1 /* $NetBSD: hci_event.c,v 1.26 2019/09/28 07:06:33 plunky Exp $ */
2
3 /*-
4 * Copyright (c) 2005 Iain Hibbert.
5 * Copyright (c) 2006 Itronix Inc.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of Itronix Inc. may not be used to endorse
17 * or promote products derived from this software without specific
18 * prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #include <sys/cdefs.h>
34 __KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.26 2019/09/28 07:06:33 plunky Exp $");
35
36 #include <sys/param.h>
37 #include <sys/kernel.h>
38 #include <sys/malloc.h>
39 #include <sys/mbuf.h>
40 #include <sys/proc.h>
41 #include <sys/systm.h>
42
43 #include <netbt/bluetooth.h>
44 #include <netbt/hci.h>
45 #include <netbt/sco.h>
46
47 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *);
48 static void hci_event_rssi_result(struct hci_unit *, struct mbuf *);
49 static void hci_event_extended_result(struct hci_unit *, struct mbuf *);
50 static void hci_event_command_status(struct hci_unit *, struct mbuf *);
51 static void hci_event_command_compl(struct hci_unit *, struct mbuf *);
52 static void hci_event_con_compl(struct hci_unit *, struct mbuf *);
53 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *);
54 static void hci_event_con_req(struct hci_unit *, struct mbuf *);
55 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *);
56 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *);
57 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *);
58 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *);
59 static void hci_event_read_clock_offset_compl(struct hci_unit *, struct mbuf *);
60 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *);
61 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *);
62 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *);
63 static void hci_cmd_read_local_extended_features(struct hci_unit *, struct mbuf *);
64 static void hci_cmd_read_local_ver(struct hci_unit *, struct mbuf *);
65 static void hci_cmd_read_local_commands(struct hci_unit *, struct mbuf *);
66 static void hci_cmd_read_encryption_key_size(struct hci_unit *, struct mbuf *);
67 static void hci_cmd_reset(struct hci_unit *, struct mbuf *);
68 static void hci_cmd_create_con(struct hci_unit *unit, uint8_t status);
69
70 #ifdef BLUETOOTH_DEBUG
71 int bluetooth_debug;
72
73 static const char *hci_eventnames[] = {
74 /* 0x00 */ "NULL",
75 /* 0x01 */ "INQUIRY COMPLETE",
76 /* 0x02 */ "INQUIRY RESULT",
77 /* 0x03 */ "CONN COMPLETE",
78 /* 0x04 */ "CONN REQ",
79 /* 0x05 */ "DISCONN COMPLETE",
80 /* 0x06 */ "AUTH COMPLETE",
81 /* 0x07 */ "REMOTE NAME REQ COMPLETE",
82 /* 0x08 */ "ENCRYPTION CHANGE",
83 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE",
84 /* 0x0a */ "MASTER LINK KEY COMPLETE",
85 /* 0x0b */ "READ REMOTE FEATURES COMPLETE",
86 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE",
87 /* 0x0d */ "QoS SETUP COMPLETE",
88 /* 0x0e */ "COMMAND COMPLETE",
89 /* 0x0f */ "COMMAND STATUS",
90 /* 0x10 */ "HARDWARE ERROR",
91 /* 0x11 */ "FLUSH OCCUR",
92 /* 0x12 */ "ROLE CHANGE",
93 /* 0x13 */ "NUM COMPLETED PACKETS",
94 /* 0x14 */ "MODE CHANGE",
95 /* 0x15 */ "RETURN LINK KEYS",
96 /* 0x16 */ "PIN CODE REQ",
97 /* 0x17 */ "LINK KEY REQ",
98 /* 0x18 */ "LINK KEY NOTIFICATION",
99 /* 0x19 */ "LOOPBACK COMMAND",
100 /* 0x1a */ "DATA BUFFER OVERFLOW",
101 /* 0x1b */ "MAX SLOT CHANGE",
102 /* 0x1c */ "READ CLOCK OFFSET COMPLETE",
103 /* 0x1d */ "CONN PKT TYPE CHANGED",
104 /* 0x1e */ "QOS VIOLATION",
105 /* 0x1f */ "PAGE SCAN MODE CHANGE",
106 /* 0x20 */ "PAGE SCAN REP MODE CHANGE",
107 /* 0x21 */ "FLOW SPECIFICATION COMPLETE",
108 /* 0x22 */ "RSSI RESULT",
109 /* 0x23 */ "READ REMOTE EXT FEATURES",
110 /* 0x24 */ "UNKNOWN",
111 /* 0x25 */ "UNKNOWN",
112 /* 0x26 */ "UNKNOWN",
113 /* 0x27 */ "UNKNOWN",
114 /* 0x28 */ "UNKNOWN",
115 /* 0x29 */ "UNKNOWN",
116 /* 0x2a */ "UNKNOWN",
117 /* 0x2b */ "UNKNOWN",
118 /* 0x2c */ "SCO CON COMPLETE",
119 /* 0x2d */ "SCO CON CHANGED",
120 /* 0x2e */ "SNIFF SUBRATING",
121 /* 0x2f */ "EXTENDED INQUIRY RESULT",
122 /* 0x30 */ "ENCRYPTION KEY REFRESH",
123 /* 0x31 */ "IO CAPABILITY REQUEST",
124 /* 0x32 */ "IO CAPABILITY RESPONSE",
125 /* 0x33 */ "USER CONFIRM REQUEST",
126 /* 0x34 */ "USER PASSKEY REQUEST",
127 /* 0x35 */ "REMOTE OOB DATA REQUEST",
128 /* 0x36 */ "SIMPLE PAIRING COMPLETE",
129 /* 0x37 */ "UNKNOWN",
130 /* 0x38 */ "LINK SUPERVISION TIMEOUT CHANGED",
131 /* 0x39 */ "ENHANCED FLUSH COMPLETE",
132 /* 0x3a */ "UNKNOWN",
133 /* 0x3b */ "USER PASSKEY NOTIFICATION",
134 /* 0x3c */ "KEYPRESS NOTIFICATION",
135 /* 0x3d */ "REMOTE HOST FEATURES NOTIFICATION",
136 };
137
138 static const char *
hci_eventstr(unsigned int event)139 hci_eventstr(unsigned int event)
140 {
141
142 if (event < __arraycount(hci_eventnames))
143 return hci_eventnames[event];
144
145 switch (event) {
146 case HCI_EVENT_BT_LOGO: /* 0xfe */
147 return "BT_LOGO";
148
149 case HCI_EVENT_VENDOR: /* 0xff */
150 return "VENDOR";
151 }
152
153 return "UNKNOWN";
154 }
155 #endif /* BLUETOOTH_DEBUG */
156
157 /*
158 * process HCI Events
159 *
160 * We will free the mbuf at the end, no need for any sub
161 * functions to handle that.
