1 1.22 andvar /* $NetBSD: l2cap_signal.c,v 1.22 2022/12/24 22:33:12 andvar Exp $ */ 2 1.1 gdamore 3 1.1 gdamore /*- 4 1.1 gdamore * Copyright (c) 2005 Iain Hibbert. 5 1.1 gdamore * Copyright (c) 2006 Itronix Inc. 6 1.1 gdamore * All rights reserved. 7 1.1 gdamore * 8 1.1 gdamore * Redistribution and use in source and binary forms, with or without 9 1.1 gdamore * modification, are permitted provided that the following conditions 10 1.1 gdamore * are met: 11 1.1 gdamore * 1. Redistributions of source code must retain the above copyright 12 1.1 gdamore * notice, this list of conditions and the following disclaimer. 13 1.1 gdamore * 2. Redistributions in binary form must reproduce the above copyright 14 1.1 gdamore * notice, this list of conditions and the following disclaimer in the 15 1.1 gdamore * documentation and/or other materials provided with the distribution. 16 1.1 gdamore * 3. The name of Itronix Inc. may not be used to endorse 17 1.1 gdamore * or promote products derived from this software without specific 18 1.1 gdamore * prior written permission. 19 1.1 gdamore * 20 1.1 gdamore * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 21 1.1 gdamore * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 1.1 gdamore * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 1.1 gdamore * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 24 1.1 gdamore * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 1.1 gdamore * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 1.1 gdamore * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 1.1 gdamore * ON ANY THEORY OF LIABILITY, WHETHER IN 28 1.1 gdamore * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 1.1 gdamore * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 1.1 gdamore * POSSIBILITY OF SUCH DAMAGE. 31 1.1 gdamore */ 32 1.1 gdamore 33 1.1 gdamore #include <sys/cdefs.h> 34 1.22 andvar __KERNEL_RCSID(0, "$NetBSD: l2cap_signal.c,v 1.22 2022/12/24 22:33:12 andvar Exp $"); 35 1.1 gdamore 36 1.1 gdamore #include <sys/param.h> 37 1.1 gdamore #include <sys/kernel.h> 38 1.1 gdamore #include <sys/mbuf.h> 39 1.1 gdamore #include <sys/proc.h> 40 1.1 gdamore #include <sys/queue.h> 41 1.1 gdamore #include <sys/systm.h> 42 1.1 gdamore 43 1.1 gdamore #include <netbt/bluetooth.h> 44 1.1 gdamore #include <netbt/hci.h> 45 1.1 gdamore #include <netbt/l2cap.h> 46 1.1 gdamore 47 1.1 gdamore /******************************************************************************* 48 1.1 gdamore * 49 1.1 gdamore * L2CAP Signal processing 50 1.1 gdamore */ 51 1.1 gdamore 52 1.1 gdamore static void l2cap_recv_command_rej(struct mbuf *, struct hci_link *); 53 1.1 gdamore static void l2cap_recv_connect_req(struct mbuf *, struct hci_link *); 54 1.1 gdamore static void l2cap_recv_connect_rsp(struct mbuf *, struct hci_link *); 55 1.1 gdamore static void l2cap_recv_config_req(struct mbuf *, struct hci_link *); 56 1.1 gdamore static void l2cap_recv_config_rsp(struct mbuf *, struct hci_link *); 57 1.1 gdamore static void l2cap_recv_disconnect_req(struct mbuf *, struct hci_link *); 58 1.1 gdamore static void l2cap_recv_disconnect_rsp(struct mbuf *, struct hci_link *); 59 1.1 gdamore static void l2cap_recv_info_req(struct mbuf *, struct hci_link *); 60 1.1 gdamore static int l2cap_send_signal(struct hci_link *, uint8_t, uint8_t, uint16_t, void *); 61 1.18 joerg static int l2cap_send_command_rej(struct hci_link *, uint8_t, int, ...); 62 1.15 plunky static void l2cap_qos_btoh(l2cap_qos_t *, void *); 63 1.15 plunky static void l2cap_qos_htob(void *, l2cap_qos_t *); 64 1.1 gdamore 65 1.1 gdamore /* 66 1.1 gdamore * process incoming signal packets (CID 0x0001). Can contain multiple 67 1.21 andvar * requests/responses. The signal handler should clear the command from 68 1.19 plunky * the mbuf before returning. 69 1.1 gdamore */ 70 1.1 gdamore void 71 1.1 gdamore l2cap_recv_signal(struct mbuf *m, struct hci_link *link) 72 1.1 gdamore { 73 1.1 gdamore l2cap_cmd_hdr_t cmd; 74 1.1 gdamore 75 1.1 gdamore for(;;) { 76 1.19 plunky if (m->m_pkthdr.len < sizeof(cmd)) 77 1.1 gdamore goto finish; 78 1.1 gdamore 79 1.1 gdamore m_copydata(m, 0, sizeof(cmd), &cmd); 80 1.1 gdamore cmd.length = le16toh(cmd.length); 81 1.1 gdamore 82 1.1 gdamore if (m->m_pkthdr.len < sizeof(cmd) + cmd.length) 83 1.1 gdamore goto reject; 84 1.1 gdamore 85 1.1 gdamore DPRINTFN(2, "(%s) code %d, ident %d, len %d\n", 86 1.9 plunky device_xname(link->hl_unit->hci_dev), 87 1.1 gdamore cmd.code, cmd.ident, cmd.length); 88 1.1 gdamore 89 1.1 gdamore switch (cmd.code) { 90 1.1 gdamore case L2CAP_COMMAND_REJ: 91 1.1 gdamore if (cmd.length > sizeof(l2cap_cmd_rej_cp)) 92 1.1 gdamore goto finish; 93 1.1 gdamore 94 1.1 gdamore l2cap_recv_command_rej(m, link); 95 1.1 gdamore break; 96 1.1 gdamore 97 1.1 gdamore case L2CAP_CONNECT_REQ: 98 1.1 gdamore if (cmd.length != sizeof(l2cap_con_req_cp)) 99 1.1 gdamore goto reject; 100 1.1 gdamore 101 1.1 gdamore l2cap_recv_connect_req(m, link); 102 1.1 gdamore break; 103 1.1 gdamore 104 1.1 gdamore case L2CAP_CONNECT_RSP: 105 1.1 gdamore if (cmd.length != sizeof(l2cap_con_rsp_cp)) 106 1.1 gdamore goto finish; 107 1.1 gdamore 108 1.1 gdamore l2cap_recv_connect_rsp(m, link); 109 1.1 gdamore break; 110 1.1 gdamore 111 1.1 gdamore case L2CAP_CONFIG_REQ: 112 1.1 gdamore l2cap_recv_config_req(m, link); 113 1.1 gdamore break; 114 1.1 gdamore 115 1.1 gdamore case L2CAP_CONFIG_RSP: 116 1.1 gdamore l2cap_recv_config_rsp(m, link); 117 1.1 gdamore break; 118 1.1 gdamore 119 1.1 gdamore case L2CAP_DISCONNECT_REQ: 120 1.1 gdamore if (cmd.length != sizeof(l2cap_discon_req_cp)) 121 1.1 gdamore goto reject; 122 1.1 gdamore 123 1.1 gdamore l2cap_recv_disconnect_req(m, link); 124 1.1 gdamore break; 125 1.1 gdamore 126 1.1 gdamore case L2CAP_DISCONNECT_RSP: 127 1.1 gdamore if (cmd.length != sizeof(l2cap_discon_rsp_cp)) 128 1.1 gdamore goto finish; 129 1.1 gdamore 130 1.1 gdamore l2cap_recv_disconnect_rsp(m, link); 131 1.1 gdamore break; 132 1.1 gdamore 133 1.1 gdamore case L2CAP_ECHO_REQ: 134 1.1 gdamore m_adj(m, sizeof(cmd) + cmd.length); 135 1.1 gdamore