hci_socket.c revision 1.2
1 /* $NetBSD: hci_socket.c,v 1.2 2006/07/23 22:06:13 ad Exp $ */ 2 3 /*- 4 * Copyright (c) 2005 Iain Hibbert. 5 * Copyright (c) 2006 Itronix Inc. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of Itronix Inc. may not be used to endorse 17 * or promote products derived from this software without specific 18 * prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: hci_socket.c,v 1.2 2006/07/23 22:06:13 ad Exp $"); 35 36 #include "opt_bluetooth.h" 37 #ifdef BLUETOOTH_DEBUG 38 #define PRUREQUESTS 39 #define PRCOREQUESTS 40 #endif 41 42 #include <sys/param.h> 43 #include <sys/domain.h> 44 #include <sys/kauth.h> 45 #include <sys/kernel.h> 46 #include <sys/mbuf.h> 47 #include <sys/proc.h> 48 #include <sys/protosw.h> 49 #include <sys/socket.h> 50 #include <sys/socketvar.h> 51 #include <sys/systm.h> 52 53 #include <netbt/bluetooth.h> 54 #include <netbt/hci.h> 55 56 /******************************************************************************* 57 * 58 * HCI SOCK_RAW Sockets - for control of Bluetooth Devices 59 * 60 */ 61 62 /* 63 * the raw HCI protocol control block 64 */ 65 struct hci_pcb { 66 struct socket *hp_socket; /* socket */ 67 unsigned int hp_flags; /* flags */ 68 bdaddr_t hp_laddr; /* local address */ 69 bdaddr_t hp_raddr; /* remote address */ 70 struct hci_filter hp_efilter; /* user event filter */ 71 struct hci_filter hp_pfilter; /* user packet filter */ 72 LIST_ENTRY(hci_pcb) hp_next; /* next HCI pcb */ 73 }; 74 75 /* hp_flags */ 76 #define HCI_PRIVILEGED (1<<0) /* no security filter for root */ 77 #define HCI_DIRECTION (1<<1) /* direction control messages */ 78 #define HCI_PROMISCUOUS (1<<2) /* listen to all units */ 79 80 LIST_HEAD(hci_pcb_list, hci_pcb) hci_pcb = LIST_HEAD_INITIALIZER(hci_pcb); 81 82 /* sysctl defaults */ 83 int hci_sendspace = HCI_CMD_PKT_SIZE; 84 int hci_recvspace = 4096; 85 86 /* 87 * Security filter routines 88 * The security mask is an bit array. 89 * If the bit is set, the opcode/event is permitted. 90 * I only allocate the security mask if needed, and give it back 91 * if requested as its quite a chunk. This could no doubt be made 92 * somewhat bit more memory efficient given that most OGF/OCF's are 93 * not used, but this way is quick. 94 */ 95 #define HCI_OPCODE_MASK_SIZE 0x800 96 97 uint32_t *hci_event_mask = NULL; 98 uint32_t *hci_opcode_mask = NULL; 99 100 static __inline int 101 hci_security_check_opcode(uint16_t opcode) 102 { 103 104 return (hci_opcode_mask[opcode >> 5] & (1 << (opcode & 0x1f))); 105 } 106 107 static __inline int 108 hci_security_check_event(uint8_t event) 109 { 110 111 return (hci_event_mask[event >> 5] & (1 << (event & 0x1f))); 112 } 113 114 static __inline void 115 hci_security_set_opcode(uint16_t opcode) 116 { 