1 /* $NetBSD: hci_link.c,v 1.5 2006/09/11 22:12:39 plunky Exp $ */ 2 3 /*- 4 * Copyright (c) 2005 Iain Hibbert. 5 * Copyright (c) 2006 Itronix Inc. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of Itronix Inc. may not be used to endorse 17 * or promote products derived from this software without specific 18 * prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: hci_link.c,v 1.5 2006/09/11 22:12:39 plunky Exp $"); 35 36 #include <sys/param.h> 37 #include <sys/kernel.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 #include <sys/proc.h> 41 #include <sys/queue.h> 42 #include <sys/systm.h> 43 44 #include <netbt/bluetooth.h> 45 #include <netbt/hci.h> 46 #include <netbt/l2cap.h> 47 #include <netbt/sco.h> 48 49 /******************************************************************************* 50 * 51 * HCI ACL Connections 52 */ 53 54 /* 55 * Automatically expire unused ACL connections after this number of 56 * seconds (if zero, do not expire unused connections) [sysctl] 57 */ 58 int hci_acl_expiry = 10; /* seconds */ 59 60 /* 61 * hci_acl_open(unit, bdaddr) 62 * 63 * open ACL connection to remote bdaddr. Only one ACL connection is permitted 64 * between any two Bluetooth devices, so we look for an existing one before 65 * trying to start a new one. 66 */ 67 struct hci_link * 68 hci_acl_open(struct hci_unit *unit, bdaddr_t *bdaddr) 69 { 70 struct hci_link *link; 71 struct hci_memo *memo; 72 hci_create_con_cp cp; 73 int err; 74 75 KASSERT(unit); 76 KASSERT(bdaddr); 77 78 link = hci_link_lookup_bdaddr(unit, bdaddr, HCI_LINK_ACL); 79 if (link == NULL) { 80 link = hci_link_alloc(unit); 81 if (link == NULL) 82 return NULL; 83 84 link->hl_type = HCI_LINK_ACL; 85 bdaddr_copy(&link->hl_bdaddr, bdaddr); 86 } 87 88 switch(link->hl_state) { 89 case HCI_LINK_CLOSED: 90 /* 91 * open connection to remote device 92 */ 93 memset(&cp, 0, sizeof(cp)); 94 bdaddr_copy(&cp.bdaddr, bdaddr); 95 cp.pkt_type = htole16(unit->hci_packet_type); 96 97 memo = hci_memo_find(unit, bdaddr); 98 if (memo != NULL) { 99 cp.page_scan_rep_mode = memo->response.page_scan_rep_mode; 100 cp.page_scan_mode = memo->response.page_scan_mode; 101 cp.clock_offset = htole16(memo->response.clock_offset); 102 } 103 104 if (unit->hci_link_policy & HCI_LINK_POLICY_ENABLE_ROLE_SWITCH) 105 cp.accept_role_switch = 1; 106 107 err = hci_send_cmd(unit, HCI_CMD_CREATE_CON, &cp, sizeof(cp)); 108 if (err) { 109 hci_link_free(link, err); 110 return NULL; 111 } 112 113 link->hl_state = HCI_LINK_WAIT_CONNECT; 114 break; 115 116 case HCI_LINK_WAIT_CONNECT: 117 /* 118 * somebody else already trying to connect, we just 119 * sit on the bench with them.. 120 */ 121 break; 122 123 case HCI_LINK_OPEN: 124 /* 125 * If already open, halt any expiry timeouts. We dont need 126 * to care about already invoking timeouts since refcnt >0 127 * will keep the link alive. 