hci_event.c revision 1.22
1 /* $NetBSD: hci_event.c,v 1.22 2010/11/22 19:56:51 plunky Exp $ */ 2 3 /*- 4 * Copyright (c) 2005 Iain Hibbert. 5 * Copyright (c) 2006 Itronix Inc. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of Itronix Inc. may not be used to endorse 17 * or promote products derived from this software without specific 18 * prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.22 2010/11/22 19:56:51 plunky Exp $"); 35 36 #include <sys/param.h> 37 #include <sys/kernel.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 #include <sys/proc.h> 41 #include <sys/systm.h> 42 43 #include <netbt/bluetooth.h> 44 #include <netbt/hci.h> 45 #include <netbt/sco.h> 46 47 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *); 48 static void hci_event_rssi_result(struct hci_unit *, struct mbuf *); 49 static void hci_event_extended_result(struct hci_unit *, struct mbuf *); 50 static void hci_event_command_status(struct hci_unit *, struct mbuf *); 51 static void hci_event_command_compl(struct hci_unit *, struct mbuf *); 52 static void hci_event_con_compl(struct hci_unit *, struct mbuf *); 53 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *); 54 static void hci_event_con_req(struct hci_unit *, struct mbuf *); 55 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *); 56 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *); 57 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *); 58 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *); 59 static void hci_event_read_clock_offset_compl(struct hci_unit *, struct mbuf *); 60 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *); 61 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *); 62 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *); 63 static void hci_cmd_read_local_extended_features(struct hci_unit *, struct mbuf *); 64 static void hci_cmd_read_local_ver(struct hci_unit *, struct mbuf *); 65 static void hci_cmd_read_local_commands(struct hci_unit *, struct mbuf *); 66 static void hci_cmd_reset(struct hci_unit *, struct mbuf *); 67 static void hci_cmd_create_con(struct hci_unit *unit, uint8_t status); 68 69 #ifdef BLUETOOTH_DEBUG 70 int bluetooth_debug; 71 72 static const char *hci_eventnames[] = { 73 /* 0x00 */ "NULL", 74 /* 0x01 */ "INQUIRY COMPLETE", 75 /* 0x02 */ "INQUIRY RESULT", 76 /* 0x03 */ "CONN COMPLETE", 77 /* 0x04 */ "CONN REQ", 78 /* 0x05 */ "DISCONN COMPLETE", 79 /* 0x06 */ "AUTH COMPLETE", 80 /* 0x07 */ "REMOTE NAME REQ COMPLETE", 81 /* 0x08 */ "ENCRYPTION CHANGE", 82 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE", 83 /* 0x0a */ "MASTER LINK KEY COMPLETE", 84 /* 0x0b */ "READ REMOTE FEATURES COMPLETE", 85 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE", 86 /* 0x0d */ "QoS SETUP COMPLETE", 87 /* 0x0e */ "COMMAND COMPLETE", 88 /* 0x0f */ "COMMAND STATUS", 89 /* 0x10 */ "HARDWARE ERROR", 90 /* 0x11 */ "FLUSH OCCUR", 91 /* 0x12 */ "ROLE CHANGE", 92 /* 0x13 */ "NUM COMPLETED PACKETS", 93 /* 0x14 */ "MODE CHANGE", 94 /* 0x15 */ "RETURN LINK KEYS", 95 /* 0x16 */ "PIN CODE REQ", 96 /* 0x17 */ "LINK KEY REQ", 97 /* 0x18 */ "LINK KEY NOTIFICATION", 98 /* 0x19 */ "LOOPBACK COMMAND", 99 /* 0x1a */ "DATA BUFFER OVERFLOW", 100 /* 0x1b */ "MAX SLOT CHANGE", 101 /* 0x1c */ "READ CLOCK OFFSET COMPLETE", 102 /* 0x1d */ "CONN PKT TYPE CHANGED", 103 /* 0x1e */ "QOS VIOLATION", 104 /* 0x1f */ "PAGE SCAN MODE CHANGE", 105 /* 0x20 */ "PAGE SCAN REP MODE CHANGE", 106 /* 0x21 */ "FLOW SPECIFICATION COMPLETE", 107 /* 0x22 */ "RSSI RESULT", 108 /* 0x23 */ "READ REMOTE EXT FEATURES", 109 /* 0x24 */ "UNKNOWN", 110 /* 0x25 */ "UNKNOWN", 111 /* 0x26 */ "UNKNOWN", 112 /* 0x27 */ "UNKNOWN", 113 /* 0x28 */ "UNKNOWN", 114 /* 0x29 */ "UNKNOWN", 115 /* 0x2a */ "UNKNOWN", 116 /* 0x2b */ "UNKNOWN", 117 /* 0x2c */ "SCO CON COMPLETE", 118 /* 0x2d */ "SCO CON CHANGED", 119 /* 0x2e */ "SNIFF SUBRATING", 120 /* 0x2f */ "EXTENDED INQUIRY RESULT", 121 /* 0x30 */ "ENCRYPTION KEY REFRESH", 122 /* 0x31 */ "IO CAPABILITY REQUEST", 123 /* 0x32 */ "IO CAPABILITY RESPONSE", 124 /* 0x33 */ "USER CONFIRM REQUEST", 125 /* 0x34 */ "USER PASSKEY REQUEST", 126 /* 0x35 */ "REMOTE OOB DATA REQUEST", 127 /* 0x36 */ "SIMPLE PAIRING COMPLETE", 128 /* 0x37 */ "UNKNOWN", 129 /* 0x38 */ "LINK SUPERVISION TIMEOUT CHANGED", 130 /* 0x39 */ "ENHANCED FLUSH COMPLETE", 131 /* 0x3a */ "UNKNOWN", 132 /* 0x3b */ "USER PASSKEY NOTIFICATION", 133 /* 0x3c */ "KEYPRESS NOTIFICATION", 134 /* 0x3d */ "REMOTE HOST FEATURES NOTIFICATION", 135 }; 136 137 static const char * 138 hci_eventstr(unsigned int event) 139 { 140 141 if (event < __arraycount(hci_eventnames)) 142 return hci_eventnames[event]; 143 144 switch (event) { 145 case HCI_EVENT_BT_LOGO: /* 0xfe */ 146 return "BT_LOGO"; 147 148 case HCI_EVENT_VENDOR: /* 0xff */ 149 return "VENDOR"; 150 } 151 152 return "UNKNOWN"; 153 } 154 #endif /* BLUETOOTH_DEBUG */ 155 156 /* 157 * process HCI Events 158 * 159 * We will free the mbuf at the end, no need for any sub 160 * functions to handle that. We kind of assume that the 161 * device sends us valid events. 162 */ 163 void 164 hci_event(struct mbuf *m, struct hci_unit *unit) 165 { 166 hci_event_hdr_t hdr; 167 168 KASSERT(m->m_flags & M_PKTHDR); 169 170 KASSERT(m->m_pkthdr.len >= sizeof(hdr)); 171 m_copydata(m, 0, sizeof(hdr), &hdr); 172 m_adj(m, sizeof(hdr)); 173 174 KASSERT(hdr.type == HCI_EVENT_PKT); 175 176 DPRINTFN(1, "(%s) event %s\n", 177 device_xname(unit->hci_dev), hci_eventstr(hdr.event)); 178 179 switch(hdr.event) { 180 case HCI_EVENT_COMMAND_STATUS: 181 hci_event_command_status(unit, m); 182 break; 183 184 case HCI_EVENT_COMMAND_COMPL: 185 hci_event_command_compl(unit, m); 186 break; 187 188 case HCI_EVENT_NUM_COMPL_PKTS: 189 hci_event_num_compl_pkts(unit, m); 190 break; 191 192 case HCI_EVENT_INQUIRY_RESULT: 193 hci_event_inquiry_result(unit, m); 194 break; 195 196 case HCI_EVENT_RSSI_RESULT: 197 hci_event_rssi_result(unit, m); 198 break; 199 200 case HCI_EVENT_EXTENDED_RESULT: 201 hci_event_extended_result(unit, m); 202 break; 203 204 case HCI_EVENT_CON_COMPL: 205 hci_event_con_compl(unit, m); 206 break; 207 208 case HCI_EVENT_DISCON_COMPL: 209 hci_event_discon_compl(unit, m); 210 break; 211 212 case HCI_EVENT_CON_REQ: 213 hci_event_con_req(unit, m); 214 break; 215 216 case HCI_EVENT_AUTH_COMPL: 217 hci_event_auth_compl(unit, m); 218 break; 219 220 case HCI_EVENT_ENCRYPTION_CHANGE: 221 hci_event_encryption_change(unit, m); 222 break; 223 224 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL: 225 hci_event_change_con_link_key_compl(unit, m); 226 break; 227 228 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL: 229 hci_event_read_clock_offset_compl(unit, m); 230 break; 231 232 default: 233 break; 234 } 235 236 m_freem(m); 237 } 238 239 /* 240 * Command Status 241 * 242 * Restart command queue and post-process any pending commands 243 */ 244 static void 245 hci_event_command_status(struct hci_unit *unit, struct mbuf *m) 246 { 247 hci_command_status_ep ep; 248 249 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 250 m_copydata(m, 0, sizeof(ep), &ep); 251 m_adj(m, sizeof(ep)); 252 253 ep.opcode = le16toh(ep.opcode); 254 255 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n", 256 device_xname(unit->hci_dev), 257 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode), 258 ep.status, 259 ep.num_cmd_pkts); 260 261 hci_num_cmds(unit, ep.num_cmd_pkts); 262 263 /* 264 * post processing of pending commands 265 */ 266 switch(ep.opcode) { 267 case HCI_CMD_CREATE_CON: 268 hci_cmd_create_con(unit, ep.status); 269 break; 270 271 default: 272 if (ep.status == 0) 273 break; 274 275 aprint_error_dev(unit->hci_dev, 276 "CommandStatus opcode (%03x|%04x) failed (status=0x%02x)\n", 277 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode), 278 ep.status); 279 280 break; 281 } 282 } 283 284 /* 285 * Command Complete 286 * 287 * Restart command queue and handle the completed command 288 */ 289 static void 290 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m) 291 { 292 hci_command_compl_ep ep; 293 hci_status_rp rp; 294 295 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 296 m_copydata(m, 0, sizeof(ep), &ep); 297 m_adj(m, sizeof(ep)); 298 299 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n", 300 device_xname(unit->hci_dev), 301 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 302 ep.num_cmd_pkts); 303 304 hci_num_cmds(unit, ep.num_cmd_pkts); 305 306 /* 307 * I am not sure if this is completely