hci_event.c revision 1.13
1 /* $NetBSD: hci_event.c,v 1.13 2007/12/30 18:26:42 plunky Exp $ */ 2 3 /*- 4 * Copyright (c) 2005 Iain Hibbert. 5 * Copyright (c) 2006 Itronix Inc. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of Itronix Inc. may not be used to endorse 17 * or promote products derived from this software without specific 18 * prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.13 2007/12/30 18:26:42 plunky Exp $"); 35 36 #include <sys/param.h> 37 #include <sys/kernel.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 #include <sys/proc.h> 41 #include <sys/systm.h> 42 43 #include <netbt/bluetooth.h> 44 #include <netbt/hci.h> 45 #include <netbt/sco.h> 46 47 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *); 48 static void hci_event_rssi_result(struct hci_unit *, struct mbuf *); 49 static void hci_event_command_status(struct hci_unit *, struct mbuf *); 50 static void hci_event_command_compl(struct hci_unit *, struct mbuf *); 51 static void hci_event_con_compl(struct hci_unit *, struct mbuf *); 52 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *); 53 static void hci_event_con_req(struct hci_unit *, struct mbuf *); 54 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *); 55 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *); 56 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *); 57 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *); 58 static void hci_event_read_clock_offset_compl(struct hci_unit *, struct mbuf *); 59 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *); 60 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *); 61 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *); 62 static void hci_cmd_read_local_ver(struct hci_unit *, struct mbuf *); 63 static void hci_cmd_read_local_commands(struct hci_unit *, struct mbuf *); 64 static void hci_cmd_reset(struct hci_unit *, struct mbuf *); 65 66 #ifdef BLUETOOTH_DEBUG 67 int bluetooth_debug; 68 69 static const char *hci_eventnames[] = { 70 /* 0x00 */ "NULL", 71 /* 0x01 */ "INQUIRY COMPLETE", 72 /* 0x02 */ "INQUIRY RESULT", 73 /* 0x03 */ "CONN COMPLETE", 74 /* 0x04 */ "CONN REQ", 75 /* 0x05 */ "DISCONN COMPLETE", 76 /* 0x06 */ "AUTH COMPLETE", 77 /* 0x07 */ "REMOTE NAME REQ COMPLETE", 78 /* 0x08 */ "ENCRYPTION CHANGE", 79 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE", 80 /* 0x0a */ "MASTER LINK KEY COMPLETE", 81 /* 0x0b */ "READ REMOTE FEATURES COMPLETE", 82 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE", 83 /* 0x0d */ "QoS SETUP COMPLETE", 84 /* 0x0e */ "COMMAND COMPLETE", 85 /* 0x0f */ "COMMAND STATUS", 86 /* 0x10 */ "HARDWARE ERROR", 87 /* 0x11 */ "FLUSH OCCUR", 88 /* 0x12 */ "ROLE CHANGE", 89 /* 0x13 */ "NUM COMPLETED PACKETS", 90 /* 0x14 */ "MODE CHANGE", 91 /* 0x15 */ "RETURN LINK KEYS", 92 /* 0x16 */ "PIN CODE REQ", 93 /* 0x17 */ "LINK KEY REQ", 94 /* 0x18 */ "LINK KEY NOTIFICATION", 95 /* 0x19 */ "LOOPBACK COMMAND", 96 /* 0x1a */ "DATA BUFFER OVERFLOW", 97 /* 0x1b */ "MAX SLOT CHANGE", 98 /* 0x1c */ "READ CLOCK OFFSET COMPLETE", 99 /* 0x1d */ "CONN PKT TYPE CHANGED", 100 /* 0x1e */ "QOS VIOLATION", 101 /* 0x1f */ "PAGE SCAN MODE CHANGE", 102 /* 0x20 */ "PAGE SCAN REP MODE CHANGE", 103 /* 0x21 */ "FLOW SPECIFICATION COMPLETE", 104 /* 0x22 */ "RSSI RESULT", 105 /* 0x23 */ "READ REMOTE EXT FEATURES" 106 }; 107 108 static const char * 109 hci_eventstr(unsigned int event) 110 { 111 112 if (event < (sizeof(hci_eventnames) / sizeof(*hci_eventnames))) 113 return hci_eventnames[event]; 114 115 switch (event) { 116 case HCI_EVENT_SCO_CON_COMPL: /* 0x2c */ 117 return "SCO CON COMPLETE"; 118 119 case HCI_EVENT_SCO_CON_CHANGED: /* 0x2d */ 120 return "SCO CON CHANGED"; 121 122 case HCI_EVENT_BT_LOGO: /* 0xfe */ 123 return "BT_LOGO"; 124 125 case HCI_EVENT_VENDOR: /* 0xff */ 126 return "VENDOR"; 127 } 128 129 return "UNRECOGNISED"; 130 } 131 #endif /* BLUETOOTH_DEBUG */ 132 133 /* 134 * process HCI Events 135 * 136 * We will free the mbuf at the end, no need for any sub 137 * functions to handle that. We kind of assume that the 138 * device sends us valid events. 