1 /* $OpenBSD: src/sys/netbt/hci_event.c,v 1.7 2008/02/24 21:34:48 uwe Exp $ */ 2 /* $NetBSD: hci_event.c,v 1.14 2008/02/10 17:40:54 plunky Exp $ */ 3 4 /*- 5 * Copyright (c) 2005 Iain Hibbert. 6 * Copyright (c) 2006 Itronix Inc. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. The name of Itronix Inc. may not be used to endorse 18 * or promote products derived from this software without specific 19 * prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 23 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 25 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 28 * ON ANY THEORY OF LIABILITY, WHETHER IN 29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31 * POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #include <sys/param.h> 35 #include <sys/kernel.h> 36 #include <sys/malloc.h> 37 #include <sys/mbuf.h> 38 #include <sys/proc.h> 39 #include <sys/systm.h> 40 #include <sys/endian.h> 41 #include <sys/bus.h> 42 43 #include <netbt/bluetooth.h> 44 #include <netbt/hci.h> 45 #include <netbt/sco.h> 46 47 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *); 48 static void hci_event_rssi_result(struct hci_unit *, struct mbuf *); 49 static void hci_event_command_status(struct hci_unit *, struct mbuf *); 50 static void hci_event_command_compl(struct hci_unit *, struct mbuf *); 51 static void hci_event_con_compl(struct hci_unit *, struct mbuf *); 52 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *); 53 static void hci_event_con_req(struct hci_unit *, struct mbuf *); 54 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *); 55 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *); 56 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *); 57 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *); 58 static void hci_event_read_clock_offset_compl(struct hci_unit *, struct mbuf *); 59 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *); 60 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *); 61 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *); 62 static void hci_cmd_read_local_ver(struct hci_unit *, struct mbuf *); 63 static void hci_cmd_read_local_commands(struct hci_unit *, struct mbuf *); 64 static void hci_cmd_reset(struct hci_unit *, struct mbuf *); 65 66 #ifdef BLUETOOTH_DEBUG 67 int bluetooth_debug = BLUETOOTH_DEBUG; 68 69 static const char *hci_eventnames[] = { 70 /* 0x00 */ "NULL", 71 /* 0x01 */ "INQUIRY COMPLETE", 72 /* 0x02 */ "INQUIRY RESULT", 73 /* 0x03 */ "CONN COMPLETE", 74 /* 0x04 */ "CONN REQ", 75 /* 0x05 */ "DISCONN COMPLETE", 76 /* 0x06 */ "AUTH COMPLETE", 77 /* 0x07 */ "REMOTE NAME REQ COMPLETE", 78 /* 0x08 */ "ENCRYPTION CHANGE", 79 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE", 80 /* 0x0a */ "MASTER LINK KEY COMPLETE", 81 /* 0x0b */ "READ REMOTE FEATURES COMPLETE", 82 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE", 83 /* 0x0d */ "QoS SETUP COMPLETE", 84 /* 0x0e */ "COMMAND COMPLETE", 85 /* 0x0f */ "COMMAND STATUS", 86 /* 0x10 */ "HARDWARE ERROR", 87 /* 0x11 */ "FLUSH OCCUR", 88 /* 0x12 */ "ROLE CHANGE", 89 /* 0x13 */ "NUM COMPLETED PACKETS", 90 /* 0x14 */ "MODE CHANGE", 91 /* 0x15 */ "RETURN LINK KEYS", 92 /* 0x16 */ "PIN CODE REQ", 93 /* 0x17 */ "LINK KEY REQ", 94 /* 0x18 */ "LINK KEY NOTIFICATION", 95 /* 0x19 */ "LOOPBACK COMMAND", 96 /* 0x1a */ "DATA BUFFER OVERFLOW", 97 /* 0x1b */ "MAX SLOT CHANGE", 98 /* 0x1c */ "READ CLOCK OFFSET COMPLETE", 99 /* 0x1d */ "CONN PKT TYPE CHANGED", 100 /* 0x1e */ "QOS VIOLATION", 101 /* 0x1f */ "PAGE SCAN MODE CHANGE", 102 /* 0x20 */ "PAGE SCAN REP MODE CHANGE", 103 /* 0x21 */ "FLOW SPECIFICATION COMPLETE", 104 /* 0x22 */ "RSSI RESULT", 105 /* 0x23 */ "READ REMOTE EXT FEATURES", 106 /* 0x24 */ "UNKNOWN", 107 /* 0x25 */ "UNKNOWN", 108 /* 0x26 */ "UNKNOWN", 109 /* 0x27 */ "UNKNOWN", 110 /* 0x28 */ "UNKNOWN", 111 /* 0x29 */ "UNKNOWN", 112 /* 0x2a */ "UNKNOWN", 113 /* 0x2b */ "UNKNOWN", 114 /* 0x2c */ "SCO CON COMPLETE", 115 /* 