162 */
163 void
hci_event(struct mbuf * m,struct hci_unit * unit)164 hci_event(struct mbuf *m, struct hci_unit *unit)
165 {
166 hci_event_hdr_t hdr;
167
168 KASSERT(m->m_flags & M_PKTHDR);
169
170 if (m->m_pkthdr.len < sizeof(hdr))
171 goto done;
172
173 m_copydata(m, 0, sizeof(hdr), &hdr);
174 m_adj(m, sizeof(hdr));
175
176 KASSERT(hdr.type == HCI_EVENT_PKT);
177 if (m->m_pkthdr.len != hdr.length)
178 goto done;
179
180 DPRINTFN(1, "(%s) event %s\n",
181 device_xname(unit->hci_dev), hci_eventstr(hdr.event));
182
183 switch(hdr.event) {
184 case HCI_EVENT_COMMAND_STATUS:
185 hci_event_command_status(unit, m);
186 break;
187
188 case HCI_EVENT_COMMAND_COMPL:
189 hci_event_command_compl(unit, m);
190 break;
191
192 case HCI_EVENT_NUM_COMPL_PKTS:
193 hci_event_num_compl_pkts(unit, m);
194 break;
195
196 case HCI_EVENT_INQUIRY_RESULT:
197 hci_event_inquiry_result(unit, m);
198 break;
199
200 case HCI_EVENT_RSSI_RESULT:
201 hci_event_rssi_result(unit, m);
202 break;
203
204 case HCI_EVENT_EXTENDED_RESULT:
205 hci_event_extended_result(unit, m);
206 break;
207
208 case HCI_EVENT_CON_COMPL:
209 hci_event_con_compl(unit, m);
210 break;
211
212 case HCI_EVENT_DISCON_COMPL:
213 hci_event_discon_compl(unit, m);
214 break;
215
216 case HCI_EVENT_CON_REQ:
217 hci_event_con_req(unit, m);
218 break;
219
220 case HCI_EVENT_AUTH_COMPL:
221 hci_event_auth_compl(unit, m);
222 break;
223
224 case HCI_EVENT_ENCRYPTION_CHANGE:
225 hci_event_encryption_change(unit, m);
226 break;
227
228 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL:
229 hci_event_change_con_link_key_compl(unit, m);
230 break;
231
232 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL:
233 hci_event_read_clock_offset_compl(unit, m);
234 break;
235
236 default:
237 break;
238 }
239
240 done:
241 m_freem(m);
242 }
243
244 /*
245 * Command Status
246 *
247 * Restart command queue and post-process any pending commands
248 */
249 static void
hci_event_command_status(struct hci_unit * unit,struct mbuf * m)250 hci_event_command_status(struct hci_unit *unit, struct mbuf *m)
251 {
252 hci_command_status_ep ep;
253
254 if (m->m_pkthdr.len < sizeof(ep))
255 return;
256
257 m_copydata(m, 0, sizeof(ep), &ep);
258 m_adj(m, sizeof(ep));
259
260 ep.opcode = le16toh(ep.opcode);
261
262 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n",
263 device_xname(unit->hci_dev),
264 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode),
265 ep.status,
266 ep.num_cmd_pkts);
267
268 hci_num_cmds(unit, ep.num_cmd_pkts);
269
270 /*
271 * post processing of pending commands
272 */
273 switch(ep.opcode) {
274 case HCI_CMD_CREATE_CON:
275 hci_cmd_create_con(unit, ep.status);
276 break;
277
278 default:
279 if (ep.status == 0)
280 break;
281
282 aprint_error_dev(unit->hci_dev,
283 "CommandStatus opcode (%03x|%04x) failed (status=0x%02x)\n",
284 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode),
285 ep.status);
286
287 break;
288 }
289 }
290
291 /*
292 * Command Complete
293 *
294 * Restart command queue and handle the completed command
295 */
296 static void
hci_event_command_compl(struct hci_unit * unit,struct mbuf * m)297 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m)
298 {
299 hci_command_compl_ep ep;
300 hci_status_rp rp;
301
302 if (m->m_pkthdr.len < sizeof(ep))
303 return;
304
305 m_copydata(m, 0, sizeof(ep), &ep);
306 m_adj(m, sizeof(ep));
307
308 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n",
309 device_xname(unit->hci_dev),
310 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)),
311 ep.num_cmd_pkts);
312
313 hci_num_cmds(unit, ep.num_cmd_pkts);
314
315 /*
316 * I am not sure if this is completely correct, it is not guaranteed
317 * that a command_complete packet will contain the status though most
318 * do seem to.