correct, it is not guaranteed 308 * that a command_complete packet will contain the status though most 309 * do seem to. 310 */ 311 m_copydata(m, 0, sizeof(rp), &rp); 312 if (rp.status > 0) 313 aprint_error_dev(unit->hci_dev, 314 "CommandComplete opcode (%03x|%04x) failed (status=0x%02x)\n", 315 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 316 rp.status); 317 318 /* 319 * post processing of completed commands 320 */ 321 switch(le16toh(ep.opcode)) { 322 case HCI_CMD_READ_BDADDR: 323 hci_cmd_read_bdaddr(unit, m); 324 break; 325 326 case HCI_CMD_READ_BUFFER_SIZE: 327 hci_cmd_read_buffer_size(unit, m); 328 break; 329 330 case HCI_CMD_READ_LOCAL_FEATURES: 331 hci_cmd_read_local_features(unit, m); 332 break; 333 334 case HCI_CMD_READ_LOCAL_EXTENDED_FEATURES: 335 hci_cmd_read_local_extended_features(unit, m); 336 break; 337 338 case HCI_CMD_READ_LOCAL_VER: 339 hci_cmd_read_local_ver(unit, m); 340 break; 341 342 case HCI_CMD_READ_LOCAL_COMMANDS: 343 hci_cmd_read_local_commands(unit, m); 344 break; 345 346 case HCI_CMD_RESET: 347 hci_cmd_reset(unit, m); 348 break; 349 350 default: 351 break; 352 } 353 } 354 355 /* 356 * Number of Completed Packets 357 * 358 * This is sent periodically by the Controller telling us how many 359 * buffers are now freed up and which handle was using them. From 360 * this we determine which type of buffer it was and add the qty 361 * back into the relevant packet counter, then restart output on 362 * links that have halted. 363 */ 364 static void 365 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m) 366 { 367 hci_num_compl_pkts_ep ep; 368 struct hci_link *link, *next; 369 uint16_t handle, num; 370 int num_acl = 0, num_sco = 0; 371 372 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 373 m_copydata(m, 0, sizeof(ep), &ep); 374 m_adj(m, sizeof(ep)); 375 376 while (ep.num_con_handles--) { 377 m_copydata(m, 0, sizeof(handle), &handle); 378 m_adj(m, sizeof(handle)); 379 handle = le16toh(handle); 380 381 m_copydata(m, 0, sizeof(num), &num); 382 m_adj(m, sizeof(num)); 383 num = le16toh(num); 384 385 link = hci_link_lookup_handle(unit, handle); 386 if (link) { 387 if (link->hl_type == HCI_LINK_ACL) { 388 num_acl += num; 389 hci_acl_complete(link, num); 390 } else { 391 num_sco += num; 392 hci_sco_complete(link, num); 393 } 394 } else { 395 /* XXX need to issue Read_Buffer_Size or Reset? */ 396 aprint_error_dev(unit->hci_dev, 397 "unknown handle %d! (losing track of %d packet buffer%s)\n", 398 handle, num, (num == 1 ? "" : "s")); 399 } 400 } 401 402 /* 403 * Move up any queued packets. When a link has sent data, it will move 404 * to the back of the queue - technically then if a link had something 405 * to send and there were still buffers available it could get started 406 * twice but it seemed more important to to handle higher loads fairly 407 * than worry about wasting cycles when we are not busy. 408 */ 409 410 unit->hci_num_acl_pkts += num_acl; 411 unit->hci_num_sco_pkts += num_sco; 412 413 link = TAILQ_FIRST(&unit->hci_links); 414 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) { 415 next = TAILQ_NEXT(link, hl_next); 416 417 if (link->hl_type == HCI_LINK_ACL) { 418 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0) 419 hci_acl_start(link); 420 } else { 421 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0) 422 hci_sco_start(link); 423 } 424 425 link = next; 426 } 427 } 428 429 /* 430 * Inquiry Result 431 * 432 * keep a note of devices seen, so we know which unit to use 433 * on outgoing connections 434 */ 435 static void 436 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m) 437 { 438 hci_inquiry_result_ep ep; 439 hci_inquiry_response ir; 440 struct hci_memo *memo; 441 442 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 443 m_copydata(m, 0, sizeof(ep), &ep); 444 m_adj(m, sizeof(ep)); 445 446 DPRINTFN(1, "%d response%s\n", ep.num_responses, 447 (ep.num_responses == 1 ? "" : "s")); 448 449 while(ep.num_responses--) { 450 KASSERT(m->m_pkthdr.len >= sizeof(ir)); 451 m_copydata(m, 0, sizeof(ir), &ir); 452 m_adj(m, sizeof(ir)); 453 454 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 455 ir.bdaddr.b[5], ir.bdaddr.b[4], ir.bdaddr.b[3], 456 ir.bdaddr.b[2], ir.bdaddr.b[1], ir.bdaddr.b[0]); 