l2cap_send_signal(link, L2CAP_ECHO_RSP, cmd.ident, 136 1.1 gdamore 0, NULL); 137 1.1 gdamore break; 138 1.1 gdamore 139 1.1 gdamore case L2CAP_ECHO_RSP: 140 1.1 gdamore m_adj(m, sizeof(cmd) + cmd.length); 141 1.1 gdamore break; 142 1.1 gdamore 143 1.1 gdamore case L2CAP_INFO_REQ: 144 1.1 gdamore if (cmd.length != sizeof(l2cap_info_req_cp)) 145 1.1 gdamore goto reject; 146 1.1 gdamore 147 1.1 gdamore l2cap_recv_info_req(m, link); 148 1.1 gdamore break; 149 1.1 gdamore 150 1.1 gdamore case L2CAP_INFO_RSP: 151 1.1 gdamore m_adj(m, sizeof(cmd) + cmd.length); 152 1.1 gdamore break; 153 1.1 gdamore 154 1.1 gdamore default: 155 1.1 gdamore goto reject; 156 1.1 gdamore } 157 1.1 gdamore } 158 1.1 gdamore panic("impossible!"); 159 1.1 gdamore 160 1.1 gdamore reject: 161 1.1 gdamore l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_NOT_UNDERSTOOD); 162 1.1 gdamore finish: 163 1.1 gdamore m_freem(m); 164 1.1 gdamore } 165 1.1 gdamore 166 1.1 gdamore /* 167 1.22 andvar * Process Received Command Reject. For now we don't try to recover gracefully 168 1.1 gdamore * from this, it probably means that the link is garbled or the other end is 169 1.1 gdamore * insufficiently capable of handling normal traffic. (not *my* fault, no way!) 170 1.1 gdamore */ 171 1.1 gdamore static void 172 1.1 gdamore l2cap_recv_command_rej(struct mbuf *m, struct hci_link *link) 173 1.1 gdamore { 174 1.1 gdamore struct l2cap_req *req; 175 1.1 gdamore struct l2cap_channel *chan; 176 1.1 gdamore l2cap_cmd_hdr_t cmd; 177 1.1 gdamore l2cap_cmd_rej_cp cp; 178 1.1 gdamore 179 1.1 gdamore m_copydata(m, 0, sizeof(cmd), &cmd); 180 1.1 gdamore m_adj(m, sizeof(cmd)); 181 1.1 gdamore 182 1.1 gdamore cmd.length = le16toh(cmd.length); 183 1.1 gdamore 184 1.19 plunky /* The length here must contain the reason (2 octets) plus 185 1.19 plunky * any data (0 or more octets) but we already know it is not 186 1.19 plunky * bigger than l2cap_cmd_rej_cp 187 1.19 plunky */ 188 1.1 gdamore m_copydata(m, 0, cmd.length, &cp); 189 1.1 gdamore m_adj(m, cmd.length); 190 1.1 gdamore 191 1.19 plunky if (cmd.length < 2) 192 1.19 plunky return; 193 1.19 plunky 194 1.1 gdamore req = l2cap_request_lookup(link, cmd.ident); 195 1.1 gdamore if (req == NULL) 196 1.1 gdamore return; 197 1.1 gdamore 198 1.1 gdamore switch (le16toh(cp.reason)) { 199 1.19 plunky case L2CAP_REJ_NOT_UNDERSTOOD: /* data length = 0 octets */ 200 1.1 gdamore /* 201 1.22 andvar * I don't know what to do, just move up the timeout 202 1.1 gdamore */ 203 1.1 gdamore callout_schedule(&req->lr_rtx, 0); 204 1.1 gdamore break; 205 1.1 gdamore 206 1.19 plunky case L2CAP_REJ_MTU_EXCEEDED: /* data length = 2 octets */ 207 1.1 gdamore /* 208 1.22 andvar * I didn't send any commands over L2CAP_MTU_MINIMUM size, but.. 209 1.6 plunky * 210 1.6 plunky * XXX maybe we should resend this, instead? 211 1.1 gdamore */ 212 1.19 plunky if (cmd.length != 4) 213 1.19 plunky return; 214 1.19 plunky 215 1.1 gdamore link->hl_mtu = le16toh(cp.data[0]); 216 1.6 plunky callout_schedule(&req->lr_rtx, 0); 217 1.1 gdamore break; 218 1.1 gdamore 219 1.19 plunky case L2CAP_REJ_INVALID_CID: /* data length = 4 octets */ 220 1.1 gdamore /* 221 1.22 andvar * Well, if they don't have such a channel then our channel is 222 1.1 gdamore * most likely closed. Make it so. 223 1.1 gdamore */ 224 1.1 gdamore chan = req->lr_chan; 225 1.1 gdamore l2cap_request_free(req); 226 1.1 gdamore if (chan != NULL && chan->lc_state != L2CAP_CLOSED) 227 1.1 gdamore l2cap_close(chan, ECONNABORTED); 228 1.1 gdamore 229 1.1 gdamore break; 230 1.1 gdamore 231 1.1 gdamore default: 232 1.1 gdamore UNKNOWN(le16toh(cp.reason)); 233 1.1 gdamore break; 234 1.1 gdamore } 235 1.1 gdamore } 236 1.1 gdamore 237 1.1 gdamore /* 238 1.1 gdamore * Process Received Connect Request. Find listening channel matching 239 1.1 gdamore * psm & addr and ask upper layer for a new channel. 240 1.1 gdamore */ 241 1.1 gdamore static void 242 1.1 gdamore l2cap_recv_connect_req(struct mbuf *m, struct hci_link *link) 243 1.1 gdamore { 244 1.1 gdamore struct sockaddr_bt laddr, raddr; 245 1.1 gdamore struct l2cap_channel *chan, *new; 246 1.1 gdamore l2cap_cmd_hdr_t cmd; 247 1.1 gdamore l2cap_con_req_cp cp; 248 1.1 gdamore int err; 249 1.1 gdamore 250 1.1 gdamore /* extract cmd */ 251 1.1 gdamore m_copydata(m, 0, sizeof(cmd), &cmd); 252 1.1 gdamore m_adj(m, sizeof(cmd)); 253 1.1 gdamore 254 1.1 gdamore /* extract request */ 255 1.1 gdamore m_copydata(m, 0, sizeof(cp), &cp); 256 1.1 gdamore m_adj(m, sizeof(cp)); 257 1.1 gdamore 258 1.7 plunky cp.scid = le16toh(cp.scid); 259 1.7 plunky cp.psm = le16toh(cp.psm); 260 1.1 gdamore 261 1.1 gdamore memset(&laddr, 0, sizeof(struct sockaddr_bt)); 262 1.1 gdamore laddr.bt_len = sizeof(struct sockaddr_bt); 263 1.1 gdamore laddr.bt_family = AF_BLUETOOTH; 264 1.7 plunky laddr.bt_psm = cp.psm; 265 1.1 gdamore bdaddr_copy(&laddr.bt_bdaddr, &link->hl_unit->hci_bdaddr); 266 1.1 gdamore 267 1.1 gdamore memset(&raddr, 0, sizeof(struct sockaddr_bt)); 268 1.1 gdamore raddr.bt_len = sizeof(struct sockaddr_bt); 269 1.1 gdamore raddr.bt_family = AF_BLUETOOTH; 270 1.7 plunky raddr.bt_psm = cp.psm; 271 1.1 gdamore bdaddr_copy(&raddr.bt_bdaddr, &link->hl_bdaddr); 272 1.1 gdamore 273 1.1 gdamore LIST_FOREACH(chan, &l2cap_listen_list, lc_ncid) { 274 1.10 plunky if (chan->lc_laddr.bt_psm != laddr.bt_psm) 275 1.1 gdamore continue; 276 1.1 gdamore 277 1.1 gdamore if (!bdaddr_same(&laddr.bt_bdaddr, &chan->lc_laddr.bt_bdaddr) 278 1.1 gdamore && bdaddr_any(&chan->lc_laddr.bt_bdaddr) == 0) 279 1.1 gdamore continue; 280 1.1 gdamore 281 1.1 gdamore new= (*chan->lc_proto->newconn)(chan->lc_upper, &laddr, &raddr); 282 1.1 gdamore if (new == NULL) 283 1.1 gdamore continue; 284 1.1 gdamore 285 1.1 gdamore err = l2cap_cid_alloc(new); 286 1.1 gdamore if (err) { 287 1.7 plunky l2cap_send_connect_rsp(link, cmd.ident, 288 1.7 plunky 0, cp.scid, 289 1.7 plunky L2CAP_NO_RESOURCES); 290 1.7 plunky 291 1.1 gdamore (*new->lc_proto->disconnected)(new->lc_upper, err); 292 1.1 gdamore return; 293 1.1 gdamore } 294 1.1 gdamore 295 1.1 gdamore new->lc_link = hci_acl_open(link->hl_unit, &link->hl_bdaddr); 296 1.1 gdamore KASSERT(new->lc_link == link); 297 1.1 gdamore 298 1.7 plunky new->lc_rcid = cp.scid; 299 1.7 plunky new->lc_ident = cmd.ident; 300 1.1 gdamore 301 1.1 gdamore memcpy(&new->lc_laddr, &laddr, sizeof(struct sockaddr_bt)); 302 1.1 gdamore memcpy(&new->lc_raddr, &raddr, sizeof(struct sockaddr_bt)); 303 1.1 gdamore 304 1.7 plunky new->lc_mode = chan->lc_mode; 305 1.7 plunky 306 1.7 plunky err = l2cap_setmode(new); 307 1.7 plunky if (err == EINPROGRESS) { 308 1.7 plunky new->lc_state = L2CAP_WAIT_SEND_CONNECT_RSP; 309 1.7 plunky (*new->lc_proto->connecting)(new->lc_upper); 310 1.7 plunky return; 311 1.7 plunky } 312 1.7 plunky if (err) { 313 1.7 plunky new->lc_state = L2CAP_CLOSED; 314 1.7 plunky hci_acl_close(link, err); 315 1.7 plunky new->lc_link = NULL; 316 1.7 plunky 317 1.7 plunky l2cap_send_connect_rsp(link, cmd.ident, 318 1.7 plunky 0, cp.scid, 319 1.7 plunky L2CAP_NO_RESOURCES); 320 1.7 plunky 321 1.7 plunky (*new->lc_proto->disconnected)(new->lc_upper, err); 322 1.7 plunky return; 323 1.7 plunky } 324 1.7 plunky 325 1.7 plunky err = l2cap_send_connect_rsp(link, cmd.ident, 326 1.7 plunky new->lc_lcid, new->lc_rcid, 327 1.7 plunky L2CAP_SUCCESS); 328 1.7 plunky if (err) { 329 1.7 plunky l2cap_close(new, err); 330 1.7 plunky return; 331 1.7 plunky } 332 1.1 gdamore 333 1.5 plunky new->lc_state = L2CAP_WAIT_CONFIG; 334 1.5 plunky new->lc_flags |= (L2CAP_WAIT_CONFIG_REQ | L2CAP_WAIT_CONFIG_RSP); 335 1.7 plunky err = l2cap_send_config_req(new); 336 1.7 plunky if (err) 337 1.7 plunky l2cap_close(new, err); 338 1.7 plunky 339 1.1 gdamore return; 340 1.1 gdamore } 341 1.1 gdamore 342 1.7 plunky l2cap_send_connect_rsp(link, cmd.ident, 343 1.7 plunky 0, cp.scid, 344 1.7 plunky L2CAP_PSM_NOT_SUPPORTED); 345 1.1 gdamore } 346 1.1 gdamore 347 1.1 gdamore /* 348 1.1 gdamore * Process Received Connect Response. 349 1.1 gdamore */ 350 1.1 gdamore static void 351 1.1 gdamore l2cap_recv_connect_rsp(struct mbuf *m, struct hci_link *link) 352 1.1 gdamore { 353 1.1 gdamore l2cap_cmd_hdr_t cmd; 354 1.1 gdamore l2cap_con_rsp_cp cp; 355 1.1 gdamore struct l2cap_req *req; 356 1.1 gdamore struct l2cap_channel *chan; 357 1.1 gdamore 358 1.1 gdamore m_copydata(m, 0, sizeof(cmd), &cmd); 359 1.1 gdamore m_adj(m, sizeof(cmd)); 360 1.1 gdamore 361 1.1 gdamore m_copydata(m, 0, sizeof(cp), &cp); 362 1.1 gdamore m_adj(m, sizeof(cp)); 363 1.1 gdamore 364 1.1 gdamore cp.scid = le16toh(cp.scid); 365 1.1 gdamore cp.dcid = le16toh(cp.dcid); 366 1.1 gdamore cp.result = le16toh(cp.result); 367 1.1 gdamore 368 1.1 gdamore req = l2cap_request_lookup(link, cmd.ident); 369 1.1 gdamore if (req == NULL || req->lr_code != L2CAP_CONNECT_REQ) 370 1.1 gdamore return; 371 1.1 gdamore 372 1.1 gdamore chan = req->lr_chan; 373 1.1 gdamore if (chan != NULL && chan->lc_lcid != cp.scid) 374 1.1 gdamore return; 375 1.1 gdamore 376 1.7 plunky if (chan == NULL || chan->lc_state != L2CAP_WAIT_RECV_CONNECT_RSP) { 377 1.1 gdamore l2cap_request_free(req); 378 1.1 gdamore return; 379 1.1 gdamore } 380 1.1 gdamore 381 1.1 gdamore switch (cp.result) { 382 1.1 gdamore case L2CAP_SUCCESS: 383 1.1 gdamore /* 384 1.1 gdamore * Ok, at this point we have a connection to the other party. We 385 1.1 gdamore * could indicate upstream that we are ready for business and 386 1.1 gdamore * wait for a "Configure Channel Request" but I'm not so sure 387 1.1 gdamore * that is required in our case - we will proceed directly to 388 1.1 gdamore * sending our config request. We set two state bits because in 389 1.1 gdamore * the config state we are waiting for requests and responses. 390 1.1 gdamore */ 391 1.1 gdamore l2cap_request_free(req); 392 1.1 gdamore chan->lc_rcid = cp.dcid; 393 1.5 plunky chan->lc_state = L2CAP_WAIT_CONFIG; 394 1.5 plunky chan->lc_flags |= (L2CAP_WAIT_CONFIG_REQ | L2CAP_WAIT_CONFIG_RSP); 395 1.1 gdamore l2cap_send_config_req(chan); 396 1.1 gdamore break; 397 1.1 gdamore 398 1.1 gdamore case L2CAP_PENDING: 399 1.22 andvar /* XXX don't release request, should start eRTX timeout? */ 400 1.1 gdamore (*chan->lc_proto->connecting)(chan->lc_upper); 401 1.1 gdamore break; 402 1.1 gdamore 403 1.1 gdamore case L2CAP_PSM_NOT_SUPPORTED: 404 1.1 gdamore case L2CAP_SECURITY_BLOCK: 405 1.1 gdamore case L2CAP_NO_RESOURCES: 406 1.1 gdamore default: 407 1.1 gdamore l2cap_request_free(req); 408 1.1 gdamore l2cap_close(chan, ECONNREFUSED); 409 1.1 gdamore break; 410 1.1 gdamore } 411 1.1 gdamore } 412 1.1 gdamore 413 1.1 gdamore /* 414 1.22 andvar * Process Received Config Request. 415 1.1 gdamore */ 416 1.1 gdamore static void 417 1.1 gdamore l2cap_recv_config_req(struct mbuf *m, struct hci_link *link) 418 1.1 gdamore { 419 1.1 gdamore uint8_t buf[L2CAP_MTU_MINIMUM]; 420 1.1 gdamore l2cap_cmd_hdr_t cmd; 421 1.1 gdamore l2cap_cfg_req_cp cp; 422 1.3 plunky l2cap_cfg_opt_t opt; 423 1.3 plunky l2cap_cfg_opt_val_t val; 424 1.3 plunky l2cap_cfg_rsp_cp rp; 425 1.1 gdamore struct l2cap_channel *chan; 426 1.1 gdamore int left, len; 427 1.1 gdamore 428 1.1 gdamore m_copydata(m, 0, sizeof(cmd), &cmd); 429 1.1 gdamore m_adj(m, sizeof(cmd)); 430 1.1 gdamore left = le16toh(cmd.length); 431 1.1 gdamore 432 1.1 gdamore if (left < sizeof(cp)) 433 1.1 gdamore goto reject; 434 1.1 gdamore 435 1.1 gdamore m_copydata(m, 0, sizeof(cp), &cp); 436 1.1 gdamore m_adj(m, sizeof(cp)); 437 1.1 gdamore left -= sizeof(cp); 438 1.1 gdamore 439 1.1 gdamore cp.dcid = le16toh(cp.dcid); 440 1.1 gdamore cp.flags = le16toh(cp.flags); 441 1.1 gdamore 442 1.1 gdamore chan = l2cap_cid_lookup(cp.dcid); 443 1.4 plunky if (chan == NULL || chan->lc_link != link 444 1.5 plunky || chan->lc_state != L2CAP_WAIT_CONFIG 445 1.5 plunky || (chan->lc_flags & L2CAP_WAIT_CONFIG_REQ) == 0) { 446 1.5 plunky /* XXX we should really accept reconfiguration requests */ 447 1.1 gdamore l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_INVALID_CID, 448 1.1 gdamore L2CAP_NULL_CID, cp.dcid); 449 1.1 gdamore goto out; 450 1.1 gdamore } 451 1.1 gdamore 452 1.1 gdamore /* ready our response packet */ 453 1.3 plunky rp.scid = htole16(chan->lc_rcid); 454 1.3 