0x2d */ "SCO CON CHANGED", 116 /* 0x2e */ "SNIFF SUBRATING", 117 /* 0x2f */ "EXTENDED INQUIRY RESULT", 118 /* 0x30 */ "ENCRYPTION KEY REFRESH", 119 /* 0x31 */ "IO CAPABILITY REQUEST", 120 /* 0x32 */ "IO CAPABILITY RESPONSE", 121 /* 0x33 */ "USER CONFIRM REQUEST", 122 /* 0x34 */ "USER PASSKEY REQUEST", 123 /* 0x35 */ "REMOTE OOB DATA REQUEST", 124 /* 0x36 */ "SIMPLE PAIRING COMPLETE", 125 /* 0x37 */ "UNKNOWN", 126 /* 0x38 */ "LINK SUPERVISION TIMEOUT CHANGED", 127 /* 0x39 */ "ENHANCED FLUSH COMPLETE", 128 /* 0x3a */ "UNKNOWN", 129 /* 0x3b */ "USER PASSKEY NOTIFICATION", 130 /* 0x3c */ "KEYPRESS NOTIFICATION", 131 /* 0x3d */ "REMOTE HOST FEATURES NOTIFICATION", 132 }; 133 134 static const char * 135 hci_eventstr(unsigned int event) 136 { 137 138 if (event < NELEM(hci_eventnames)) 139 return hci_eventnames[event]; 140 141 switch (event) { 142 case HCI_EVENT_BT_LOGO: /* 0xfe */ 143 return "BT_LOGO"; 144 145 case HCI_EVENT_VENDOR: /* 0xff */ 146 return "VENDOR"; 147 } 148 149 return "UNKNOWN"; 150 } 151 #endif /* BLUETOOTH_DEBUG */ 152 153 /* 154 * process HCI Events 155 * 156 * We will free the mbuf at the end, no need for any sub 157 * functions to handle that. We kind of assume that the 158 * device sends us valid events. 159 */ 160 void 161 hci_event(struct mbuf *m, struct hci_unit *unit) 162 { 163 hci_event_hdr_t hdr; 164 165 KKASSERT(m->m_flags & M_PKTHDR); 166 167 KKASSERT(m->m_pkthdr.len >= sizeof(hdr)); 168 m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr); 169 m_adj(m, sizeof(hdr)); 170 171 KKASSERT(hdr.type == HCI_EVENT_PKT); 172 173 DPRINTFN(1, "(%s) event %s\n", 174 device_get_nameunit(unit->hci_dev), hci_eventstr(hdr.event)); 175 176 switch(hdr.event) { 177 case HCI_EVENT_COMMAND_STATUS: 178 hci_event_command_status(unit, m); 179 break; 180 181 case HCI_EVENT_COMMAND_COMPL: 182 hci_event_command_compl(unit, m); 183 break; 184 185 case HCI_EVENT_NUM_COMPL_PKTS: 186 hci_event_num_compl_pkts(unit, m); 187 break; 188 189 case HCI_EVENT_INQUIRY_RESULT: 190 hci_event_inquiry_result(unit, m); 191 break; 192 193 case HCI_EVENT_RSSI_RESULT: 194 hci_event_rssi_result(unit, m); 195 break; 196 197 case HCI_EVENT_CON_COMPL: 198 hci_event_con_compl(unit, m); 199 break; 200 201 case HCI_EVENT_DISCON_COMPL: 202 hci_event_discon_compl(unit, m); 203 break; 204 205 case HCI_EVENT_CON_REQ: 206 hci_event_con_req(unit, m); 207 break; 208 209 case HCI_EVENT_AUTH_COMPL: 210 hci_event_auth_compl(unit, m); 211 break; 212 213 case HCI_EVENT_ENCRYPTION_CHANGE: 214 hci_event_encryption_change(unit, m); 215 break; 216 217 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL: 218 hci_event_change_con_link_key_compl(unit, m); 219 break; 220 221 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL: 222 hci_event_read_clock_offset_compl(unit, m); 223 break; 224 225 default: 226 break; 227 } 228 229 m_freem(m); 230 } 231 232 /* 233 * Command Status 234 * 235 * Update our record of num_cmd_pkts then post-process any pending commands 236 * and optionally restart cmd output on the unit. 237 */ 238 static void 239 hci_event_command_status(struct hci_unit *unit, struct mbuf *m) 240 { 241 hci_command_status_ep ep; 242 struct hci_link *link; 243 244 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 245 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 246 m_adj(m, sizeof(ep)); 247 248 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n", 249 device_get_nameunit(unit->hci_dev), 250 HCI_OGF(letoh16(ep.opcode)), HCI_OCF(letoh16(ep.opcode)), 251 ep.status, 252 ep.num_cmd_pkts); 253 254 if (ep.status > 0) 255 kprintf("%s: CommandStatus opcode (%03x|%04x) failed " 256 "(status=0x%02x)\n", device_get_nameunit(unit->hci_dev), 257 HCI_OGF(letoh16(ep.opcode)), 258 HCI_OCF(letoh16(ep.opcode)), ep.status); 259 260 unit->hci_num_cmd_pkts = ep.num_cmd_pkts; 261 262 /* 263 * post processing of pending commands 264 */ 265 switch(letoh16(ep.opcode)) { 266 case