139 */ 140 void 141 hci_event(struct mbuf *m, struct hci_unit *unit) 142 { 143 hci_event_hdr_t hdr; 144 145 KASSERT(m->m_flags & M_PKTHDR); 146 147 KASSERT(m->m_pkthdr.len >= sizeof(hdr)); 148 m_copydata(m, 0, sizeof(hdr), &hdr); 149 m_adj(m, sizeof(hdr)); 150 151 KASSERT(hdr.type == HCI_EVENT_PKT); 152 153 DPRINTFN(1, "(%s) event %s\n", 154 device_xname(unit->hci_dev), hci_eventstr(hdr.event)); 155 156 switch(hdr.event) { 157 case HCI_EVENT_COMMAND_STATUS: 158 hci_event_command_status(unit, m); 159 break; 160 161 case HCI_EVENT_COMMAND_COMPL: 162 hci_event_command_compl(unit, m); 163 break; 164 165 case HCI_EVENT_NUM_COMPL_PKTS: 166 hci_event_num_compl_pkts(unit, m); 167 break; 168 169 case HCI_EVENT_INQUIRY_RESULT: 170 hci_event_inquiry_result(unit, m); 171 break; 172 173 case HCI_EVENT_RSSI_RESULT: 174 hci_event_rssi_result(unit, m); 175 break; 176 177 case HCI_EVENT_CON_COMPL: 178 hci_event_con_compl(unit, m); 179 break; 180 181 case HCI_EVENT_DISCON_COMPL: 182 hci_event_discon_compl(unit, m); 183 break; 184 185 case HCI_EVENT_CON_REQ: 186 hci_event_con_req(unit, m); 187 break; 188 189 case HCI_EVENT_AUTH_COMPL: 190 hci_event_auth_compl(unit, m); 191 break; 192 193 case HCI_EVENT_ENCRYPTION_CHANGE: 194 hci_event_encryption_change(unit, m); 195 break; 196 197 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL: 198 hci_event_change_con_link_key_compl(unit, m); 199 break; 200 201 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL: 202 hci_event_read_clock_offset_compl(unit, m); 203 break; 204 205 case HCI_EVENT_SCO_CON_COMPL: 206 case HCI_EVENT_INQUIRY_COMPL: 207 case HCI_EVENT_REMOTE_NAME_REQ_COMPL: 208 case HCI_EVENT_MASTER_LINK_KEY_COMPL: 209 case HCI_EVENT_READ_REMOTE_FEATURES_COMPL: 210 case HCI_EVENT_READ_REMOTE_VER_INFO_COMPL: 211 case HCI_EVENT_QOS_SETUP_COMPL: 212 case HCI_EVENT_HARDWARE_ERROR: 213 case HCI_EVENT_FLUSH_OCCUR: 214 case HCI_EVENT_ROLE_CHANGE: 215 case HCI_EVENT_MODE_CHANGE: 216 case HCI_EVENT_RETURN_LINK_KEYS: 217 case HCI_EVENT_PIN_CODE_REQ: 218 case HCI_EVENT_LINK_KEY_REQ: 219 case HCI_EVENT_LINK_KEY_NOTIFICATION: 220 case HCI_EVENT_LOOPBACK_COMMAND: 221 case HCI_EVENT_DATA_BUFFER_OVERFLOW: 222 case HCI_EVENT_MAX_SLOT_CHANGE: 223 case HCI_EVENT_CON_PKT_TYPE_CHANGED: 224 case HCI_EVENT_QOS_VIOLATION: 225 case HCI_EVENT_PAGE_SCAN_MODE_CHANGE: 226 case HCI_EVENT_PAGE_SCAN_REP_MODE_CHANGE: 227 case HCI_EVENT_FLOW_SPECIFICATION_COMPL: 228 case HCI_EVENT_READ_REMOTE_EXTENDED_FEATURES: 229 case HCI_EVENT_SCO_CON_CHANGED: 230 case HCI_EVENT_BT_LOGO: 231 case HCI_EVENT_VENDOR: 232 break; 233 234 default: 235 UNKNOWN(hdr.event); 236 break; 237 } 238 239 m_freem(m); 240 } 241 242 /* 243 * Command Status 244 * 245 * Update our record of num_cmd_pkts then post-process any pending commands 246 * and optionally restart cmd output on the unit. 247 */ 248 static void 249 hci_event_command_status(struct hci_unit *unit, struct mbuf *m) 250 { 251 hci_command_status_ep ep; 252 253 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 254 m_copydata(m, 0, sizeof(ep), &ep); 255 m_adj(m, sizeof(ep)); 256 257 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n", 258 device_xname(unit->hci_dev), 259 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 260 ep.status, 261 ep.num_cmd_pkts); 262 263 if (ep.status > 0) 264 aprint_error_dev(unit->hci_dev, 265 "CommandStatus opcode (%03x|%04x) failed (status=0x%02x)\n", 266 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 