117 118 hci_opcode_mask[opcode >> 5] |= (1 << (opcode & 0x1f)); 119 } 120 121 static __inline void 122 hci_security_clr_event(uint8_t event) 123 { 124 125 hci_event_mask[event >> 5] &= ~(1 << (event & 0x1f)); 126 } 127 128 static int 129 hci_security_init(void) 130 { 131 132 if (hci_event_mask) 133 return 0; 134 135 // XXX could wait? 136 hci_event_mask = malloc(HCI_EVENT_MASK_SIZE + HCI_OPCODE_MASK_SIZE, 137 M_BLUETOOTH, M_NOWAIT | M_ZERO); 138 if (hci_event_mask == NULL) { 139 DPRINTF("no memory\n"); 140 return ENOMEM; 141 } 142 143 hci_opcode_mask = hci_event_mask + HCI_EVENT_MASK_SIZE; 144 145 /* Events */ 146 /* enable all but a few critical events */ 147 memset(hci_event_mask, 0xff, 148 HCI_EVENT_MASK_SIZE * sizeof(*hci_event_mask)); 149 hci_security_clr_event(HCI_EVENT_RETURN_LINK_KEYS); 150 hci_security_clr_event(HCI_EVENT_LINK_KEY_NOTIFICATION); 151 hci_security_clr_event(HCI_EVENT_VENDOR); 152 153 /* Commands - Link control */ 154 hci_security_set_opcode(HCI_CMD_INQUIRY); 155 hci_security_set_opcode(HCI_CMD_REMOTE_NAME_REQ); 156 hci_security_set_opcode(HCI_CMD_READ_REMOTE_FEATURES); 157 hci_security_set_opcode(HCI_CMD_READ_REMOTE_EXTENDED_FEATURES); 158 hci_security_set_opcode(HCI_CMD_READ_REMOTE_VER_INFO); 159 hci_security_set_opcode(HCI_CMD_READ_CLOCK_OFFSET); 160 hci_security_set_opcode(HCI_CMD_READ_LMP_HANDLE); 161 162 /* Commands - Link policy */ 163 hci_security_set_opcode(HCI_CMD_ROLE_DISCOVERY); 164 hci_security_set_opcode(HCI_CMD_READ_LINK_POLICY_SETTINGS); 165 hci_security_set_opcode(HCI_CMD_READ_DEFAULT_LINK_POLICY_SETTINGS); 166 167 /* Commands - Host controller and baseband */ 168 hci_security_set_opcode(HCI_CMD_READ_PIN_TYPE); 169 hci_security_set_opcode(HCI_CMD_READ_LOCAL_NAME); 170 hci_security_set_opcode(HCI_CMD_READ_CON_ACCEPT_TIMEOUT); 171 hci_security_set_opcode(HCI_CMD_READ_PAGE_TIMEOUT); 172 hci_security_set_opcode(HCI_CMD_READ_SCAN_ENABLE); 173 hci_security_set_opcode(HCI_CMD_READ_PAGE_SCAN_ACTIVITY); 174 hci_security_set_opcode(HCI_CMD_READ_INQUIRY_SCAN_ACTIVITY); 175 hci_security_set_opcode(HCI_CMD_READ_AUTH_ENABLE); 176 hci_security_set_opcode(HCI_CMD_READ_ENCRYPTION_MODE); 177 hci_security_set_opcode(HCI_CMD_READ_UNIT_CLASS); 178 hci_security_set_opcode(HCI_CMD_READ_VOICE_SETTING); 179 hci_security_set_opcode(HCI_CMD_READ_AUTO_FLUSH_TIMEOUT); 180 hci_security_set_opcode(HCI_CMD_READ_NUM_BROADCAST_RETRANS); 181 hci_security_set_opcode(HCI_CMD_READ_HOLD_MODE_ACTIVITY); 182 hci_security_set_opcode(HCI_CMD_READ_XMIT_LEVEL); 183 hci_security_set_opcode(HCI_CMD_READ_SCO_FLOW_CONTROL); 184 hci_security_set_opcode(HCI_CMD_READ_LINK_SUPERVISION_TIMEOUT); 185 hci_security_set_opcode(HCI_CMD_READ_NUM_SUPPORTED_IAC); 186 hci_security_set_opcode(HCI_CMD_READ_IAC_LAP); 187 