457 458 memo = hci_memo_new(unit, &ir.bdaddr); 459 if (memo != NULL) { 460 memo->page_scan_rep_mode = ir.page_scan_rep_mode; 461 memo->page_scan_mode = ir.page_scan_mode; 462 memo->clock_offset = ir.clock_offset; 463 } 464 } 465 } 466 467 /* 468 * Inquiry Result with RSSI 469 * 470 * as above but different packet when RSSI result is enabled 471 */ 472 static void 473 hci_event_rssi_result(struct hci_unit *unit, struct mbuf *m) 474 { 475 hci_rssi_result_ep ep; 476 hci_rssi_response rr; 477 struct hci_memo *memo; 478 479 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 480 m_copydata(m, 0, sizeof(ep), &ep); 481 m_adj(m, sizeof(ep)); 482 483 DPRINTFN(1, "%d response%s\n", ep.num_responses, 484 (ep.num_responses == 1 ? "" : "s")); 485 486 while(ep.num_responses--) { 487 KASSERT(m->m_pkthdr.len >= sizeof(rr)); 488 m_copydata(m, 0, sizeof(rr), &rr); 489 m_adj(m, sizeof(rr)); 490 491 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 492 rr.bdaddr.b[5], rr.bdaddr.b[4], rr.bdaddr.b[3], 493 rr.bdaddr.b[2], rr.bdaddr.b[1], rr.bdaddr.b[0]); 494 495 memo = hci_memo_new(unit, &rr.bdaddr); 496 if (memo != NULL) { 497 memo->page_scan_rep_mode = rr.page_scan_rep_mode; 498 memo->page_scan_mode = 0; 499 memo->clock_offset = rr.clock_offset; 500 } 501 } 502 } 503 504 /* 505 * Extended Inquiry Result 506 * 507 * as above but provides only one response and extended service info 508 */ 509 static void 510 hci_event_extended_result(struct hci_unit *unit, struct mbuf *m) 511 { 512 hci_extended_result_ep ep; 513 struct hci_memo *memo; 514 515 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 516 m_copydata(m, 0, sizeof(ep), &ep); 517 m_adj(m, sizeof(ep)); 518 519 if (ep.num_responses != 1) 520 return; 521 522 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 523 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 524 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0]); 525 526 memo = hci_memo_new(unit, &ep.bdaddr); 527 if (memo != NULL) { 528 memo->page_scan_rep_mode = ep.page_scan_rep_mode; 529 memo->page_scan_mode = 0; 530 memo->clock_offset = ep.clock_offset; 531 } 532 } 533 534 /* 535 * Connection Complete 536 * 537 * Sent to us when a connection is made. If there is no link 538 * structure already allocated for this, we must have changed 539 * our mind, so just disconnect. 540 */ 541 static void 542 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m) 543 { 544 hci_con_compl_ep ep; 545 hci_write_link_policy_settings_cp cp; 546 struct hci_link *link; 547 int err; 548 549 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 550 m_copydata(m, 0, sizeof(ep), &ep); 551 m_adj(m, sizeof(ep)); 552 553 DPRINTFN(1, "(%s) %s connection complete for " 554 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n", 555 device_xname(unit->hci_dev), 556 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"), 557 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 558 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 559 ep.status); 560 561 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type); 562 563 if (ep.status) { 564 if (link != NULL) { 565 switch (ep.status) { 566 case 0x04: /* "Page Timeout" */ 567 err = EHOSTDOWN; 568 break; 569 570 case 0x08: /* "Connection Timed Out" */ 571 err = ETIMEDOUT; 572 break; 573 574 case 0x16: /* "Connection Terminated by Local Host" */ 575 err = 0; 576 break; 577 578 default: 579 err = ECONNREFUSED; 580 break; 581 } 582 583 hci_link_free(link, err); 584 } 585 586 return; 587 } 588 589 if (link == NULL) { 590 hci_discon_cp dp; 591 592 dp.con_handle = ep.con_handle; 593 dp.reason = 0x13; /* "Remote User Terminated Connection" */ 594 595 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp)); 596 return; 597 } 598 599 /* XXX could check auth_enable here */ 600 601 if (ep.encryption_mode) 602 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 603 604 link->hl_state = HCI_LINK_OPEN; 605 link->hl_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 606 607 if (ep.link_type == HCI_LINK_ACL) { 608 cp.con_handle = ep.con_handle; 609 cp.settings = htole16(unit->hci_link_policy); 610 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS, 611 &cp, sizeof(cp)); 612 if (err) 613 aprint_error_dev(unit->hci_dev, 614 "Warning, could not write link policy\n"); 615 616 err = hci_send_cmd(unit, HCI_CMD_READ_CLOCK_OFFSET, 617 &cp.con_handle, sizeof(cp.con_handle)); 618 if (err) 619 aprint_error_dev(unit->hci_dev, 620 "Warning, could not read clock offset\n"); 621 622 err = hci_acl_setmode(link); 623 if (err == EINPROGRESS) 624 return; 625 626 hci_acl_linkmode(link); 627 } else { 628 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper); 629 } 630 } 631 632 /* 633 * Disconnection Complete 634 * 635 * This is sent in response to a disconnection request, but also if 636 * the remote device goes out of range. 