128 */ 129 callout_stop(&link->hl_expire); 130 break; 131 132 default: 133 UNKNOWN(link->hl_state); 134 return NULL; 135 } 136 137 /* open */ 138 link->hl_refcnt++; 139 140 return link; 141 } 142 143 /* 144 * Close ACL connection. When there are no more references to this link, 145 * we can either close it down or schedule a delayed closedown. 146 */ 147 void 148 hci_acl_close(struct hci_link *link, int err) 149 { 150 151 KASSERT(link); 152 153 if (--link->hl_refcnt == 0) { 154 if (link->hl_state == HCI_LINK_CLOSED) 155 hci_link_free(link, err); 156 else if (hci_acl_expiry > 0) 157 callout_schedule(&link->hl_expire, hci_acl_expiry * hz); 158 } 159 } 160 161 /* 162 * Incoming ACL connection. 163 * 164 * For now, we accept all connections but it would be better to check 165 * the L2CAP listen list and only accept when there is a listener 166 * available. 167 * 168 * There should not be a link to the same bdaddr already, we check 169 * anyway though its left unhandled for now. 170 */ 171 struct hci_link * 172 hci_acl_newconn(struct hci_unit *unit, bdaddr_t *bdaddr) 173 { 174 struct hci_link *link; 175 176 link = hci_link_lookup_bdaddr(unit, bdaddr, HCI_LINK_ACL); 177 if (link != NULL) 178 return NULL; 179 180 link = hci_link_alloc(unit); 181 if (link != NULL) { 182 link->hl_state = HCI_LINK_WAIT_CONNECT; 183 link->hl_type = HCI_LINK_ACL; 184 bdaddr_copy(&link->hl_bdaddr, bdaddr); 185 186 if (hci_acl_expiry > 0) 187 callout_schedule(&link->hl_expire, hci_acl_expiry * hz); 188 } 189 190 return link; 191 } 192 193 void 194 hci_acl_timeout(void *arg) 195 { 196 struct hci_link *link = arg; 197 hci_discon_cp cp; 198 int s, err; 199 200 s = splsoftnet(); 201 callout_ack(&link->hl_expire); 202 203 if (link->hl_refcnt > 0) 204 goto out; 205 206 DPRINTF("link #%d expired\n", link->hl_handle); 207 208 switch (link->hl_state) { 209 case HCI_LINK_CLOSED: 210 case HCI_LINK_WAIT_CONNECT: 211 hci_link_free(link, ECONNRESET); 212 break; 213 214 case HCI_LINK_OPEN: 215 cp.con_handle = htole16(link->hl_handle); 216 cp.reason = 0x13; /* "Remote User Terminated Connection" */ 217 218 err = hci_send_cmd(link->hl_unit, HCI_CMD_DISCONNECT, 219 &cp, sizeof(cp)); 220 221 if (err) 222 DPRINTF("error %d sending HCI_CMD_DISCONNECT\n", 223 err); 224 225 break; 226 227 default: 228 UNKNOWN(link->hl_state); 229 break; 230 } 231 232 out: 233 splx(s); 234 } 235 236 /* 237 * Receive ACL Data 238 * 239 * we accumulate packet fragments on the hci_link structure 240 * until a full L2CAP frame is ready, then send it on. 241 */ 242 void 243 hci_acl_recv(struct mbuf *m, struct hci_unit *unit) 244 { 245 struct hci_link *link; 246 hci_acldata_hdr_t hdr; 247 uint16_t handle, want; 248 int pb, got; 249 250 KASSERT(m); 251 KASSERT(unit); 252 253 KASSERT(m->m_pkthdr.len >= sizeof(hdr)); 254 m_copydata(m, 0, sizeof(hdr), &hdr); 255 m_adj(m, sizeof(hdr)); 256 257 #ifdef DIAGNOSTIC 258 if (hdr.type != HCI_ACL_DATA_PKT) { 259 printf("%s: bad ACL packet type\n", unit->hci_devname); 260 goto bad; 261 } 262 263 if (m->m_pkthdr.len != le16toh(hdr.length)) { 264 printf("%s: bad ACL packet length (%d != %d)\n", 265 