319 */
320 if (m->m_pkthdr.len >= sizeof(rp)) {
321 m_copydata(m, 0, sizeof(rp), &rp);
322 if (rp.status > 0)
323 aprint_error_dev(unit->hci_dev,
324 "CommandComplete opcode (%03x|%04x) failed (status=0x%02x)\n",
325 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)),
326 rp.status);
327 }
328
329 /*
330 * post processing of completed commands
331 */
332 switch(le16toh(ep.opcode)) {
333 case HCI_CMD_READ_BDADDR:
334 hci_cmd_read_bdaddr(unit, m);
335 break;
336
337 case HCI_CMD_READ_BUFFER_SIZE:
338 hci_cmd_read_buffer_size(unit, m);
339 break;
340
341 case HCI_CMD_READ_LOCAL_FEATURES:
342 hci_cmd_read_local_features(unit, m);
343 break;
344
345 case HCI_CMD_READ_LOCAL_EXTENDED_FEATURES:
346 hci_cmd_read_local_extended_features(unit, m);
347 break;
348
349 case HCI_CMD_READ_LOCAL_VER:
350 hci_cmd_read_local_ver(unit, m);
351 break;
352
353 case HCI_CMD_READ_LOCAL_COMMANDS:
354 hci_cmd_read_local_commands(unit, m);
355 break;
356
357 case HCI_CMD_READ_ENCRYPTION_KEY_SIZE:
358 hci_cmd_read_encryption_key_size(unit, m);
359 break;
360
361 case HCI_CMD_RESET:
362 hci_cmd_reset(unit, m);
363 break;
364
365 default:
366 break;
367 }
368 }
369
370 /*
371 * Number of Completed Packets
372 *
373 * This is sent periodically by the Controller telling us how many
374 * buffers are now freed up and which handle was using them. From
375 * this we determine which type of buffer it was and add the qty
376 * back into the relevant packet counter, then restart output on
377 * links that have halted.
378 */
379 static void
hci_event_num_compl_pkts(struct hci_unit * unit,struct mbuf * m)380 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m)
381 {
382 hci_num_compl_pkts_ep ep;
383 struct hci_link *link, *next;
384 uint16_t handle, num;
385 int num_acl = 0, num_sco = 0;
386
387 if (m->m_pkthdr.len < sizeof(ep))
388 return;
389
390 m_copydata(m, 0, sizeof(ep), &ep);
391 m_adj(m, sizeof(ep));
392
393 if (m->m_pkthdr.len < ep.num_con_handles * (sizeof(handle) + sizeof(num)))
394 return;
395
396 while (ep.num_con_handles--) {
397 m_copydata(m, 0, sizeof(handle), &handle);
398 m_adj(m, sizeof(handle));
399 handle = le16toh(handle);
400
401 m_copydata(m, 0, sizeof(num), &num);
402 m_adj(m, sizeof(num));
403 num = le16toh(num);
404
405 link = hci_link_lookup_handle(unit, handle);
406 if (link) {
407 if (link->hl_type == HCI_LINK_ACL) {
408 num_acl += num;
409 hci_acl_complete(link, num);
410 } else {
411 num_sco += num;
412 hci_sco_complete(link, num);
413 }
414 } else {
415 /* XXX need to issue Read_Buffer_Size or Reset? */
416 aprint_error_dev(unit->hci_dev,
417 "unknown handle %d! (losing track of %d packet buffer%s)\n",
418 handle, num, (num == 1 ? "" : "s"));
419 }
420 }
421
422 /*
423 * Move up any queued packets. When a link has sent data, it will move
424 * to the back of the queue - technically then if a link had something
425 * to send and there were still buffers available it could get started
426 * twice but it seemed more important to to handle higher loads fairly
427 * than worry about wasting cycles when we are not busy.