637 */ 638 static void 639 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m) 640 { 641 hci_discon_compl_ep ep; 642 struct hci_link *link; 643 644 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 645 m_copydata(m, 0, sizeof(ep), &ep); 646 m_adj(m, sizeof(ep)); 647 648 ep.con_handle = le16toh(ep.con_handle); 649 650 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 651 652 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle)); 653 if (link) 654 hci_link_free(link, ENOLINK); 655 } 656 657 /* 658 * Connect Request 659 * 660 * We check upstream for appropriate listeners and accept connections 661 * that are wanted. 662 */ 663 static void 664 hci_event_con_req(struct hci_unit *unit, struct mbuf *m) 665 { 666 hci_con_req_ep ep; 667 hci_accept_con_cp ap; 668 hci_reject_con_cp rp; 669 struct hci_link *link; 670 671 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 672 m_copydata(m, 0, sizeof(ep), &ep); 673 m_adj(m, sizeof(ep)); 674 675 DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x " 676 "class %2.2x%2.2x%2.2x type %s\n", 677 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 678 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 679 ep.uclass[0], ep.uclass[1], ep.uclass[2], 680 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"); 681 682 if (ep.link_type == HCI_LINK_ACL) 683 link = hci_acl_newconn(unit, &ep.bdaddr); 684 else 685 link = hci_sco_newconn(unit, &ep.bdaddr); 686 687 if (link == NULL) { 688 memset(&rp, 0, sizeof(rp)); 689 bdaddr_copy(&rp.bdaddr, &ep.bdaddr); 690 rp.reason = 0x0f; /* Unacceptable BD_ADDR */ 691 692 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp)); 693 } else { 694 memset(&ap, 0, sizeof(ap)); 695 bdaddr_copy(&ap.bdaddr, &ep.bdaddr); 696 if (unit->hci_flags & BTF_MASTER) 697 ap.role = HCI_ROLE_MASTER; 698 else 699 ap.role = HCI_ROLE_SLAVE; 700 701 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap)); 702 } 703 } 704 705 /* 706 * Auth Complete 707 * 708 * Authentication has been completed on an ACL link. We can notify the 709 * upper layer protocols unless further mode changes are pending. 710 */ 711 static void 712 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m) 713 { 714 hci_auth_compl_ep ep; 715 struct hci_link *link; 716 int err; 717 718 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 719 m_copydata(m, 0, sizeof(ep), &ep); 720 m_adj(m, sizeof(ep)); 721 722 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 723 724 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 725 726 link = hci_link_lookup_handle(unit, ep.con_handle); 727 if (link == NULL || link->hl_type != HCI_LINK_ACL) 728 return; 729 730 if (ep.status == 0) { 731 link->hl_flags |= HCI_LINK_AUTH; 732 733 if (link->hl_state == HCI_LINK_WAIT_AUTH) 734 link->hl_state = HCI_LINK_OPEN; 735 736 err = hci_acl_setmode(link); 737 if (err == EINPROGRESS) 738 return; 739 } 740 741 hci_acl_linkmode(link); 742 } 743 744 /* 745 * Encryption Change 746 * 747 * The encryption status has changed. Basically, we note the change 748 * then notify the upper layer protocol unless further mode changes 749 * are pending. 