unit->hci_devname, m->m_pkthdr.len, le16toh(hdr.length)); 266 goto bad; 267 } 268 #endif 269 270 hdr.length = le16toh(hdr.length); 271 hdr.con_handle = le16toh(hdr.con_handle); 272 handle = HCI_CON_HANDLE(hdr.con_handle); 273 pb = HCI_PB_FLAG(hdr.con_handle); 274 275 link = hci_link_lookup_handle(unit, handle); 276 if (link == NULL) { 277 hci_discon_cp cp; 278 279 DPRINTF("%s: dumping packet for unknown handle #%d\n", 280 unit->hci_devname, handle); 281 282 /* 283 * There is no way to find out what this connection handle is 284 * for, just get rid of it. This may happen, if a USB dongle 285 * is plugged into a self powered hub and does not reset when 286 * the system is shut down. 287 */ 288 cp.con_handle = htole16(handle); 289 cp.reason = 0x13; /* "Remote User Terminated Connection" */ 290 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &cp, sizeof(cp)); 291 goto bad; 292 } 293 294 switch (pb) { 295 case HCI_PACKET_START: 296 if (link->hl_rxp != NULL) 297 printf("%s: dropped incomplete ACL packet\n", 298 unit->hci_devname); 299 300 if (m->m_pkthdr.len < sizeof(l2cap_hdr_t)) { 301 printf("%s: short ACL packet\n", 302 unit->hci_devname); 303 304 goto bad; 305 } 306 307 link->hl_rxp = m; 308 got = m->m_pkthdr.len; 309 break; 310 311 case HCI_PACKET_FRAGMENT: 312 if (link->hl_rxp == NULL) { 313 printf("%s: unexpected packet fragment\n", 314 unit->hci_devname); 315 316 goto bad; 317 } 318 319 got = m->m_pkthdr.len + link->hl_rxp->m_pkthdr.len; 320 m_cat(link->hl_rxp, m); 321 m = link->hl_rxp; 322 m->m_pkthdr.len = got; 323 break; 324 325 default: 326 printf("%s: unknown packet type\n", 327 unit->hci_devname); 328 329 goto bad; 330 } 331 332 m_copydata(m, 0, sizeof(want), &want); 333 want = le16toh(want) + sizeof(l2cap_hdr_t) - got; 334 335 if (want > 0) 336 return; 337 338 link->hl_rxp = NULL; 339 340 if (want == 0) { 341 l2cap_recv_frame(m, link); 342 return; 343 } 344 345 bad: 346 m_freem(m); 347 } 348 349 /* 350 * Send ACL data on link 351 * 352 * We must fragment packets into chunks of less than unit->hci_max_acl_size and 353 * prepend a relevant ACL header to each fragment. We keep a PDU structure 354 * attached to the link, so that completed fragments can be marked off and 355 * more data requested from above once the PDU is sent. 356 */ 357 int 358 hci_acl_send(struct mbuf *m, struct hci_link *link, 359 struct l2cap_channel *chan) 360 { 361 struct l2cap_pdu *pdu; 362 struct mbuf *n = NULL; 363 int plen, mlen, num = 0; 364 365 KASSERT(link); 366 KASSERT(m); 367 KASSERT(m->m_flags & M_PKTHDR); 368 KASSERT(m->m_pkthdr.len > 0); 369 370 if (link->hl_state == HCI_LINK_CLOSED) { 371 m_freem(m); 372 return ENETDOWN; 373 } 374 375 pdu = pool_get(&l2cap_pdu_pool, PR_NOWAIT); 376 if (pdu == NULL) 377 goto nomem; 378 379 pdu->lp_chan = chan; 380 pdu->lp_pending = 0; 381 MBUFQ_INIT(&pdu->lp_data); 382 383 plen = m->m_pkthdr.len; 384 mlen = link->hl_unit->hci_max_acl_size; 385 386 DPRINTFN(5, "%s: handle #%d, plen = %d, max = %d\n", 