plunky rp.flags = 0; /* "No Continuation" */ 455 1.3 plunky rp.result = L2CAP_SUCCESS; 456 1.3 plunky len = sizeof(rp); 457 1.1 gdamore 458 1.1 gdamore /* 459 1.1 gdamore * Process the packet. We build the return packet on the fly adding any 460 1.1 gdamore * unacceptable parameters as we go. As we can only return one result, 461 1.1 gdamore * unknown option takes precedence so we start our return packet anew 462 1.1 gdamore * and ignore option values thereafter as they will be re-sent. 463 1.1 gdamore * 464 1.1 gdamore * Since we do not support enough options to make overflowing the min 465 1.1 gdamore * MTU size an issue in normal use, we just reject config requests that 466 1.3 plunky * make that happen. This could be because options are repeated or the 467 1.3 plunky * packet is corrupted in some way. 468 1.1 gdamore * 469 1.3 plunky * If unknown option types threaten to overflow the packet, we just 470 1.3 plunky * ignore them. We can deny them next time. 471 1.1 gdamore */ 472 1.1 gdamore while (left > 0) { 473 1.3 plunky if (left < sizeof(opt)) 474 1.1 gdamore goto reject; 475 1.1 gdamore 476 1.3 plunky m_copydata(m, 0, sizeof(opt), &opt); 477 1.3 plunky m_adj(m, sizeof(opt)); 478 1.3 plunky left -= sizeof(opt); 479 1.1 gdamore 480 1.3 plunky if (left < opt.length) 481 1.1 gdamore goto reject; 482 1.1 gdamore 483 1.3 plunky switch(opt.type & L2CAP_OPT_HINT_MASK) { 484 1.1 gdamore case L2CAP_OPT_MTU: 485 1.3 plunky if (rp.result == L2CAP_UNKNOWN_OPTION) 486 1.1 gdamore break; 487 1.1 gdamore 488 1.3 plunky if (opt.length != L2CAP_OPT_MTU_SIZE) 489 1.1 gdamore goto reject; 490 1.1 gdamore 491 1.20 maxv m_copydata(m, 0, L2CAP_OPT_MTU_SIZE, &val.mtu); 492 1.3 plunky val.mtu = le16toh(val.mtu); 493 1.1 gdamore 494 1.1 gdamore /* 495 1.1 gdamore * XXX how do we know what the minimum acceptable MTU is 496 1.1 gdamore * for a channel? Spec says some profiles have a higher 497 1.1 gdamore * minimum but I have no way to find that out at this 498 1.1 gdamore * juncture.. 499 1.1 gdamore */ 500 1.3 plunky if (val.mtu < L2CAP_MTU_MINIMUM) { 501 1.3 plunky if (len + sizeof(opt) + L2CAP_OPT_MTU_SIZE > sizeof(buf)) 502 1.3 plunky goto reject; 503 1.3 plunky 504 1.3 plunky rp.result = L2CAP_UNACCEPTABLE_PARAMS; 505 1.3 plunky memcpy(buf + len, &opt, sizeof(opt)); 506 1.3 plunky len += sizeof(opt); 507 1.3 plunky val.mtu = htole16(L2CAP_MTU_MINIMUM); 508 1.3 plunky memcpy(buf + len, &val, L2CAP_OPT_MTU_SIZE); 509 1.3 plunky len += L2CAP_OPT_MTU_SIZE; 510 1.1 gdamore } else 511 1.3 plunky chan->lc_omtu = val.mtu; 512 1.1 gdamore 513 1.1 gdamore break; 514 1.1 gdamore 515 1.1 gdamore case L2CAP_OPT_FLUSH_TIMO: 516 1.3 plunky if (rp.result == L2CAP_UNKNOWN_OPTION) 517 1.1 gdamore break; 518 1.1 gdamore 519 1.3 plunky if (opt.length != L2CAP_OPT_FLUSH_TIMO_SIZE) 520 1.1 gdamore goto reject; 521 1.1 gdamore 522 1.1 gdamore /* 523 1.1 gdamore * I think that this is informational only - he is 524 1.1 gdamore * informing us of the flush timeout he will be using. 525 1.22 andvar * I don't think this affects us in any significant way, 526 1.1 gdamore * so just ignore this value for now. 527 1.1 gdamore */ 528 1.1 gdamore break; 529 1.1 gdamore 530 1.1 gdamore case L2CAP_OPT_QOS: 531 1.15 plunky if (rp.result == L2CAP_UNKNOWN_OPTION) 532 1.15 plunky break; 533 1.15 plunky 534 1.15 plunky if (opt.length != L2CAP_OPT_QOS_SIZE) 535 1.15 plunky goto reject; 536 1.15 plunky 537 1.15 plunky /* 538 1.15 plunky * We don't actually support QoS, but an incoming 539 1.15 plunky * config request is merely advising us of their 540 1.15 plunky * outgoing traffic flow, so be nice. 541 1.15 plunky */ 542 1.20 maxv m_copydata(m, 0, L2CAP_OPT_QOS_SIZE, &val.qos); 543 1.15 plunky switch (val.qos.service_type) { 544 1.15 plunky case L2CAP_QOS_NO_TRAFFIC: 545 1.15 plunky /* 546 1.15 plunky * "No traffic" means they don't plan to send 547 1.15 plunky * any data and the fields should be ignored. 548 1.15 plunky */ 549 1.15 plunky chan->lc_iqos = l2cap_default_qos; 550 1.15 plunky chan->lc_iqos.service_type = L2CAP_QOS_NO_TRAFFIC; 551 1.15 plunky break; 552 1.15 plunky 553 1.15 plunky case L2CAP_QOS_BEST_EFFORT: 554 1.15 plunky /* 555 1.15 plunky * "Best effort" is the default, and we may 556 1.15 plunky * choose to ignore the fields, try to satisfy 557 1.15 plunky * the parameters while giving no response, or 558 1.15 plunky * respond with the settings we will try to 559 1.15 plunky * meet. 560 1.15 plunky */ 561 1.15 plunky l2cap_qos_btoh(&chan->lc_iqos, &val.qos); 562 1.15 plunky break; 563 1.15 plunky 564 1.15 plunky case L2CAP_QOS_GUARANTEED: 565 1.15 plunky default: 566 1.15 plunky /* 567 1.15 plunky * Anything else we don't support, so make a 568 1.15 plunky * counter-offer with the current settings. 569 1.15 plunky */ 570 1.15 plunky if (len + sizeof(opt) + L2CAP_OPT_QOS_SIZE > sizeof(buf)) 571 1.15 plunky goto reject; 572 1.15 plunky 573 1.15 plunky rp.result = L2CAP_UNACCEPTABLE_PARAMS; 574 1.15 plunky memcpy(buf + len, &opt, sizeof(opt)); 575 1.15 plunky len += sizeof(opt); 576 1.15 plunky l2cap_qos_htob(buf + len, &chan->lc_iqos); 577 1.15 plunky len += L2CAP_OPT_QOS_SIZE; 578 1.15 plunky break; 579 1.15 plunky } 580 1.15 plunky break; 581 1.15 plunky 582 1.1 gdamore default: 583 1.1 gdamore /* ignore hints */ 584 1.3 plunky if (opt.type & L2CAP_OPT_HINT_BIT) 585 1.1 gdamore break; 586 1.1 gdamore 587 1.1 gdamore /* unknown options supercede all else */ 588 1.3 plunky if (rp.result != L2CAP_UNKNOWN_OPTION) { 589 1.3 plunky rp.result = L2CAP_UNKNOWN_OPTION; 590 1.3 plunky len = sizeof(rp); 591 1.1 gdamore } 592 1.1 gdamore 593 1.3 plunky /* ignore if it don't fit */ 594 1.3 plunky if (len + sizeof(opt) > sizeof(buf)) 595 1.3 plunky break; 596 1.3 plunky 597 1.3 plunky /* return unknown option type, but no data */ 598 1.3 plunky buf[len++] = opt.type; 599 1.3 plunky buf[len++] = 0; 600 1.1 gdamore break; 601 1.1 gdamore } 602 1.1 gdamore 603 1.3 plunky m_adj(m, opt.length); 604 1.3 plunky left -= opt.length; 605 1.1 gdamore } 606 1.1 gdamore 607 1.3 plunky rp.result = htole16(rp.result); 608 