hci_event.c revision 1.6.2.2
1 /* $NetBSD: hci_event.c,v 1.6.2.2 2007/09/10 10:56:14 skrll Exp $ */ 2 3 /*- 4 * Copyright (c) 2005 Iain Hibbert. 5 * Copyright (c) 2006 Itronix Inc. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of Itronix Inc. may not be used to endorse 17 * or promote products derived from this software without specific 18 * prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.6.2.2 2007/09/10 10:56:14 skrll Exp $"); 35 36 #include <sys/param.h> 37 #include <sys/kernel.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 #include <sys/proc.h> 41 #include <sys/systm.h> 42 43 #include <netbt/bluetooth.h> 44 #include <netbt/hci.h> 45 #include <netbt/sco.h> 46 47 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *); 48 static void hci_event_rssi_result(struct hci_unit *, struct mbuf *); 49 static void hci_event_command_status(struct hci_unit *, struct mbuf *); 50 static void hci_event_command_compl(struct hci_unit *, struct mbuf *); 51 static void hci_event_con_compl(struct hci_unit *, struct mbuf *); 52 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *); 53 static void hci_event_con_req(struct hci_unit *, struct mbuf *); 54 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *); 55 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *); 56 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *); 57 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *); 58 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *); 59 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *); 60 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *); 61 static void hci_cmd_reset(struct hci_unit *, struct mbuf *); 62 63 #ifdef BLUETOOTH_DEBUG 64 int bluetooth_debug; 65 66 static const char *hci_eventnames[] = { 67 /* 0x00 */ "NULL", 68 /* 0x01 */ "INQUIRY COMPLETE", 69 /* 0x02 */ "INQUIRY RESULT", 70 /* 0x03 */ "CONN COMPLETE", 71 /* 0x04 */ "CONN REQ", 72 /* 0x05 */ "DISCONN COMPLETE", 73 /* 0x06 */ "AUTH COMPLETE", 74 /* 0x07 */ "REMOTE NAME REQ COMPLETE", 75 /* 0x08 */ "ENCRYPTION CHANGE", 76 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE", 77 /* 0x0a */ "MASTER LINK KEY COMPLETE", 78 /* 0x0b */ "READ REMOTE FEATURES COMPLETE", 79 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE", 80 /* 0x0d */ "QoS SETUP COMPLETE", 81 /* 0x0e */ "COMMAND COMPLETE", 82 /* 0x0f */ "COMMAND STATUS", 83 /* 0x10 */ "HARDWARE ERROR", 84 /* 0x11 */ "FLUSH OCCUR", 85 /* 0x12 */ "ROLE CHANGE", 86 /* 0x13 */ "NUM COMPLETED PACKETS", 87 /* 0x14 */ "MODE CHANGE", 88 /* 0x15 */ "RETURN LINK KEYS", 89 /* 0x16 */ "PIN CODE REQ", 90 /* 0x17 */ "LINK KEY REQ", 91 /* 0x18 */ "LINK KEY NOTIFICATION", 92 /* 0x19 */ "LOOPBACK COMMAND", 93 /* 0x1a */ "DATA BUFFER OVERFLOW", 94 /* 0x1b */ "MAX SLOT CHANGE", 95 /* 0x1c */ "READ CLOCK OFFSET COMPLETE", 96 /* 0x1d */ "CONN PKT TYPE CHANGED", 97 /* 0x1e */ "QOS VIOLATION", 98 /* 0x1f */ "PAGE SCAN MODE CHANGE", 99 /* 0x20 */ "PAGE SCAN REP MODE CHANGE", 100 /* 0x21 */ "FLOW SPECIFICATION COMPLETE", 101 /* 0x22 */ "RSSI RESULT", 102 /* 0x23 */ "READ REMOTE EXT FEATURES" 103 }; 104 105 static const char * 106 hci_eventstr(unsigned int event) 107 { 108 109 if (event < (sizeof(hci_eventnames) / sizeof(*hci_eventnames))) 110 return hci_eventnames[event]; 111 112 switch (event) { 113 case HCI_EVENT_SCO_CON_COMPL: /* 0x2c */ 114 return "SCO CON COMPLETE"; 115 116 case HCI_EVENT_SCO_CON_CHANGED: /* 0x2d */ 117 return "SCO CON CHANGED"; 118 119 case HCI_EVENT_BT_LOGO: /* 0xfe */ 120 return "BT_LOGO"; 121 122 case HCI_EVENT_VENDOR: /* 0xff */ 123 return "VENDOR"; 124 } 125 126 return "UNRECOGNISED"; 127 } 128 #endif /* BLUETOOTH_DEBUG */ 129 130 /* 131 * process HCI Events 132 * 133 * We will free the mbuf at the end, no need for any sub 134 * functions to handle that. We kind of assume that the 135 * device sends us valid events. 