &rp); 1012 m_adj(m, sizeof(rp)); 1013 1014 if (rp.status != 0) 1015 return; 1016 1017 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1018 return; 1019 1020 if (rp.hci_version < HCI_SPEC_V12) { 1021 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1022 cv_broadcast(&unit->hci_init); 1023 return; 1024 } 1025 1026 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_COMMANDS, NULL, 0); 1027 } 1028 1029 /* 1030 * process results of read_local_commands command_complete event 1031 */ 1032 static void 1033 hci_cmd_read_local_commands(struct hci_unit *unit, struct mbuf *m) 1034 { 1035 hci_read_local_commands_rp rp; 1036 1037 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 1038 m_copydata(m, 0, sizeof(rp), &rp); 1039 m_adj(m, sizeof(rp)); 1040 1041 if (rp.status != 0) 1042 return; 1043 1044 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1045 return; 1046 1047 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1048 memcpy(unit->hci_cmds, rp.commands, HCI_COMMANDS_SIZE); 1049 1050 cv_broadcast(&unit->hci_init); 1051 } 1052 1053 /* 1054 * process results of reset command_complete event 1055 * 1056 * This has killed all the connections, so close down anything we have left, 1057 * and reinitialise the unit. 1058 */ 1059 static void 1060 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m) 1061 { 1062 hci_reset_rp rp; 1063 struct hci_link *link, *next; 1064 int acl; 1065 1066 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 1067 m_copydata(m, 0, sizeof(rp), &rp); 1068 m_adj(m, sizeof(rp)); 1069 1070 if (rp.status != 0) 1071 return; 1072 1073 /* 1074 * release SCO links first, since they may be holding 1075 * an ACL link reference. 1076 */ 1077 for (acl = 0 ; acl < 2 ; acl++) { 1078 next = TAILQ_FIRST(&unit->hci_links); 1079 while ((link = next) != NULL) { 1080 next = TAILQ_NEXT(link, hl_next); 1081 if (acl || link->hl_type != HCI_LINK_ACL) 1082 hci_link_free(link, ECONNABORTED); 1083 } 1084 } 1085 1086 unit->hci_num_acl_pkts = 0; 1087 unit->hci_num_sco_pkts = 0; 1088 1089 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0)) 1090 return; 1091 1092 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0)) 1093 return; 1094 1095 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0)) 1096 return; 1097 1098 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_VER, NULL, 0)) 1099 return; 1100 } 1101 1102 /* 1103 * process command_status event for create_con command 1104 * 1105 * a "Create Connection" command can sometimes fail to start for whatever 1106 * reason and the command_status event returns failure but we get no 1107 * indication of which connection failed (for instance in the case where 1108 * we tried to open too many connections all at once) So, we keep a flag 1109 * on the link to indicate pending status until the command_status event 1110 * is returned to help us decide which needs to be failed. 1111 * 1112 * since created links are inserted at the tail of hci_links, we know that 1113 * the first pending link we find will be the one that this command status 1114 * refers to. 1115 */ 1116 static void 1117 hci_cmd_create_con(struct hci_unit *unit, uint8_t status) 1118 { 1119 struct hci_link *link; 1120 1121 TAILQ_FOREACH(link, &unit->hci_links, hl_next) { 1122 if ((link->hl_flags & HCI_LINK_CREATE_CON) == 0) 1123 continue; 1124 1125 link->hl_flags &= ~HCI_LINK_CREATE_CON; 1126 1127 switch(status) { 1128 case 0x00: /* success */ 1129 break; 1130 1131 case 0x0c: /* "Command Disallowed" */ 1132 hci_link_free(link, EBUSY); 1133 break; 1134 1135 default: /* some other trouble */ 1136 hci_link_free(link, EPROTO); 1137 break; 1138 } 1139 1140 return; 1141 } 1142 } 1143