HCI_CMD_CREATE_CON: 267 switch (ep.status) { 268 case 0x12: /* Invalid HCI command parameters */ 269 DPRINTF("(%s) Invalid HCI command parameters\n", 270 device_get_nameunit(unit->hci_dev)); 271 while ((link = hci_link_lookup_state(unit, 272 HCI_LINK_ACL, HCI_LINK_WAIT_CONNECT)) != NULL) 273 hci_link_free(link, ECONNABORTED); 274 break; 275 } 276 break; 277 default: 278 break; 279 } 280 281 while (unit->hci_num_cmd_pkts > 0 && !IF_QEMPTY(&unit->hci_cmdwait)) { 282 IF_DEQUEUE(&unit->hci_cmdwait, m); 283 hci_output_cmd(unit, m); 284 } 285 } 286 287 /* 288 * Command Complete 289 * 290 * Update our record of num_cmd_pkts then handle the completed command, 291 * and optionally restart cmd output on the unit. 292 */ 293 static void 294 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m) 295 { 296 hci_command_compl_ep ep; 297 hci_status_rp rp; 298 299 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 300 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 301 m_adj(m, sizeof(ep)); 302 303 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n", 304 device_get_nameunit(unit->hci_dev), 305 HCI_OGF(letoh16(ep.opcode)), HCI_OCF(letoh16(ep.opcode)), 306 ep.num_cmd_pkts); 307 308 /* 309 * I am not sure if this is completely correct, it is not guaranteed 310 * that a command_complete packet will contain the status though most 311 * do seem to. 312 */ 313 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 314 if (rp.status > 0) 315 kprintf("%s: CommandComplete opcode (%03x|%04x) failed (status=0x%02x)\n", 316 device_get_nameunit(unit->hci_dev), HCI_OGF(letoh16(ep.opcode)), 317 HCI_OCF(letoh16(ep.opcode)), rp.status); 318 319 unit->hci_num_cmd_pkts = ep.num_cmd_pkts; 320 321 /* 322 * post processing of completed commands 323 */ 324 switch(letoh16(ep.opcode)) { 325 case HCI_CMD_READ_BDADDR: 326 hci_cmd_read_bdaddr(unit, m); 327 break; 328 329 case HCI_CMD_READ_BUFFER_SIZE: 330 hci_cmd_read_buffer_size(unit, m); 331 break; 332 333 case HCI_CMD_READ_LOCAL_FEATURES: 334 hci_cmd_read_local_features(unit, m); 335 break; 336 337 case HCI_CMD_READ_LOCAL_VER: 338 hci_cmd_read_local_ver(unit, m); 339 break; 340 341 case HCI_CMD_READ_LOCAL_COMMANDS: 342 hci_cmd_read_local_commands(unit, m); 343 break; 344 345 case HCI_CMD_RESET: 346 hci_cmd_reset(unit, m); 347 break; 348 349 default: 350 break; 351 } 352 353 while (unit->hci_num_cmd_pkts > 0 && !IF_QEMPTY(&unit->hci_cmdwait)) { 354 IF_DEQUEUE(&unit->hci_cmdwait, m); 355 hci_output_cmd(unit, m); 356 } 357 } 358 359 /* 360 * Number of Completed Packets 361 * 362 * This is sent periodically by the Controller telling us how many 363 * buffers are now freed up and which handle was using them. From 364 * this we determine which type of buffer it was and add the qty 365 * back into the relevant packet counter, then restart output on 366 * links that have halted. 367 */ 368 static void 369 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m) 370 { 371 hci_num_compl_pkts_ep ep; 372 struct hci_link *link, *next; 373 uint16_t handle, num; 374 int num_acl = 0, num_sco = 0; 375 376 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 377 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 378 m_adj(m, sizeof(ep)); 379 380 while (ep.num_con_handles--) { 381 m_copydata(m, 0, sizeof(handle), (caddr_t)&handle); 382 m_adj(m, sizeof(handle)); 383 handle = letoh16(handle); 384 385 m_copydata(m, 0, sizeof(num), (caddr_t)&num); 386 m_adj(m, sizeof(num)); 387 num = letoh16(num); 388 389 link = hci_link_lookup_handle(unit, handle); 390 if (link) { 391 if (link->hl_type == HCI_LINK_ACL) { 392 num_acl += num; 393 hci_acl_complete(link, num); 394 } else { 395 num_sco += num; 396 hci_sco_complete(link, num); 397 } 398 } else { 399 /* XXX need to issue Read_Buffer_Size or Reset? */ 400 kprintf("%s: unknown handle %d! " 401 "(losing track of %d packet buffer%s)\n", 402 device_get_nameunit(unit->hci_dev), handle, 403 num, (num == 