hci_event.c revision 1.23.32.1
1 /* $NetBSD: hci_event.c,v 1.23.32.1 2019/09/28 07:51:57 martin Exp $ */ 2 3 /*- 4 * Copyright (c) 2005 Iain Hibbert. 5 * Copyright (c) 2006 Itronix Inc. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of Itronix Inc. may not be used to endorse 17 * or promote products derived from this software without specific 18 * prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.23.32.1 2019/09/28 07:51:57 martin Exp $"); 35 36 #include <sys/param.h> 37 #include <sys/kernel.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 #include <sys/proc.h> 41 #include <sys/systm.h> 42 43 #include <netbt/bluetooth.h> 44 #include <netbt/hci.h> 45 #include <netbt/sco.h> 46 47 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *); 48 static void hci_event_rssi_result(struct hci_unit *, struct mbuf *); 49 static void hci_event_extended_result(struct hci_unit *, struct mbuf *); 50 static void hci_event_command_status(struct hci_unit *, struct mbuf *); 51 static void hci_event_command_compl(struct hci_unit *, struct mbuf *); 52 static void hci_event_con_compl(struct hci_unit *, struct mbuf *); 53 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *); 54 static void hci_event_con_req(struct hci_unit *, struct mbuf *); 55 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *); 56 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *); 57 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *); 58 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *); 59 static void hci_event_read_clock_offset_compl(struct hci_unit *, struct mbuf *); 60 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *); 61 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *); 62 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *); 63 static void hci_cmd_read_local_extended_features(struct hci_unit *, struct mbuf *); 64 static void hci_cmd_read_local_ver(struct hci_unit *, struct mbuf *); 65 static void hci_cmd_read_local_commands(struct hci_unit *, struct mbuf *); 66 static void hci_cmd_read_encryption_key_size(struct hci_unit *, struct mbuf *); 67 static void hci_cmd_reset(struct hci_unit *, struct mbuf *); 68 static void hci_cmd_create_con(struct hci_unit *unit, uint8_t status); 69 70 #ifdef BLUETOOTH_DEBUG 71 int bluetooth_debug; 72 73 static const char *hci_eventnames[] = { 74 /* 0x00 */ "NULL", 75 /* 0x01 */ "INQUIRY COMPLETE", 76 /* 0x02 */ "INQUIRY RESULT", 77 /* 0x03 */ "CONN COMPLETE", 78 /* 0x04 */ "CONN REQ", 79 /* 0x05 */ "DISCONN COMPLETE", 80 /* 0x06 */ "AUTH COMPLETE", 81 /* 0x07 */ "REMOTE NAME REQ COMPLETE", 82 /* 0x08 */ "ENCRYPTION CHANGE", 83 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE", 84 /* 0x0a */ "MASTER LINK KEY COMPLETE", 85 /* 0x0b */ "READ REMOTE FEATURES COMPLETE", 86 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE", 87 /* 0x0d */ "QoS SETUP COMPLETE", 88 /* 0x0e */ "COMMAND COMPLETE", 89 /* 0x0f */ "COMMAND STATUS", 90 /* 0x10 */ "HARDWARE ERROR", 91 /* 0x11 */ "FLUSH OCCUR", 92 /* 0x12 */ "ROLE CHANGE", 93 /* 0x13 */ "NUM COMPLETED PACKETS", 94 /* 0x14 */ "MODE CHANGE", 95 /* 0x15 */ "RETURN LINK KEYS", 96 /* 0x16 */ "PIN CODE REQ", 97 /* 0x17 */ "LINK KEY REQ", 98 /* 0x18 */ "LINK KEY NOTIFICATION", 99 /* 0x19 */ "LOOPBACK COMMAND", 100 /* 0x1a */ "DATA BUFFER OVERFLOW", 101 /* 0x1b */ "MAX SLOT CHANGE", 102 /* 0x1c */ "READ CLOCK OFFSET COMPLETE", 103 /* 0x1d */ "CONN PKT TYPE CHANGED", 104 /* 0x1e */ "QOS VIOLATION", 105 /* 0x1f */ "PAGE SCAN MODE CHANGE", 106 /* 0x20 */ "PAGE SCAN REP MODE CHANGE", 107 /* 0x21 */ "FLOW SPECIFICATION COMPLETE", 108 /* 0x22 */ "RSSI RESULT", 109 /* 0x23 */ "READ REMOTE EXT FEATURES", 110 /* 0x24 */ "UNKNOWN", 111 /* 0x25 */ "UNKNOWN", 112 /* 0x26 */ "UNKNOWN", 113 /* 0x27 */ "UNKNOWN", 114 /* 0x28 */ "UNKNOWN", 115 /* 0x29 */ "UNKNOWN", 116 /* 0x2a */ "UNKNOWN", 117 /* 0x2b */ "UNKNOWN", 118 /* 0x2c */ "SCO CON COMPLETE", 119 /* 0x2d */ "SCO CON CHANGED", 120 /* 0x2e */ "SNIFF SUBRATING", 121 /* 0x2f */ "EXTENDED INQUIRY RESULT", 122 /* 0x30 */ "ENCRYPTION KEY REFRESH", 123 /* 0x31 */ "IO CAPABILITY REQUEST", 124 /* 0x32 */ "IO CAPABILITY RESPONSE", 125 /* 0x33 */ "USER CONFIRM REQUEST", 126 /* 0x34 */ "USER PASSKEY REQUEST", 127 /* 0x35 */ "REMOTE OOB DATA REQUEST", 128 /* 0x36 */ "SIMPLE PAIRING COMPLETE", 129 /* 0x37 */ "UNKNOWN", 130 /* 0x38 */ "LINK SUPERVISION TIMEOUT CHANGED", 131 /* 0x39 */ "ENHANCED FLUSH COMPLETE", 132 /* 0x3a */ "UNKNOWN", 133 /* 0x3b */ "USER PASSKEY NOTIFICATION", 134 /* 0x3c */ "KEYPRESS NOTIFICATION", 135 /* 0x3d */ "REMOTE HOST FEATURES NOTIFICATION", 136 }; 137 138 static const char * 139 hci_eventstr(unsigned int event) 140 { 141 142 if (event < __arraycount(hci_eventnames)) 143 return hci_eventnames[event]; 144 145 switch (event) { 146 case HCI_EVENT_BT_LOGO: /* 0xfe */ 147 return "BT_LOGO"; 148 149 case HCI_EVENT_VENDOR: /* 0xff */ 150 return "VENDOR"; 151 } 152 153 return "UNKNOWN"; 154 } 155 #endif /* BLUETOOTH_DEBUG */ 156 157 /* 158 * process HCI Events 159 * 160 * We will free the mbuf at the end, no need for any sub 161 * functions to handle that. 162 */ 163 void 164 hci_event(struct mbuf *m, struct hci_unit *unit) 165 { 166 hci_event_hdr_t hdr; 167 168 KASSERT(m->m_flags & M_PKTHDR); 169 170 if (m->m_pkthdr.len < sizeof(hdr)) 171 goto done; 172 173 m_copydata(m, 0, sizeof(hdr), &hdr); 174 m_adj(m, sizeof(hdr)); 175 176 KASSERT(hdr.type == HCI_EVENT_PKT); 177 if (m->m_pkthdr.len != hdr.length) 178 goto done; 179 180 DPRINTFN(1, "(%s) event %s\n", 181 device_xname(unit->hci_dev), hci_eventstr(hdr.event)); 182 183 switch(hdr.event) { 184 case HCI_EVENT_COMMAND_STATUS: 185 hci_event_command_status(unit, m); 186 break; 187 188 case HCI_EVENT_COMMAND_COMPL: 189 hci_event_command_compl(unit, m); 190 break; 191 192 case HCI_EVENT_NUM_COMPL_PKTS: 193 hci_event_num_compl_pkts(unit, m); 194 break; 195 196 case HCI_EVENT_INQUIRY_RESULT: 197 hci_event_inquiry_result(unit, m); 198 break; 199 200 case HCI_EVENT_RSSI_RESULT: 201 hci_event_rssi_result(unit, m); 202 break; 203 204 case HCI_EVENT_EXTENDED_RESULT: 205 hci_event_extended_result(unit, m); 206 break; 207 208 case HCI_EVENT_CON_COMPL: 209 hci_event_con_compl(unit, m); 210 break; 211 212 case HCI_EVENT_DISCON_COMPL: 213 hci_event_discon_compl(unit, m); 214 break; 215 216 case HCI_EVENT_CON_REQ: 217 hci_event_con_req(unit, m); 218 break; 219 220 case HCI_EVENT_AUTH_COMPL: 221 hci_event_auth_compl(unit, m); 222 break; 223 224 case HCI_EVENT_ENCRYPTION_CHANGE: 225 hci_event_encryption_change(unit, m); 226 break; 227 228 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL: 229 hci_event_change_con_link_key_compl(unit, m); 230 break; 231 232 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL: 233 hci_event_read_clock_offset_compl(unit, m); 234 break; 235 236 default: 237 break; 238 } 239 240 done: 241 m_freem(m); 242 } 243 244 /* 245 * Command Status 246 * 247 * Restart command queue and post-process any pending commands 248 */ 249 static void 250 hci_event_command_status(struct hci_unit *unit, struct mbuf *m) 251 { 252 hci_command_status_ep ep; 253 254 if (m->m_pkthdr.len < sizeof(ep)) 255 return; 256 257 m_copydata(m, 0, sizeof(ep), &ep); 258 m_adj(m, sizeof(ep)); 259 260 ep.opcode = le16toh(ep.opcode); 261 262 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n", 263 device_xname(unit->hci_dev), 264 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode), 265 ep.status, 266 ep.num_cmd_pkts); 267 268 hci_num_cmds(unit, ep.num_cmd_pkts); 269 270 /* 271 * post processing of pending commands 272 */ 273 switch(ep.opcode) { 274 case HCI_CMD_CREATE_CON: 275 hci_cmd_create_con(unit, ep.status); 276 break; 277 278 default: 279 if (ep.status == 0) 280 break; 281 282 aprint_error_dev(unit->hci_dev, 283 "CommandStatus opcode (%03x|%04x) failed (status=0x%02x)\n", 284 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode), 285 ep.status); 286 287 break; 288 } 289 } 290 291 /* 292 * Command Complete 293 * 294 * Restart command queue and handle the completed command 295 */ 296 static void 297 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m) 298 { 299 hci_command_compl_ep ep; 300 hci_status_rp rp; 301 302 if (m->m_pkthdr.len < sizeof(ep)) 303 return; 304 305 m_copydata(m, 0, sizeof(ep), &ep); 306 m_adj(m, sizeof(ep)); 307 308 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n", 309 device_xname(unit->hci_dev), 310 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 311 ep.num_cmd_pkts); 312 313 hci_num_cmds(unit, ep.num_cmd_pkts); 314 315 /* 316 * I am not sure if this is completely correct, it is not guaranteed 317 * that a command_complete packet will contain the status though most 318 * do seem to. 319 */ 320 m_copydata(m, 0, sizeof(rp), &rp); 321 if (rp.status > 0) 322 aprint_error_dev(unit->hci_dev, 323 "CommandComplete opcode (%03x|%04x) failed (status=0x%02x)\n", 324 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 