428 */
429
430 unit->hci_num_acl_pkts += num_acl;
431 unit->hci_num_sco_pkts += num_sco;
432
433 link = TAILQ_FIRST(&unit->hci_links);
434 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) {
435 next = TAILQ_NEXT(link, hl_next);
436
437 if (link->hl_type == HCI_LINK_ACL) {
438 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0)
439 hci_acl_start(link);
440 } else {
441 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0)
442 hci_sco_start(link);
443 }
444
445 link = next;
446 }
447 }
448
449 /*
450 * Inquiry Result
451 *
452 * keep a note of devices seen, so we know which unit to use
453 * on outgoing connections
454 */
455 static void
hci_event_inquiry_result(struct hci_unit * unit,struct mbuf * m)456 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m)
457 {
458 hci_inquiry_result_ep ep;
459 hci_inquiry_response ir;
460 struct hci_memo *memo;
461
462 if (m->m_pkthdr.len < sizeof(ep))
463 return;
464
465 m_copydata(m, 0, sizeof(ep), &ep);
466 m_adj(m, sizeof(ep));
467
468 DPRINTFN(1, "%d response%s\n", ep.num_responses,
469 (ep.num_responses == 1 ? "" : "s"));
470
471 while(ep.num_responses--) {
472 if (m->m_pkthdr.len < sizeof(ir))
473 return;
474
475 m_copydata(m, 0, sizeof(ir), &ir);
476 m_adj(m, sizeof(ir));
477
478 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n",
479 ir.bdaddr.b[5], ir.bdaddr.b[4], ir.bdaddr.b[3],
480 ir.bdaddr.b[2], ir.bdaddr.b[1], ir.bdaddr.b[0]);
481
482 memo = hci_memo_new(unit, &ir.bdaddr);
483 if (memo != NULL) {
484 memo->page_scan_rep_mode = ir.page_scan_rep_mode;
485 memo->page_scan_mode = ir.page_scan_mode;
486 memo->clock_offset = ir.clock_offset;
487 }
488 }
489 }
490
491 /*
492 * Inquiry Result with RSSI
493 *
494 * as above but different packet when RSSI result is enabled
495 */
496 static void
hci_event_rssi_result(struct hci_unit * unit,struct mbuf * m)497 hci_event_rssi_result(struct hci_unit *unit, struct mbuf *m)
498 {
499 hci_rssi_result_ep ep;
500 hci_rssi_response rr;
501 struct hci_memo *memo;
502
503 if (m->m_pkthdr.len < sizeof(ep))
504 return;
505
506 m_copydata(m, 0, sizeof(ep), &ep);
507 m_adj(m, sizeof(ep));
508
509 DPRINTFN(1, "%d response%s\n", ep.num_responses,
510 (ep.num_responses == 1 ? "" : "s"));
511
512 while(ep.num_responses--) {
513 if (m->m_pkthdr.len < sizeof(rr))
514 return;
515
516 m_copydata(m, 0, sizeof(rr), &rr);
517 m_adj(m, sizeof(rr));
518
519 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n",
520 rr.bdaddr.b[5], rr.bdaddr.b[4], rr.bdaddr.b[3],
521 rr.bdaddr.b[2], rr.bdaddr.b[1], rr.bdaddr.b[0]);
522
523 memo = hci_memo_new(unit, &rr.bdaddr);
524 if (memo != NULL) {
525 memo->page_scan_rep_mode = rr.page_scan_rep_mode;
526 memo->page_scan_mode = 0;
527 memo->clock_offset = rr.clock_offset;
528 }
529 }
530 }
531
532 /*
533 * Extended Inquiry Result
534 *
535 * as above but provides only one response and extended service info
536 */
537 static void
hci_event_extended_result(struct hci_unit * unit,struct mbuf * m)538 hci_event_extended_result(struct hci_unit *unit, struct mbuf *m)
539 {
540 hci_extended_result_ep ep;
541 struct hci_memo *memo;
542
543 if (m->m_pkthdr.len < sizeof(ep))
544 return;
545
546 m_copydata(m, 0, sizeof(ep), &ep);
547 m_adj(m, sizeof(ep));
548
549 if (ep.num_responses != 1)
550 return;
551
552 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n",
553 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3],
554 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0]);
555
556 memo = hci_memo_new(unit, &ep.bdaddr);
557 if (memo != NULL) {
558 memo->page_scan_rep_mode = ep.page_scan_rep_mode;
559 memo->page_scan_mode = 0;
560 memo->clock_offset = ep.clock_offset;
561 }
562 }
563
564 /*
565 * Connection Complete
566 *
567 * Sent to us when a connection is made. If there is no link
568 * structure already allocated for this, we must have changed
569 * our mind, so just disconnect.
570 */
571 static void
hci_event_con_compl(struct hci_unit * unit,struct mbuf * m)572 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m)
573 {
574 hci_con_compl_ep ep;
575 hci_write_link_policy_settings_cp cp;
576 struct hci_link *link;
577 int err;
578
579 if (m->m_pkthdr.len < sizeof(ep))
580 return;
581
582 m_copydata(m, 0, sizeof(ep), &ep);
583 m_adj(m, sizeof(ep));
584
585 DPRINTFN(1, "(%s) %s connection complete for "
586 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n",
587 device_xname(unit->hci_dev),
588 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"),
589 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3],
590 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0],
591 ep.status);
592
593 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type);
594
595 if (ep.status) {
596 if (link != NULL) {
597 switch (ep.status) {
598 case 0x04: /* "Page Timeout" */
599 err = EHOSTDOWN;
600 break;
601
602 case 0x08: /* "Connection Timed Out" */
603 err = ETIMEDOUT;
604 break;
605
606 case 0x16: /* "Connection Terminated by Local Host" */
607 err = 0;
608 break;
609
610 default:
611 err = ECONNREFUSED;
612 break;
613 }
614
615 hci_link_free(link, err);
616 }
617
618 return;
619 }
620
621 if (link == NULL) {
622 hci_discon_cp dp;
623
624 dp.con_handle = ep.con_handle;
625 dp.reason = 0x13; /* "Remote User Terminated Connection" */
626
627 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp));
628 return;
629 }
630
631 /*
632 * We purposefully ignore ep.encryption_mode here - if that is set then
633 * the link will be authenticated and encrypted, but we still want to
634 * verify the key size and setmode sets the right flags
635 */
636
637 link->hl_state = HCI_LINK_OPEN;
638 link->hl_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
639
640 if (ep.link_type == HCI_LINK_ACL) {
641 cp.con_handle = ep.con_handle;
642 cp.settings = htole16(unit->hci_link_policy);
643 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS,
644 &cp, sizeof(cp));
645 if (err)
646 aprint_error_dev(unit->hci_dev,
647 "Warning, could not write link policy\n");
648
649 err = hci_send_cmd(unit, HCI_CMD_READ_CLOCK_OFFSET,
650 &cp.con_handle, sizeof(cp.con_handle));
651 if (err)
652 aprint_error_dev(unit->hci_dev,
653 "Warning, could not read clock offset\n");
654
655 err = hci_acl_setmode(link);
656 if (err == EINPROGRESS)
657 return;
658
659 hci_acl_linkmode(link);
660 } else {
661 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper);
662 }
663 }
664
665 /*
666 * Disconnection Complete
667 *
668 * This is sent in response to a disconnection request, but also if
669 * the remote device goes out of range.