hci_security_set_opcode(HCI_CMD_READ_PAGE_SCAN_PERIOD); 188 hci_security_set_opcode(HCI_CMD_READ_PAGE_SCAN); 189 hci_security_set_opcode(HCI_CMD_READ_INQUIRY_SCAN_TYPE); 190 hci_security_set_opcode(HCI_CMD_READ_INQUIRY_MODE); 191 hci_security_set_opcode(HCI_CMD_READ_PAGE_SCAN_TYPE); 192 hci_security_set_opcode(HCI_CMD_READ_AFH_ASSESSMENT); 193 194 /* Commands - Informational */ 195 hci_security_set_opcode(HCI_CMD_READ_LOCAL_VER); 196 hci_security_set_opcode(HCI_CMD_READ_LOCAL_COMMANDS); 197 hci_security_set_opcode(HCI_CMD_READ_LOCAL_FEATURES); 198 hci_security_set_opcode(HCI_CMD_READ_LOCAL_EXTENDED_FEATURES); 199 hci_security_set_opcode(HCI_CMD_READ_BUFFER_SIZE); 200 hci_security_set_opcode(HCI_CMD_READ_COUNTRY_CODE); 201 hci_security_set_opcode(HCI_CMD_READ_BDADDR); 202 203 /* Commands - Status */ 204 hci_security_set_opcode(HCI_CMD_READ_FAILED_CONTACT_CNTR); 205 hci_security_set_opcode(HCI_CMD_READ_LINK_QUALITY); 206 hci_security_set_opcode(HCI_CMD_READ_RSSI); 207 hci_security_set_opcode(HCI_CMD_READ_AFH_CHANNEL_MAP); 208 hci_security_set_opcode(HCI_CMD_READ_CLOCK); 209 210 /* Commands - Testing */ 211 hci_security_set_opcode(HCI_CMD_READ_LOOPBACK_MODE); 212 213 return 0; 214 } 215 216 /* 217 * When command packet reaches the device, we can drop 218 * it from the socket buffer (called from hci_output_acl) 219 */ 220 void 221 hci_drop(void *arg) 222 { 223 struct socket *so = arg; 224 225 sbdroprecord(&so->so_snd); 226 sowwakeup(so); 227 } 228 229 /* 230 * HCI socket is going away and has some pending packets. We let them 231 * go by design, but remove the context pointer as it will be invalid 232 * and we no longer need to be notified. 233 */ 234 static void 235 hci_cmdwait_flush(struct socket *so) 236 { 237 struct hci_unit *unit; 238 struct socket *ctx; 239 struct mbuf *m; 240 241 DPRINTF("flushing %p\n", so); 242 243 SIMPLEQ_FOREACH(unit, &hci_unit_list, hci_next) { 244 m = MBUFQ_FIRST(&unit->hci_cmdwait); 245 while (m != NULL) { 246 ctx = M_GETCTX(m, struct socket *); 247 if (ctx == so) 248 M_SETCTX(m, NULL); 249 250 m = MBUFQ_NEXT(m); 251 } 252 } 253 } 254 255 /* 256 * HCI send packet 257 * This came from userland, so check it out. 258 */ 259 static int 260 hci_send(struct hci_pcb *pcb, struct mbuf *m, bdaddr_t *addr) 261 { 262 struct hci_unit *unit; 263 struct mbuf *m0; 264 hci_cmd_hdr_t hdr; 265 int err; 266 267 KASSERT(m); 268 KASSERT(addr); 269 270 /* wants at least a header to start with */ 271 if (m->m_pkthdr.len < sizeof(hdr)) { 272 err = EMSGSIZE; 273 goto bad; 274 } 275 m_copydata(m, 0, sizeof(hdr), &hdr); 276 277 /* only allows CMD packets to be sent */ 278 if (hdr.type != HCI_CMD_PKT) { 279 err = EINVAL; 280 goto bad; 281 } 282 283 /* validates packet length */ 284 if (m->m_pkthdr.len != sizeof(hdr) + hdr.length) { 285 err = EMSGSIZE; 286 goto bad; 287 } 288 289 /* security checks for unprivileged users */ 290 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0 291 && (hci_security_check_opcode(le16toh(hdr.opcode)) == 0)) { 292 err = EPERM; 293 goto bad; 294 } 295 296 /* finds destination */ 297 unit = hci_unit_lookup(addr); 298 if (unit == NULL) { 299 err = ENETDOWN; 300 goto bad; 301 } 302 303 /* makess a copy for precious to keep */ 304 m0 = m_copypacket(m, M_DONTWAIT); 305 if (m0 == NULL) { 306 err = ENOMEM; 307 goto bad; 308 } 309 sbappendrecord(&pcb->hp_socket->so_snd, m0); 310 M_SETCTX(m, pcb->hp_socket); /* enable drop callback */ 311 312 DPRINTFN(2, "(%s) opcode (%03x|%04x)\n", unit->hci_devname, 313 HCI_OGF(le16toh(hdr.opcode)), HCI_OCF(le16toh(hdr.opcode))); 314 315 /* Sendss it */ 316 if (unit->hci_num_cmd_pkts == 0) 317 MBUFQ_ENQUEUE(&unit->hci_cmdwait, m); 318 else 319 hci_output_cmd(unit, m); 320 321 return 0; 322 323 bad: 324 DPRINTF("packet (%d bytes) not sent (error %d)\n", 325 m->m_pkthdr.len, err); 326 if (m) m_freem(m); 327 return err; 328 } 329 330 /* 331 * User Request. 332 * up is socket 333 * m is either 334 * optional mbuf chain containing message 335 * ioctl command (PRU_CONTROL) 336 * nam is either 337 * optional mbuf chain containing an address 338 * ioctl data (PRU_CONTROL) 339 * optionally, protocol number (PRU_ATTACH) 340 * ctl is optional mbuf chain containing socket options 341 * l is pointer to process requesting action (if any) 342 * 343 * we are responsible for disposing of m and ctl if 344 * they are mbuf chains 345 */ 346 int 347 hci_usrreq(struct socket *up, int req, struct mbuf *m, 348 struct mbuf *nam, struct mbuf *ctl, struct lwp *l) 349 { 350 struct hci_pcb *pcb = (struct hci_pcb *)up->so_pcb; 351 struct sockaddr_bt *sa; 352 int err = 0, flags; 353 354 DPRINTFN(2, "%s\n", prurequests[req]); 355 356 switch(req) { 357 case PRU_CONTROL: 358 return hci_ioctl((unsigned long)m, (void *)nam, l); 359 360 case PRU_PURGEIF: 361 return EOPNOTSUPP; 362 363 case PRU_ATTACH: 364 if (pcb) 365 return EINVAL; 366 367 flags = 0; 368 if (l != NULL && kauth_authorize_generic(l->l_cred, 369 KAUTH_GENERIC_ISSUSER, &l->l_acflag)) { 370 err = hci_security_init(); 371 if (err) 372 return err; 373 } else { 374 flags = HCI_PRIVILEGED; 375 } 376 377 err = soreserve(up, hci_sendspace, hci_recvspace); 378 if (err) 379 return err; 380 381 pcb = malloc(sizeof(struct hci_pcb), M_PCB, M_NOWAIT | M_ZERO); 382 if (pcb == NULL) 383 return ENOMEM; 384 385 up->so_pcb = pcb; 386 pcb->hp_socket = up; 387 pcb->hp_flags = flags; 388 389 /* 390 * Set default user filter. By default, socket only passes 391 * Command_Complete and Command_Status Events. 