325 rp.status); 326 327 /* 328 * post processing of completed commands 329 */ 330 switch(le16toh(ep.opcode)) { 331 case HCI_CMD_READ_BDADDR: 332 hci_cmd_read_bdaddr(unit, m); 333 break; 334 335 case HCI_CMD_READ_BUFFER_SIZE: 336 hci_cmd_read_buffer_size(unit, m); 337 break; 338 339 case HCI_CMD_READ_LOCAL_FEATURES: 340 hci_cmd_read_local_features(unit, m); 341 break; 342 343 case HCI_CMD_READ_LOCAL_EXTENDED_FEATURES: 344 hci_cmd_read_local_extended_features(unit, m); 345 break; 346 347 case HCI_CMD_READ_LOCAL_VER: 348 hci_cmd_read_local_ver(unit, m); 349 break; 350 351 case HCI_CMD_READ_LOCAL_COMMANDS: 352 hci_cmd_read_local_commands(unit, m); 353 break; 354 355 case HCI_CMD_READ_ENCRYPTION_KEY_SIZE: 356 hci_cmd_read_encryption_key_size(unit, m); 357 break; 358 359 case HCI_CMD_RESET: 360 hci_cmd_reset(unit, m); 361 break; 362 363 default: 364 break; 365 } 366 } 367 368 /* 369 * Number of Completed Packets 370 * 371 * This is sent periodically by the Controller telling us how many 372 * buffers are now freed up and which handle was using them. From 373 * this we determine which type of buffer it was and add the qty 374 * back into the relevant packet counter, then restart output on 375 * links that have halted. 376 */ 377 static void 378 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m) 379 { 380 hci_num_compl_pkts_ep ep; 381 struct hci_link *link, *next; 382 uint16_t handle, num; 383 int num_acl = 0, num_sco = 0; 384 385 if (m->m_pkthdr.len < sizeof(ep)) 386 return; 387 388 m_copydata(m, 0, sizeof(ep), &ep); 389 m_adj(m, sizeof(ep)); 390 391 while (ep.num_con_handles--) { 392 m_copydata(m, 0, sizeof(handle), &handle); 393 m_adj(m, sizeof(handle)); 394 handle = le16toh(handle); 395 396 m_copydata(m, 0, sizeof(num), &num); 397 m_adj(m, sizeof(num)); 398 num = le16toh(num); 399 400 link = hci_link_lookup_handle(unit, handle); 401 if (link) { 402 if (link->hl_type == HCI_LINK_ACL) { 403 num_acl += num; 404 hci_acl_complete(link, num); 405 } else { 406 num_sco += num; 407 hci_sco_complete(link, num); 408 } 409 } else { 410 /* XXX need to issue Read_Buffer_Size or Reset? */ 411 aprint_error_dev(unit->hci_dev, 412 "unknown handle %d! (losing track of %d packet buffer%s)\n", 413 handle, num, (num == 1 ? "" : "s")); 414 } 415 } 416 417 /* 418 * Move up any queued packets. When a link has sent data, it will move 419 * to the back of the queue - technically then if a link had something 420 * to send and there were still buffers available it could get started 421 * twice but it seemed more important to to handle higher loads fairly 422 * than worry about wasting cycles when we are not busy. 423 */ 424 425 unit->hci_num_acl_pkts += num_acl; 426 unit->hci_num_sco_pkts += num_sco; 427 428 link = TAILQ_FIRST(&unit->hci_links); 429 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) { 430 next = TAILQ_NEXT(link, hl_next); 431 432 if (link->hl_type == HCI_LINK_ACL) { 433 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0) 434 hci_acl_start(link); 435 } else { 436 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0) 437 hci_sco_start(link); 438 } 439 440 link = next; 441 } 442 } 443 444 /* 445 * Inquiry Result 446 * 447 * keep a note of devices seen, so we know which unit to use 448 * on outgoing connections 449 */ 450 static void 451 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m) 452 { 453 hci_inquiry_result_ep ep; 454 hci_inquiry_response ir; 455 struct hci_memo *memo; 456 457 if (m->m_pkthdr.len < sizeof(ep)) 458 return; 459 460 m_copydata(m, 0, sizeof(ep), &ep); 461 m_adj(m, sizeof(ep)); 462 463 DPRINTFN(1, "%d response%s\n", ep.num_responses, 464 (ep.num_responses == 1 ? "" : "s")); 465 466 while(ep.num_responses--) { 467 if (m->m_pkthdr.len < sizeof(ir)) 468 return; 469 470 m_copydata(m, 0, sizeof(ir), &ir); 471 m_adj(m, sizeof(ir)); 472 473 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 474 ir.bdaddr.b[5], ir.bdaddr.b[4], ir.bdaddr.b[3], 475 ir.bdaddr.b[2], ir.bdaddr.b[1], ir.bdaddr.b[0]); 476 477 memo = hci_memo_new(unit, &ir.bdaddr); 478 if (memo != NULL) { 479 memo->page_scan_rep_mode = ir.page_scan_rep_mode; 480 memo->page_scan_mode = ir.page_scan_mode; 481 memo->clock_offset = ir.clock_offset; 482 } 483 } 484 } 485 486 /* 487 * Inquiry Result with RSSI 488 * 489 * as above but different packet when RSSI result is enabled 490 */ 491 static void 492 hci_event_rssi_result(struct hci_unit *unit, struct mbuf *m) 493 { 494 