750 * Note that if encryption gets disabled when it has been requested, 751 * we will attempt to enable it again.. (its a feature not a bug :) 752 */ 753 static void 754 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m) 755 { 756 hci_encryption_change_ep ep; 757 struct hci_link *link; 758 int err; 759 760 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 761 m_copydata(m, 0, sizeof(ep), &ep); 762 m_adj(m, sizeof(ep)); 763 764 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 765 766 DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n", 767 ep.con_handle, ep.status, ep.encryption_enable); 768 769 link = hci_link_lookup_handle(unit, ep.con_handle); 770 if (link == NULL || link->hl_type != HCI_LINK_ACL) 771 return; 772 773 if (ep.status == 0) { 774 if (ep.encryption_enable == 0) 775 link->hl_flags &= ~HCI_LINK_ENCRYPT; 776 else 777 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 778 779 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT) 780 link->hl_state = HCI_LINK_OPEN; 781 782 err = hci_acl_setmode(link); 783 if (err == EINPROGRESS) 784 return; 785 } 786 787 hci_acl_linkmode(link); 788 } 789 790 /* 791 * Change Connection Link Key Complete 792 * 793 * Link keys are handled in userland but if we are waiting to secure 794 * this link, we should notify the upper protocols. A SECURE request 795 * only needs a single key change, so we can cancel the request. 796 */ 797 static void 798 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m) 799 { 800 hci_change_con_link_key_compl_ep ep; 801 struct hci_link *link; 802 int err; 803 804 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 805 m_copydata(m, 0, sizeof(ep), &ep); 806 m_adj(m, sizeof(ep)); 807 808 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 809 810 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 811 812 link = hci_link_lookup_handle(unit, ep.con_handle); 813 if (link == NULL || link->hl_type != HCI_LINK_ACL) 814 return; 815 816 link->hl_flags &= ~HCI_LINK_SECURE_REQ; 817 818 if (ep.status == 0) { 819 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE); 820 821 if (link->hl_state == HCI_LINK_WAIT_SECURE) 822 link->hl_state = HCI_LINK_OPEN; 823 824 err = hci_acl_setmode(link); 825 if (err == EINPROGRESS) 826 return; 827 } 828 829 hci_acl_linkmode(link); 830 } 831 832 /* 833 * Read Clock Offset Complete 834 * 835 * We keep a note of the clock offset of remote devices when a 836 * link is made, in order to facilitate reconnections to the device 837 */ 838 static void 839 hci_event_read_clock_offset_compl(struct hci_unit *unit, struct mbuf *m) 840 { 841 hci_read_clock_offset_compl_ep ep; 842 struct hci_link *link; 843 844 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 845 m_copydata(m, 0, sizeof(ep), &ep); 846 m_adj(m, sizeof(ep)); 847 848 DPRINTFN(1, "handle #%d, offset=%u, status=0x%x\n", 849 le16toh(ep.con_handle), le16toh(ep.clock_offset), ep.status); 850 851 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 852 link = hci_link_lookup_handle(unit, ep.con_handle); 853 if (link == NULL || link->hl_type != HCI_LINK_ACL) 854 return; 855 856 if (ep.status == 0) 857 link->hl_clock = ep.clock_offset; 858 } 859 860 /* 861 * process results of read_bdaddr command_complete event 862 */ 863 static void 864 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m) 865 { 866 hci_read_bdaddr_rp rp; 867 868 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 869 m_copydata(m, 0, sizeof(rp), &rp); 870 m_adj(m, sizeof(rp)); 871 872 if (rp.status > 0) 873 return; 874 875 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0) 876 return; 877 878 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr); 879 880 unit->hci_flags &= ~BTF_INIT_BDADDR; 881 882 cv_broadcast(&unit->hci_init); 883 } 884 885 /* 886 * process results of read_buffer_size command_complete event 887 */ 888 static void 889 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m) 890 { 891 hci_read_buffer_size_rp rp; 892 893 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 894 m_copydata(m, 0, sizeof(rp), &rp); 895 m_adj(m, sizeof(rp)); 896 897 if (rp.status > 0) 898 return; 899 900 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0) 901 return; 902 903 unit->hci_max_acl_size = le16toh(rp.max_acl_size); 904 unit->hci_num_acl_pkts = le16toh(rp.num_acl_pkts); 905 unit->hci_max_acl_pkts = le16toh(rp.num_acl_pkts); 906 unit->hci_max_sco_size = rp.max_sco_size; 907 unit->hci_num_sco_pkts = le16toh(rp.num_sco_pkts); 908 unit->hci_max_sco_pkts = le16toh(rp.num_sco_pkts); 909 910 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE; 911 912 cv_broadcast(&unit->hci_init); 913 } 914 915 /* 916 * process results of read_local_features command_complete