267 ep.status); 268 269 unit->hci_num_cmd_pkts = ep.num_cmd_pkts; 270 271 /* 272 * post processing of pending commands 273 */ 274 switch(le16toh(ep.opcode)) { 275 default: 276 break; 277 } 278 279 while (unit->hci_num_cmd_pkts > 0 && MBUFQ_FIRST(&unit->hci_cmdwait)) { 280 MBUFQ_DEQUEUE(&unit->hci_cmdwait, m); 281 hci_output_cmd(unit, m); 282 } 283 } 284 285 /* 286 * Command Complete 287 * 288 * Update our record of num_cmd_pkts then handle the completed command, 289 * and optionally restart cmd output on the unit. 290 */ 291 static void 292 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m) 293 { 294 hci_command_compl_ep ep; 295 hci_status_rp rp; 296 297 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 298 m_copydata(m, 0, sizeof(ep), &ep); 299 m_adj(m, sizeof(ep)); 300 301 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n", 302 device_xname(unit->hci_dev), 303 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 304 ep.num_cmd_pkts); 305 306 /* 307 * I am not sure if this is completely correct, it is not guaranteed 308 * that a command_complete packet will contain the status though most 309 * do seem to. 310 */ 311 m_copydata(m, 0, sizeof(rp), &rp); 312 if (rp.status > 0) 313 aprint_error_dev(unit->hci_dev, 314 "CommandComplete opcode (%03x|%04x) failed (status=0x%02x)\n", 315 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 316 rp.status); 317 318 unit->hci_num_cmd_pkts = ep.num_cmd_pkts; 319 320 /* 321 * post processing of completed commands 322 */ 323 switch(le16toh(ep.opcode)) { 324 case HCI_CMD_READ_BDADDR: 325 hci_cmd_read_bdaddr(unit, m); 326 break; 327 328 case HCI_CMD_READ_BUFFER_SIZE: 329 hci_cmd_read_buffer_size(unit, m); 330 break; 331 332 case HCI_CMD_READ_LOCAL_FEATURES: 333 hci_cmd_read_local_features(unit, m); 334 break; 335 336 case HCI_CMD_READ_LOCAL_VER: 337 hci_cmd_read_local_ver(unit, m); 338 break; 339 340 case HCI_CMD_READ_LOCAL_COMMANDS: 341 hci_cmd_read_local_commands(unit, m); 342 break; 343 344 case HCI_CMD_RESET: 345 hci_cmd_reset(unit, m); 346 break; 347 348 default: 349 break; 350 } 351 352 while (unit->hci_num_cmd_pkts > 0 && MBUFQ_FIRST(&unit->hci_cmdwait)) { 353 MBUFQ_DEQUEUE(&unit->hci_cmdwait, m); 354 hci_output_cmd(unit, m); 355 } 356 } 357 358 /* 359 * Number of Completed Packets 360 * 361 * This is sent periodically by the Controller telling us how many 362 * buffers are now freed up and which handle was using them. From 363 * this we determine which type of buffer it was and add the qty 364 * back into the relevant packet counter, then restart output on 365 * links that have halted. 366 */ 367 static void 368 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m) 369 { 370 hci_num_compl_pkts_ep ep; 371 struct hci_link *link, *next; 372 uint16_t handle, num; 373 int num_acl = 0, num_sco = 0; 374 375 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 376 m_copydata(m, 0, sizeof(ep), &ep); 377 m_adj(m, sizeof(ep)); 378 379 while (ep.num_con_handles--) { 380 m_copydata(m, 0, sizeof(handle), &handle); 381 m_adj(m, sizeof(handle)); 382 handle = le16toh(handle); 383 384 m_copydata(m, 0, sizeof(num), &num); 385 m_adj(m, sizeof(num)); 386 num = le16toh(num); 387 388 link = hci_link_lookup_handle(unit, handle); 389 if (link) { 390 if (link->hl_type == HCI_LINK_ACL) { 391 num_acl += num; 392 hci_acl_complete(link, num); 393 } else { 394 num_sco += num; 395 hci_sco_complete(link, num); 396 } 397 } else { 398 /* XXX need to issue Read_Buffer_Size or Reset? */ 399 aprint_error_dev(unit->hci_dev, 400 "unknown handle %d! (losing track of %d packet buffer%s)\n", 401 handle, num, (num == 1 ? "" : "s")); 402 } 403 } 404 405 /* 406 * Move up any queued packets. When a link has sent data, it will move 