670 */
671 static void
hci_event_discon_compl(struct hci_unit * unit,struct mbuf * m)672 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m)
673 {
674 hci_discon_compl_ep ep;
675 struct hci_link *link;
676
677 if (m->m_pkthdr.len < sizeof(ep))
678 return;
679
680 m_copydata(m, 0, sizeof(ep), &ep);
681 m_adj(m, sizeof(ep));
682
683 ep.con_handle = le16toh(ep.con_handle);
684
685 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
686
687 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle));
688 if (link)
689 hci_link_free(link, ENOLINK);
690 }
691
692 /*
693 * Connect Request
694 *
695 * We check upstream for appropriate listeners and accept connections
696 * that are wanted.
697 */
698 static void
hci_event_con_req(struct hci_unit * unit,struct mbuf * m)699 hci_event_con_req(struct hci_unit *unit, struct mbuf *m)
700 {
701 hci_con_req_ep ep;
702 hci_accept_con_cp ap;
703 hci_reject_con_cp rp;
704 struct hci_link *link;
705
706 if (m->m_pkthdr.len < sizeof(ep))
707 return;
708
709 m_copydata(m, 0, sizeof(ep), &ep);
710 m_adj(m, sizeof(ep));
711
712 DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x "
713 "class %2.2x%2.2x%2.2x type %s\n",
714 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3],
715 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0],
716 ep.uclass[0], ep.uclass[1], ep.uclass[2],
717 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO");
718
719 if (ep.link_type == HCI_LINK_ACL)
720 link = hci_acl_newconn(unit, &ep.bdaddr);
721 else
722 link = hci_sco_newconn(unit, &ep.bdaddr);
723
724 if (link == NULL) {
725 memset(&rp, 0, sizeof(rp));
726 bdaddr_copy(&rp.bdaddr, &ep.bdaddr);
727 rp.reason = 0x0f; /* Unacceptable BD_ADDR */
728
729 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp));
730 } else {
731 memset(&ap, 0, sizeof(ap));
732 bdaddr_copy(&ap.bdaddr, &ep.bdaddr);
733 if (unit->hci_flags & BTF_MASTER)
734 ap.role = HCI_ROLE_MASTER;
735 else
736 ap.role = HCI_ROLE_SLAVE;
737
738 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap));
739 }
740 }
741
742 /*
743 * Auth Complete
744 *
745 * Authentication has been completed on an ACL link. We can notify the
746 * upper layer protocols unless further mode changes are pending.
747 */
748 static void
hci_event_auth_compl(struct hci_unit * unit,struct mbuf * m)749 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m)
750 {
751 hci_auth_compl_ep ep;
752 struct hci_link *link;
753 int err;
754
755 if (m->m_pkthdr.len < sizeof(ep))
756 return;
757
758 m_copydata(m, 0, sizeof(ep), &ep);
759 m_adj(m, sizeof(ep));
760
761 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
762
763 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
764
765 link = hci_link_lookup_handle(unit, ep.con_handle);
766 if (link == NULL || link->hl_type != HCI_LINK_ACL)
767 return;
768
769 if (ep.status == 0) {
770 link->hl_flags |= HCI_LINK_AUTH;
771
772 if (link->hl_state == HCI_LINK_WAIT_AUTH)
773 link->hl_state = HCI_LINK_OPEN;
774
775 err = hci_acl_setmode(link);
776 if (err == EINPROGRESS)
777 return;
778 }
779
780 hci_acl_linkmode(link);
781 }
782
783 /*
784 * Encryption Change
785 *
786 * The encryption status has changed. Make a note if disabled, or
787 * check the key size if possible before allowing it is enabled.
788 * (checking of key size was enabled in 3.0 spec)
789 */
790 static void
hci_event_encryption_change(struct hci_unit * unit,struct mbuf * m)791 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m)
792 {
793 hci_encryption_change_ep ep;
794 struct hci_link *link;
795 uint16_t con_handle;
796 int err;
797
798 if (m->m_pkthdr.len < sizeof(ep))
799 return;
800
801 m_copydata(m, 0, sizeof(ep), &ep);
802 m_adj(m, sizeof(ep));
803
804 con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
805
806 DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n",
807 con_handle, ep.status, ep.encryption_enable);
808
809 link = hci_link_lookup_handle(unit, con_handle);
810 if (link == NULL || link->hl_type != HCI_LINK_ACL)
811 return;
812
813 if (ep.status == 0) {
814 if (ep.encryption_enable == 0) {
815 link->hl_flags &= ~HCI_LINK_ENCRYPT;
816 } else if (unit->hci_cmds[20] & (1<<4)) {
817 err = hci_send_cmd(unit, HCI_CMD_READ_ENCRYPTION_KEY_SIZE,
818 &ep.con_handle, sizeof(ep.con_handle));
819
820 if (err == 0)
821 return;
822 } else {
823 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
824
825 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT)
826 link->hl_state = HCI_LINK_OPEN;
827
828 err = hci_acl_setmode(link);
829 if (err == EINPROGRESS)
830 return;
831 }
832 }
833
834 hci_acl_linkmode(link);
835 }
836
837 /*
838 * Change Connection Link Key Complete
839 *
840 * Link keys are handled in userland but if we are waiting to secure
841 * this link, we should notify the upper protocols. A SECURE request
842 * only needs a single key change, so we can cancel the request.