event 917 */ 918 static void 919 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m) 920 { 921 hci_read_local_features_rp rp; 922 923 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 924 m_copydata(m, 0, sizeof(rp), &rp); 925 m_adj(m, sizeof(rp)); 926 927 if (rp.status > 0) 928 return; 929 930 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 931 return; 932 933 memcpy(unit->hci_feat0, rp.features, HCI_FEATURES_SIZE); 934 935 unit->hci_lmp_mask = 0; 936 937 if (rp.features[0] & HCI_LMP_ROLE_SWITCH) 938 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH; 939 940 if (rp.features[0] & HCI_LMP_HOLD_MODE) 941 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE; 942 943 if (rp.features[0] & HCI_LMP_SNIFF_MODE) 944 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE; 945 946 if (rp.features[1] & HCI_LMP_PARK_MODE) 947 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE; 948 949 DPRINTFN(1, "%s: lmp_mask %4.4x\n", 950 device_xname(unit->hci_dev), unit->hci_lmp_mask); 951 952 /* ACL packet mask */ 953 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1; 954 955 if (rp.features[0] & HCI_LMP_3SLOT) 956 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3; 957 958 if (rp.features[0] & HCI_LMP_5SLOT) 959 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5; 960 961 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0) 962 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1 963 | HCI_PKT_2MBPS_DH3 964 | HCI_PKT_2MBPS_DH5; 965 966 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0) 967 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1 968 | HCI_PKT_3MBPS_DH3 969 | HCI_PKT_3MBPS_DH5; 970 971 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0) 972 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3 973 | HCI_PKT_3MBPS_DH3; 974 975 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0) 976 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5 977 | HCI_PKT_3MBPS_DH5; 978 979 DPRINTFN(1, "%s: acl_mask %4.4x\n", 980 device_xname(unit->hci_dev), unit->hci_acl_mask); 981 982 unit->hci_packet_type = unit->hci_acl_mask; 983 984 /* SCO packet mask */ 985 unit->hci_sco_mask = 0; 986 if (rp.features[1] & HCI_LMP_SCO_LINK) 987 unit->hci_sco_mask |= HCI_PKT_HV1; 988 989 if (rp.features[1] & HCI_LMP_HV2_PKT) 990 unit->hci_sco_mask |= HCI_PKT_HV2; 991 992 if (rp.features[1] & HCI_LMP_HV3_PKT) 993 unit->hci_sco_mask |= HCI_PKT_HV3; 994 995 if (rp.features[3] & HCI_LMP_EV3_PKT) 996 unit->hci_sco_mask |= HCI_PKT_EV3; 997 998 if (rp.features[4] & HCI_LMP_EV4_PKT) 999 unit->hci_sco_mask |= HCI_PKT_EV4; 1000 1001 if (rp.features[4] & HCI_LMP_EV5_PKT) 1002 unit->hci_sco_mask |= HCI_PKT_EV5; 1003 1004 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */ 1005 1006 DPRINTFN(1, "%s: sco_mask %4.4x\n", 1007 device_xname(unit->hci_dev), unit->hci_sco_mask); 1008 1009 /* extended feature masks */ 1010 if (rp.features[7] & HCI_LMP_EXTENDED_FEATURES) { 1011 hci_read_local_extended_features_cp cp; 1012 1013 cp.page = 0; 1014 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_EXTENDED_FEATURES, 1015 &cp, sizeof(cp)); 1016 1017 return; 1018 } 1019 1020 unit->hci_flags &= ~BTF_INIT_FEATURES; 1021 cv_broadcast(&unit->hci_init); 1022 } 1023 1024 /* 1025 * process results of read_local_extended_features command_complete event 1026 */ 1027 static void 1028 hci_cmd_read_local_extended_features(struct hci_unit *unit, struct mbuf *m) 1029 { 1030 hci_read_local_extended_features_rp rp; 1031 1032 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 1033 m_copydata(m, 0, sizeof(rp), &rp); 1034 m_adj(m, sizeof(rp)); 1035 1036 if (rp.status > 0) 1037 return; 1038 1039 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 1040 return; 1041 1042 DPRINTFN(1, "%s: page %d of %d\n", device_xname(unit->hci_dev), 1043 rp.page, rp.max_page); 1044 1045 switch (rp.page) { 1046 case 1: 1047 memcpy(unit->hci_feat1, rp.features, HCI_FEATURES_SIZE); 1048 break; 1049 1050 case 0: /* (already handled) */ 1051 default: 1052 break; 1053 } 1054 1055 if (rp.page < rp.max_page) { 1056 hci_read_local_extended_features_cp cp; 1057 1058 cp.page = rp.page + 1; 1059 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_EXTENDED_FEATURES, 1060 &cp, sizeof(cp)); 