hci_rssi_result_ep ep; 495 hci_rssi_response rr; 496 struct hci_memo *memo; 497 498 if (m->m_pkthdr.len < sizeof(ep)) 499 return; 500 501 m_copydata(m, 0, sizeof(ep), &ep); 502 m_adj(m, sizeof(ep)); 503 504 DPRINTFN(1, "%d response%s\n", ep.num_responses, 505 (ep.num_responses == 1 ? "" : "s")); 506 507 while(ep.num_responses--) { 508 if (m->m_pkthdr.len < sizeof(rr)) 509 return; 510 511 m_copydata(m, 0, sizeof(rr), &rr); 512 m_adj(m, sizeof(rr)); 513 514 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 515 rr.bdaddr.b[5], rr.bdaddr.b[4], rr.bdaddr.b[3], 516 rr.bdaddr.b[2], rr.bdaddr.b[1], rr.bdaddr.b[0]); 517 518 memo = hci_memo_new(unit, &rr.bdaddr); 519 if (memo != NULL) { 520 memo->page_scan_rep_mode = rr.page_scan_rep_mode; 521 memo->page_scan_mode = 0; 522 memo->clock_offset = rr.clock_offset; 523 } 524 } 525 } 526 527 /* 528 * Extended Inquiry Result 529 * 530 * as above but provides only one response and extended service info 531 */ 532 static void 533 hci_event_extended_result(struct hci_unit *unit, struct mbuf *m) 534 { 535 hci_extended_result_ep ep; 536 struct hci_memo *memo; 537 538 if (m->m_pkthdr.len < sizeof(ep)) 539 return; 540 541 m_copydata(m, 0, sizeof(ep), &ep); 542 m_adj(m, sizeof(ep)); 543 544 if (ep.num_responses != 1) 545 return; 546 547 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 548 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 549 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0]); 550 551 memo = hci_memo_new(unit, &ep.bdaddr); 552 if (memo != NULL) { 553 memo->page_scan_rep_mode = ep.page_scan_rep_mode; 554 memo->page_scan_mode = 0; 555 memo->clock_offset = ep.clock_offset; 556 } 557 } 558 559 /* 560 * Connection Complete 561 * 562 * Sent to us when a connection is made. If there is no link 563 * structure already allocated for this, we must have changed 564 * our mind, so just disconnect. 565 */ 566 static void 567 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m) 568 { 569 hci_con_compl_ep ep; 570 hci_write_link_policy_settings_cp cp; 571 struct hci_link *link; 572 int err; 573 574 if (m->m_pkthdr.len < sizeof(ep)) 575 return; 576 577 m_copydata(m, 0, sizeof(ep), &ep); 578 m_adj(m, sizeof(ep)); 579 580 DPRINTFN(1, "(%s) %s connection complete for " 581 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n", 582 device_xname(unit->hci_dev), 583 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"), 584 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 585 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 586 ep.status); 587 588 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type); 589 590 if (ep.status) { 591 if (link != NULL) { 592 switch (ep.status) { 593 case 0x04: /* "Page Timeout" */ 594 err = EHOSTDOWN; 595 break; 596 597 case 0x08: /* "Connection Timed Out" */ 598 err = ETIMEDOUT; 599 break; 600 601 case 0x16: /* "Connection Terminated by Local Host" */ 602 err = 0; 603 break; 604 605 default: 606 err = ECONNREFUSED; 607 break; 608 } 609 610 hci_link_free(link, err); 611 } 612 613 return; 614 } 615 616 if (link == NULL) { 617 hci_discon_cp dp; 618 619 dp.con_handle = ep.con_handle; 620 dp.reason = 0x13; /* "Remote User Terminated Connection" */ 621 622 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp)); 623 return; 624 } 625 626 /* 627 * We purposefully ignore ep.encryption_mode here - if that is set then 628 * the link will be authenticated and encrypted, but we still want to 629 * verify the key size and setmode sets the right flags 630 */ 631 632 link->hl_state = HCI_LINK_OPEN; 633 link->hl_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 634 635 if (ep.link_type == HCI_LINK_ACL) { 636 cp.con_handle = ep.con_handle; 637 cp.settings = htole16(unit->hci_link_policy); 638 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS, 639 &cp, sizeof(cp)); 640 if (err) 641 aprint_error_dev(unit->hci_dev, 642 "Warning, could not write link policy\n"); 643 644 err = hci_send_cmd(unit, HCI_CMD_READ_CLOCK_OFFSET, 645 &cp.con_handle, sizeof(cp.con_handle)); 646 if (err) 647 aprint_error_dev(unit->hci_dev, 648 "Warning, could not read clock offset\n"); 649 650 err = hci_acl_setmode(link); 651 if (err == EINPROGRESS) 652 return; 653 654 hci_acl_linkmode(link); 655 } else { 656 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper); 657 } 658 } 659 660 /* 661 * Disconnection Complete 662 * 663 * This is sent in response to a disconnection request, but also if 664 * the remote device goes out of range. 