843 */
844 static void
hci_event_change_con_link_key_compl(struct hci_unit * unit,struct mbuf * m)845 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m)
846 {
847 hci_change_con_link_key_compl_ep ep;
848 struct hci_link *link;
849 int err;
850
851 if (m->m_pkthdr.len < sizeof(ep))
852 return;
853
854 m_copydata(m, 0, sizeof(ep), &ep);
855 m_adj(m, sizeof(ep));
856
857 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
858
859 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
860
861 link = hci_link_lookup_handle(unit, ep.con_handle);
862 if (link == NULL || link->hl_type != HCI_LINK_ACL)
863 return;
864
865 link->hl_flags &= ~HCI_LINK_SECURE_REQ;
866
867 if (ep.status == 0) {
868 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE);
869
870 if (link->hl_state == HCI_LINK_WAIT_SECURE)
871 link->hl_state = HCI_LINK_OPEN;
872
873 err = hci_acl_setmode(link);
874 if (err == EINPROGRESS)
875 return;
876 }
877
878 hci_acl_linkmode(link);
879 }
880
881 /*
882 * Read Clock Offset Complete
883 *
884 * We keep a note of the clock offset of remote devices when a
885 * link is made, in order to facilitate reconnections to the device
886 */
887 static void
hci_event_read_clock_offset_compl(struct hci_unit * unit,struct mbuf * m)888 hci_event_read_clock_offset_compl(struct hci_unit *unit, struct mbuf *m)
889 {
890 hci_read_clock_offset_compl_ep ep;
891 struct hci_link *link;
892
893 if (m->m_pkthdr.len < sizeof(ep))
894 return;
895
896 m_copydata(m, 0, sizeof(ep), &ep);
897 m_adj(m, sizeof(ep));
898
899 DPRINTFN(1, "handle #%d, offset=%u, status=0x%x\n",
900 le16toh(ep.con_handle), le16toh(ep.clock_offset), ep.status);
901
902 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
903 link = hci_link_lookup_handle(unit, ep.con_handle);
904 if (link == NULL || link->hl_type != HCI_LINK_ACL)
905 return;
906
907 if (ep.status == 0)
908 link->hl_clock = ep.clock_offset;
909 }
910
911 /*
912 * process results of read_bdaddr command_complete event
913 */
914 static void
hci_cmd_read_bdaddr(struct hci_unit * unit,struct mbuf * m)915 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m)
916 {
917 hci_read_bdaddr_rp rp;
918
919 if (m->m_pkthdr.len < sizeof(rp))
920 return;
921
922 m_copydata(m, 0, sizeof(rp), &rp);
923 m_adj(m, sizeof(rp));
924
925 if (rp.status > 0)
926 return;
927
928 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0)
929 return;
930
931 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr);
932
933 unit->hci_flags &= ~BTF_INIT_BDADDR;
934
935 cv_broadcast(&unit->hci_init);
936 }
937
938 /*
939 * process results of read_buffer_size command_complete event
940 */
941 static void
hci_cmd_read_buffer_size(struct hci_unit * unit,struct mbuf * m)942 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m)
943 {
944 hci_read_buffer_size_rp rp;
945
946 if (m->m_pkthdr.len < sizeof(rp))
947 return;
948
949 m_copydata(m, 0, sizeof(rp), &rp);
950 m_adj(m, sizeof(rp));
951
952 if (rp.status > 0)
953 return;
954
955 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0)
956 return;
957
958 unit->hci_max_acl_size = le16toh(rp.max_acl_size);
959 unit->hci_num_acl_pkts = le16toh(rp.num_acl_pkts);
960 unit->hci_max_acl_pkts = le16toh(rp.num_acl_pkts);
961 unit->hci_max_sco_size = rp.max_sco_size;
962 unit->hci_num_sco_pkts = le16toh(rp.num_sco_pkts);
963 unit->hci_max_sco_pkts = le16toh(rp.num_sco_pkts);
964
965 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE;
966
967 cv_broadcast(&unit->hci_init);
968 }
969
970 /*
971 * process results of read_local_features command_complete event
972 */
973 static void
hci_cmd_read_local_features(struct hci_unit * unit,struct mbuf * m)974 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m)
975 {
976 hci_read_local_features_rp rp;
977
978 if (m->m_pkthdr.len < sizeof(rp))
979 return;
980
981 m_copydata(m, 0, sizeof(rp), &rp);
982 m_adj(m, sizeof(rp));
983
984 if (rp.status > 0)
985 return;
986
987 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0)
988 return;
989
990 memcpy(unit->hci_feat0, rp.features, HCI_FEATURES_SIZE);
991
992 unit->hci_lmp_mask = 0;
993
994 if (rp.features[0] & HCI_LMP_ROLE_SWITCH)
995 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH;
996
997 if (rp.features[0] & HCI_LMP_HOLD_MODE)
998 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE;
999
1000 if (rp.features[0] & HCI_LMP_SNIFF_MODE)
1001 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE;
1002
1003 if (rp.features[1] & HCI_LMP_PARK_MODE)
1004 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE;
1005
1006 DPRINTFN(1, "%s: lmp_mask %4.4x\n",
1007 device_xname(unit->hci_dev), unit->hci_lmp_mask);