136 */ 137 void 138 hci_event(struct mbuf *m, struct hci_unit *unit) 139 { 140 hci_event_hdr_t hdr; 141 142 KASSERT(m->m_flags & M_PKTHDR); 143 144 KASSERT(m->m_pkthdr.len >= sizeof(hdr)); 145 m_copydata(m, 0, sizeof(hdr), &hdr); 146 m_adj(m, sizeof(hdr)); 147 148 KASSERT(hdr.type == HCI_EVENT_PKT); 149 150 DPRINTFN(1, "(%s) event %s\n", unit->hci_devname, hci_eventstr(hdr.event)); 151 152 switch(hdr.event) { 153 case HCI_EVENT_COMMAND_STATUS: 154 hci_event_command_status(unit, m); 155 break; 156 157 case HCI_EVENT_COMMAND_COMPL: 158 hci_event_command_compl(unit, m); 159 break; 160 161 case HCI_EVENT_NUM_COMPL_PKTS: 162 hci_event_num_compl_pkts(unit, m); 163 break; 164 165 case HCI_EVENT_INQUIRY_RESULT: 166 hci_event_inquiry_result(unit, m); 167 break; 168 169 case HCI_EVENT_RSSI_RESULT: 170 hci_event_rssi_result(unit, m); 171 break; 172 173 case HCI_EVENT_CON_COMPL: 174 hci_event_con_compl(unit, m); 175 break; 176 177 case HCI_EVENT_DISCON_COMPL: 178 hci_event_discon_compl(unit, m); 179 break; 180 181 case HCI_EVENT_CON_REQ: 182 hci_event_con_req(unit, m); 183 break; 184 185 case HCI_EVENT_AUTH_COMPL: 186 hci_event_auth_compl(unit, m); 187 break; 188 189 case HCI_EVENT_ENCRYPTION_CHANGE: 190 hci_event_encryption_change(unit, m); 191 break; 192 193 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL: 194 hci_event_change_con_link_key_compl(unit, m); 195 break; 196 197 case HCI_EVENT_SCO_CON_COMPL: 198 case HCI_EVENT_INQUIRY_COMPL: 199 case HCI_EVENT_REMOTE_NAME_REQ_COMPL: 200 case HCI_EVENT_MASTER_LINK_KEY_COMPL: 201 case HCI_EVENT_READ_REMOTE_FEATURES_COMPL: 202 case HCI_EVENT_READ_REMOTE_VER_INFO_COMPL: 203 case HCI_EVENT_QOS_SETUP_COMPL: 204 case HCI_EVENT_HARDWARE_ERROR: 205 case HCI_EVENT_FLUSH_OCCUR: 206 case HCI_EVENT_ROLE_CHANGE: 207 case HCI_EVENT_MODE_CHANGE: 208 case HCI_EVENT_RETURN_LINK_KEYS: 209 case HCI_EVENT_PIN_CODE_REQ: 210 case HCI_EVENT_LINK_KEY_REQ: 211 case HCI_EVENT_LINK_KEY_NOTIFICATION: 212 case HCI_EVENT_LOOPBACK_COMMAND: 213 case HCI_EVENT_DATA_BUFFER_OVERFLOW: 214 case HCI_EVENT_MAX_SLOT_CHANGE: 215 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL: 216 case HCI_EVENT_CON_PKT_TYPE_CHANGED: 217 case HCI_EVENT_QOS_VIOLATION: 218 case HCI_EVENT_PAGE_SCAN_MODE_CHANGE: 219 case HCI_EVENT_PAGE_SCAN_REP_MODE_CHANGE: 220 case HCI_EVENT_FLOW_SPECIFICATION_COMPL: 221 case HCI_EVENT_READ_REMOTE_EXTENDED_FEATURES: 222 case HCI_EVENT_SCO_CON_CHANGED: 223 case HCI_EVENT_BT_LOGO: 224 case HCI_EVENT_VENDOR: 225 break; 226 227 default: 228 UNKNOWN(hdr.event); 229 break; 230 } 231 232 m_freem(m); 233 } 234 235 /* 236 * Command Status 237 * 238 * Update our record of num_cmd_pkts then post-process any pending commands 239 * and optionally restart cmd output on the unit. 240 */ 241 static void 242 hci_event_command_status(struct hci_unit *unit, struct mbuf *m) 243 { 244 hci_command_status_ep ep; 245 246 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 247 m_copydata(m, 0, sizeof(ep), &ep); 