1 ? "" : "s")); 404 } 405 } 406 407 /* 408 * Move up any queued packets. When a link has sent data, it will move 409 * to the back of the queue - technically then if a link had something 410 * to send and there were still buffers available it could get started 411 * twice but it seemed more important to to handle higher loads fairly 412 * than worry about wasting cycles when we are not busy. 413 */ 414 415 unit->hci_num_acl_pkts += num_acl; 416 unit->hci_num_sco_pkts += num_sco; 417 418 link = TAILQ_FIRST(&unit->hci_links); 419 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) { 420 next = TAILQ_NEXT(link, hl_next); 421 422 if (link->hl_type == HCI_LINK_ACL) { 423 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0) 424 hci_acl_start(link); 425 } else { 426 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0) 427 hci_sco_start(link); 428 } 429 430 link = next; 431 } 432 } 433 434 /* 435 * Inquiry Result 436 * 437 * keep a note of devices seen, so we know which unit to use 438 * on outgoing connections 439 */ 440 static void 441 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m) 442 { 443 hci_inquiry_result_ep ep; 444 hci_inquiry_response ir; 445 struct hci_memo *memo; 446 447 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 448 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 449 m_adj(m, sizeof(ep)); 450 451 DPRINTFN(1, "(%s) %d response%s\n", device_get_nameunit(unit->hci_dev), 452 ep.num_responses, (ep.num_responses == 1 ? "" : "s")); 453 454 while(ep.num_responses--) { 455 KKASSERT(m->m_pkthdr.len >= sizeof(ir)); 456 m_copydata(m, 0, sizeof(ir), (caddr_t)&ir); 457 m_adj(m, sizeof(ir)); 458 459 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 460 ir.bdaddr.b[5], ir.bdaddr.b[4], ir.bdaddr.b[3], 461 ir.bdaddr.b[2], ir.bdaddr.b[1], ir.bdaddr.b[0]); 462 463 memo = hci_memo_new(unit, &ir.bdaddr); 464 if (memo != NULL) { 465 memo->page_scan_rep_mode = ir.page_scan_rep_mode; 466 memo->page_scan_mode = ir.page_scan_mode; 467 memo->clock_offset = ir.clock_offset; 468 } 469 } 470 } 471 472 /* 473 * Inquiry Result with RSSI 474 * 475 * as above but different packet when RSSI result is enabled 476 */ 477 static void 478 hci_event_rssi_result(struct hci_unit *unit, struct mbuf *m) 479 { 480 hci_rssi_result_ep ep; 481 hci_rssi_response rr; 482 struct hci_memo *memo; 483 484 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 485 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 486 m_adj(m, sizeof(ep)); 487 488 DPRINTFN(1, "%d response%s\n", ep.num_responses, 489 (ep.num_responses == 1 ? "" : "s")); 490 491 while(ep.num_responses--) { 492 KKASSERT(m->m_pkthdr.len >= sizeof(rr)); 493 m_copydata(m, 0, sizeof(rr), (caddr_t)&rr); 494 m_adj(m, sizeof(rr)); 495 496 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 497 rr.bdaddr.b[5], rr.bdaddr.b[4], rr.bdaddr.b[3], 498 rr.bdaddr.b[2], rr.bdaddr.b[1], rr.bdaddr.b[0]); 499 500 memo = hci_memo_new(unit, &rr.bdaddr); 501 if (memo != NULL) { 502 memo->page_scan_rep_mode = rr.page_scan_rep_mode; 503 memo->page_scan_mode = 0; 504 memo->clock_offset = rr.clock_offset; 505 } 506 } 507 } 508 509 /* 510 * Connection Complete 511 * 512 * Sent to us when a connection is made. If there is no link 513 * structure already allocated for this, we must have changed 514 * our mind, so just disconnect. 515 */ 516 static void 517 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m) 518 { 519 hci_con_compl_ep ep; 520 hci_write_link_policy_settings_cp cp; 521 struct hci_link *link; 522 int err; 523 524 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 525 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 526 m_adj(m, sizeof(ep)); 527 528 DPRINTFN(1, "(%s) %s connection complete for " 529 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n", 530 device_get_nameunit(unit->hci_dev), 531 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"), 532 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 