1.3 plunky memcpy(buf, &rp, sizeof(rp)); 609 1.1 gdamore l2cap_send_signal(link, L2CAP_CONFIG_RSP, cmd.ident, len, buf); 610 1.1 gdamore 611 1.1 gdamore if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0 612 1.3 plunky && rp.result == le16toh(L2CAP_SUCCESS)) { 613 1.1 gdamore 614 1.5 plunky chan->lc_flags &= ~L2CAP_WAIT_CONFIG_REQ; 615 1.1 gdamore 616 1.5 plunky if ((chan->lc_flags & L2CAP_WAIT_CONFIG_RSP) == 0) { 617 1.1 gdamore chan->lc_state = L2CAP_OPEN; 618 1.6 plunky /* XXX how to distinguish REconfiguration? */ 619 1.1 gdamore (*chan->lc_proto->connected)(chan->lc_upper); 620 1.1 gdamore } 621 1.1 gdamore } 622 1.1 gdamore return; 623 1.1 gdamore 624 1.1 gdamore reject: 625 1.1 gdamore l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_NOT_UNDERSTOOD); 626 1.1 gdamore out: 627 1.1 gdamore m_adj(m, left); 628 1.1 gdamore } 629 1.1 gdamore 630 1.1 gdamore /* 631 1.1 gdamore * Process Received Config Response. 632 1.1 gdamore */ 633 1.1 gdamore static void 634 1.1 gdamore l2cap_recv_config_rsp(struct mbuf *m, struct hci_link *link) 635 1.1 gdamore { 636 1.1 gdamore l2cap_cmd_hdr_t cmd; 637 1.1 gdamore l2cap_cfg_rsp_cp cp; 638 1.1 gdamore l2cap_cfg_opt_t opt; 639 1.1 gdamore l2cap_cfg_opt_val_t val; 640 1.1 gdamore struct l2cap_req *req; 641 1.1 gdamore struct l2cap_channel *chan; 642 1.1 gdamore int left; 643 1.1 gdamore 644 1.1 gdamore m_copydata(m, 0, sizeof(cmd), &cmd); 645 1.1 gdamore m_adj(m, sizeof(cmd)); 646 1.1 gdamore left = le16toh(cmd.length); 647 1.1 gdamore 648 1.1 gdamore if (left < sizeof(cp)) 649 1.1 gdamore goto out; 650 1.1 gdamore 651 1.1 gdamore m_copydata(m, 0, sizeof(cp), &cp); 652 1.1 gdamore m_adj(m, sizeof(cp)); 653 1.1 gdamore left -= sizeof(cp); 654 1.1 gdamore 655 1.1 gdamore cp.scid = le16toh(cp.scid); 656 1.1 gdamore cp.flags = le16toh(cp.flags); 657 1.1 gdamore cp.result = le16toh(cp.result); 658 1.1 gdamore 659 1.1 gdamore req = l2cap_request_lookup(link, cmd.ident); 660 1.1 gdamore if (req == NULL || req->lr_code != L2CAP_CONFIG_REQ) 661 1.1 gdamore goto out; 662 1.1 gdamore 663 1.1 gdamore chan = req->lr_chan; 664 1.1 gdamore if (chan != NULL && chan->lc_lcid != cp.scid) 665 1.1 gdamore goto out; 666 1.1 gdamore 667 1.1 gdamore l2cap_request_free(req); 668 1.1 gdamore 669 1.5 plunky if (chan == NULL || chan->lc_state != L2CAP_WAIT_CONFIG 670 1.5 plunky || (chan->lc_flags & L2CAP_WAIT_CONFIG_RSP) == 0) 671 1.1 gdamore goto out; 672 1.1 gdamore 673 1.1 gdamore if ((cp.flags & L2CAP_OPT_CFLAG_BIT)) { 674 1.1 gdamore l2cap_cfg_req_cp rp; 675 1.1 gdamore 676 1.1 gdamore /* 677 1.1 gdamore * They have more to tell us and want another ID to 678 1.1 gdamore * use, so send an empty config request 679 1.1 gdamore */ 680 1.1 gdamore if (l2cap_request_alloc(chan, L2CAP_CONFIG_REQ)) 681 1.1 gdamore goto discon; 682 1.1 gdamore 683 1.1 gdamore rp.dcid = htole16(cp.scid); 684 1.1 gdamore rp.flags = 0; 685 1.1 gdamore 686 1.1 gdamore if (l2cap_send_signal(link, L2CAP_CONFIG_REQ, link->hl_lastid, 687 1.1 gdamore sizeof(rp), &rp)) 688 1.1 gdamore goto discon; 689 1.1 gdamore } 690 1.1 gdamore 691 1.1 gdamore switch(cp.result) { 692 1.1 gdamore case L2CAP_SUCCESS: 693 1.1 gdamore /* 694 1.1 gdamore * If continuation flag was not set, our config request was 695 1.1 gdamore * accepted. We may have to wait for their config request to 696 1.1 gdamore * complete, so check that but otherwise we are open 697 1.1 gdamore * 698 1.1 gdamore * There may be 'advisory' values in the packet but we just 699 1.1 gdamore * ignore those.. 700 1.1 gdamore */ 701 1.1 gdamore if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0) { 702 1.5 plunky chan->lc_flags &= ~L2CAP_WAIT_CONFIG_RSP; 703 1.1 gdamore 704 1.5 plunky if ((chan->lc_flags & L2CAP_WAIT_CONFIG_REQ) == 0) { 705 1.1 gdamore chan->lc_state = L2CAP_OPEN; 706 1.6 plunky /* XXX how to distinguish REconfiguration? */ 707 1.1 gdamore (*chan->lc_proto->connected)(chan->lc_upper); 708 1.1 gdamore } 709 1.1 gdamore } 710 1.1 gdamore goto out; 711 1.1 gdamore 712 1.1 gdamore case L2CAP_UNACCEPTABLE_PARAMS: 713 1.1 gdamore /* 714 1.1 gdamore * Packet contains unacceptable parameters with preferred values 715 1.1 gdamore */ 716 1.1 gdamore while (left > 0) { 717 1.1 gdamore if (left < sizeof(opt)) 718 1.1 gdamore goto discon; 719 1.1 gdamore 720 1.1 gdamore m_copydata(m, 0, sizeof(opt), &opt); 721 1.1 gdamore m_adj(m, sizeof(opt)); 722 1.1 gdamore left -= sizeof(opt); 723 1.1 gdamore 724 1.1 gdamore if (left < opt.length) 725 1.1 gdamore goto discon; 726 1.1 gdamore 727 1.1 gdamore switch (opt.type) { 728 1.1 gdamore case L2CAP_OPT_MTU: 729 1.1 gdamore if (opt.length != L2CAP_OPT_MTU_SIZE) 730 1.1 gdamore goto discon; 731 1.1 gdamore 732 1.20 maxv m_copydata(m, 0, L2CAP_OPT_MTU_SIZE, &val.mtu); 733 1.1 gdamore chan->lc_imtu = le16toh(val.mtu); 734 1.1 gdamore if (chan->lc_imtu < L2CAP_MTU_MINIMUM) 735 1.1 gdamore chan->lc_imtu = L2CAP_MTU_DEFAULT; 736 1.1 gdamore break; 737 1.1 gdamore 738 1.1 gdamore case L2CAP_OPT_FLUSH_TIMO: 739 1.1 gdamore if (opt.length != L2CAP_OPT_FLUSH_TIMO_SIZE) 740 1.1 gdamore goto discon; 741 1.1 gdamore 742 1.1 gdamore /* 743 1.1 gdamore * Spec says: If we cannot honor proposed value, 744 1.1 gdamore * either disconnect or try again with original 745 1.1 gdamore * value. I can't really see why they want to 746 1.1 gdamore * interfere with OUR flush timeout in any case 747 1.1 gdamore * so we just punt for now. 748 1.1 gdamore */ 749 1.1 gdamore goto discon; 750 1.1 gdamore 751 1.1 gdamore case L2CAP_OPT_QOS: 752 1.15 plunky if (opt.length != L2CAP_OPT_QOS_SIZE) 753 1.15 plunky goto discon; 754 1.15 plunky 755 1.15 plunky /* 756 1.15 plunky * This may happen even if we haven't sent a 757 1.15 plunky * QoS request, where they need to state their 758 1.15 plunky * preferred incoming traffic flow. 759 1.15 plunky * We don't support anything, but copy in the 760 1.15 plunky * parameters if no action is good enough. 