387 link->hl_unit->hci_devname, link->hl_handle, plen, mlen); 388 389 while (plen > 0) { 390 if (plen > mlen) { 391 n = m_split(m, mlen, M_DONTWAIT); 392 if (n == NULL) 393 goto nomem; 394 } else { 395 mlen = plen; 396 } 397 398 if (num++ == 0) 399 m->m_flags |= M_PROTO1; /* tag first fragment */ 400 401 DPRINTFN(10, "chunk of %d (plen = %d) bytes\n", mlen, plen); 402 MBUFQ_ENQUEUE(&pdu->lp_data, m); 403 m = n; 404 plen -= mlen; 405 } 406 407 TAILQ_INSERT_TAIL(&link->hl_txq, pdu, lp_next); 408 link->hl_txqlen += num; 409 410 hci_acl_start(link); 411 412 return 0; 413 414 nomem: 415 if (m) m_freem(m); 416 if (n) m_freem(n); 417 if (pdu) { 418 MBUFQ_DRAIN(&pdu->lp_data); 419 pool_put(&l2cap_pdu_pool, pdu); 420 } 421 422 return ENOMEM; 423 } 424 425 /* 426 * Start sending ACL data on link. 427 * 428 * We may use all the available packet slots. The reason that we add 429 * the ACL encapsulation here rather than in hci_acl_send() is that L2CAP 430 * signal packets may be queued before the handle is given to us.. 431 * 432 * this is called from hci_acl_send() above, and the event processing 433 * code (for CON_COMPL and NUM_COMPL_PKTS) 434 */ 435 void 436 hci_acl_start(struct hci_link *link) 437 { 438 struct hci_unit *unit; 439 hci_acldata_hdr_t *hdr; 440 struct l2cap_pdu *pdu; 441 struct mbuf *m; 442 uint16_t handle; 443 444 KASSERT(link); 445 446 unit = link->hl_unit; 447 KASSERT(unit); 448 449 /* this is mainly to block ourselves (below) */ 450 if (link->hl_state != HCI_LINK_OPEN) 451 return; 452 453 if (link->hl_txqlen == 0 || unit->hci_num_acl_pkts == 0) 454 return; 455 456 /* find first PDU with data to send */ 457 pdu = TAILQ_FIRST(&link->hl_txq); 458 for (;;) { 459 if (pdu == NULL) 460 return; 461 462 if (MBUFQ_FIRST(&pdu->lp_data) != NULL) 463 break; 464 465 pdu = TAILQ_NEXT(pdu, lp_next); 466 } 467 468 while (unit->hci_num_acl_pkts > 0) { 469 MBUFQ_DEQUEUE(&pdu->lp_data, m); 470 KASSERT(m != NULL); 471 472 if (m->m_flags & M_PROTO1) 473 handle = HCI_MK_CON_HANDLE(link->hl_handle, 474 HCI_PACKET_START, 0); 475 else 476 handle = HCI_MK_CON_HANDLE(link->hl_handle, 477 HCI_PACKET_FRAGMENT, 0); 478 479 M_PREPEND(m, sizeof(*hdr), M_DONTWAIT); 480 if (m == NULL) 481 break; 482 483 hdr = mtod(m, hci_acldata_hdr_t *); 484 hdr->type = HCI_ACL_DATA_PKT; 485 hdr->con_handle = htole16(handle); 486 hdr->length = htole16(m->m_pkthdr.len - sizeof(*hdr)); 487 488 link->hl_txqlen--; 489 pdu->lp_pending++; 490 491 hci_output_acl(unit, m); 492 493 if (MBUFQ_FIRST(&pdu->lp_data) == NULL) { 494 if (pdu->lp_chan) { 495 /* 496 * This should enable streaming of PDUs - when 497 * we have placed all the fragments on the acl 498 * output queue, we trigger the L2CAP layer to 499 * send us down one more. Use a false state so 500 * we dont run into ourselves coming back from 501 * the future.. 