533 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 534 ep.status); 535 536 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type); 537 538 if (ep.status) { 539 if (link != NULL) { 540 switch (ep.status) { 541 case 0x04: /* "Page Timeout" */ 542 err = EHOSTDOWN; 543 break; 544 545 case 0x08: /* "Connection Timed Out" */ 546 case 0x10: /* "Connection Accept Timeout Exceeded" */ 547 err = ETIMEDOUT; 548 break; 549 550 case 0x16: /* "Connection Terminated by Local Host" */ 551 err = 0; 552 break; 553 554 default: 555 err = ECONNREFUSED; 556 break; 557 } 558 559 hci_link_free(link, err); 560 } 561 562 return; 563 } 564 565 if (link == NULL) { 566 hci_discon_cp dp; 567 568 dp.con_handle = ep.con_handle; 569 dp.reason = 0x13; /* "Remote User Terminated Connection" */ 570 571 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp)); 572 return; 573 } 574 575 /* XXX could check auth_enable here */ 576 577 if (ep.encryption_mode) 578 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 579 580 link->hl_state = HCI_LINK_OPEN; 581 link->hl_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 582 583 if (ep.link_type == HCI_LINK_ACL) { 584 cp.con_handle = ep.con_handle; 585 cp.settings = htole16(unit->hci_link_policy); 586 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS, 587 &cp, sizeof(cp)); 588 if (err) 589 kprintf("%s: Warning, could not write link policy\n", 590 device_get_nameunit(unit->hci_dev)); 591 592 err = hci_send_cmd(unit, HCI_CMD_READ_CLOCK_OFFSET, 593 &cp.con_handle, sizeof(cp.con_handle)); 594 if (err) 595 kprintf("%s: Warning, could not read clock offset\n", 596 device_get_nameunit(unit->hci_dev)); 597 598 err = hci_acl_setmode(link); 599 if (err == EINPROGRESS) 600 return; 601 602 hci_acl_linkmode(link); 603 } else { 604 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper); 605 } 606 } 607 608 /* 609 * Disconnection Complete 610 * 611 * This is sent in response to a disconnection request, but also if 612 * the remote device goes out of range. 613 */ 614 static void 615 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m) 616 { 617 hci_discon_compl_ep ep; 618 struct hci_link *link; 619 620 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 621 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 622 m_adj(m, sizeof(ep)); 623 624 ep.con_handle = letoh16(ep.con_handle); 625 626 DPRINTFN(1, "(%s) handle #%d, status=0x%x\n", 627 device_get_nameunit(unit->hci_dev), ep.con_handle, ep.status); 628 629 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle)); 630 if (link) 631 hci_link_free(link, ENOENT); /* XXX NetBSD used ENOLINK here */ 632 } 633 634 /* 635 * Connect Request 636 * 637 * We check upstream for appropriate listeners and accept connections 638 * that are wanted. 639 */ 640 static void 641 hci_event_con_req(struct hci_unit *unit, struct mbuf *m) 642 { 643 hci_con_req_ep ep; 644 hci_accept_con_cp ap; 645 hci_reject_con_cp rp; 646 struct hci_link *link; 647 648 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 649 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 650 m_adj(m, sizeof(ep)); 651 652 DPRINTFN(1, "(%s) bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x " 653 "class %2.2x%2.2x%2.2x type %s\n", 654 device_get_nameunit(unit->hci_dev), 655 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 656 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 657 ep.uclass[0], ep.uclass[1], ep.uclass[2], 658 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"); 659 660 if (ep.link_type == HCI_LINK_ACL) 661 link = hci_acl_newconn(unit, &ep.bdaddr); 662 else 663 link = hci_sco_newconn(unit, &ep.bdaddr); 664 665 if (link == NULL) { 666 memset(&rp, 0, sizeof(rp)); 667 bdaddr_copy(&rp.bdaddr, &ep.bdaddr); 668 rp.reason = 0x0f; /* Unacceptable BD_ADDR */ 669 670 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp)); 671 } else { 672 memset(&ap, 0, sizeof(ap)); 673 bdaddr_copy(&ap.bdaddr, &ep.bdaddr); 674 if (unit->hci_link_policy & HCI_LINK_POLICY_ENABLE_ROLE_SWITCH) 675 ap.role = HCI_ROLE_MASTER; 676 else 677 ap.role = HCI_ROLE_SLAVE; 678 679 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap)); 680 } 681 } 682 683 /* 684 * Auth Complete 685 * 686 * Authentication has been completed on an ACL link. We can notify the 687 * upper layer protocols unless further mode changes are pending. 