407 * to the back of the queue - technically then if a link had something 408 * to send and there were still buffers available it could get started 409 * twice but it seemed more important to to handle higher loads fairly 410 * than worry about wasting cycles when we are not busy. 411 */ 412 413 unit->hci_num_acl_pkts += num_acl; 414 unit->hci_num_sco_pkts += num_sco; 415 416 link = TAILQ_FIRST(&unit->hci_links); 417 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) { 418 next = TAILQ_NEXT(link, hl_next); 419 420 if (link->hl_type == HCI_LINK_ACL) { 421 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0) 422 hci_acl_start(link); 423 } else { 424 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0) 425 hci_sco_start(link); 426 } 427 428 link = next; 429 } 430 } 431 432 /* 433 * Inquiry Result 434 * 435 * keep a note of devices seen, so we know which unit to use 436 * on outgoing connections 437 */ 438 static void 439 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m) 440 { 441 hci_inquiry_result_ep ep; 442 hci_inquiry_response ir; 443 struct hci_memo *memo; 444 445 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 446 m_copydata(m, 0, sizeof(ep), &ep); 447 m_adj(m, sizeof(ep)); 448 449 DPRINTFN(1, "%d response%s\n", ep.num_responses, 450 (ep.num_responses == 1 ? "" : "s")); 451 452 while(ep.num_responses--) { 453 KASSERT(m->m_pkthdr.len >= sizeof(ir)); 454 m_copydata(m, 0, sizeof(ir), &ir); 455 m_adj(m, sizeof(ir)); 456 457 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 458 ir.bdaddr.b[5], ir.bdaddr.b[4], ir.bdaddr.b[3], 459 ir.bdaddr.b[2], ir.bdaddr.b[1], ir.bdaddr.b[0]); 460 461 memo = hci_memo_new(unit, &ir.bdaddr); 462 if (memo != NULL) { 463 memo->page_scan_rep_mode = ir.page_scan_rep_mode; 464 memo->page_scan_mode = ir.page_scan_mode; 465 memo->clock_offset = ir.clock_offset; 466 } 467 } 468 } 469 470 /* 471 * Inquiry Result with RSSI 472 * 473 * as above but different packet when RSSI result is enabled 474 */ 475 static void 476 hci_event_rssi_result(struct hci_unit *unit, struct mbuf *m) 477 { 478 hci_rssi_result_ep ep; 479 hci_rssi_response rr; 480 struct hci_memo *memo; 481 482 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 483 m_copydata(m, 0, sizeof(ep), &ep); 484 m_adj(m, sizeof(ep)); 485 486 DPRINTFN(1, "%d response%s\n", ep.num_responses, 487 (ep.num_responses == 1 ? "" : "s")); 488 489 while(ep.num_responses--) { 490 KASSERT(m->m_pkthdr.len >= sizeof(rr)); 491 m_copydata(m, 0, sizeof(rr), &rr); 492 m_adj(m, sizeof(rr)); 493 494 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 495 rr.bdaddr.b[5], rr.bdaddr.b[4], rr.bdaddr.b[3], 496 rr.bdaddr.b[2], rr.bdaddr.b[1], rr.bdaddr.b[0]); 497 498 memo = hci_memo_new(unit, &rr.bdaddr); 499 if (memo != NULL) { 500 memo->page_scan_rep_mode = rr.page_scan_rep_mode; 501 memo->page_scan_mode = 0; 502 memo->clock_offset = rr.clock_offset; 503 } 504 } 505 } 506 507 /* 508 * Connection Complete 509 * 510 * Sent to us when a connection is made. If there is no link 511 * structure already allocated for this, we must have changed 512 * our mind, so just disconnect. 513 */ 514 static void 515 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m) 516 { 517 hci_con_compl_ep ep; 518 hci_write_link_policy_settings_cp cp; 519 struct hci_link *link; 520 int err; 521 522 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 523 m_copydata(m, 0, sizeof(ep), &ep); 524 m_adj(m, sizeof(ep)); 525 526 DPRINTFN(1, "(%s) %s connection complete for " 527 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n", 528 device_xname(unit->hci_dev), 529 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"), 530 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 531 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 