1008
1009 /* ACL packet mask */
1010 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1;
1011
1012 if (rp.features[0] & HCI_LMP_3SLOT)
1013 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3;
1014
1015 if (rp.features[0] & HCI_LMP_5SLOT)
1016 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5;
1017
1018 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0)
1019 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1
1020 | HCI_PKT_2MBPS_DH3
1021 | HCI_PKT_2MBPS_DH5;
1022
1023 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0)
1024 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1
1025 | HCI_PKT_3MBPS_DH3
1026 | HCI_PKT_3MBPS_DH5;
1027
1028 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0)
1029 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3
1030 | HCI_PKT_3MBPS_DH3;
1031
1032 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0)
1033 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5
1034 | HCI_PKT_3MBPS_DH5;
1035
1036 DPRINTFN(1, "%s: acl_mask %4.4x\n",
1037 device_xname(unit->hci_dev), unit->hci_acl_mask);
1038
1039 unit->hci_packet_type = unit->hci_acl_mask;
1040
1041 /* SCO packet mask */
1042 unit->hci_sco_mask = 0;
1043 if (rp.features[1] & HCI_LMP_SCO_LINK)
1044 unit->hci_sco_mask |= HCI_PKT_HV1;
1045
1046 if (rp.features[1] & HCI_LMP_HV2_PKT)
1047 unit->hci_sco_mask |= HCI_PKT_HV2;
1048
1049 if (rp.features[1] & HCI_LMP_HV3_PKT)
1050 unit->hci_sco_mask |= HCI_PKT_HV3;
1051
1052 if (rp.features[3] & HCI_LMP_EV3_PKT)
1053 unit->hci_sco_mask |= HCI_PKT_EV3;
1054
1055 if (rp.features[4] & HCI_LMP_EV4_PKT)
1056 unit->hci_sco_mask |= HCI_PKT_EV4;
1057
1058 if (rp.features[4] & HCI_LMP_EV5_PKT)
1059 unit->hci_sco_mask |= HCI_PKT_EV5;
1060
1061 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */
1062
1063 DPRINTFN(1, "%s: sco_mask %4.4x\n",
1064 device_xname(unit->hci_dev), unit->hci_sco_mask);
1065
1066 /* extended feature masks */
1067 if (rp.features[7] & HCI_LMP_EXTENDED_FEATURES) {
1068 hci_read_local_extended_features_cp cp;
1069
1070 cp.page = 0;
1071 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_EXTENDED_FEATURES,
1072 &cp, sizeof(cp));
1073
1074 return;
1075 }
1076
1077 unit->hci_flags &= ~BTF_INIT_FEATURES;
1078 cv_broadcast(&unit->hci_init);
1079 }
1080
1081 /*
1082 * process results of read_local_extended_features command_complete event
1083 */
1084 static void
hci_cmd_read_local_extended_features(struct hci_unit * unit,struct mbuf * m)1085 hci_cmd_read_local_extended_features(struct hci_unit *unit, struct mbuf *m)
1086 {
1087 hci_read_local_extended_features_rp rp;
1088
1089 if (m->m_pkthdr.len < sizeof(rp))
1090 return;
1091
1092 m_copydata(m, 0, sizeof(rp), &rp);
1093 m_adj(m, sizeof(rp));
1094
1095 if (rp.status > 0)
1096 return;
1097
1098 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0)
1099 return;
1100
1101 DPRINTFN(1, "%s: page %d of %d\n", device_xname(unit->hci_dev),
1102 rp.page, rp.max_page);
1103
1104 switch (rp.page) {
1105 case 2:
1106 memcpy(unit->hci_feat2, rp.features, HCI_FEATURES_SIZE);
1107 break;
1108
1109 case 1:
1110 memcpy(unit->hci_feat1, rp.features, HCI_FEATURES_SIZE);
1111 break;
1112
1113 case 0: /* (already handled) */
1114 default:
1115 break;
1116 }
1117
1118 if (rp.page < rp.max_page) {
1119 hci_read_local_extended_features_cp cp;
1120
1121 cp.page = rp.page + 1;
1122 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_EXTENDED_FEATURES,
1123 &cp, sizeof(cp));
1124
1125 return;
1126 }
1127
1128 unit->hci_flags &= ~BTF_INIT_FEATURES;
1129 cv_broadcast(&unit->hci_init);
1130 }
1131
1132 /*
1133 * process results of read_local_ver command_complete event
1134 *
1135 * reading local supported commands is only supported from 1.2 spec
1136 */
1137 static void
hci_cmd_read_local_ver(struct hci_unit * unit,struct mbuf * m)1138 hci_cmd_read_local_ver(struct hci_unit *unit, struct mbuf *m)
1139 {
1140 hci_read_local_ver_rp rp;
1141
1142 if (m->m_pkthdr.len < sizeof(rp))
1143 return;
1144
1145 m_copydata(m, 0, sizeof(rp), &rp);
1146 m_adj(m, sizeof(rp));
1147
1148 if (rp.status != 0)
1149 return;
1150
1151 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0)
1152 return;
1153
1154 if (rp.hci_version < HCI_SPEC_V12) {
1155 unit->hci_flags &= ~BTF_INIT_COMMANDS;
1156 cv_broadcast(&unit->hci_init);
1157 return;
1158 }
1159
1160 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_COMMANDS, NULL, 0);
1161 }
1162
1163 /*
1164 * process results of read_local_commands command_complete event
1165 */
1166 static void
hci_cmd_read_local_commands(struct hci_unit * unit,struct mbuf * m)1167 hci_cmd_read_local_commands(struct hci_unit *unit, struct mbuf *m)
