hci_link.c revision 1.4
1 /* $NetBSD: hci_link.c,v 1.4 2006/09/11 22:08:38 plunky Exp $ */ 2 3 /*- 4 * Copyright (c) 2005 Iain Hibbert. 5 * Copyright (c) 2006 Itronix Inc. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of Itronix Inc. may not be used to endorse 17 * or promote products derived from this software without specific 18 * prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: hci_link.c,v 1.4 2006/09/11 22:08:38 plunky Exp $"); 35 36 #include <sys/param.h> 37 #include <sys/kernel.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 #include <sys/proc.h> 41 #include <sys/queue.h> 42 #include <sys/systm.h> 43 44 #include <netbt/bluetooth.h> 45 #include <netbt/hci.h> 46 #include <netbt/l2cap.h> 47 #include <netbt/sco.h> 48 49 /******************************************************************************* 50 * 51 * HCI ACL Connections 52 */ 53 54 /* 55 * Automatically expire unused ACL connections after this number of 56 * seconds (if zero, do not expire unused connections) [sysctl] 57 */ 58 int hci_acl_expiry = 10; /* seconds */ 59 60 /* 61 * hci_acl_open(unit, bdaddr) 62 * 63 * open ACL connection to remote bdaddr. Only one ACL connection is permitted 64 * between any two Bluetooth devices, so we look for an existing one before 65 * trying to start a new one. 66 */ 67 struct hci_link * 68 hci_acl_open(struct hci_unit *unit, bdaddr_t *bdaddr) 69 { 70 struct hci_link *link; 71 struct hci_memo *memo; 72 hci_create_con_cp cp; 73 int err; 74 75 KASSERT(unit); 76 KASSERT(bdaddr); 77 78 link = hci_link_lookup_bdaddr(unit, bdaddr, HCI_LINK_ACL); 79 if (link == NULL) { 80 link = hci_link_alloc(unit); 81 if (link == NULL) 82 return NULL; 83 84 link->hl_type = HCI_LINK_ACL; 85 bdaddr_copy(&link->hl_bdaddr, bdaddr); 86 } 87 88 switch(link->hl_state) { 89 case HCI_LINK_CLOSED: 90 /* 91 * open connection to remote device 92 */ 93 memset(&cp, 0, sizeof(cp)); 94 bdaddr_copy(&cp.bdaddr, bdaddr); 95 cp.pkt_type = htole16(unit->hci_packet_type); 96 97 memo = hci_memo_find(unit, bdaddr); 98 if (memo != NULL) { 99 cp.page_scan_rep_mode = memo->response.page_scan_rep_mode; 100 cp.page_scan_mode = memo->response.page_scan_mode; 101 cp.clock_offset = memo->response.clock_offset; 102 } 103 104 if (unit->hci_link_policy & HCI_LINK_POLICY_ENABLE_ROLE_SWITCH) 105 cp.accept_role_switch = 1; 106 107 err = hci_send_cmd(unit, HCI_CMD_CREATE_CON, &cp, sizeof(cp)); 108 if (err) { 109 hci_link_free(link, err); 110 return NULL; 111 } 112 113 link->hl_state = HCI_LINK_WAIT_CONNECT; 114 break; 115 116 case HCI_LINK_WAIT_CONNECT: 117 /* 118 * somebody else already trying to connect, we just 119 * sit on the bench with them.. 120 */ 121 break; 122 123 case HCI_LINK_OPEN: 124 /* 125 * If already open, halt any expiry timeouts. We dont need 126 * to care about already invoking timeouts since refcnt >0 127 * will keep the link alive. 