532 ep.status); 533 534 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type); 535 536 if (ep.status) { 537 if (link != NULL) { 538 switch (ep.status) { 539 case 0x04: /* "Page Timeout" */ 540 err = EHOSTDOWN; 541 break; 542 543 case 0x08: /* "Connection Timed Out" */ 544 err = ETIMEDOUT; 545 break; 546 547 case 0x16: /* "Connection Terminated by Local Host" */ 548 err = 0; 549 break; 550 551 default: 552 err = ECONNREFUSED; 553 break; 554 } 555 556 hci_link_free(link, err); 557 } 558 559 return; 560 } 561 562 if (link == NULL) { 563 hci_discon_cp dp; 564 565 dp.con_handle = ep.con_handle; 566 dp.reason = 0x13; /* "Remote User Terminated Connection" */ 567 568 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp)); 569 return; 570 } 571 572 /* XXX could check auth_enable here */ 573 574 if (ep.encryption_mode) 575 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 576 577 link->hl_state = HCI_LINK_OPEN; 578 link->hl_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 579 580 if (ep.link_type == HCI_LINK_ACL) { 581 cp.con_handle = ep.con_handle; 582 cp.settings = htole16(unit->hci_link_policy); 583 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS, 584 &cp, sizeof(cp)); 585 if (err) 586 aprint_error_dev(unit->hci_dev, 587 "Warning, could not write link policy\n"); 588 589 err = hci_send_cmd(unit, HCI_CMD_READ_CLOCK_OFFSET, 590 &cp.con_handle, sizeof(cp.con_handle)); 591 if (err) 592 aprint_error_dev(unit->hci_dev, 593 "Warning, could not read clock offset\n"); 594 595 err = hci_acl_setmode(link); 596 if (err == EINPROGRESS) 597 return; 598 599 hci_acl_linkmode(link); 600 } else { 601 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper); 602 } 603 } 604 605 /* 606 * Disconnection Complete 607 * 608 * This is sent in response to a disconnection request, but also if 609 * the remote device goes out of range. 610 */ 611 static void 612 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m) 613 { 614 hci_discon_compl_ep ep; 615 struct hci_link *link; 616 617 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 618 m_copydata(m, 0, sizeof(ep), &ep); 619 m_adj(m, sizeof(ep)); 620 621 ep.con_handle = le16toh(ep.con_handle); 622 623 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 624 625 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle)); 626 if (link) 627 hci_link_free(link, ENOLINK); 628 } 629 630 /* 631 * Connect Request 632 * 633 * We check upstream for appropriate listeners and accept connections 634 * that are wanted. 635 */ 636 static void 637 hci_event_con_req(struct hci_unit *unit, struct mbuf *m) 638 { 639 hci_con_req_ep ep; 640 hci_accept_con_cp ap; 641 hci_reject_con_cp rp; 642 struct hci_link *link; 643 644 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 645 m_copydata(m, 0, sizeof(ep), &ep); 646 m_adj(m, sizeof(ep)); 647 648 DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x " 649 "class %2.2x%2.2x%2.2x type %s\n", 650 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 651 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 652 ep.uclass[0], ep.uclass[1], ep.uclass[2], 653 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"); 654 655 if (ep.link_type == HCI_LINK_ACL) 656 link = hci_acl_newconn(unit, &ep.bdaddr); 657 else 658 link = hci_sco_newconn(unit, &ep.bdaddr); 659 660 if (link == NULL) { 661 memset(&rp, 0, sizeof(rp)); 662 bdaddr_copy(&rp.bdaddr, &ep.bdaddr); 663 rp.reason = 0x0f; /* Unacceptable BD_ADDR */ 664 665 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp)); 666 } else { 667 memset(&ap, 0, sizeof(ap)); 668 bdaddr_copy(&ap.bdaddr, &ep.bdaddr); 669 if (unit->hci_link_policy & HCI_LINK_POLICY_ENABLE_ROLE_SWITCH) 670 ap.role = HCI_ROLE_MASTER; 671 else 672 ap.role = HCI_ROLE_SLAVE; 673 674 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap)); 675 } 676 } 677 678 /* 679 * Auth Complete 680 * 681 * Authentication has been completed on an ACL link. We can notify the 682 * upper layer protocols unless further mode changes are pending. 