1168 {
1169 hci_read_local_commands_rp rp;
1170
1171 if (m->m_pkthdr.len < sizeof(rp))
1172 return;
1173
1174 m_copydata(m, 0, sizeof(rp), &rp);
1175 m_adj(m, sizeof(rp));
1176
1177 if (rp.status != 0)
1178 return;
1179
1180 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0)
1181 return;
1182
1183 unit->hci_flags &= ~BTF_INIT_COMMANDS;
1184 memcpy(unit->hci_cmds, rp.commands, HCI_COMMANDS_SIZE);
1185
1186 cv_broadcast(&unit->hci_init);
1187 }
1188
1189 /*
1190 * process results of read_encryption_key_size command_complete event
1191 */
1192 static void
hci_cmd_read_encryption_key_size(struct hci_unit * unit,struct mbuf * m)1193 hci_cmd_read_encryption_key_size(struct hci_unit *unit, struct mbuf *m)
1194 {
1195 hci_read_encryption_key_size_rp rp;
1196 struct hci_link *link;
1197 int err;
1198
1199 if (m->m_pkthdr.len < sizeof(rp))
1200 return;
1201
1202 m_copydata(m, 0, sizeof(rp), &rp);
1203 m_adj(m, sizeof(rp));
1204
1205 if (rp.status != 0)
1206 return;
1207
1208 rp.con_handle = HCI_CON_HANDLE(le16toh(rp.con_handle));
1209
1210 DPRINTFN(1, "handle #%d, status=0x%x, key_size=0x%x\n",
1211 rp.con_handle, rp.status, rp.size);
1212
1213 link = hci_link_lookup_handle(unit, rp.con_handle);
1214 if (link == NULL || link->hl_type != HCI_LINK_ACL)
1215 return;
1216
1217 /*
1218 * if the key size is less than minimum standard, go straight to
1219 * linkmode as this is non-recoverable. Otherwise, we are encrypted
1220 * so can proceed with setmode.
1221 */
1222 if (rp.status == 0) {
1223 if (rp.size < 7) {
1224 link->hl_flags &= ~HCI_LINK_ENCRYPT;
1225 } else {
1226 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
1227
1228 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT)
1229 link->hl_state = HCI_LINK_OPEN;
1230
1231 err = hci_acl_setmode(link);
1232 if (err == EINPROGRESS)
1233 return;
1234 }
1235 }
1236
1237 hci_acl_linkmode(link);
1238 }
1239
1240 /*
1241 * process results of reset command_complete event
1242 *
1243 * This has killed all the connections, so close down anything we have left,
1244 * and reinitialise the unit.
1245 */
1246 static void
hci_cmd_reset(struct hci_unit * unit,struct mbuf * m)1247 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m)
1248 {
1249 hci_reset_rp rp;
1250 struct hci_link *link, *next;
1251 int acl;
1252
1253 if (m->m_pkthdr.len < sizeof(rp))
1254 return;
1255
1256 m_copydata(m, 0, sizeof(rp), &rp);
1257 m_adj(m, sizeof(rp));
1258
1259 if (rp.status != 0)
1260 return;
1261
1262 /*
1263 * release SCO links first, since they may be holding
1264 * an ACL link reference.
1265 */
1266 for (acl = 0 ; acl < 2 ; acl++) {
1267 next = TAILQ_FIRST(&unit->hci_links);
1268 while ((link = next) != NULL) {
1269 next = TAILQ_NEXT(link, hl_next);
1270 if (acl || link->hl_type != HCI_LINK_ACL)
1271 hci_link_free(link, ECONNABORTED);
1272 }
1273 }
1274
1275 unit->hci_num_acl_pkts = 0;
1276 unit->hci_num_sco_pkts = 0;
1277
1278 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0))
1279 return;
1280
1281 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0))
1282 return;
1283
1284 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0))
1285 return;
1286
1287 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_VER, NULL, 0))
1288 return;
1289 }
1290
1291 /*
1292 * process command_status event for create_con command
1293 *
1294 * a "Create Connection" command can sometimes fail to start for whatever
1295 * reason and the command_status event returns failure but we get no
1296 * indication of which connection failed (for instance in the case where
1297 * we tried to open too many connections all at once) So, we keep a flag
1298 * on the link to indicate pending status until the command_status event
1299 * is returned to help us decide which needs to be failed.
1300 *
1301 * since created links are inserted at the tail of hci_links, we know that
1302 * the first pending link we find will be the one that this command status
1303 * refers to.
1304 */
1305 static void
hci_cmd_create_con(struct hci_unit * unit,uint8_t status)1306 hci_cmd_create_con(struct hci_unit *unit, uint8_t status)
1307 {
1308 struct hci_link *link;
1309
1310 TAILQ_FOREACH(link, &unit->hci_links, hl_next) {
1311 if ((link->hl_flags & HCI_LINK_CREATE_CON) == 0)
1312 continue;
1313
1314 link->hl_flags &= ~HCI_LINK_CREATE_CON;
1315
1316 switch(status) {
1317 case 0x00: /* success */
1318 break;
1319
1320 case 0x0c: /* "Command Disallowed" */
1321 hci_link_free(link, EBUSY);
1322 break;
1323
1324 default: /* some other trouble */
1325 hci_link_free(link, EPROTO);
1326 break;
1327 }
1328
1329 return;
1330 }
1331 }
1332