502 */ 503 link->hl_state = HCI_LINK_BLOCK; 504 l2cap_start(pdu->lp_chan); 505 link->hl_state = HCI_LINK_OPEN; 506 } 507 508 pdu = TAILQ_NEXT(pdu, lp_next); 509 if (pdu == NULL) 510 break; 511 } 512 } 513 514 /* 515 * We had our turn now, move to the back of the queue to let 516 * other links have a go at the output buffers.. 517 */ 518 if (TAILQ_NEXT(link, hl_next)) { 519 TAILQ_REMOVE(&unit->hci_links, link, hl_next); 520 TAILQ_INSERT_TAIL(&unit->hci_links, link, hl_next); 521 } 522 } 523 524 /* 525 * Confirm ACL packets cleared from Controller buffers. We scan our PDU 526 * list to clear pending fragments and signal upstream for more data 527 * when a PDU is complete. 528 */ 529 void 530 hci_acl_complete(struct hci_link *link, int num) 531 { 532 struct l2cap_pdu *pdu; 533 struct l2cap_channel *chan; 534 535 DPRINTFN(5, "handle #%d (%d)\n", link->hl_handle, num); 536 537 while (num > 0) { 538 pdu = TAILQ_FIRST(&link->hl_txq); 539 if (pdu == NULL) { 540 printf("%s: %d packets completed on handle #%x " 541 "but none pending!\n", 542 link->hl_unit->hci_devname, num, 543 link->hl_handle); 544 return; 545 } 546 547 if (num >= pdu->lp_pending) { 548 num -= pdu->lp_pending; 549 pdu->lp_pending = 0; 550 551 if (MBUFQ_FIRST(&pdu->lp_data) == NULL) { 552 TAILQ_REMOVE(&link->hl_txq, pdu, lp_next); 553 chan = pdu->lp_chan; 554 if (chan != NULL) { 555 chan->lc_pending--; 556 (*chan->lc_proto->complete) 557 (chan->lc_upper, 1); 558 559 if (chan->lc_pending == 0) 560 l2cap_start(chan); 561 } 562 563 pool_put(&l2cap_pdu_pool, pdu); 564 } 565 } else { 566 pdu->lp_pending -= num; 567 num = 0; 568 } 569 } 570 } 571 572 /******************************************************************************* 573 * 574 * HCI SCO Connections 575 */ 576 577 /* 578 * Incoming SCO Connection. We check the list for anybody willing 579 * to take it. 580 */ 581 struct hci_link * 582 hci_sco_newconn(struct hci_unit *unit, bdaddr_t *bdaddr) 583 { 584 struct sockaddr_bt laddr, raddr; 585 struct sco_pcb *pcb, *new; 586 struct hci_link *sco, *acl; 587 588 memset(&laddr, 0, sizeof(laddr)); 589 laddr.bt_len = sizeof(laddr); 590 laddr.bt_family = AF_BLUETOOTH; 591 bdaddr_copy(&laddr.bt_bdaddr, &unit->hci_bdaddr); 592 593 memset(&raddr, 0, sizeof(raddr)); 594 raddr.bt_len = sizeof(raddr); 595 raddr.bt_family = AF_BLUETOOTH; 596 bdaddr_copy(&raddr.bt_bdaddr, bdaddr); 597 598 /* 599 * There should already be an ACL link up and running before 600 * the controller sends us SCO connection requests, but you 601 * never know.. 602 */ 603 acl = hci_link_lookup_bdaddr(unit, bdaddr, HCI_LINK_ACL); 604 if (acl == NULL || acl->hl_state != HCI_LINK_OPEN) 605 return NULL; 606 607 LIST_FOREACH(pcb, &sco_pcb, sp_next) { 608 if ((pcb->sp_flags & SP_LISTENING) == 0) 609 continue; 610 611 new = (*pcb->sp_proto->newconn)(pcb->sp_upper, &laddr, &raddr); 612 if (new == NULL) 613 continue; 614 615 /* 616 * Ok, got new pcb so we can start a new link and fill 617 * in all the details. 