683 */ 684 static void 685 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m) 686 { 687 hci_auth_compl_ep ep; 688 struct hci_link *link; 689 int err; 690 691 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 692 m_copydata(m, 0, sizeof(ep), &ep); 693 m_adj(m, sizeof(ep)); 694 695 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 696 697 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 698 699 link = hci_link_lookup_handle(unit, ep.con_handle); 700 if (link == NULL || link->hl_type != HCI_LINK_ACL) 701 return; 702 703 if (ep.status == 0) { 704 link->hl_flags |= HCI_LINK_AUTH; 705 706 if (link->hl_state == HCI_LINK_WAIT_AUTH) 707 link->hl_state = HCI_LINK_OPEN; 708 709 err = hci_acl_setmode(link); 710 if (err == EINPROGRESS) 711 return; 712 } 713 714 hci_acl_linkmode(link); 715 } 716 717 /* 718 * Encryption Change 719 * 720 * The encryption status has changed. Basically, we note the change 721 * then notify the upper layer protocol unless further mode changes 722 * are pending. 723 * Note that if encryption gets disabled when it has been requested, 724 * we will attempt to enable it again.. (its a feature not a bug :) 725 */ 726 static void 727 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m) 728 { 729 hci_encryption_change_ep ep; 730 struct hci_link *link; 731 int err; 732 733 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 734 m_copydata(m, 0, sizeof(ep), &ep); 735 m_adj(m, sizeof(ep)); 736 737 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 738 739 DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n", 740 ep.con_handle, ep.status, ep.encryption_enable); 741 742 link = hci_link_lookup_handle(unit, ep.con_handle); 743 if (link == NULL || link->hl_type != HCI_LINK_ACL) 744 return; 745 746 if (ep.status == 0) { 747 if (ep.encryption_enable == 0) 748 link->hl_flags &= ~HCI_LINK_ENCRYPT; 749 else 750 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 751 752 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT) 753 link->hl_state = HCI_LINK_OPEN; 754 755 err = hci_acl_setmode(link); 756 if (err == EINPROGRESS) 757 return; 758 } 759 760 hci_acl_linkmode(link); 761 } 762 763 /* 764 * Change Connection Link Key Complete 765 * 766 * Link keys are handled in userland but if we are waiting to secure 767 * this link, we should notify the upper protocols. A SECURE request 768 * only needs a single key change, so we can cancel the request. 769 */ 770 static void 771 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m) 772 { 773 hci_change_con_link_key_compl_ep ep; 774 struct hci_link *link; 775 int err; 776 777 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 778 m_copydata(m, 0, sizeof(ep), &ep); 779 m_adj(m, sizeof(ep)); 780 781 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 782 783 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 784 785 link = hci_link_lookup_handle(unit, ep.con_handle); 786 if (link == NULL || link->hl_type != HCI_LINK_ACL) 787 return; 788 789 link->hl_flags &= ~HCI_LINK_SECURE_REQ; 790 791 if (ep.status == 0) { 792 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE); 793 794 if (link->hl_state == HCI_LINK_WAIT_SECURE) 795 link->hl_state = HCI_LINK_OPEN; 796 797 err = hci_acl_setmode(link); 798 if (err == EINPROGRESS) 799 return; 800 } 801 802 hci_acl_linkmode(link); 803 } 804 805 /* 806 * Read Clock Offset Complete 807 * 808 * We keep a note of the clock offset of remote devices when a 809 * link is made, in order to facilitate reconnections to