248 m_adj(m, sizeof(ep)); 249 250 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n", 251 unit->hci_devname, 252 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 253 ep.status, 254 ep.num_cmd_pkts); 255 256 unit->hci_num_cmd_pkts = ep.num_cmd_pkts; 257 258 /* 259 * post processing of pending commands 260 */ 261 switch(le16toh(ep.opcode)) { 262 default: 263 break; 264 } 265 266 while (unit->hci_num_cmd_pkts > 0 && MBUFQ_FIRST(&unit->hci_cmdwait)) { 267 MBUFQ_DEQUEUE(&unit->hci_cmdwait, m); 268 hci_output_cmd(unit, m); 269 } 270 } 271 272 /* 273 * Command Complete 274 * 275 * Update our record of num_cmd_pkts then handle the completed command, 276 * and optionally restart cmd output on the unit. 277 */ 278 static void 279 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m) 280 { 281 hci_command_compl_ep ep; 282 283 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 284 m_copydata(m, 0, sizeof(ep), &ep); 285 m_adj(m, sizeof(ep)); 286 287 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n", 288 unit->hci_devname, 289 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)), 290 ep.num_cmd_pkts); 291 292 unit->hci_num_cmd_pkts = ep.num_cmd_pkts; 293 294 /* 295 * post processing of completed commands 296 */ 297 switch(le16toh(ep.opcode)) { 298 case HCI_CMD_READ_BDADDR: 299 hci_cmd_read_bdaddr(unit, m); 300 break; 301 302 case HCI_CMD_READ_BUFFER_SIZE: 303 hci_cmd_read_buffer_size(unit, m); 304 break; 305 306 case HCI_CMD_READ_LOCAL_FEATURES: 307 hci_cmd_read_local_features(unit, m); 308 break; 309 310 case HCI_CMD_RESET: 311 hci_cmd_reset(unit, m); 312 break; 313 314 default: 315 break; 316 } 317 318 while (unit->hci_num_cmd_pkts > 0 && MBUFQ_FIRST(&unit->hci_cmdwait)) { 319 MBUFQ_DEQUEUE(&unit->hci_cmdwait, m); 320 hci_output_cmd(unit, m); 321 } 322 } 323 324 /* 325 * Number of Completed Packets 326 * 327 * This is sent periodically by the Controller telling us how many 328 * buffers are now freed up and which handle was using them. From 329 * this we determine which type of buffer it was and add the qty 330 * back into the relevant packet counter, then restart output on 331 * links that have halted. 332 */ 333 static void 334 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m) 335 { 336 hci_num_compl_pkts_ep ep; 337 struct hci_link *link, *next; 338 uint16_t handle, num; 339 int num_acl = 0, num_sco = 0; 340 341 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 342 m_copydata(m, 0, sizeof(ep), &ep); 343 m_adj(m, sizeof(ep)); 344 345 while (ep.num_con_handles--) { 346 m_copydata(m, 0, sizeof(handle), &handle); 347 m_adj(m, sizeof(handle)); 348 handle = le16toh(handle); 349 350 m_copydata(m, 0, sizeof(num), &num); 351 m_adj(m, sizeof(num)); 352 num = le16toh(num); 353 354 link = hci_link_lookup_handle(unit, handle); 355 if (link) { 356 if (link->hl_type == HCI_LINK_ACL) { 357 num_acl += num; 358 hci_acl_complete(link, num); 359 } else { 360 num_sco += num; 361 hci_sco_complete(link, num); 362 } 363 } else { 364 /* XXX need to issue Read_Buffer_Size or Reset? */ 365 printf("%s: unknown handle %d! " 366 "(losing track of %d packet buffer%s)\n", 367 unit->hci_devname, handle, 368 num, (num == 1 ? "" : "s")); 369 } 370 } 371 372 /* 373 * Move up any queued packets. When a link has sent data, it will move 374 * to the back of the queue - technically then if a link had something 375 * to send and there were still