618 */ 619 bdaddr_copy(&new->sp_laddr, &unit->hci_bdaddr); 620 bdaddr_copy(&new->sp_raddr, bdaddr); 621 622 sco = hci_link_alloc(unit); 623 if (sco == NULL) { 624 sco_detach(&new); 625 return NULL; 626 } 627 628 sco->hl_type = HCI_LINK_SCO; 629 bdaddr_copy(&sco->hl_bdaddr, bdaddr); 630 631 sco->hl_link = hci_acl_open(unit, bdaddr); 632 KASSERT(sco->hl_link == acl); 633 634 sco->hl_sco = new; 635 new->sp_link = sco; 636 637 new->sp_mtu = unit->hci_max_sco_size; 638 return sco; 639 } 640 641 return NULL; 642 } 643 644 /* 645 * receive SCO packet, we only need to strip the header and send 646 * it to the right handler 647 */ 648 void 649 hci_sco_recv(struct mbuf *m, struct hci_unit *unit) 650 { 651 struct hci_link *link; 652 hci_scodata_hdr_t hdr; 653 uint16_t handle; 654 655 KASSERT(m); 656 KASSERT(unit); 657 658 KASSERT(m->m_pkthdr.len >= sizeof(hdr)); 659 m_copydata(m, 0, sizeof(hdr), &hdr); 660 m_adj(m, sizeof(hdr)); 661 662 #ifdef DIAGNOSTIC 663 if (hdr.type != HCI_SCO_DATA_PKT) { 664 printf("%s: bad SCO packet type\n", unit->hci_devname); 665 goto bad; 666 } 667 668 if (m->m_pkthdr.len != hdr.length) { 669 printf("%s: bad SCO packet length (%d != %d)\n", unit->hci_devname, m->m_pkthdr.len, hdr.length); 670 goto bad; 671 } 672 #endif 673 674 hdr.con_handle = le16toh(hdr.con_handle); 675 handle = HCI_CON_HANDLE(hdr.con_handle); 676 677 link = hci_link_lookup_handle(unit, handle); 678 if (link == NULL || link->hl_type == HCI_LINK_ACL) { 679 DPRINTF("%s: dumping packet for unknown handle #%d\n", 680 unit->hci_devname, handle); 681 682 goto bad; 683 } 684 685 (*link->hl_sco->sp_proto->input)(link->hl_sco->sp_upper, m); 686 return; 687 688 bad: 689 m_freem(m); 690 } 691 692 void 693 hci_sco_start(struct hci_link *link) 694 { 695 } 696 697 /* 698 * SCO packets have completed at the controller, so we can 699 * signal up to free the buffer space. 700 */ 701 void 702 hci_sco_complete(struct hci_link *link, int num) 703 { 704 705 DPRINTFN(5, "handle #%d (num=%d)\n", link->hl_handle, num); 706 link->hl_sco->sp_pending--; 707 (*link->hl_sco->sp_proto->complete)(link->hl_sco->sp_upper, num); 708 } 709 710 /******************************************************************************* 711 * 712 * Generic HCI Connection alloc/free/lookup etc 713 */ 714 715 struct hci_link * 716 hci_link_alloc(struct hci_unit *unit) 717 { 718 struct hci_link *link; 719 720 KASSERT(unit); 721 722 link = malloc(sizeof(struct hci_link), M_BLUETOOTH, M_NOWAIT | M_ZERO); 723 if (link == NULL) 724 return NULL; 725 726 link->hl_unit = unit; 727 link->hl_state = HCI_LINK_CLOSED; 728 729 /* init ACL portion */ 730 callout_init(&link->hl_expire); 731 callout_setfunc(&link->hl_expire, hci_acl_timeout, link); 732 733 TAILQ_INIT(&link->hl_txq); /* outgoing packets */ 734 TAILQ_INIT(&link->hl_reqs); /* request queue */ 735 736 link->hl_mtu = L2CAP_MTU_DEFAULT; /* L2CAP signal mtu */ 737 link->hl_flush = L2CAP_FLUSH_TIMO_DEFAULT; /* flush timeout */ 738 739 /* init SCO portion */ 740 MBUFQ_INIT(&link->hl_data); 741 742 /* attach to unit */ 743 TAILQ_INSERT_HEAD(&unit->hci_links, link, hl_next); 744 return link; 745 } 746 747 void 748 