the device 810 */ 811 static void 812 hci_event_read_clock_offset_compl(struct hci_unit *unit, struct mbuf *m) 813 { 814 hci_read_clock_offset_compl_ep ep; 815 struct hci_link *link; 816 817 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 818 m_copydata(m, 0, sizeof(ep), &ep); 819 m_adj(m, sizeof(ep)); 820 821 DPRINTFN(1, "handle #%d, offset=%u, status=0x%x\n", 822 le16toh(ep.con_handle), le16toh(ep.clock_offset), ep.status); 823 824 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 825 link = hci_link_lookup_handle(unit, ep.con_handle); 826 827 if (ep.status != 0 || link == NULL) 828 return; 829 830 link->hl_clock = ep.clock_offset; 831 } 832 833 /* 834 * process results of read_bdaddr command_complete event 835 */ 836 static void 837 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m) 838 { 839 hci_read_bdaddr_rp rp; 840 841 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 842 m_copydata(m, 0, sizeof(rp), &rp); 843 m_adj(m, sizeof(rp)); 844 845 if (rp.status > 0) 846 return; 847 848 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0) 849 return; 850 851 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr); 852 853 unit->hci_flags &= ~BTF_INIT_BDADDR; 854 855 wakeup(unit); 856 } 857 858 /* 859 * process results of read_buffer_size command_complete event 860 */ 861 static void 862 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m) 863 { 864 hci_read_buffer_size_rp rp; 865 866 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 867 m_copydata(m, 0, sizeof(rp), &rp); 868 m_adj(m, sizeof(rp)); 869 870 if (rp.status > 0) 871 return; 872 873 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0) 874 return; 875 876 unit->hci_max_acl_size = le16toh(rp.max_acl_size); 877 unit->hci_num_acl_pkts = le16toh(rp.num_acl_pkts); 878 unit->hci_max_sco_size = rp.max_sco_size; 879 unit->hci_num_sco_pkts = le16toh(rp.num_sco_pkts); 880 881 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE; 882 883 wakeup(unit); 884 } 885 886 /* 887 * process results of read_local_features command_complete event 888 */ 889 static void 890 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m) 891 { 892 hci_read_local_features_rp rp; 893 894 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 895 m_copydata(m, 0, sizeof(rp), &rp); 896 m_adj(m, sizeof(rp)); 897 898 if (rp.status > 0) 899 return; 900 901 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 902 return; 903 904 unit->hci_lmp_mask = 0; 905 906 if (rp.features[0] & HCI_LMP_ROLE_SWITCH) 907 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH; 908 909 if (rp.features[0] & HCI_LMP_HOLD_MODE) 910 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE; 911 912 if (rp.features[0] & HCI_LMP_SNIFF_MODE) 913 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE; 914 915 if (rp.features[1] & HCI_LMP_PARK_MODE) 916 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE; 917 918 /* ACL packet mask */ 919 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1; 920 921 if (rp.features[0] & HCI_LMP_3SLOT) 922 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3; 923 924 if (rp.features[0] & HCI_LMP_5SLOT) 925 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5; 926 927 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0) 928 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1 929 | HCI_PKT_2MBPS_DH3 930 | HCI_PKT_2MBPS_DH5; 931 932 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0) 933 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1 934 | HCI_PKT_3MBPS_DH3 935 | HCI_PKT_3MBPS_DH5; 936 937 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0) 938 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3 939 | HCI_PKT_3MBPS_DH3; 940 941 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0) 942 