buffers available it could get started 376 * twice but it seemed more important to to handle higher loads fairly 377 * than worry about wasting cycles when we are not busy. 378 */ 379 380 unit->hci_num_acl_pkts += num_acl; 381 unit->hci_num_sco_pkts += num_sco; 382 383 link = TAILQ_FIRST(&unit->hci_links); 384 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) { 385 next = TAILQ_NEXT(link, hl_next); 386 387 if (link->hl_type == HCI_LINK_ACL) { 388 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0) 389 hci_acl_start(link); 390 } else { 391 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0) 392 hci_sco_start(link); 393 } 394 395 link = next; 396 } 397 } 398 399 /* 400 * Inquiry Result 401 * 402 * keep a note of devices seen, so we know which unit to use 403 * on outgoing connections 404 */ 405 static void 406 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m) 407 { 408 hci_inquiry_result_ep ep; 409 hci_inquiry_response ir; 410 struct hci_memo *memo; 411 bdaddr_t bdaddr; 412 413 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 414 m_copydata(m, 0, sizeof(ep), &ep); 415 m_adj(m, sizeof(ep)); 416 417 DPRINTFN(1, "%d response%s\n", ep.num_responses, 418 (ep.num_responses == 1 ? "" : "s")); 419 420 while(ep.num_responses--) { 421 KASSERT(m->m_pkthdr.len >= sizeof(bdaddr)); 422 m_copydata(m, 0, sizeof(bdaddr), &bdaddr); 423 424 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 425 bdaddr.b[5], bdaddr.b[4], bdaddr.b[3], 426 bdaddr.b[2], bdaddr.b[1], bdaddr.b[0]); 427 428 memo = hci_memo_find(unit, &bdaddr); 429 if (memo == NULL) { 430 memo = malloc(sizeof(struct hci_memo), 431 M_BLUETOOTH, M_NOWAIT | M_ZERO); 432 if (memo == NULL) { 433 DPRINTFN(0, "out of memo memory!\n"); 434 break; 435 } 436 437 bdaddr_copy(&memo->bdaddr, &bdaddr); 438 LIST_INSERT_HEAD(&unit->hci_memos, memo, next); 439 } 440 441 KASSERT(m->m_pkthdr.len >= sizeof(ir)); 442 m_copydata(m, 0, sizeof(ir), &ir); 443 m_adj(m, sizeof(ir)); 444 445 microtime(&memo->time); 446 memo->page_scan_rep_mode = ir.page_scan_rep_mode; 447 memo->page_scan_mode = ir.page_scan_mode; 448 memo->clock_offset = ir.clock_offset; 449 } 450 } 451 452 /* 453 * Inquiry Result with RSSI 454 * 455 * as above but different packet when RSSI result is enabled 456 */ 457 static void 458 hci_event_rssi_result(struct hci_unit *unit, struct mbuf *m) 459 { 460 hci_rssi_result_ep ep; 461 hci_rssi_response rr; 462 struct hci_memo *memo; 463 bdaddr_t bdaddr; 464 465 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 466 m_copydata(m, 0, sizeof(ep), &ep); 467 m_adj(m, sizeof(ep)); 468 469 DPRINTFN(1, "%d response%s\n", ep.num_responses, 470 (ep.num_responses == 1 ? "" : "s")); 471 472 while(ep.num_responses--) { 473 KASSERT(m->m_pkthdr.len >= sizeof(bdaddr)); 474 m_copydata(m, 0, sizeof(bdaddr), &bdaddr); 475 476 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 477 bdaddr.b[5], bdaddr.b[4], bdaddr.b[3], 478 bdaddr.b[2], bdaddr.b[1], bdaddr.b[0]); 479 480 memo = hci_memo_find(unit, &bdaddr); 481 if (memo == NULL) { 482 memo = malloc(sizeof(struct hci_memo), 483 M_BLUETOOTH, M_NOWAIT | M_ZERO); 484 if (memo == NULL) { 485 DPRINTFN(0, "out of memo memory!