665 */ 666 static void 667 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m) 668 { 669 hci_discon_compl_ep ep; 670 struct hci_link *link; 671 672 if (m->m_pkthdr.len < sizeof(ep)) 673 return; 674 675 m_copydata(m, 0, sizeof(ep), &ep); 676 m_adj(m, sizeof(ep)); 677 678 ep.con_handle = le16toh(ep.con_handle); 679 680 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 681 682 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle)); 683 if (link) 684 hci_link_free(link, ENOLINK); 685 } 686 687 /* 688 * Connect Request 689 * 690 * We check upstream for appropriate listeners and accept connections 691 * that are wanted. 692 */ 693 static void 694 hci_event_con_req(struct hci_unit *unit, struct mbuf *m) 695 { 696 hci_con_req_ep ep; 697 hci_accept_con_cp ap; 698 hci_reject_con_cp rp; 699 struct hci_link *link; 700 701 if (m->m_pkthdr.len < sizeof(ep)) 702 return; 703 704 m_copydata(m, 0, sizeof(ep), &ep); 705 m_adj(m, sizeof(ep)); 706 707 DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x " 708 "class %2.2x%2.2x%2.2x type %s\n", 709 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 710 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 711 ep.uclass[0], ep.uclass[1], ep.uclass[2], 712 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"); 713 714 if (ep.link_type == HCI_LINK_ACL) 715 link = hci_acl_newconn(unit, &ep.bdaddr); 716 else 717 link = hci_sco_newconn(unit, &ep.bdaddr); 718 719 if (link == NULL) { 720 memset(&rp, 0, sizeof(rp)); 721 bdaddr_copy(&rp.bdaddr, &ep.bdaddr); 722 rp.reason = 0x0f; /* Unacceptable BD_ADDR */ 723 724 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp)); 725 } else { 726 memset(&ap, 0, sizeof(ap)); 727 bdaddr_copy(&ap.bdaddr, &ep.bdaddr); 728 if (unit->hci_flags & BTF_MASTER) 729 ap.role = HCI_ROLE_MASTER; 730 else 731 ap.role = HCI_ROLE_SLAVE; 732 733 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap)); 734 } 735 } 736 737 /* 738 * Auth Complete 739 * 740 * Authentication has been completed on an ACL link. We can notify the 741 * upper layer protocols unless further mode changes are pending. 742 */ 743 static void 744 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m) 745 { 746 hci_auth_compl_ep ep; 747 struct hci_link *link; 748 int err; 749 750 if (m->m_pkthdr.len < sizeof(ep)) 751 return; 752 753 m_copydata(m, 0, sizeof(ep), &ep); 754 m_adj(m, sizeof(ep)); 755 756 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 757 758 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 759 760 link = hci_link_lookup_handle(unit, ep.con_handle); 761 if (link == NULL || link->hl_type != HCI_LINK_ACL) 762 return; 763 764 if (ep.status == 0) { 765 link->hl_flags |= HCI_LINK_AUTH; 766 767 if (link->hl_state == HCI_LINK_WAIT_AUTH) 768 link->hl_state = HCI_LINK_OPEN; 769 770 err = hci_acl_setmode(link); 771 if (err == EINPROGRESS) 772 return; 773 } 774 775 hci_acl_linkmode(link); 776 } 777 778 /* 779 * Encryption Change 780 * 781 * The encryption status has changed. Make a note if disabled, or 782 * check the key size if possible before allowing it is enabled. 783 * (checking of key size was enabled in 3.0 spec) 784 */ 785 static void 786 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m) 787 { 788 hci_encryption_change_ep ep; 789 struct hci_link *link; 790 uint16_t con_handle; 791 int err; 792 793 if (m->m_pkthdr.len < sizeof(ep)) 794 return; 795 796 m_copydata(m, 0, sizeof(ep), &ep); 797 m_adj(m, sizeof(ep)); 798 799 con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 800 801 DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n", 802 con_handle, ep.status, ep.encryption_enable); 803 804 link = hci_link_lookup_handle(unit, con_handle); 805 if (link == NULL || link->hl_type != HCI_LINK_ACL) 806 return; 807 808 if (ep.status == 0) { 809 if (ep.encryption_enable == 0) { 810 link->hl_flags &= ~HCI_LINK_ENCRYPT; 811 } else if (unit->hci_cmds[20] & (1<<4)) { 812 err = hci_send_cmd(unit, HCI_CMD_READ_ENCRYPTION_KEY_SIZE, 813 &ep.con_handle, sizeof(ep.con_handle)); 814 815 if (err == 0) 816 return; 817 } else { 818 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 819 820 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT) 821 link->hl_state = HCI_LINK_OPEN; 822 823 err = hci_acl_setmode(link); 824 if (err == EINPROGRESS) 825 return; 826 } 827 } 828 829 hci_acl_linkmode(link); 830 } 831 832 /* 833 * Change Connection Link Key Complete 834 * 835 * Link keys are handled in userland but if we are waiting to secure 836 * this link, we should notify the upper protocols. A SECURE request 837 * only needs a single key change, so we can cancel the request. 