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5 943 | HCI_PKT_3MBPS_DH5; 944 945 unit->hci_packet_type = unit->hci_acl_mask; 946 947 /* SCO packet mask */ 948 unit->hci_sco_mask = 0; 949 if (rp.features[1] & HCI_LMP_SCO_LINK) 950 unit->hci_sco_mask |= HCI_PKT_HV1; 951 952 if (rp.features[1] & HCI_LMP_HV2_PKT) 953 unit->hci_sco_mask |= HCI_PKT_HV2; 954 955 if (rp.features[1] & HCI_LMP_HV3_PKT) 956 unit->hci_sco_mask |= HCI_PKT_HV3; 957 958 if (rp.features[3] & HCI_LMP_EV3_PKT) 959 unit->hci_sco_mask |= HCI_PKT_EV3; 960 961 if (rp.features[4] & HCI_LMP_EV4_PKT) 962 unit->hci_sco_mask |= HCI_PKT_EV4; 963 964 if (rp.features[4] & HCI_LMP_EV5_PKT) 965 unit->hci_sco_mask |= HCI_PKT_EV5; 966 967 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */ 968 969 unit->hci_flags &= ~BTF_INIT_FEATURES; 970 971 wakeup(unit); 972 973 DPRINTFN(1, "%s: lmp_mask %4.4x, acl_mask %4.4x, sco_mask %4.4x\n", 974 device_xname(unit->hci_dev), unit->hci_lmp_mask, 975 unit->hci_acl_mask, unit->hci_sco_mask); 976 } 977 978 /* 979 * process results of read_local_ver command_complete event 980 * 981 * reading local supported commands is only supported from 1.2 spec 982 */ 983 static void 984 hci_cmd_read_local_ver(struct hci_unit *unit, struct mbuf *m) 985 { 986 hci_read_local_ver_rp rp; 987 988 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 989 m_copydata(m, 0, sizeof(rp), &rp); 990 m_adj(m, sizeof(rp)); 991 992 if (rp.status != 0) 993 return; 994 995 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 996 return; 997 998 if (rp.hci_version < HCI_SPEC_V12) { 999 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1000 wakeup(unit); 1001 return; 1002 } 1003 1004 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_COMMANDS, NULL, 0); 1005 } 1006 1007 /* 1008 * process results of read_local_commands command_complete event 1009 */ 1010 static void 1011 hci_cmd_read_local_commands(struct hci_unit *unit, struct mbuf *m) 1012 { 1013 hci_read_local_commands_rp rp; 1014 1015 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 1016 m_copydata(m, 0, sizeof(rp), &rp); 1017 m_adj(m, sizeof(rp)); 1018 1019 if (rp.status != 0) 1020 return; 1021 1022 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1023 return; 1024 1025 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1026 memcpy(unit->hci_cmds, rp.commands, HCI_COMMANDS_SIZE); 1027 1028 wakeup(unit); 1029 } 1030 1031 /* 1032 * process results of reset command_complete event 1033 * 1034 * This has killed all the connections, so close down anything we have left, 1035 * and reinitialise the unit. 1036 */ 1037 static void 1038 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m) 1039 { 1040 hci_reset_rp rp; 1041 struct hci_link *link, *next; 1042 int acl; 1043 1044 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 1045 m_copydata(m, 0, sizeof(rp), &rp); 1046 m_adj(m, sizeof(rp)); 1047 1048 if (rp.status != 0) 1049 return; 1050 1051 /* 1052 * release SCO links first, since they may be holding 1053 * an ACL link reference. 1054 */ 1055 for (acl = 0 ; acl < 2 ; acl++) { 1056 next = TAILQ_FIRST(&unit->hci_links); 1057 while ((link = next) != NULL) { 1058 next = TAILQ_NEXT(link, hl_next); 1059 if (acl || link->hl_type != HCI_LINK_ACL) 1060 hci_link_free(link, ECONNABORTED); 1061 } 1062 } 1063 1064 unit->hci_num_acl_pkts = 0; 1065 unit->hci_num_sco_pkts = 0; 1066 1067 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0)) 1068 return; 1069 1070 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0)) 1071 return; 1072 1073 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0)) 1074 return; 1075 1076 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_VER, NULL, 0)) 1077 return; 1078 } 1079
Indexes created Sun Oct 12 09:09:55 GMT 2025