\n"); 486 break; 487 } 488 489 bdaddr_copy(&memo->bdaddr, &bdaddr); 490 LIST_INSERT_HEAD(&unit->hci_memos, memo, next); 491 } 492 493 KASSERT(m->m_pkthdr.len >= sizeof(rr)); 494 m_copydata(m, 0, sizeof(rr), &rr); 495 m_adj(m, sizeof(rr)); 496 497 microtime(&memo->time); 498 memo->page_scan_rep_mode = rr.page_scan_rep_mode; 499 memo->page_scan_mode = 0; 500 memo->clock_offset = rr.clock_offset; 501 } 502 } 503 504 /* 505 * Connection Complete 506 * 507 * Sent to us when a connection is made. If there is no link 508 * structure already allocated for this, we must have changed 509 * our mind, so just disconnect. 510 */ 511 static void 512 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m) 513 { 514 hci_con_compl_ep ep; 515 hci_write_link_policy_settings_cp cp; 516 struct hci_link *link; 517 int err; 518 519 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 520 m_copydata(m, 0, sizeof(ep), &ep); 521 m_adj(m, sizeof(ep)); 522 523 DPRINTFN(1, "(%s) %s connection complete for " 524 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n", 525 unit->hci_devname, 526 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"), 527 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 528 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 529 ep.status); 530 531 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type); 532 533 if (ep.status) { 534 if (link != NULL) { 535 switch (ep.status) { 536 case 0x04: /* "Page Timeout" */ 537 err = EHOSTDOWN; 538 break; 539 540 case 0x08: /* "Connection Timed Out" */ 541 err = ETIMEDOUT; 542 break; 543 544 case 0x16: /* "Connection Terminated by Local Host" */ 545 err = 0; 546 break; 547 548 default: 549 err = ECONNREFUSED; 550 break; 551 } 552 553 hci_link_free(link, err); 554 } 555 556 return; 557 } 558 559 if (link == NULL) { 560 hci_discon_cp dp; 561 562 dp.con_handle = ep.con_handle; 563 dp.reason = 0x13; /* "Remote User Terminated Connection" */ 564 565 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp)); 566 return; 567 } 568 569 /* XXX could check auth_enable here */ 570 571 if (ep.encryption_mode) 572 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 573 574 link->hl_state = HCI_LINK_OPEN; 575 link->hl_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 576 577 if (ep.link_type == HCI_LINK_ACL) { 578 cp.con_handle = ep.con_handle; 579 cp.settings = htole16(unit->hci_link_policy); 580 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS, 581 &cp, sizeof(cp)); 582 if (err) 583 printf("%s: Warning, could not write link policy\n", 584 unit->hci_devname); 585 586 err = hci_acl_setmode(link); 587 if (err == EINPROGRESS) 588 return; 589 590 hci_acl_linkmode(link); 591 } else { 592 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper); 593 } 594 } 595 596 /* 597 * Disconnection Complete 598 * 599 * This is sent in response to a disconnection request, but also if 600 * the remote device goes out of range. 601 */ 602 static void 603 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m) 604 { 605 hci_discon_compl_ep ep; 606 struct hci_link *link; 607 608 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 609 m_copydata(m, 0, sizeof(ep), &ep); 610 m_adj(m, sizeof(ep)); 611 612 ep.con_handle = le16toh(ep.con_handle); 613 614 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 615 616 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle)); 617 if (link) 618 hci_link_free(link, ENOLINK); 619 } 620 621 /* 622 * Connect Request 623 * 624 * We check upstream for appropriate listeners and accept connections 625 * that are wanted. 