688 */ 689 static void 690 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m) 691 { 692 hci_auth_compl_ep ep; 693 struct hci_link *link; 694 int err; 695 696 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 697 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 698 m_adj(m, sizeof(ep)); 699 700 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 701 702 DPRINTFN(1, "(%s) handle #%d, status=0x%x\n", 703 device_get_nameunit(unit->hci_dev), ep.con_handle, ep.status); 704 705 link = hci_link_lookup_handle(unit, ep.con_handle); 706 if (link == NULL || link->hl_type != HCI_LINK_ACL) 707 return; 708 709 if (ep.status == 0) { 710 link->hl_flags |= HCI_LINK_AUTH; 711 712 if (link->hl_state == HCI_LINK_WAIT_AUTH) 713 link->hl_state = HCI_LINK_OPEN; 714 715 err = hci_acl_setmode(link); 716 if (err == EINPROGRESS) 717 return; 718 } 719 720 hci_acl_linkmode(link); 721 } 722 723 /* 724 * Encryption Change 725 * 726 * The encryption status has changed. Basically, we note the change 727 * then notify the upper layer protocol unless further mode changes 728 * are pending. 729 * Note that if encryption gets disabled when it has been requested, 730 * we will attempt to enable it again.. (its a feature not a bug :) 731 */ 732 static void 733 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m) 734 { 735 hci_encryption_change_ep ep; 736 struct hci_link *link; 737 int err; 738 739 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 740 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 741 m_adj(m, sizeof(ep)); 742 743 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 744 745 DPRINTFN(1, "(%s) handle #%d, status=0x%x, encryption_enable=0x%x\n", 746 device_get_nameunit(unit->hci_dev), ep.con_handle, ep.status, 747 ep.encryption_enable); 748 749 link = hci_link_lookup_handle(unit, ep.con_handle); 750 if (link == NULL || link->hl_type != HCI_LINK_ACL) 751 return; 752 753 if (ep.status == 0) { 754 if (ep.encryption_enable == 0) 755 link->hl_flags &= ~HCI_LINK_ENCRYPT; 756 else 757 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 758 759 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT) 760 link->hl_state = HCI_LINK_OPEN; 761 762 err = hci_acl_setmode(link); 763 if (err == EINPROGRESS) 764 return; 765 } 766 767 hci_acl_linkmode(link); 768 } 769 770 /* 771 * Change Connection Link Key Complete 772 * 773 * Link keys are handled in userland but if we are waiting to secure 774 * this link, we should notify the upper protocols. A SECURE request 775 * only needs a single key change, so we can cancel the request. 776 */ 777 static void 778 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m) 779 { 780 hci_change_con_link_key_compl_ep ep; 781 struct hci_link *link; 782 int err; 783 784 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 785 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 786 m_adj(m, sizeof(ep)); 787 788 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 789 790 DPRINTFN(1, "(%s) handle #%d, status=0x%x\n", 791 device_get_nameunit(unit->hci_dev), ep.con_handle, ep.status); 792 793 link = hci_link_lookup_handle(unit, ep.con_handle); 794 if (link == NULL || link->hl_type != HCI_LINK_ACL) 795 return; 796 797 link->hl_flags &= ~HCI_LINK_SECURE_REQ; 798 799 if (ep.status == 0) { 800 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE); 801 802 if (link->hl_state == HCI_LINK_WAIT_SECURE) 803 link->hl_state = HCI_LINK_OPEN; 804 805 err = hci_acl_setmode(link); 806 if (err == EINPROGRESS) 