761 1.15 plunky */ 762 1.20 maxv m_copydata(m, 0, L2CAP_OPT_QOS_SIZE, &val.qos); 763 1.15 plunky switch (val.qos.service_type) { 764 1.15 plunky case L2CAP_QOS_NO_TRAFFIC: 765 1.15 plunky case L2CAP_QOS_BEST_EFFORT: 766 1.15 plunky l2cap_qos_btoh(&chan->lc_oqos, &val.qos); 767 1.15 plunky break; 768 1.15 plunky 769 1.15 plunky case L2CAP_QOS_GUARANTEED: 770 1.15 plunky default: 771 1.15 plunky goto discon; 772 1.15 plunky } 773 1.1 gdamore break; 774 1.1 gdamore 775 1.1 gdamore default: 776 1.1 gdamore UNKNOWN(opt.type); 777 1.1 gdamore goto discon; 778 1.1 gdamore } 779 1.1 gdamore 780 1.1 gdamore m_adj(m, opt.length); 781 1.1 gdamore left -= opt.length; 782 1.1 gdamore } 783 1.1 gdamore 784 1.1 gdamore if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0) 785 1.6 plunky l2cap_send_config_req(chan); /* no state change */ 786 1.1 gdamore 787 1.1 gdamore goto out; 788 1.1 gdamore 789 1.1 gdamore case L2CAP_REJECT: 790 1.1 gdamore goto discon; 791 1.1 gdamore 792 1.1 gdamore case L2CAP_UNKNOWN_OPTION: 793 1.1 gdamore /* 794 1.1 gdamore * Packet contains options not understood. Turn off unknown 795 1.1 gdamore * options by setting them to default values (means they will 796 1.1 gdamore * not be requested again). 797 1.1 gdamore * 798 1.1 gdamore * If our option was already off then fail (paranoia?) 799 1.1 gdamore * 800 1.1 gdamore * XXX Should we consider that options were set for a reason? 801 1.1 gdamore */ 802 1.1 gdamore while (left > 0) { 803 1.1 gdamore if (left < sizeof(opt)) 804 1.1 gdamore goto discon; 805 1.1 gdamore 806 1.1 gdamore m_copydata(m, 0, sizeof(opt), &opt); 807 1.1 gdamore m_adj(m, sizeof(opt)); 808 1.1 gdamore left -= sizeof(opt); 809 1.1 gdamore 810 1.1 gdamore if (left < opt.length) 811 1.1 gdamore goto discon; 812 1.1 gdamore 813 1.1 gdamore m_adj(m, opt.length); 814 1.1 gdamore left -= opt.length; 815 1.1 gdamore 816 1.1 gdamore switch(opt.type) { 817 1.1 gdamore case L2CAP_OPT_MTU: 818 1.1 gdamore if (chan->lc_imtu == L2CAP_MTU_DEFAULT) 819 1.1 gdamore goto discon; 820 1.1 gdamore 821 1.1 gdamore chan->lc_imtu = L2CAP_MTU_DEFAULT; 822 1.1 gdamore break; 823 1.1 gdamore 824 1.1 gdamore case L2CAP_OPT_FLUSH_TIMO: 825 1.1 gdamore if (chan->lc_flush == L2CAP_FLUSH_TIMO_DEFAULT) 826 1.1 gdamore goto discon; 827 1.1 gdamore 828 1.1 gdamore chan->lc_flush = L2CAP_FLUSH_TIMO_DEFAULT; 829 1.1 gdamore break; 830 1.1 gdamore 831 1.1 gdamore case L2CAP_OPT_QOS: 832 1.1 gdamore break; 833 1.1 gdamore 834 1.1 gdamore default: 835 1.1 gdamore UNKNOWN(opt.type); 836 1.1 gdamore goto discon; 837 1.1 gdamore } 838 1.1 gdamore } 839 1.1 gdamore 840 1.1 gdamore if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0) 841 1.1 gdamore l2cap_send_config_req(chan); /* no state change */ 842 1.1 gdamore 843 1.1 gdamore goto out; 844 1.1 gdamore 845 1.1 gdamore default: 846 1.1 gdamore UNKNOWN(cp.result); 847 1.1 gdamore goto discon; 848 1.1 gdamore } 849 1.1 gdamore 850 1.1 gdamore DPRINTF("how did I get here!?\n"); 851 1.1 gdamore 852 1.1 gdamore discon: 853 1.1 gdamore l2cap_send_disconnect_req(chan); 854 1.1 gdamore l2cap_close(chan, ECONNABORTED); 855 1.1 gdamore 856 1.1 gdamore out: 857 1.1 gdamore m_adj(m, left); 858 1.1 gdamore } 859 1.1 gdamore 860 1.1 gdamore /* 861 1.1 gdamore * Process Received Disconnect Request. We must validate scid and dcid 862 1.1 gdamore * just in case but otherwise this connection is finished. 863 1.1 gdamore */ 864 1.1 gdamore static void 865 1.1 gdamore l2cap_recv_disconnect_req(struct mbuf *m, struct hci_link *link) 866 1.1 gdamore { 867 1.1 gdamore l2cap_cmd_hdr_t cmd; 868 1.1 gdamore l2cap_discon_req_cp cp; 869 1.1 gdamore l2cap_discon_rsp_cp rp; 870 1.1 gdamore struct l2cap_channel *chan; 871 1.1 gdamore 872 1.1 gdamore m_copydata(m, 0, sizeof(cmd), &cmd); 873 1.1 gdamore m_adj(m, sizeof(cmd)); 874 1.1 gdamore 875 1.1 gdamore m_copydata(m, 0, sizeof(cp), &cp); 876 1.1 gdamore m_adj(m, sizeof(cp)); 877 1.1 gdamore 878 1.1 gdamore cp.scid = le16toh(cp.scid); 879 1.1 gdamore cp.dcid = le16toh(cp.dcid); 880 1.1 gdamore 881 1.1 gdamore chan = l2cap_cid_lookup(cp.dcid); 882 1.4 plunky if (chan == NULL || chan->lc_link != link || chan->lc_rcid != cp.scid) { 883 1.1 gdamore l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_INVALID_CID, 884 1.1 gdamore cp.dcid, cp.scid); 885 1.1 gdamore return; 886 1.1 gdamore } 887 1.1 gdamore 888 1.1 gdamore rp.dcid = htole16(chan->lc_lcid); 889 1.1 gdamore rp.scid = htole16(chan->lc_rcid); 890 1.1 gdamore l2cap_send_signal(link, L2CAP_DISCONNECT_RSP, cmd.ident, 891 1.1 gdamore sizeof(rp), &rp); 892 1.1 gdamore 893 1.1 gdamore if (chan->lc_state != L2CAP_CLOSED) 894 1.11 plunky l2cap_close(chan, 0); 895 1.1 gdamore } 896 1.1 gdamore 897 1.1 gdamore /* 898 1.1 gdamore * Process Received Disconnect Response. We must validate scid and dcid but 899 1.1 gdamore * unless we were waiting for this signal, ignore it. 900 1.1 gdamore */ 901 1.1 gdamore static void 902 1.1 gdamore l2cap_recv_disconnect_rsp(struct mbuf *m, struct hci_link *link) 903 1.1 gdamore { 904 1.1 gdamore l2cap_cmd_hdr_t cmd; 905 1.1 gdamore l2cap_discon_rsp_cp cp; 906 1.1 gdamore struct l2cap_req *req; 907 1.1 gdamore struct l2cap_channel *chan; 908 1.1 gdamore 909 1.1 gdamore m_copydata(m, 0, sizeof(cmd), &cmd); 910 1.1 gdamore m_adj(m, sizeof(cmd)); 911 1.1 gdamore 912 1.1 gdamore m_copydata(m, 0, sizeof(cp), &cp); 913 1.1 gdamore m_adj(m, sizeof(cp)); 914 1.1 gdamore 915 1.1 gdamore cp.scid = le16toh(cp.scid); 916 1.1 gdamore cp.dcid = le16toh(cp.dcid); 917 1.1 gdamore 918 1.1 gdamore req = l2cap_request_lookup(link, cmd.ident); 919 1.1 gdamore if (req == NULL || req->lr_code != L2CAP_DISCONNECT_REQ) 920 1.1 gdamore return; 921 1.1 gdamore 922 1.1 gdamore chan = req->lr_chan; 923 1.1 gdamore if (chan == NULL 924 1.1 gdamore || chan->lc_lcid != cp.scid 925 1.1 gdamore || chan->lc_rcid != cp.dcid) 926 1.1 gdamore return; 927 1.1 gdamore 928 1.1 gdamore l2cap_request_free(req); 929 1.1 gdamore 930 1.1 gdamore if (chan->lc_state != L2CAP_WAIT_DISCONNECT) 931 1.1 gdamore return; 932 1.1 gdamore 933 1.1 gdamore l2cap_close(chan, 0); 934 1.1 gdamore } 935 1.1 gdamore 936 1.1 gdamore /* 937 1.12 plunky * Process Received Info Request. 