626 */ 627 static void 628 hci_event_con_req(struct hci_unit *unit, struct mbuf *m) 629 { 630 hci_con_req_ep ep; 631 hci_accept_con_cp ap; 632 hci_reject_con_cp rp; 633 struct hci_link *link; 634 635 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 636 m_copydata(m, 0, sizeof(ep), &ep); 637 m_adj(m, sizeof(ep)); 638 639 DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x " 640 "class %2.2x%2.2x%2.2x type %s\n", 641 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 642 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 643 ep.uclass[0], ep.uclass[1], ep.uclass[2], 644 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"); 645 646 if (ep.link_type == HCI_LINK_ACL) 647 link = hci_acl_newconn(unit, &ep.bdaddr); 648 else 649 link = hci_sco_newconn(unit, &ep.bdaddr); 650 651 if (link == NULL) { 652 memset(&rp, 0, sizeof(rp)); 653 bdaddr_copy(&rp.bdaddr, &ep.bdaddr); 654 rp.reason = 0x0f; /* Unacceptable BD_ADDR */ 655 656 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp)); 657 } else { 658 memset(&ap, 0, sizeof(ap)); 659 bdaddr_copy(&ap.bdaddr, &ep.bdaddr); 660 if (unit->hci_link_policy & HCI_LINK_POLICY_ENABLE_ROLE_SWITCH) 661 ap.role = HCI_ROLE_MASTER; 662 else 663 ap.role = HCI_ROLE_SLAVE; 664 665 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap)); 666 } 667 } 668 669 /* 670 * Auth Complete 671 * 672 * Authentication has been completed on an ACL link. We can notify the 673 * upper layer protocols unless further mode changes are pending. 674 */ 675 static void 676 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m) 677 { 678 hci_auth_compl_ep ep; 679 struct hci_link *link; 680 int err; 681 682 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 683 m_copydata(m, 0, sizeof(ep), &ep); 684 m_adj(m, sizeof(ep)); 685 686 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 687 688 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 689 690 link = hci_link_lookup_handle(unit, ep.con_handle); 691 if (link == NULL || link->hl_type != HCI_LINK_ACL) 692 return; 693 694 if (ep.status == 0) { 695 link->hl_flags |= HCI_LINK_AUTH; 696 697 if (link->hl_state == HCI_LINK_WAIT_AUTH) 698 link->hl_state = HCI_LINK_OPEN; 699 700 err = hci_acl_setmode(link); 701 if (err == EINPROGRESS) 702 return; 703 } 704 705 hci_acl_linkmode(link); 706 } 707 708 /* 709 * Encryption Change 710 * 711 * The encryption status has changed. Basically, we note the change 712 * then notify the upper layer protocol unless further mode changes 713 * are pending. 714 * Note that if encryption gets disabled when it has been requested, 715 * we will attempt to enable it again.. (its a feature not a bug :) 716 */ 717 static void 718 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m) 719 { 720 hci_encryption_change_ep ep; 721 struct hci_link *link; 722 int err; 723 724 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 725 m_copydata(m, 0, sizeof(ep), &ep); 726 m_adj(m, sizeof(ep)); 727 728 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 729 730 DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n", 731 ep.con_handle, ep.status, ep.encryption_enable); 732 733 link = hci_link_lookup_handle(unit, ep.con_handle); 734 if (link == NULL || link->hl_type != HCI_LINK_ACL) 735 return; 736 737 if (ep.status == 0) { 738 if (ep.encryption_enable == 0) 739 link->hl_flags &= ~HCI_LINK_ENCRYPT; 740 else 741 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 742 743 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT) 744 link->hl_state = HCI_LINK_OPEN; 745 746 err = hci_acl_setmode(link); 747 if (err == EINPROGRESS) 748 return; 749 } 750 751 hci_acl_linkmode(link); 752 } 753 754 /* 755 * Change Connection Link Key Complete 756 * 757 * Link keys are handled in userland but if we are waiting to secure 758 * this link, we should notify the upper protocols. A SECURE request 759 * only needs a single key change, so we can cancel the request. 