392 */ 393 hci_filter_set(HCI_EVENT_COMMAND_COMPL, &pcb->hp_efilter); 394 hci_filter_set(HCI_EVENT_COMMAND_STATUS, &pcb->hp_efilter); 395 hci_filter_set(HCI_EVENT_PKT, &pcb->hp_pfilter); 396 397 LIST_INSERT_HEAD(&hci_pcb, pcb, hp_next); 398 399 return 0; 400 } 401 402 /* anything after here *requires* a pcb */ 403 if (pcb == NULL) { 404 err = EINVAL; 405 goto release; 406 } 407 408 switch(req) { 409 case PRU_DISCONNECT: 410 bdaddr_copy(&pcb->hp_raddr, BDADDR_ANY); 411 412 /* XXX we cannot call soisdisconnected() here, as it sets 413 * SS_CANTRCVMORE and SS_CANTSENDMORE. The problem being, 414 * that soisconnected() does not clear these and if you 415 * try to reconnect this socket (which is permitted) you 416 * get a broken pipe when you try to write any data. 417 */ 418 up->so_state &= ~SS_ISCONNECTED; 419 break; 420 421 case PRU_ABORT: 422 soisdisconnected(up); 423 /* fall through to */ 424 case PRU_DETACH: 425 if (up->so_snd.sb_mb != NULL) 426 hci_cmdwait_flush(up); 427 428 up->so_pcb = NULL; 429 LIST_REMOVE(pcb, hp_next); 430 free(pcb, M_PCB); 431 return 0; 432 433 case PRU_BIND: 434 KASSERT(nam); 435 sa = mtod(nam, struct sockaddr_bt *); 436 437 if (sa->bt_len != sizeof(struct sockaddr_bt)) 438 return EINVAL; 439 440 if (sa->bt_family != AF_BLUETOOTH) 441 return EAFNOSUPPORT; 442 443 bdaddr_copy(&pcb->hp_laddr, &sa->bt_bdaddr); 444 445 if (bdaddr_any(&sa->bt_bdaddr)) 446 pcb->hp_flags |= HCI_PROMISCUOUS; 447 else 448 pcb->hp_flags &= ~HCI_PROMISCUOUS; 449 450 return 0; 451 452 case PRU_CONNECT: 453 KASSERT(nam); 454 sa = mtod(nam, struct sockaddr_bt *); 455 456 if (sa->bt_len != sizeof(struct sockaddr_bt)) 457 return EINVAL; 458 459 if (sa->bt_family != AF_BLUETOOTH) 460 return EAFNOSUPPORT; 461 462 if (hci_unit_lookup(&sa->bt_bdaddr) == NULL) 463 return EADDRNOTAVAIL; 464 465 bdaddr_copy(&pcb->hp_raddr, &sa->bt_bdaddr); 466 soisconnected(up); 467 return 0; 468 469 case PRU_PEERADDR: 470 KASSERT(nam); 471 sa = mtod(nam, struct sockaddr_bt *); 472 473 memset(sa, 0, sizeof(struct sockaddr_bt)); 474 nam->m_len = 475 sa->bt_len = sizeof(struct sockaddr_bt); 476 sa->bt_family = AF_BLUETOOTH; 477 bdaddr_copy(&sa->bt_bdaddr, &pcb->hp_raddr); 478 return 0; 479 480 case PRU_SOCKADDR: 481 KASSERT(nam); 482 sa = mtod(nam, struct sockaddr_bt *); 483 484 memset(sa, 0, sizeof(struct sockaddr_bt)); 485 nam->m_len = 486 sa->bt_len = sizeof(struct sockaddr_bt); 487 sa->bt_family = AF_BLUETOOTH; 488 bdaddr_copy(&sa->bt_bdaddr, &pcb->hp_laddr); 489 return 0; 490 491 case PRU_SHUTDOWN: 492 socantsendmore(up); 493 break; 494 495 case PRU_SEND: 496 sa = NULL; 497 if (nam) { 498 sa = mtod(nam, struct sockaddr_bt *); 499 500 if (sa->bt_len != sizeof(struct sockaddr_bt)) { 501 err = EINVAL; 502 goto release; 503 } 504 505 if (sa->bt_family != AF_BLUETOOTH) { 506 err = EAFNOSUPPORT; 507 goto release; 508 } 509 } 510 511 if (ctl) /* have no use for this */ 512 m_freem(ctl); 513 514 return hci_send(pcb, m, (sa ? &sa->bt_bdaddr : &pcb->hp_raddr)); 515 516 case PRU_SENSE: 517 return 0; /* (no sense - Doh!) */ 518 519 case PRU_RCVD: 520 case PRU_RCVOOB: 521 return EOPNOTSUPP; /* (no release) */ 522 523 case PRU_ACCEPT: 524 case PRU_CONNECT2: 525 case PRU_LISTEN: 526 case PRU_SENDOOB: 527 case PRU_FASTTIMO: 528 case PRU_SLOWTIMO: 529 case PRU_PROTORCV: 530 case PRU_PROTOSEND: 531 err = EOPNOTSUPP; 532 break; 533 534 default: 535 UNKNOWN(req); 536 err = EOPNOTSUPP; 537 break; 538 } 539 540 release: 541 if (m) 542 m_freem(m); 543 if (ctl) 544 m_freem(ctl); 545 return err; 546 } 547 548 /* 549 * System is short on memory. 550 */ 551 void 552 hci_drain(void) 553 { 554 555 /* 556 * We can give the security masks back, if there 557 * are no unprivileged sockets in operation.. 558 */ 559 if (hci_event_mask) { 560 struct hci_pcb *pcb; 561 562 LIST_FOREACH(pcb, &hci_pcb, hp_next) { 563 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0) 564 break; 565 } 566 567 if (pcb == NULL) { 568 free(hci_event_mask, M_BLUETOOTH); 569 hci_event_mask = NULL; 570 hci_opcode_mask = NULL; 571 } 572 } 573 } 574 575 /* 576 * get/set socket options 577 */ 578 int 579 hci_ctloutput(int req, struct socket *so, int level, 580 int optname, struct mbuf **opt) 581 { 582 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; 583 struct mbuf *m; 584 int err = 0; 585 586 DPRINTFN(2, "req %s\n", prcorequests[req]); 587 588 if (pcb == NULL) 589 return EINVAL; 590 591 if (level != BTPROTO_HCI) 592 return 0; 593 594 switch(req) { 595 case PRCO_GETOPT: 596 m = m_get(M_WAIT, MT_SOOPTS); 597 switch (optname) { 598 case SO_HCI_EVT_FILTER: 599 m->m_len = sizeof(struct hci_filter); 600 memcpy(mtod(m, void *), &pcb->hp_efilter, m->m_len); 601 break; 602 603 case SO_HCI_PKT_FILTER: 604 m->m_len = sizeof(struct hci_filter); 605 memcpy(mtod(m, void *), &pcb->hp_pfilter, m->m_len); 606 break; 607 608 case SO_HCI_DIRECTION: 609 m->m_len = sizeof(int); 610 if (pcb->hp_flags & HCI_DIRECTION) 611 *mtod(m, int *) = 1; 612 else 613 *mtod(m, int *) = 0; 614 break; 615 616 default: 617 err = EINVAL; 618 m_freem(m); 619 m = NULL; 620 break; 621 } 622 *opt = m; 623 break; 624 625 case PRCO_SETOPT: 626 m = *opt; 627 if (m) switch (optname) { 628 case SO_HCI_EVT_FILTER: /* set event filter */ 629 m->m_len = min(m->m_len, sizeof(struct hci_filter)); 630 memcpy(&pcb->hp_efilter, mtod(m, void *), m->m_len); 631 break; 632 633 case SO_HCI_PKT_FILTER: /* set packet filter */ 634 m->m_len = min(m->m_len, sizeof(struct hci_filter)); 635 memcpy(&pcb->hp_pfilter, mtod(m, void *), m->m_len); 636 break; 637 638 case SO_HCI_DIRECTION: /* request