807 return; 808 } 809 810 hci_acl_linkmode(link); 811 } 812 813 /* 814 * Read Clock Offset Complete 815 * 816 * We keep a note of the clock offset of remote devices when a 817 * link is made, in order to facilitate reconnections to the device 818 */ 819 static void 820 hci_event_read_clock_offset_compl(struct hci_unit *unit, struct mbuf *m) 821 { 822 hci_read_clock_offset_compl_ep ep; 823 struct hci_link *link; 824 825 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 826 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 827 m_adj(m, sizeof(ep)); 828 829 DPRINTFN(1, "handle #%d, offset=%u, status=0x%x\n", 830 letoh16(ep.con_handle), letoh16(ep.clock_offset), ep.status); 831 832 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 833 link = hci_link_lookup_handle(unit, ep.con_handle); 834 835 if (ep.status != 0 || link == NULL) 836 return; 837 838 link->hl_clock = ep.clock_offset; 839 } 840 841 /* 842 * process results of read_bdaddr command_complete event 843 */ 844 static void 845 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m) 846 { 847 hci_read_bdaddr_rp rp; 848 849 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 850 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 851 m_adj(m, sizeof(rp)); 852 853 if (rp.status > 0) 854 return; 855 856 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0) 857 return; 858 859 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr); 860 861 unit->hci_flags &= ~BTF_INIT_BDADDR; 862 863 wakeup(unit); 864 } 865 866 /* 867 * process results of read_buffer_size command_complete event 868 */ 869 static void 870 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m) 871 { 872 hci_read_buffer_size_rp rp; 873 874 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 875 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 876 m_adj(m, sizeof(rp)); 877 878 if (rp.status > 0) 879 return; 880 881 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0) 882 return; 883 884 unit->hci_max_acl_size = letoh16(rp.max_acl_size); 885 unit->hci_num_acl_pkts = letoh16(rp.num_acl_pkts); 886 unit->hci_max_sco_size = rp.max_sco_size; 887 unit->hci_num_sco_pkts = letoh16(rp.num_sco_pkts); 888 889 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE; 890 891 wakeup(unit); 892 } 893 894 /* 895 * process results of read_local_features command_complete event 896 */ 897 static void 898 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m) 899 { 900 hci_read_local_features_rp rp; 901 902 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 903 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 904 m_adj(m, sizeof(rp)); 905 906 if (rp.status > 0) 907 return; 908 909 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 910 return; 911 912 unit->hci_lmp_mask = 0; 913 914 if (rp.features[0] & HCI_LMP_ROLE_SWITCH) 915 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH; 916 917 if (rp.features[0] & HCI_LMP_HOLD_MODE) 918 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE; 919 920 if (rp.features[0] & HCI_LMP_SNIFF_MODE) 921 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE; 922 923 if (rp.features[1] & HCI_LMP_PARK_MODE) 924 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE; 925 926 /* ACL packet mask */ 927 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1; 928 929 if (rp.features[0] & HCI_LMP_3SLOT) 930 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3; 931 932 if (rp.features[0] & HCI_LMP_5SLOT) 933 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5; 934 935 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0) 936 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1 937 | HCI_PKT_2MBPS_DH3 938 | HCI_PKT_2MBPS_DH5; 939 940 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0) 941 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1 942 | HCI_PKT_3MBPS_DH3 943 | HCI_PKT_3MBPS_DH5; 944 945 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0) 946 