760 */ 761 static void 762 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m) 763 { 764 hci_change_con_link_key_compl_ep ep; 765 struct hci_link *link; 766 int err; 767 768 KASSERT(m->m_pkthdr.len >= sizeof(ep)); 769 m_copydata(m, 0, sizeof(ep), &ep); 770 m_adj(m, sizeof(ep)); 771 772 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle)); 773 774 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status); 775 776 link = hci_link_lookup_handle(unit, ep.con_handle); 777 if (link == NULL || link->hl_type != HCI_LINK_ACL) 778 return; 779 780 link->hl_flags &= ~HCI_LINK_SECURE_REQ; 781 782 if (ep.status == 0) { 783 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE); 784 785 if (link->hl_state == HCI_LINK_WAIT_SECURE) 786 link->hl_state = HCI_LINK_OPEN; 787 788 err = hci_acl_setmode(link); 789 if (err == EINPROGRESS) 790 return; 791 } 792 793 hci_acl_linkmode(link); 794 } 795 796 /* 797 * process results of read_bdaddr command_complete event 798 */ 799 static void 800 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m) 801 { 802 hci_read_bdaddr_rp rp; 803 int s; 804 805 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 806 m_copydata(m, 0, sizeof(rp), &rp); 807 m_adj(m, sizeof(rp)); 808 809 if (rp.status > 0) 810 return; 811 812 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0) 813 return; 814 815 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr); 816 817 s = splraiseipl(unit->hci_ipl); 818 unit->hci_flags &= ~BTF_INIT_BDADDR; 819 splx(s); 820 821 wakeup(unit); 822 } 823 824 /* 825 * process results of read_buffer_size command_complete event 826 */ 827 static void 828 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m) 829 { 830 hci_read_buffer_size_rp rp; 831 int s; 832 833 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 834 m_copydata(m, 0, sizeof(rp), &rp); 835 m_adj(m, sizeof(rp)); 836 837 if (rp.status > 0) 838 return; 839 840 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0) 841 return; 842 843 unit->hci_max_acl_size = le16toh(rp.max_acl_size); 844 unit->hci_num_acl_pkts = le16toh(rp.num_acl_pkts); 845 unit->hci_max_sco_size = rp.max_sco_size; 846 unit->hci_num_sco_pkts = le16toh(rp.num_sco_pkts); 847 848 s = splraiseipl(unit->hci_ipl); 849 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE; 850 splx(s); 851 852 wakeup(unit); 853 } 854 855 /* 856 * process results of read_local_features command_complete event 857 */ 858 static void 859 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m) 860 { 861 hci_read_local_features_rp rp; 862 int s; 863 864 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 865 m_copydata(m, 0, sizeof(rp), &rp); 866 m_adj(m, sizeof(rp)); 867 868 if (rp.status > 0) 869 return; 870 871 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 872 return; 873 874 unit->hci_lmp_mask = 0; 875 876 if (rp.features[0] & HCI_LMP_ROLE_SWITCH) 877 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH; 878 879 if (rp.features[0] & HCI_LMP_HOLD_MODE) 