direction ctl messages */ 639 if (*mtod(m, int *)) 640 pcb->hp_flags |= HCI_DIRECTION; 641 else 642 pcb->hp_flags &= ~HCI_DIRECTION; 643 break; 644 645 default: 646 err = EINVAL; 647 break; 648 } 649 m_freem(m); 650 break; 651 652 default: 653 err = EINVAL; 654 break; 655 } 656 657 return err; 658 } 659 660 /* 661 * HCI mbuf tap routine 662 * 663 * copy packets to any raw HCI sockets that wish (and are 664 * permitted) to see them 665 */ 666 void 667 hci_mtap(struct mbuf *m, struct hci_unit *unit) 668 { 669 struct hci_pcb *pcb; 670 struct mbuf *m0, *ctlmsg, **ctl; 671 struct sockaddr_bt sa; 672 uint8_t type; 673 uint8_t event; 674 uint16_t opcode; 675 676 KASSERT(m->m_len >= sizeof(type)); 677 678 type = *mtod(m, uint8_t *); 679 680 memset(&sa, 0, sizeof(sa)); 681 sa.bt_len = sizeof(struct sockaddr_bt); 682 sa.bt_family = AF_BLUETOOTH; 683 bdaddr_copy(&sa.bt_bdaddr, &unit->hci_bdaddr); 684 685 LIST_FOREACH(pcb, &hci_pcb, hp_next) { 686 /* 687 * filter according to source address 688 */ 689 if ((pcb->hp_flags & HCI_PROMISCUOUS) == 0 690 && bdaddr_same(&pcb->hp_laddr, &sa.bt_bdaddr) == 0) 691 continue; 692 693 /* 694 * filter according to packet type filter 695 */ 696 if (hci_filter_test(type, &pcb->hp_pfilter) == 0) 697 continue; 698 699 /* 700 * filter according to event/security filters 701 */ 702 switch(type) { 703 case HCI_EVENT_PKT: 704 KASSERT(m->m_len >= sizeof(hci_event_hdr_t)); 705 706 event = mtod(m, hci_event_hdr_t *)->event; 707 708 if (hci_filter_test(event, &pcb->hp_efilter) == 0) 709 continue; 710 711 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0 712 && hci_security_check_event(event) == 0) 713 continue; 714 break; 715 716 case HCI_CMD_PKT: 717 KASSERT(m->m_len >= sizeof(hci_cmd_hdr_t)); 718 719 opcode = le16toh(mtod(m, hci_cmd_hdr_t *)->opcode); 720 721 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0 722 && hci_security_check_opcode(opcode) == 0) 723 continue; 724 break; 725 726 case HCI_ACL_DATA_PKT: 727 case HCI_SCO_DATA_PKT: 728 default: 729 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0) 730 continue; 731 732 break; 733 } 734 735 /* 736 * create control messages 737 */ 738 ctlmsg = NULL; 739 ctl = &ctlmsg; 740 if (pcb->hp_flags & HCI_DIRECTION) { 741 int dir = m->m_flags & M_LINK0 ? 1 : 0; 742 743 *ctl = sbcreatecontrol((caddr_t)&dir, sizeof(dir), 744 SCM_HCI_DIRECTION, BTPROTO_HCI); 745 746 if (*ctl != NULL) 747 ctl = &((*ctl)->m_next); 748 } 749 750 /* 751 * copy to socket 752 */ 753 m0 = m_copypacket(m, M_DONTWAIT); 754 if (m0 && sbappendaddr(&pcb->hp_socket->so_rcv, 755 (struct sockaddr *)&sa, m0, ctlmsg)) { 756 sorwakeup(pcb->hp_socket); 757 } else { 758 m_freem(ctlmsg); 759 m_freem(m0); 760 } 761 } 762 } 763
Indexes created Thu Sep 25 08:09:54 GMT 2025