128 */ 129 callout_stop(&link->hl_expire); 130 break; 131 132 default: 133 UNKNOWN(link->hl_state); 134 return NULL; 135 } 136 137 /* open */ 138 link->hl_refcnt++; 139 140 return link; 141 } 142 143 /* 144 * Close ACL connection. When there are no more references to this link, 145 * we can either close it down or schedule a delayed closedown. 146 */ 147 void 148 hci_acl_close(struct hci_link *link, int err) 149 { 150 151 KASSERT(link); 152 153 if (--link->hl_refcnt == 0) { 154 if (link->hl_state == HCI_LINK_CLOSED) 155 hci_link_free(link, err); 156 else if (hci_acl_expiry > 0) 157 callout_schedule(&link->hl_expire, hci_acl_expiry * hz); 158 } 159 } 160 161 /* 162 * Incoming ACL connection. 163 * 164 * For now, we accept all connections but it would be better to check 165 * the L2CAP listen list and only accept when there is a listener 166 * available. 167 * 168 * There should not be a link to the same bdaddr already, we check 169 * anyway though its left unhandled for now. 170 */ 171 struct hci_link * 172 hci_acl_newconn(struct hci_unit *unit, bdaddr_t *bdaddr) 173 { 174 struct hci_link *link; 175 176 link = hci_link_lookup_bdaddr(unit, bdaddr, HCI_LINK_ACL); 177 if (link != NULL) 178 return NULL; 179 180 link = hci_link_alloc(unit); 181 if (link != NULL) { 182 link->hl_state = HCI_LINK_WAIT_CONNECT; 183 link->hl_type = HCI_LINK_ACL; 184 bdaddr_copy(&link->hl_bdaddr, bdaddr); 185 186 if (hci_acl_expiry > 0) 187 callout_schedule(&link->hl_expire, hci_acl_expiry * hz); 188 } 189 190 return link; 191 } 192 193 void 194 hci_acl_timeout(void *arg) 195 { 196 struct hci_link *link = arg; 197 hci_discon_cp cp; 198 int s, err; 199 200 s = splsoftnet(); 201 callout_ack(&link->hl_expire); 202 203 if (link->hl_refcnt > 0) 204 goto out; 205 206 DPRINTF("link #%d expired\n", link->hl_handle); 207 208 switch (link->hl_state) { 209 case HCI_LINK_CLOSED: 210 case HCI_LINK_WAIT_CONNECT: 211 hci_link_free(link, ECONNRESET); 212 break; 213 214 case HCI_LINK_OPEN: 215 cp.con_handle = htole16(link->hl_handle); 216 cp.reason = 0x13; /* "Remote User Terminated Connection" */ 217 218 err = hci_send_cmd(link->hl_unit, HCI_CMD_DISCONNECT, 219 &cp, sizeof(cp)); 220 221 if (err) 222 DPRINTF("error %d sending HCI_CMD_DISCONNECT\n", 223 err); 224 225 break; 226 227 default: 228 UNKNOWN(link->hl_state); 229 break; 230 } 231 232 out: 233 splx(s); 234 } 235 236 /* 237 * Receive ACL Data 238 * 239 * we accumulate packet fragments on the hci_link structure 240 * until a full L2CAP frame is ready, then send it on. 241 */ 242 void 243 hci_acl_recv(struct mbuf *m, struct hci_unit *unit) 244 { 245 struct hci_link *link; 246 hci_acldata_hdr_t hdr; 247 uint16_t handle, want; 248 int pb, got; 249 250 KASSERT(m); 251 KASSERT(unit); 252 253 KASSERT(m->m_pkthdr.len >= sizeof(hdr)); 254 m_copydata(m, 0, sizeof(hdr), &hdr); 255 m_adj(m, sizeof(hdr)); 256 257 #ifdef DIAGNOSTIC 258 if (hdr.type != HCI_ACL_DATA_PKT) { 259 printf("%s: bad ACL packet type\n", unit->hci_devname); 260 goto bad; 261 } 262 263 if (m->m_pkthdr.len != le16toh(hdr.length)) { 264 printf("%s: bad ACL packet