880 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE; 881 882 if (rp.features[0] & HCI_LMP_SNIFF_MODE) 883 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE; 884 885 if (rp.features[1] & HCI_LMP_PARK_MODE) 886 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE; 887 888 /* ACL packet mask */ 889 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1; 890 891 if (rp.features[0] & HCI_LMP_3SLOT) 892 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3; 893 894 if (rp.features[0] & HCI_LMP_5SLOT) 895 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5; 896 897 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0) 898 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1 899 | HCI_PKT_2MBPS_DH3 900 | HCI_PKT_2MBPS_DH5; 901 902 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0) 903 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1 904 | HCI_PKT_3MBPS_DH3 905 | HCI_PKT_3MBPS_DH5; 906 907 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0) 908 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3 909 | HCI_PKT_3MBPS_DH3; 910 911 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0) 912 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5 913 | HCI_PKT_3MBPS_DH5; 914 915 unit->hci_packet_type = unit->hci_acl_mask; 916 917 /* SCO packet mask */ 918 unit->hci_sco_mask = 0; 919 if (rp.features[1] & HCI_LMP_SCO_LINK) 920 unit->hci_sco_mask |= HCI_PKT_HV1; 921 922 if (rp.features[1] & HCI_LMP_HV2_PKT) 923 unit->hci_sco_mask |= HCI_PKT_HV2; 924 925 if (rp.features[1] & HCI_LMP_HV3_PKT) 926 unit->hci_sco_mask |= HCI_PKT_HV3; 927 928 if (rp.features[3] & HCI_LMP_EV3_PKT) 929 unit->hci_sco_mask |= HCI_PKT_EV3; 930 931 if (rp.features[4] & HCI_LMP_EV4_PKT) 932 unit->hci_sco_mask |= HCI_PKT_EV4; 933 934 if (rp.features[4] & HCI_LMP_EV5_PKT) 935 unit->hci_sco_mask |= HCI_PKT_EV5; 936 937 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */ 938 939 s = splraiseipl(unit->hci_ipl); 940 unit->hci_flags &= ~BTF_INIT_FEATURES; 941 splx(s); 942 943 wakeup(unit); 944 945 DPRINTFN(1, "%s: lmp_mask %4.4x, acl_mask %4.4x, sco_mask %4.4x\n", 946 unit->hci_devname, unit->hci_lmp_mask, 947 unit->hci_acl_mask, unit->hci_sco_mask); 948 } 949 950 /* 951 * process results of reset command_complete event 952 * 953 * This has killed all the connections, so close down anything we have left, 954 * and reinitialise the unit. 955 */ 956 static void 957 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m) 958 { 959 hci_reset_rp rp; 960 struct hci_link *link, *next; 961 int acl; 962 963 KASSERT(m->m_pkthdr.len >= sizeof(rp)); 964 m_copydata(m, 0, sizeof(rp), &rp); 965 m_adj(m, sizeof(rp)); 966 967 if (rp.status != 0) 968 return; 969 970 /* 971 * release SCO links first, since they may be holding 972 * an ACL link reference. 973 */ 974 for (acl = 0 ; acl < 2 ; acl++) { 975 next = TAILQ_FIRST(&unit->hci_links); 976 while ((link = next) != NULL) { 977 next = TAILQ_NEXT(link, hl_next); 978 if (acl || link->hl_type != HCI_LINK_ACL) 979 hci_link_free(link, ECONNABORTED); 980 } 981 } 982 983 unit->hci_num_acl_pkts = 0; 984 unit->hci_num_sco_pkts = 0; 985 986 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0)) 987 return; 988 989 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0)) 990 return; 991 992 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0)) 993 return; 994 } 995
Indexes created Mon Oct 13 16:09:52 GMT 2025