938 1.1 gdamore */ 939 1.1 gdamore static void 940 1.1 gdamore l2cap_recv_info_req(struct mbuf *m, struct hci_link *link) 941 1.1 gdamore { 942 1.1 gdamore l2cap_cmd_hdr_t cmd; 943 1.1 gdamore l2cap_info_req_cp cp; 944 1.12 plunky uint8_t rsp[12]; 945 1.1 gdamore 946 1.1 gdamore m_copydata(m, 0, sizeof(cmd), &cmd); 947 1.1 gdamore m_adj(m, sizeof(cmd)); 948 1.1 gdamore 949 1.1 gdamore m_copydata(m, 0, sizeof(cp), &cp); 950 1.1 gdamore m_adj(m, sizeof(cp)); 951 1.1 gdamore 952 1.12 plunky cp.type = le16toh(cp.type); 953 1.12 plunky switch(cp.type) { 954 1.12 plunky case L2CAP_EXTENDED_FEATURES: 955 1.12 plunky /* 956 1.12 plunky * 32-bit data field, unused bits set to zero 957 1.12 plunky * 958 1.12 plunky * octet bit feature 959 1.12 plunky * 0 0 Flow control mode 960 1.12 plunky * 0 1 Retransmission mode 961 1.12 plunky * 0 2 Bi-directional QoS 962 1.12 plunky * 0 3 Enhanced retransmission mode 963 1.12 plunky * 0 4 Streaming mode 964 1.12 plunky * 0 5 FCS option 965 1.12 plunky * 0 6 Extended flow specification for BR/EDR 966 1.12 plunky * 0 7 Fixed channels (SET) 967 1.12 plunky * 1 0 Extended window size 968 1.12 plunky * 1 1 Unicast connectionless data reception 969 1.12 plunky */ 970 1.12 plunky le16enc(rsp + 0, cp.type); 971 1.12 plunky le16enc(rsp + 2, L2CAP_SUCCESS); 972 1.12 plunky le32enc(rsp + 4, 0x00000080); 973 1.12 plunky l2cap_send_signal(link, L2CAP_INFO_RSP, cmd.ident, 8, rsp); 974 1.12 plunky break; 975 1.12 plunky 976 1.12 plunky case L2CAP_FIXED_CHANNELS: 977 1.12 plunky /* 978 1.12 plunky * 64-bit data field, unused bits set to zero 979 1.12 plunky * 980 1.12 plunky * octet bit channel 981 1.12 plunky * 0 0 0x0000 Null 982 1.12 plunky * 0 1 0x0001 L2CAP Signalling Channel (SET) 983 1.12 plunky * 0 2 0x0002 Connectionless Reception 984 1.12 plunky * 0 3 0x0003 AMP Manager Protocol Channel 985 1.17 plunky * 0 7 0x0007 BR/EDR Security Manager 986 1.17 plunky * 7 7 0x003f AMP Test Manager 987 1.12 plunky */ 988 1.12 plunky le16enc(rsp + 0, cp.type); 989 1.12 plunky le16enc(rsp + 2, L2CAP_SUCCESS); 990 1.12 plunky le64enc(rsp + 4, 0x0000000000000002); 991 1.12 plunky l2cap_send_signal(link, L2CAP_INFO_RSP, cmd.ident, 12, rsp); 992 1.12 plunky break; 993 1.12 plunky 994 1.1 gdamore case L2CAP_CONNLESS_MTU: 995 1.1 gdamore default: 996 1.12 plunky le16enc(rsp + 0, cp.type); 997 1.12 plunky le16enc(rsp + 2, L2CAP_NOT_SUPPORTED); 998 1.12 plunky l2cap_send_signal(link, L2CAP_INFO_RSP, cmd.ident, 4, rsp); 999 1.1 gdamore break; 1000 1.1 gdamore } 1001 1.1 gdamore } 1002 1.1 gdamore 1003 1.1 gdamore /* 1004 1.1 gdamore * Construct signal and wrap in C-Frame for link. 1005 1.1 gdamore */ 1006 1.1 gdamore static int 1007 1.1 gdamore l2cap_send_signal(struct hci_link *link, uint8_t code, uint8_t ident, 1008 1.1 gdamore uint16_t length, void *data) 1009 1.1 gdamore { 1010 1.1 gdamore struct mbuf *m; 1011 1.1 gdamore l2cap_hdr_t *hdr; 1012 1.1 gdamore l2cap_cmd_hdr_t *cmd; 1013 1.1 gdamore 1014 1.14 plunky KASSERT(link != NULL); 1015 1.14 plunky KASSERT(sizeof(l2cap_cmd_hdr_t) + length <= link->hl_mtu); 1016 1.1 gdamore 1017 1.1 gdamore m = m_gethdr(M_DONTWAIT, MT_DATA); 1018 1.1 gdamore if (m == NULL) 1019 1.1 gdamore return ENOMEM; 1020 1.1 gdamore 1021 1.1 gdamore hdr = mtod(m, l2cap_hdr_t *); 1022 1.1 gdamore cmd = (l2cap_cmd_hdr_t *)(hdr + 1); 1023 1.1 gdamore 1024 1.1 gdamore m->m_len = m->m_pkthdr.len = MHLEN; 1025 1.1 gdamore 1026 1.1 gdamore /* Command Data */ 1027 1.1 gdamore if (length > 0) 1028 1.8 plunky m_copyback(m, sizeof(*hdr) + sizeof(*cmd), length, data); 1029 1.1 gdamore 1030 1.1 gdamore /* Command Header */ 1031 1.1 gdamore cmd->code = code; 1032 1.1 gdamore cmd->ident = ident; 1033 1.1 gdamore cmd->length = htole16(length); 1034 1.8 plunky length += sizeof(*cmd); 1035 1.1 gdamore 1036 1.1 gdamore /* C-Frame Header */ 1037 1.1 gdamore hdr->length = htole16(length); 1038 1.1 gdamore hdr->dcid = htole16(L2CAP_SIGNAL_CID); 1039 1.8 plunky length += sizeof(*hdr); 1040 1.1 gdamore 1041 1.1 gdamore if (m->m_pkthdr.len != MAX(MHLEN, length)) { 1042 1.1 gdamore m_freem(m); 1043 1.1 gdamore return ENOMEM; 1044 1.1 gdamore } 1045 1.1 gdamore 1046 1.1 gdamore m->m_pkthdr.len = length; 1047 1.1 gdamore m->m_len = MIN(length, MHLEN); 1048 1.1 gdamore 1049 1.1 gdamore DPRINTFN(2, "(%s) code %d, ident %d, len %d\n", 1050 1.9 plunky device_xname(link->hl_unit->hci_dev), code, ident, length); 1051 1.1 gdamore 1052 1.1 gdamore return hci_acl_send(m, link, NULL); 1053 1.1 gdamore } 1054 1.1 gdamore 1055 1.1 gdamore /* 1056 1.1 gdamore * Send Command Reject packet. 1057 1.1 gdamore */ 1058 1.1 gdamore static int 1059 1.1 gdamore l2cap_send_command_rej(struct hci_link *link, uint8_t ident, 1060 1.18 joerg int reason, ...) 1061 1.1 gdamore { 1062 1.1 gdamore l2cap_cmd_rej_cp cp; 1063 1.1 gdamore int len = 0; 1064 1.1 gdamore va_list ap; 1065 1.1 gdamore 1066 1.1 gdamore va_start(ap, reason); 1067 1.1 gdamore 1068 1.1 gdamore cp.reason = htole16(reason); 1069 1.1 gdamore 1070 1.1 gdamore switch (reason) { 1071 1.1 gdamore case L2CAP_REJ_NOT_UNDERSTOOD: 1072 1.1 gdamore len = 2; 1073 1.1 gdamore break; 1074 1.1 gdamore 1075 1.1 gdamore case L2CAP_REJ_MTU_EXCEEDED: 1076 1.1 gdamore len = 4; 1077 1.1 gdamore cp.data[0] = va_arg(ap, int); /* SigMTU */ 1078 1.1 gdamore cp.data[0] = htole16(cp.data[0]); 1079 1.1 gdamore break; 1080 1.1 gdamore 1081 1.1 gdamore case L2CAP_REJ_INVALID_CID: 1082 1.1 gdamore len = 6; 1083 1.1 gdamore cp.data[0] = va_arg(ap, int); /* dcid */ 1084 1.1 gdamore cp.data[0] = htole16(cp.data[0]); 1085 1.1 gdamore cp.data[1] = va_arg(ap, int); /* scid */ 1086 1.1 gdamore cp.data[1] = htole16(cp.data[1]); 1087 1.1 gdamore break; 1088 1.1 gdamore 1089 1.1 gdamore default: 1090 1.1 gdamore UNKNOWN(reason); 1091 1.16 christos va_end(ap); 1092 1.1 gdamore return EINVAL; 1093 1.1 gdamore } 1094 1.1 gdamore 1095 1.1 gdamore va_end(ap); 1096 1.1 gdamore 1097 1.1 gdamore return l2cap_send_signal(link, L2CAP_COMMAND_REJ, ident, len, &cp); 1098 1.1 gdamore } 1099 1.1 gdamore 1100 1.1 gdamore /* 1101 1.1 gdamore * Send Connect Request 1102 1.1 gdamore */ 1103 1.1 gdamore int 1104 1.1 gdamore