length\n", unit->hci_devname); 265 goto bad; 266 } 267 #endif 268 269 hdr.length = le16toh(hdr.length); 270 hdr.con_handle = le16toh(hdr.con_handle); 271 handle = HCI_CON_HANDLE(hdr.con_handle); 272 pb = HCI_PB_FLAG(hdr.con_handle); 273 274 link = hci_link_lookup_handle(unit, handle); 275 if (link == NULL) { 276 hci_discon_cp cp; 277 278 DPRINTF("%s: dumping packet for unknown handle #%d\n", 279 unit->hci_devname, handle); 280 281 /* 282 * There is no way to find out what this connection handle is 283 * for, just get rid of it. This may happen, if a USB dongle 284 * is plugged into a self powered hub and does not reset when 285 * the system is shut down. 286 */ 287 cp.con_handle = htole16(handle); 288 cp.reason = 0x13; /* "Remote User Terminated Connection" */ 289 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &cp, sizeof(cp)); 290 goto bad; 291 } 292 293 switch (pb) { 294 case HCI_PACKET_START: 295 if (link->hl_rxp != NULL) 296 printf("%s: dropped incomplete ACL packet\n", 297 unit->hci_devname); 298 299 if (m->m_pkthdr.len < sizeof(l2cap_hdr_t)) { 300 printf("%s: short ACL packet\n", 301 unit->hci_devname); 302 303 goto bad; 304 } 305 306 link->hl_rxp = m; 307 got = m->m_pkthdr.len; 308 break; 309 310 case HCI_PACKET_FRAGMENT: 311 if (link->hl_rxp == NULL) { 312 printf("%s: unexpected packet fragment\n", 313 unit->hci_devname); 314 315 goto bad; 316 } 317 318 got = m->m_pkthdr.len + link->hl_rxp->m_pkthdr.len; 319 m_cat(link->hl_rxp, m); 320 m = link->hl_rxp; 321 m->m_pkthdr.len = got; 322 break; 323 324 default: 325 printf("%s: unknown packet type\n", 326 unit->hci_devname); 327 328 goto bad; 329 } 330 331 m_copydata(m, 0, sizeof(want), &want); 332 want = le16toh(want) + sizeof(l2cap_hdr_t) - got; 333 334 if (want > 0) 335 return; 336 337 link->hl_rxp = NULL; 338 339 if (want == 0) { 340 l2cap_recv_frame(m, link); 341 return; 342 } 343 344 bad: 345 m_freem(m); 346 } 347 348 /* 349 * Send ACL data on link 350 * 351 * We must fragment packets into chunks of less than unit->hci_max_acl_size and 352 * prepend a relevant ACL header to each fragment. We keep a PDU structure 353 * attached to the link, so that completed fragments can be marked off and 354 * more data requested from above once the PDU is sent. 355 */ 356 int 357 hci_acl_send(struct mbuf *m, struct hci_link *link, 358 struct l2cap_channel *chan) 359 { 360 struct l2cap_pdu *pdu; 361 struct mbuf *n = NULL; 362 int plen, mlen, num = 0; 363 364 KASSERT(link); 365 KASSERT(m); 366 KASSERT(m->m_flags & M_PKTHDR); 367 KASSERT(m->m_pkthdr.len > 0); 368 369 if (link->hl_state == HCI_LINK_CLOSED) { 370 m_freem(m); 371 return ENETDOWN; 372 } 373 374 pdu = pool_get(&l2cap_pdu_pool, PR_NOWAIT); 375 if (pdu == NULL) 376 goto nomem; 377 378 pdu->lp_chan = chan; 379 pdu->lp_pending = 0; 380 MBUFQ_INIT(&pdu->lp_data); 381 382 plen = m->m_pkthdr.len; 383 mlen = link->hl_unit->hci_max_acl_size; 384 385 DPRINTFN(5, "%s: handle #%d, plen = %d, max = %d\n", 386 link->hl_unit->hci_devname, link->hl_handle, plen, mlen); 