838 */ 839 static void 840 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m) 841 { 842 hci_change_con_link_key_compl_ep ep; 843 struct hci_link *link; 844 int err; 845 846 if (m->m_pkthdr.len < sizeof(ep)) 847 return; 848 849 m_copydata(m, 0, sizeof(ep), &ep); 850 m_adj(m, sizeof(ep)); 851 852 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 853 854 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 855 856 link = hci_link_lookup_handle(unit, ep.con_handle); 857 if (link == NULL || link->hl_type != HCI_LINK_ACL) 858 return; 859 860 link->hl_flags &= ~HCI_LINK_SECURE_REQ; 861 862 if (ep.status == 0) { 863 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE); 864 865 if (link->hl_state == HCI_LINK_WAIT_SECURE) 866 link->hl_state = HCI_LINK_OPEN; 867 868 err = hci_acl_setmode(link); 869 if (err == EINPROGRESS) 870 return; 871 } 872 873 hci_acl_linkmode(link); 874 } 875 876 /* 877 * Read Clock Offset Complete 878 * 879 * We keep a note of the clock offset of remote devices when a 880 * link is made, in order to facilitate reconnections to the device 881 */ 882 static void 883 hci_event_read_clock_offset_compl(struct hci_unit *unit, struct mbuf *m) 884 { 885 hci_read_clock_offset_compl_ep ep; 886 struct hci_link *link; 887 888 if (m->m_pkthdr.len < sizeof(ep)) 889 return; 890 891 m_copydata(m, 0, sizeof(ep), &ep); 892 m_adj(m, sizeof(ep)); 893 894 DPRINTFN(1, "handle #%d, offset=%u, status=0x%x\n", 895 le16toh(ep.con_handle), le16toh(ep.clock_offset), ep.status); 896 897 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 898 link = hci_link_lookup_handle(unit, ep.con_handle); 899 if (link == NULL || link->hl_type != HCI_LINK_ACL) 900 return; 901 902 if (ep.status == 0) 903 link->hl_clock = ep.clock_offset; 904 } 905 906 /* 907 * process results of read_bdaddr command_complete event 908 */ 909 static void 910 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m) 911 { 912 hci_read_bdaddr_rp rp; 913 914 if (m->m_pkthdr.len < sizeof(rp)) 915 return; 916 917 m_copydata(m, 0, sizeof(rp), &rp); 918 m_adj(m, sizeof(rp)); 919 920 if (rp.status > 0) 921 return; 922 923 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0) 924 return; 925 926 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr); 927 928 unit->hci_flags &= ~BTF_INIT_BDADDR; 929 930 cv_broadcast(&unit->hci_init); 931 } 932 933 /* 934 * process results of read_buffer_size command_complete event 935 */ 936 static void 937 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m) 938 { 939 hci_read_buffer_size_rp rp; 940 941 if (m->m_pkthdr.len < sizeof(rp)) 942 return; 943 944 m_copydata(m, 0, sizeof(rp), &rp); 945 m_adj(m, sizeof(rp)); 946 947 if (rp.status > 0) 948 return; 949 950 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0) 951 return; 952 953 unit->hci_max_acl_size = le16toh(rp.max_acl_size); 954 unit->hci_num_acl_pkts = le16toh(rp.num_acl_pkts); 955 unit->hci_max_acl_pkts = le16toh(rp.num_acl_pkts); 956 unit->hci_max_sco_size = rp.max_sco_size; 957 unit->hci_num_sco_pkts = le16toh(rp.num_sco_pkts); 958 unit->hci_max_sco_pkts = le16toh(rp.num_sco_pkts); 959 960 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE; 961 962 cv_broadcast(&unit->hci_init); 963 } 964 965 /* 966 * process results of read_local_features command_complete event 967 */ 968 static void 969 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m) 970 { 971 hci_read_local_features_rp rp; 972 973 if (m->m_pkthdr.len < sizeof(rp)) 974 return; 975 976 m_copydata(m, 0, sizeof(rp), &rp); 977 m_adj(m, sizeof(rp)); 978 979 if (rp.status > 0) 980 return; 981 982 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 983 return; 984 985 memcpy(unit->hci_feat0, rp.features, HCI_FEATURES_SIZE); 986 987 unit->hci_lmp_mask = 0; 988 989 if (rp.features[0] & HCI_LMP_ROLE_SWITCH) 990 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH; 991 992 if (rp.features[0] & HCI_LMP_HOLD_MODE) 993 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE; 994 995 if (rp.features[0] & HCI_LMP_SNIFF_MODE) 996 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE; 997 998 if (rp.features[1] & HCI_LMP_PARK_MODE) 999 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE; 1000 1001 DPRINTFN(1, "%s: lmp_mask %4.4x\n", 1002 