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3 947 | HCI_PKT_3MBPS_DH3; 948 949 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0) 950 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5 951 | HCI_PKT_3MBPS_DH5; 952 953 unit->hci_packet_type = unit->hci_acl_mask; 954 955 /* SCO packet mask */ 956 unit->hci_sco_mask = 0; 957 if (rp.features[1] & HCI_LMP_SCO_LINK) 958 unit->hci_sco_mask |= HCI_PKT_HV1; 959 960 if (rp.features[1] & HCI_LMP_HV2_PKT) 961 unit->hci_sco_mask |= HCI_PKT_HV2; 962 963 if (rp.features[1] & HCI_LMP_HV3_PKT) 964 unit->hci_sco_mask |= HCI_PKT_HV3; 965 966 if (rp.features[3] & HCI_LMP_EV3_PKT) 967 unit->hci_sco_mask |= HCI_PKT_EV3; 968 969 if (rp.features[4] & HCI_LMP_EV4_PKT) 970 unit->hci_sco_mask |= HCI_PKT_EV4; 971 972 if (rp.features[4] & HCI_LMP_EV5_PKT) 973 unit->hci_sco_mask |= HCI_PKT_EV5; 974 975 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */ 976 977 unit->hci_flags &= ~BTF_INIT_FEATURES; 978 979 wakeup(unit); 980 981 DPRINTFN(1, "%s: lmp_mask %4.4x, acl_mask %4.4x, sco_mask %4.4x\n", 982 device_get_nameunit(unit->hci_dev), unit->hci_lmp_mask, 983 unit->hci_acl_mask, unit->hci_sco_mask); 984 } 985 986 /* 987 * process results of read_local_ver command_complete event 988 * 989 * reading local supported commands is only supported from 1.2 spec 990 */ 991 static void 992 hci_cmd_read_local_ver(struct hci_unit *unit, struct mbuf *m) 993 { 994 hci_read_local_ver_rp rp; 995 996 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 997 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 998 m_adj(m, sizeof(rp)); 999 1000 if (rp.status != 0) 1001 return; 1002 1003 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1004 return; 1005 1006 if (rp.hci_version < HCI_SPEC_V12) { 1007 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1008 wakeup(unit); 1009 return; 1010 } 1011 1012 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_COMMANDS, NULL, 0); 1013 } 1014 1015 /* 1016 * process results of read_local_commands command_complete event 1017 */ 1018 static void 1019 hci_cmd_read_local_commands(struct hci_unit *unit, struct mbuf *m) 1020 { 1021 hci_read_local_commands_rp rp; 1022 1023 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 1024 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 1025 m_adj(m, sizeof(rp)); 1026 1027 if (rp.status != 0) 1028 return; 1029 1030 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1031 return; 1032 1033 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1034 memcpy(unit->hci_cmds, rp.commands, HCI_COMMANDS_SIZE); 1035 1036 wakeup(unit); 1037 } 1038 1039 /* 1040 * process results of reset command_complete event 1041 * 1042 * This has killed all the connections, so close down anything we have left, 1043 * and reinitialise the unit. 1044 */ 1045 static void 1046 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m) 1047 { 1048 hci_reset_rp rp; 1049 struct hci_link *link, *next; 1050 int acl; 1051 1052 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 1053 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 1054 m_adj(m, sizeof(rp)); 1055 1056 if (rp.status != 0) 1057 return; 1058 1059 /* 1060 * release SCO links first, since they may be holding 1061 * an ACL link reference. 1062 */ 1063 for (acl = 0 ; acl < 2 ; acl++) { 1064 next = TAILQ_FIRST(&unit->hci_links); 1065 while ((link = next) != NULL) { 1066 next = TAILQ_NEXT(link, hl_next); 1067 if (acl || link->hl_type != HCI_LINK_ACL) 1068 hci_link_free(link, ECONNABORTED); 1069 } 1070 } 1071 1072 unit->hci_num_acl_pkts = 0; 1073 unit->hci_num_sco_pkts = 0; 1074 1075 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0)) 1076 return; 1077 1078 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0)) 1079 return; 1080 1081 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0)) 1082 return; 1083 1084 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_VER, NULL, 0)) 1085 return; 1086 } 1087