387 388 while (plen > 0) { 389 if (plen > mlen) { 390 n = m_split(m, mlen, M_DONTWAIT); 391 if (n == NULL) 392 goto nomem; 393 } else { 394 mlen = plen; 395 } 396 397 if (num++ == 0) 398 m->m_flags |= M_PROTO1; /* tag first fragment */ 399 400 DPRINTFN(10, "chunk of %d (plen = %d) bytes\n", mlen, plen); 401 MBUFQ_ENQUEUE(&pdu->lp_data, m); 402 m = n; 403 plen -= mlen; 404 } 405 406 TAILQ_INSERT_TAIL(&link->hl_txq, pdu, lp_next); 407 link->hl_txqlen += num; 408 409 hci_acl_start(link); 410 411 return 0; 412 413 nomem: 414 if (m) m_freem(m); 415 if (n) m_freem(n); 416 if (pdu) { 417 MBUFQ_DRAIN(&pdu->lp_data); 418 pool_put(&l2cap_pdu_pool, pdu); 419 } 420 421 return ENOMEM; 422 } 423 424 /* 425 * Start sending ACL data on link. 426 * 427 * We may use all the available packet slots. The reason that we add 428 * the ACL encapsulation here rather than in hci_acl_send() is that L2CAP 429 * signal packets may be queued before the handle is given to us.. 430 * 431 * this is called from hci_acl_send() above, and the event processing 432 * code (for CON_COMPL and NUM_COMPL_PKTS) 433 */ 434 void 435 hci_acl_start(struct hci_link *link) 436 { 437 struct hci_unit *unit; 438 hci_acldata_hdr_t *hdr; 439 struct l2cap_pdu *pdu; 440 struct mbuf *m; 441 uint16_t handle; 442 443 KASSERT(link); 444 445 unit = link->hl_unit; 446 KASSERT(unit); 447 448 /* this is mainly to block ourselves (below) */ 449 if (link->hl_state != HCI_LINK_OPEN) 450 return; 451 452 if (link->hl_txqlen == 0 || unit->hci_num_acl_pkts == 0) 453 return; 454 455 /* find first PDU with data to send */ 456 pdu = TAILQ_FIRST(&link->hl_txq); 457 for (;;) { 458 if (pdu == NULL) 459 return; 460 461 if (MBUFQ_FIRST(&pdu->lp_data) != NULL) 462 break; 463 464 pdu = TAILQ_NEXT(pdu, lp_next); 465 } 466 467 while (unit->hci_num_acl_pkts > 0) { 468 MBUFQ_DEQUEUE(&pdu->lp_data, m); 469 KASSERT(m != NULL); 470 471 if (m->m_flags & M_PROTO1) 472 handle = HCI_MK_CON_HANDLE(link->hl_handle, 473 HCI_PACKET_START, 0); 474 else 475 handle = HCI_MK_CON_HANDLE(link->hl_handle, 476 HCI_PACKET_FRAGMENT, 0); 477 478 M_PREPEND(m, sizeof(*hdr), M_DONTWAIT); 479 if (m == NULL) 480 break; 481 482 hdr = mtod(m, hci_acldata_hdr_t *); 483 hdr->type = HCI_ACL_DATA_PKT; 484 hdr->con_handle = htole16(handle); 485 hdr->length = htole16(m->m_pkthdr.len - sizeof(*hdr)); 486 487 link->hl_txqlen--; 488 pdu->lp_pending++; 489 490 hci_output_acl(unit, m); 491 492 if (MBUFQ_FIRST(&pdu->lp_data) == NULL) { 493 if (pdu->lp_chan) { 494 /* 495 * This should enable streaming of PDUs - when 496 * we have placed all the fragments on the acl 497 * output queue, we trigger the L2CAP layer to 498 * send us down one more. Use a false state so 499 * we dont run into ourselves coming back from 500 * the future.. 501 */ 502 link->hl_state = HCI_LINK_BLOCK; 503 l2cap_start(pdu->lp_chan); 504 link->hl_state = HCI_LINK_OPEN; 505 } 506 507 pdu = TAILQ_NEXT(pdu, lp_next); 508 if (pdu == NULL) 509 break; 510 } 511 } 512 513 /* 514 * We had our turn now, move to the back of the queue to let 515 * other links have a go at the output buffers.. 