device_xname(unit->hci_dev), unit->hci_lmp_mask); 1003 1004 /* ACL packet mask */ 1005 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1; 1006 1007 if (rp.features[0] & HCI_LMP_3SLOT) 1008 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3; 1009 1010 if (rp.features[0] & HCI_LMP_5SLOT) 1011 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5; 1012 1013 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0) 1014 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1 1015 | HCI_PKT_2MBPS_DH3 1016 | HCI_PKT_2MBPS_DH5; 1017 1018 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0) 1019 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1 1020 | HCI_PKT_3MBPS_DH3 1021 | HCI_PKT_3MBPS_DH5; 1022 1023 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0) 1024 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3 1025 | HCI_PKT_3MBPS_DH3; 1026 1027 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0) 1028 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5 1029 | HCI_PKT_3MBPS_DH5; 1030 1031 DPRINTFN(1, "%s: acl_mask %4.4x\n", 1032 device_xname(unit->hci_dev), unit->hci_acl_mask); 1033 1034 unit->hci_packet_type = unit->hci_acl_mask; 1035 1036 /* SCO packet mask */ 1037 unit->hci_sco_mask = 0; 1038 if (rp.features[1] & HCI_LMP_SCO_LINK) 1039 unit->hci_sco_mask |= HCI_PKT_HV1; 1040 1041 if (rp.features[1] & HCI_LMP_HV2_PKT) 1042 unit->hci_sco_mask |= HCI_PKT_HV2; 1043 1044 if (rp.features[1] & HCI_LMP_HV3_PKT) 1045 unit->hci_sco_mask |= HCI_PKT_HV3; 1046 1047 if (rp.features[3] & HCI_LMP_EV3_PKT) 1048 unit->hci_sco_mask |= HCI_PKT_EV3; 1049 1050 if (rp.features[4] & HCI_LMP_EV4_PKT) 1051 unit->hci_sco_mask |= HCI_PKT_EV4; 1052 1053 if (rp.features[4] & HCI_LMP_EV5_PKT) 1054 unit->hci_sco_mask |= HCI_PKT_EV5; 1055 1056 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */ 1057 1058 DPRINTFN(1, "%s: sco_mask %4.4x\n", 1059 device_xname(unit->hci_dev), unit->hci_sco_mask); 1060 1061 /* extended feature masks */ 1062 if (rp.features[7] & HCI_LMP_EXTENDED_FEATURES) { 1063 hci_read_local_extended_features_cp cp; 1064 1065 cp.page = 0; 1066 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_EXTENDED_FEATURES, 1067 &cp, sizeof(cp)); 1068 1069 return; 1070 } 1071 1072 unit->hci_flags &= ~BTF_INIT_FEATURES; 1073 cv_broadcast(&unit->hci_init); 1074 } 1075 1076 /* 1077 * process results of read_local_extended_features command_complete event 1078 */ 1079 static void 1080 hci_cmd_read_local_extended_features(struct hci_unit *unit, struct mbuf *m) 1081 { 1082 hci_read_local_extended_features_rp rp; 1083 1084 if (m->m_pkthdr.len < sizeof(rp)) 1085 return; 1086 1087 m_copydata(m, 0, sizeof(rp), &rp); 1088 m_adj(m, sizeof(rp)); 1089 1090 if (rp.status > 0) 1091 return; 1092 1093 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 1094 return; 1095 1096 DPRINTFN(1, "%s: page %d of %d\n", device_xname(unit->hci_dev), 1097 rp.page, rp.max_page); 1098 1099 switch (rp.page) { 1100 case 1: 1101 memcpy(unit->hci_feat1, rp.features, HCI_FEATURES_SIZE); 1102 break; 1103 1104 case 0: /* (already handled) */ 1105 default: 1106 break; 1107 } 1108 1109 if (rp.page < rp.max_page) { 1110 hci_read_local_extended_features_cp cp; 1111 1112 cp.page = rp.page + 1; 1113 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_EXTENDED_FEATURES, 1114 &cp, sizeof(cp)); 1115 1116 return; 1117 } 1118 1119 unit->hci_flags &= ~BTF_INIT_FEATURES; 1120 cv_broadcast(&unit->hci_init); 1121 } 1122 1123 /* 1124 * process results of read_local_ver command_complete event 1125 * 1126 * reading local supported commands is only supported from 1.2 spec 1127 */ 1128 static void 1129 hci_cmd_read_local_ver(struct hci_unit *unit, struct mbuf *m) 1130 { 1131 hci_read_local_ver_rp rp; 1132 1133 if (m->m_pkthdr.len < sizeof(rp)) 1134 return; 1135 1136 m_copydata(m, 0, sizeof(rp), &rp); 1137 m_adj(m, sizeof(rp)); 1138 1139 if (rp.status != 0) 1140 return; 1141 1142 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1143 return; 1144 1145 if (rp.hci_version < HCI_SPEC_V12) { 1146 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1147 cv_broadcast(&unit->hci_init); 1148 return; 1149 } 1150 1151 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_COMMANDS, NULL, 0); 1152 } 1153 1154 /* 1155 * process results of read_local_commands command_complete event 1156 */ 1157 static void 1158 hci_cmd_read_local_commands(struct hci_unit *unit, struct mbuf *m) 1159 { 1160 hci_read_local_commands_rp