l2cap_send_connect_req(struct l2cap_channel *chan) 1105 1.1 gdamore { 1106 1.1 gdamore l2cap_con_req_cp cp; 1107 1.1 gdamore int err; 1108 1.1 gdamore 1109 1.1 gdamore err = l2cap_request_alloc(chan, L2CAP_CONNECT_REQ); 1110 1.1 gdamore if (err) 1111 1.1 gdamore return err; 1112 1.1 gdamore 1113 1.1 gdamore cp.psm = htole16(chan->lc_raddr.bt_psm); 1114 1.1 gdamore cp.scid = htole16(chan->lc_lcid); 1115 1.1 gdamore 1116 1.1 gdamore return l2cap_send_signal(chan->lc_link, L2CAP_CONNECT_REQ, 1117 1.1 gdamore chan->lc_link->hl_lastid, sizeof(cp), &cp); 1118 1.1 gdamore } 1119 1.1 gdamore 1120 1.1 gdamore /* 1121 1.1 gdamore * Send Config Request 1122 1.1 gdamore * 1123 1.1 gdamore * For outgoing config request, we only put options in the packet if they 1124 1.22 andvar * differ from the default and would have to be actioned. We don't support 1125 1.1 gdamore * enough option types to make overflowing SigMTU an issue so it can all 1126 1.1 gdamore * go in one packet. 1127 1.1 gdamore */ 1128 1.1 gdamore int 1129 1.1 gdamore l2cap_send_config_req(struct l2cap_channel *chan) 1130 1.1 gdamore { 1131 1.1 gdamore l2cap_cfg_req_cp *cp; 1132 1.1 gdamore l2cap_cfg_opt_t *opt; 1133 1.1 gdamore l2cap_cfg_opt_val_t *val; 1134 1.1 gdamore uint8_t *next, buf[L2CAP_MTU_MINIMUM]; 1135 1.1 gdamore int err; 1136 1.1 gdamore 1137 1.1 gdamore err = l2cap_request_alloc(chan, L2CAP_CONFIG_REQ); 1138 1.1 gdamore if (err) 1139 1.1 gdamore return err; 1140 1.1 gdamore 1141 1.1 gdamore /* Config Header (4 octets) */ 1142 1.1 gdamore cp = (l2cap_cfg_req_cp *)buf; 1143 1.1 gdamore cp->dcid = htole16(chan->lc_rcid); 1144 1.1 gdamore cp->flags = 0; /* "No Continuation" */ 1145 1.1 gdamore 1146 1.1 gdamore next = buf + sizeof(l2cap_cfg_req_cp); 1147 1.1 gdamore 1148 1.1 gdamore /* Incoming MTU (4 octets) */ 1149 1.1 gdamore if (chan->lc_imtu != L2CAP_MTU_DEFAULT) { 1150 1.1 gdamore opt = (l2cap_cfg_opt_t *)next; 1151 1.1 gdamore opt->type = L2CAP_OPT_MTU; 1152 1.1 gdamore opt->length = L2CAP_OPT_MTU_SIZE; 1153 1.1 gdamore 1154 1.1 gdamore val = (l2cap_cfg_opt_val_t *)(opt + 1); 1155 1.1 gdamore val->mtu = htole16(chan->lc_imtu); 1156 1.1 gdamore 1157 1.1 gdamore next += sizeof(l2cap_cfg_opt_t) + L2CAP_OPT_MTU_SIZE; 1158 1.1 gdamore } 1159 1.1 gdamore 1160 1.1 gdamore /* Flush Timeout (4 octets) */ 1161 1.1 gdamore if (chan->lc_flush != L2CAP_FLUSH_TIMO_DEFAULT) { 1162 1.1 gdamore opt = (l2cap_cfg_opt_t *)next; 1163 1.1 gdamore opt->type = L2CAP_OPT_FLUSH_TIMO; 1164 1.1 gdamore opt->length = L2CAP_OPT_FLUSH_TIMO_SIZE; 1165 1.1 gdamore 1166 1.1 gdamore val = (l2cap_cfg_opt_val_t *)(opt + 1); 1167 1.1 gdamore val->flush_timo = htole16(chan->lc_flush); 1168 1.1 gdamore 1169 1.1 gdamore next += sizeof(l2cap_cfg_opt_t) + L2CAP_OPT_FLUSH_TIMO_SIZE; 1170 1.1 gdamore } 1171 1.1 gdamore 1172 1.1 gdamore /* Outgoing QoS Flow (24 octets) */ 1173 1.1 gdamore /* Retransmission & Flow Control (11 octets) */ 1174 1.1 gdamore /* 1175 1.1 gdamore * From here we need to start paying attention to SigMTU as we have 1176 1.1 gdamore * possibly overflowed the minimum supported.. 1177 1.1 gdamore */ 1178 1.1 gdamore 1179 1.1 gdamore return l2cap_send_signal(chan->lc_link, L2CAP_CONFIG_REQ, 1180 1.1 gdamore chan->lc_link->hl_lastid, (int)(next - buf), buf); 1181 1.1 gdamore } 1182 1.1 gdamore 1183 1.1 gdamore /* 1184 1.1 gdamore * Send Disconnect Request 1185 1.1 gdamore */ 1186 1.1 gdamore int 1187 1.1 gdamore l2cap_send_disconnect_req(struct l2cap_channel *chan) 1188 1.1 gdamore { 1189 1.1 gdamore l2cap_discon_req_cp cp; 1190 1.1 gdamore int err; 1191 1.1 gdamore 1192 1.1 gdamore err = l2cap_request_alloc(chan, L2CAP_DISCONNECT_REQ); 1193 1.1 gdamore if (err) 1194 1.1 gdamore return err; 1195 1.1 gdamore 1196 1.1 gdamore cp.dcid = htole16(chan->lc_rcid); 1197 1.1 gdamore cp.scid = htole16(chan->lc_lcid); 1198 1.1 gdamore 1199 1.1 gdamore return l2cap_send_signal(chan->lc_link, L2CAP_DISCONNECT_REQ, 1200 1.1 gdamore chan->lc_link->hl_lastid, sizeof(cp), &cp); 1201 1.1 gdamore } 1202 1.7 plunky 1203 1.7 plunky /* 1204 1.7 plunky * Send Connect Response 1205 1.7 plunky */ 1206 1.7 plunky int 1207 1.7 plunky l2cap_send_connect_rsp(struct hci_link *link, uint8_t ident, uint16_t dcid, uint16_t scid, uint16_t result) 1208 1.7 plunky { 1209 1.7 plunky l2cap_con_rsp_cp cp; 1210 1.7 plunky 1211 1.7 plunky memset(&cp, 0, sizeof(cp)); 1212 1.7 plunky cp.dcid = htole16(dcid); 1213 1.7 plunky cp.scid = htole16(scid); 1214 1.7 plunky cp.result = htole16(result); 1215 1.7 plunky 1216 1.7 plunky return l2cap_send_signal(link, L2CAP_CONNECT_RSP, ident, sizeof(cp), &cp); 1217 1.7 plunky } 1218 1.15 plunky 1219 1.15 plunky /* 1220 1.15 plunky * copy in QoS buffer to host 1221 1.15 plunky */ 1222 1.15 plunky static void 1223 1.15 plunky l2cap_qos_btoh(l2cap_qos_t *qos, void *buf) 1224 1.15 plunky { 1225 1.15 plunky l2cap_qos_t *src = buf; 1226 1.15 plunky 1227 1.15 plunky qos->flags = src->flags; 1228 1.15 plunky qos->service_type = src->service_type; 1229 1.15 plunky qos->token_rate = le32toh(src->token_rate); 1230 1.15 plunky qos->token_bucket_size = le32toh(src->token_bucket_size); 1231 1.15 plunky qos->peak_bandwidth = le32toh(src->peak_bandwidth); 1232 1.15 plunky qos->latency = le32toh(src->latency); 1233 1.15 plunky qos->delay_variation = le32toh(src->delay_variation); 1234 1.15 plunky } 1235 1.15 plunky 1236 1.15 plunky /* 1237 1.15 plunky * copy out host QoS to buffer 1238 1.15 plunky */ 1239 1.15 plunky static void 1240 1.15 plunky l2cap_qos_htob(void *buf, l2cap_qos_t *qos) 1241 1.15 plunky { 1242 1.15 plunky l2cap_qos_t *dst = buf; 1243 1.15 plunky 1244 1.15 plunky dst->flags = qos->flags; 1245 1.15 plunky dst->service_type = qos->service_type; 1246 1.15 plunky dst->token_rate = htole32(qos->token_rate); 1247 1.15 plunky dst->token_bucket_size = htole32(qos->token_bucket_size); 1248 1.15 plunky dst->peak_bandwidth = htole32(qos->peak_bandwidth); 1249 1.15 plunky dst->latency = htole32(qos->latency); 1250 1.15 plunky dst->delay_variation = htole32(qos->delay_variation); 1251 1.15 plunky } 1252
Indexes created Tue Sep 23 23:09:58 GMT 2025