516 */ 517 if (TAILQ_NEXT(link, hl_next)) { 518 TAILQ_REMOVE(&unit->hci_links, link, hl_next); 519 TAILQ_INSERT_TAIL(&unit->hci_links, link, hl_next); 520 } 521 } 522 523 /* 524 * Confirm ACL packets cleared from Controller buffers. We scan our PDU 525 * list to clear pending fragments and signal upstream for more data 526 * when a PDU is complete. 527 */ 528 void 529 hci_acl_complete(struct hci_link *link, int num) 530 { 531 struct l2cap_pdu *pdu; 532 struct l2cap_channel *chan; 533 534 DPRINTFN(5, "handle #%d (%d)\n", link->hl_handle, num); 535 536 while (num > 0) { 537 pdu = TAILQ_FIRST(&link->hl_txq); 538 if (pdu == NULL) { 539 printf("%s: %d packets completed on handle #%x " 540 "but none pending!\n", 541 link->hl_unit->hci_devname, num, 542 link->hl_handle); 543 return; 544 } 545 546 if (num >= pdu->lp_pending) { 547 num -= pdu->lp_pending; 548 pdu->lp_pending = 0; 549 550 if (MBUFQ_FIRST(&pdu->lp_data) == NULL) { 551 TAILQ_REMOVE(&link->hl_txq, pdu, lp_next); 552 chan = pdu->lp_chan; 553 if (chan != NULL) { 554 chan->lc_pending--; 555 (*chan->lc_proto->complete) 556 (chan->lc_upper, 1); 557 558 if (chan->lc_pending == 0) 559 l2cap_start(chan); 560 } 561 562 pool_put(&l2cap_pdu_pool, pdu); 563 } 564 } else { 565 pdu->lp_pending -= num; 566 num = 0; 567 } 568 } 569 } 570 571 /******************************************************************************* 572 * 573 * HCI SCO Connections 574 */ 575 576 /* 577 * Incoming SCO Connection. We check the list for anybody willing 578 * to take it. 579 */ 580 struct hci_link * 581 hci_sco_newconn(struct hci_unit *unit, bdaddr_t *bdaddr) 582 { 583 struct sockaddr_bt laddr, raddr; 584 struct sco_pcb *pcb, *new; 585 struct hci_link *sco, *acl; 586 587 memset(&laddr, 0, sizeof(laddr)); 588 laddr.bt_len = sizeof(laddr); 589 laddr.bt_family = AF_BLUETOOTH; 590 bdaddr_copy(&laddr.bt_bdaddr, &unit->hci_bdaddr); 591 592 memset(&raddr, 0, sizeof(raddr)); 593 raddr.bt_len = sizeof(raddr); 594 raddr.bt_family = AF_BLUETOOTH; 595 bdaddr_copy(&raddr.bt_bdaddr, bdaddr); 596 597 /* 598 * There should already be an ACL link up and running before 599 * the controller sends us SCO connection requests, but you 600 * never know.. 601 */ 602 acl = hci_link_lookup_bdaddr(unit, bdaddr, HCI_LINK_ACL); 603 if (acl == NULL || acl->hl_state != HCI_LINK_OPEN) 604 return NULL; 605 606 LIST_FOREACH(pcb, &sco_pcb, sp_next) { 607 if ((pcb->sp_flags & SP_LISTENING) == 0) 608 continue; 609 610 new = (*pcb->sp_proto->newconn)(pcb->sp_upper, &laddr, &raddr); 611 if (new == NULL) 612 continue; 613 614 /* 615 * Ok, got new pcb so we can start a new link and fill 616 * in all the details. 