hci_link_free(struct hci_link *link, int err) 749 { 750 struct l2cap_req *req; 751 struct l2cap_pdu *pdu; 752 struct l2cap_channel *chan, *next; 753 754 KASSERT(link); 755 756 DPRINTF("#%d, type = %d, state = %d, refcnt = %d\n", 757 link->hl_handle, link->hl_type, 758 link->hl_state, link->hl_refcnt); 759 760 /* ACL reference count */ 761 if (link->hl_refcnt > 0) { 762 next = LIST_FIRST(&l2cap_active_list); 763 while ((chan = next) != NULL) { 764 next = LIST_NEXT(chan, lc_ncid); 765 if (chan->lc_link == link) 766 l2cap_close(chan, err); 767 } 768 } 769 KASSERT(link->hl_refcnt == 0); 770 771 /* ACL L2CAP requests.. */ 772 while ((req = TAILQ_FIRST(&link->hl_reqs)) != NULL) 773 l2cap_request_free(req); 774 775 KASSERT(TAILQ_EMPTY(&link->hl_reqs)); 776 777 /* ACL outgoing data queue */ 778 while ((pdu = TAILQ_FIRST(&link->hl_txq)) != NULL) { 779 TAILQ_REMOVE(&link->hl_txq, pdu, lp_next); 780 MBUFQ_DRAIN(&pdu->lp_data); 781 if (pdu->lp_pending) 782 link->hl_unit->hci_num_acl_pkts += pdu->lp_pending; 783 784 pool_put(&l2cap_pdu_pool, pdu); 785 } 786 787 KASSERT(TAILQ_EMPTY(&link->hl_txq)); 788 789 /* ACL incoming data packet */ 790 if (link->hl_rxp != NULL) { 791 m_freem(link->hl_rxp); 792 link->hl_rxp = NULL; 793 } 794 795 /* SCO master ACL link */ 796 if (link->hl_link != NULL) { 797 hci_acl_close(link->hl_link, err); 798 link->hl_link = NULL; 799 } 800 801 /* SCO pcb */ 802 if (link->hl_sco != NULL) { 803 struct sco_pcb *pcb; 804 805 pcb = link->hl_sco; 806 pcb->sp_link = NULL; 807 link->hl_sco = NULL; 808 (*pcb->sp_proto->disconnected)(pcb->sp_upper, err); 809 } 810 811 /* flush any SCO data */ 812 MBUFQ_DRAIN(&link->hl_data); 813 814 /* 815 * Halt the callout - if its already running we cannot free the 816 * link structure but the timeout function will call us back in 817 * any case. 818 */ 819 link->hl_state = HCI_LINK_CLOSED; 820 callout_stop(&link->hl_expire); 821 if (callout_invoking(&link->hl_expire)) 822 return; 823 824 TAILQ_REMOVE(&link->hl_unit->hci_links, link, hl_next); 825 free(link, M_BLUETOOTH); 826 } 827 828 /* 829 * Lookup HCI link by address and type. Note that for SCO links there may 830 * be more than one link per address, so we only return links with no 831 * handle (ie new links) 832 */ 833 struct hci_link * 834 hci_link_lookup_bdaddr(struct hci_unit *unit, bdaddr_t *bdaddr, uint16_t type) 835 { 836 struct hci_link *link; 837 838 KASSERT(unit); 839 KASSERT(bdaddr); 840 841 TAILQ_FOREACH(link, &unit->hci_links, hl_next) { 842 if (link->hl_type != type) 843 continue; 844 845 if (type == HCI_LINK_SCO && link->hl_handle != 0) 846 continue; 847 848 if (bdaddr_same(&link->hl_bdaddr, bdaddr)) 849 break; 850 } 851 852 return link; 853 } 854 855 struct hci_link * 856 hci_link_lookup_handle(struct hci_unit *unit, uint16_t handle) 857 { 858 struct hci_link *link; 859 860 KASSERT(unit); 861 862 TAILQ_FOREACH(link, &unit->hci_links, hl_next) { 863 if (handle == link->hl_handle) 864 break; 865 } 866 867 return link; 868 } 869