rp; 1161 1162 if (m->m_pkthdr.len < sizeof(rp)) 1163 return; 1164 1165 m_copydata(m, 0, sizeof(rp), &rp); 1166 m_adj(m, sizeof(rp)); 1167 1168 if (rp.status != 0) 1169 return; 1170 1171 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1172 return; 1173 1174 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1175 memcpy(unit->hci_cmds, rp.commands, HCI_COMMANDS_SIZE); 1176 1177 cv_broadcast(&unit->hci_init); 1178 } 1179 1180 /* 1181 * process results of read_encryption_key_size command_complete event 1182 */ 1183 static void 1184 hci_cmd_read_encryption_key_size(struct hci_unit *unit, struct mbuf *m) 1185 { 1186 hci_read_encryption_key_size_rp rp; 1187 struct hci_link *link; 1188 int err; 1189 1190 if (m->m_pkthdr.len < sizeof(rp)) 1191 return; 1192 1193 m_copydata(m, 0, sizeof(rp), &rp); 1194 m_adj(m, sizeof(rp)); 1195 1196 if (rp.status != 0) 1197 return; 1198 1199 rp.con_handle = HCI_CON_HANDLE(le16toh(rp.con_handle)); 1200 1201 DPRINTFN(1, "handle #%d, status=0x%x, key_size=0x%x\n", 1202 rp.con_handle, rp.status, rp.size); 1203 1204 link = hci_link_lookup_handle(unit, rp.con_handle); 1205 if (link == NULL || link->hl_type != HCI_LINK_ACL) 1206 return; 1207 1208 /* 1209 * if the key size is less than minimum standard, go straight to 1210 * linkmode as this is non-recoverable. Otherwise, we are encrypted 1211 * so can proceed with setmode. 1212 */ 1213 if (rp.status == 0) { 1214 if (rp.size < 7) { 1215 link->hl_flags &= ~HCI_LINK_ENCRYPT; 1216 } else { 1217 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 1218 1219 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT) 1220 link->hl_state = HCI_LINK_OPEN; 1221 1222 err = hci_acl_setmode(link); 1223 if (err == EINPROGRESS) 1224 return; 1225 } 1226 } 1227 1228 hci_acl_linkmode(link); 1229 } 1230 1231 /* 1232 * process results of reset command_complete event 1233 * 1234 * This has killed all the connections, so close down anything we have left, 1235 * and reinitialise the unit. 1236 */ 1237 static void 1238 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m) 1239 { 1240 hci_reset_rp rp; 1241 struct hci_link *link, *next; 1242 int acl; 1243 1244 if (m->m_pkthdr.len < sizeof(rp)) 1245 return; 1246 1247 m_copydata(m, 0, sizeof(rp), &rp); 1248 m_adj(m, sizeof(rp)); 1249 1250 if (rp.status != 0) 1251 return; 1252 1253 /* 1254 * release SCO links first, since they may be holding 1255 * an ACL link reference. 1256 */ 1257 for (acl = 0 ; acl < 2 ; acl++) { 1258 next = TAILQ_FIRST(&unit->hci_links); 1259 while ((link = next) != NULL) { 1260 next = TAILQ_NEXT(link, hl_next); 1261 if (acl || link->hl_type != HCI_LINK_ACL) 1262 hci_link_free(link, ECONNABORTED); 1263 } 1264 } 1265 1266 unit->hci_num_acl_pkts = 0; 1267 unit->hci_num_sco_pkts = 0; 1268 1269 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0)) 1270 return; 1271 1272 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0)) 1273 return; 1274 1275 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0)) 1276 return; 1277 1278 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_VER, NULL, 0)) 1279 return; 1280 } 1281 1282 /* 1283 * process command_status event for create_con command 1284 * 1285 * a "Create Connection" command can sometimes fail to start for whatever 1286 * reason and the command_status event returns failure but we get no 1287 * indication of which connection failed (for instance in the case where 1288 * we tried to open too many connections all at once) So, we keep a flag 1289 * on the link to indicate pending status until the command_status event 1290 * is returned to help us decide which needs to be failed. 1291 * 1292 * since created links are inserted at the tail of hci_links, we know that 1293 * the first pending link we find will be the one that this command status 1294 * refers to. 1295 */ 1296 static void 1297 hci_cmd_create_con(struct hci_unit *unit, uint8_t status) 1298 { 1299 struct hci_link *link; 1300 1301 TAILQ_FOREACH(link, &unit->hci_links, hl_next) { 1302 if ((link->hl_flags & HCI_LINK_CREATE_CON) == 0) 1303 continue; 1304 1305 link->hl_flags &= ~HCI_LINK_CREATE_CON; 1306 1307 switch(status) { 1308 case 0x00: /* success */ 1309 break; 1310 1311 case 0x0c: /* "Command Disallowed" */ 1312 hci_link_free(link, EBUSY); 1313 break; 1314 1315 default: /* some other trouble */ 1316 hci_link_free(link, EPROTO); 1317 break; 1318 } 1319 1320 return; 1321 } 1322 } 1323
Indexes created Wed Oct 15 14:09:57 GMT 2025