617 */ 618 bdaddr_copy(&new->sp_laddr, &unit->hci_bdaddr); 619 bdaddr_copy(&new->sp_raddr, bdaddr); 620 621 sco = hci_link_alloc(unit); 622 if (sco == NULL) { 623 sco_detach(&new); 624 return NULL; 625 } 626 627 sco->hl_type = HCI_LINK_SCO; 628 bdaddr_copy(&sco->hl_bdaddr, bdaddr); 629 630 sco->hl_link = hci_acl_open(unit, bdaddr); 631 KASSERT(sco->hl_link == acl); 632 633 sco->hl_sco = new; 634 new->sp_link = sco; 635 636 new->sp_mtu = unit->hci_max_sco_size; 637 return sco; 638 } 639 640 return NULL; 641 } 642 643 /* 644 * receive SCO packet, we only need to strip the header and send 645 * it to the right handler 646 */ 647 void 648 hci_sco_recv(struct mbuf *m, struct hci_unit *unit) 649 { 650 struct hci_link *link; 651 hci_scodata_hdr_t hdr; 652 uint16_t handle; 653 654 KASSERT(m); 655 KASSERT(unit); 656 657 KASSERT(m->m_pkthdr.len >= sizeof(hdr)); 658 m_copydata(m, 0, sizeof(hdr), &hdr); 659 m_adj(m, sizeof(hdr)); 660 661 #ifdef DIAGNOSTIC 662 if (hdr.type != HCI_SCO_DATA_PKT) { 663 printf("%s: bad SCO packet type\n", unit->hci_devname); 664 goto bad; 665 } 666 667 if (m->m_pkthdr.len != hdr.length) { 668 printf("%s: bad SCO packet length (%d != %d)\n", unit->hci_devname, m->m_pkthdr.len, hdr.length); 669 goto bad; 670 } 671 #endif 672 673 hdr.con_handle = le16toh(hdr.con_handle); 674 handle = HCI_CON_HANDLE(hdr.con_handle); 675 676 link = hci_link_lookup_handle(unit, handle); 677 if (link == NULL || link->hl_type == HCI_LINK_ACL) { 678 DPRINTF("%s: dumping packet for unknown handle #%d\n", 679 unit->hci_devname, handle); 680 681 goto bad; 682 } 683 684 (*link->hl_sco->sp_proto->input)(link->hl_sco->sp_upper, m); 685 return; 686 687 bad: 688 m_freem(m); 689 } 690 691 void 692 hci_sco_start(struct hci_link *link) 693 { 694 } 695 696 /* 697 * SCO packets have completed at the controller, so we can 698 * signal up to free the buffer space. 699 */ 700 void 701 hci_sco_complete(struct hci_link *link, int num) 702 { 703 704 DPRINTFN(5, "handle #%d (num=%d)\n", link->hl_handle, num); 705 link->hl_sco->sp_pending--; 706 (*link->hl_sco->sp_proto->complete)(link->hl_sco->sp_upper, num); 707 } 708 709 /******************************************************************************* 710 * 711 * Generic HCI Connection alloc/free/lookup etc 712 */ 713 714 struct hci_link * 715 hci_link_alloc(struct hci_unit *unit) 716 { 717 struct hci_link *link; 718 719 KASSERT(unit); 720 721 link = malloc(sizeof(struct hci_link), M_BLUETOOTH, M_NOWAIT | M_ZERO); 722 if (link == NULL) 723 return NULL; 724 725 link->hl_unit = unit; 726 link->hl_state = HCI_LINK_CLOSED; 727 728 /* init ACL portion */ 729 callout_init(&link->hl_expire); 730 callout_setfunc(&link->hl_expire, hci_acl_timeout, link); 731 732 TAILQ_INIT(&link->hl_txq); /* outgoing packets */ 733 TAILQ_INIT(&link->hl_reqs); /* request queue */ 734 735 link->hl_mtu = L2CAP_MTU_DEFAULT; /* L2CAP signal mtu */ 736 link->hl_flush = L2CAP_FLUSH_TIMO_DEFAULT; /* flush timeout */ 737 738 /* init SCO portion */ 739 MBUFQ_INIT(&link->hl_data); 740 741 /* attach to unit */ 742 TAILQ_INSERT_HEAD(&unit->hci_links, link, hl_next); 743 return link; 744 } 745 746 void 747 hci_link_free(struct hci_link *link, int err) 748 { 749 struct l2cap_req *req; 750 struct l2cap_pdu *pdu; 751 struct l2cap_channel *chan, *next; 752 753 KASSERT(link); 754 755 DPRINTF("#%d, type = %d, state = %d, refcnt = %d\n", 756 link->hl_handle, link->hl_type, 757 link->hl_state, link->hl_refcnt); 758 759 /* ACL reference count */ 760 if (link->hl_refcnt > 0) { 761 next = LIST_FIRST(&l2cap_active_list); 762 while ((chan = next) != NULL) { 763 next = LIST_NEXT(chan, lc_ncid); 764 if (chan->lc_link == link) 765 l2cap_close(chan, err); 766 } 767 } 768 KASSERT(link->hl_refcnt == 0); 769 770 /* ACL L2CAP requests.. */ 771 while ((req = TAILQ_FIRST(&link->hl_reqs)) != NULL) 772 l2cap_request_free(req); 773 774 KASSERT(TAILQ_EMPTY(&link->hl_reqs)); 775 776 /* ACL outgoing data queue */ 777 while ((pdu = TAILQ_FIRST(&link->hl_txq)) != NULL) { 778 TAILQ_REMOVE(&link->hl_txq, pdu, lp_next); 779 MBUFQ_DRAIN(&pdu->lp_data); 780 if (pdu->lp_pending) 781 link->hl_unit->hci_num_acl_pkts += pdu->lp_pending; 782 783 pool_put(&l2cap_pdu_pool, pdu); 784 } 785 786 KASSERT(TAILQ_EMPTY(&link->hl_txq)); 787 788 /* ACL incoming data packet */ 789 if (link->hl_rxp != NULL) { 790 m_freem(link->hl_rxp); 791 link->hl_rxp = NULL; 792 } 793 794 /* SCO master ACL link */ 795 if (link->hl_link != NULL) { 796 hci_acl_close(link->hl_link, err); 797 link->hl_link = NULL; 798 } 799 800 /* SCO pcb */ 801 if (link->hl_sco != NULL) { 802 struct sco_pcb *pcb; 803 804 pcb = link->hl_sco; 805 pcb->sp_link = NULL; 806 link->hl_sco = NULL; 807 (*pcb->sp_proto->disconnected)(pcb->sp_upper, err); 808 } 809 810 /* flush any SCO data */ 811 MBUFQ_DRAIN(&link->hl_data); 812 813 /* 814 * Halt the callout - if its already running we cannot free the 815 * link structure but the timeout function will call us back in 816 * any case. 817 */ 818 link->hl_state = HCI_LINK_CLOSED; 819 callout_stop(&link->hl_expire); 820 if (callout_invoking(&link->hl_expire)) 821 return; 822 823 TAILQ_REMOVE(&link->hl_unit->hci_links, link, hl_next); 824 free(link, M_BLUETOOTH); 825 } 826 827 /* 828 * Lookup HCI link by address and type. Note that for SCO links there may 829 * be more than one link per address, so we only return links with no 830 * handle (ie new links) 831 */ 832 struct hci_link * 833 hci_link_lookup_bdaddr(struct hci_unit *unit, bdaddr_t *bdaddr, uint16_t type) 834 { 835 struct hci_link *link; 836 837 KASSERT(unit); 838 KASSERT(bdaddr); 839 840 TAILQ_FOREACH(link, &unit->hci_links, hl_next) { 841 if (link->hl_type != type) 842 continue; 843 844 if (type == HCI_LINK_SCO && link->hl_handle != 0) 845 continue; 846 847 if (bdaddr_same(&link->hl_bdaddr, bdaddr)) 848 break; 849 } 850 851 return link; 852 } 853 854 struct hci_link * 855 hci_link_lookup_handle(struct hci_unit *unit, uint16_t handle) 856 { 857 struct hci_link *link; 858 859 KASSERT(unit); 860 861 TAILQ_FOREACH(link, &unit->hci_links, hl_next) { 862 if (handle == link->hl_handle) 863 break; 864 } 865 866 return link; 867 } 868
Indexes created Mon Sep 22 21:09:42 GMT 2025