1061 1062 return; 1063 } 1064 1065 unit->hci_flags &= ~BTF_INIT_FEATURES; 1066 cv_broadcast(&unit->hci_init); 1067 } 1068 1069 /* 1070 * process results of read_local_ver command_complete event 1071 * 1072 * reading local supported commands is only supported from 1.2 spec 1073 */ 1074 static void 1075 hci_cmd_read_local_ver(struct hci_unit *unit, struct mbuf *m) 1076 { 1077 hci_read_local_ver_rp rp; 1078 1079 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 1080 m_copydata(m, 0, sizeof(rp), &rp); 1081 m_adj(m, sizeof(rp)); 1082 1083 if (rp.status != 0) 1084 return; 1085 1086 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1087 return; 1088 1089 if (rp.hci_version < HCI_SPEC_V12) { 1090 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1091 cv_broadcast(&unit->hci_init); 1092 return; 1093 } 1094 1095 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_COMMANDS, NULL, 0); 1096 } 1097 1098 /* 1099 * process results of read_local_commands command_complete event 1100 */ 1101 static void 1102 hci_cmd_read_local_commands(struct hci_unit *unit, struct mbuf *m) 1103 { 1104 hci_read_local_commands_rp rp; 1105 1106 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 1107 m_copydata(m, 0, sizeof(rp), &rp); 1108 m_adj(m, sizeof(rp)); 1109 1110 if (rp.status != 0) 1111 return; 1112 1113 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1114 return; 1115 1116 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1117 memcpy(unit->hci_cmds, rp.commands, HCI_COMMANDS_SIZE); 1118 1119 cv_broadcast(&unit->hci_init); 1120 } 1121 1122 /* 1123 * process results of reset command_complete event 1124 * 1125 * This has killed all the connections, so close down anything we have left, 1126 * and reinitialise the unit. 1127 */ 1128 static void 1129 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m) 1130 { 1131 hci_reset_rp rp; 1132 struct hci_link *link, *next; 1133 int acl; 1134 1135 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 1136 m_copydata(m, 0, sizeof(rp), &rp); 1137 m_adj(m, sizeof(rp)); 1138 1139 if (rp.status != 0) 1140 return; 1141 1142 /* 1143 * release SCO links first, since they may be holding 1144 * an ACL link reference. 1145 */ 1146 for (acl = 0 ; acl < 2 ; acl++) { 1147 next = TAILQ_FIRST(&unit->hci_links); 1148 while ((link = next) != NULL) { 1149 next = TAILQ_NEXT(link, hl_next); 1150 if (acl || link->hl_type != HCI_LINK_ACL) 1151 hci_link_free(link, ECONNABORTED); 1152 } 1153 } 1154 1155 unit->hci_num_acl_pkts = 0; 1156 unit->hci_num_sco_pkts = 0; 1157 1158 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0)) 1159 return; 1160 1161 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0)) 1162 return; 1163 1164 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0)) 1165 return; 1166 1167 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_VER, NULL, 0)) 1168 return; 1169 } 1170 1171 /* 1172 * process command_status event for create_con command 1173 * 1174 * a "Create Connection" command can sometimes fail to start for whatever 1175 * reason and the command_status event returns failure but we get no 1176 * indication of which connection failed (for instance in the case where 1177 * we tried to open too many connections all at once) So, we keep a flag 1178 * on the link to indicate pending status until the command_status event 1179 * is returned to help us decide which needs to be failed. 1180 * 1181 * since created links are inserted at the tail of hci_links, we know that 1182 * the first pending link we find will be the one that this command status 1183 * refers to. 1184 */ 1185 static void 1186 hci_cmd_create_con(struct hci_unit *unit, uint8_t status) 1187 { 1188 struct hci_link *link; 1189 1190 TAILQ_FOREACH(link, &unit->hci_links, hl_next) { 1191 if ((link->hl_flags & HCI_LINK_CREATE_CON) == 0) 1192 continue; 1193 1194 link->hl_flags &= ~HCI_LINK_CREATE_CON; 1195 1196 switch(status) { 1197 case 0x00: /* success */ 1198 break; 1199 1200 case 0x0c: /* "Command Disallowed" */ 1201 hci_link_free(link, EBUSY); 1202 break; 1203 1204 default: /* some other trouble */ 1205 hci_link_free(link, EPROTO); 1206 break; 1207 } 1208 1209 return; 1210 } 1211 } 1212
Indexes created Mon Oct 13 16:09:52 GMT 2025