1 /* $DragonFly: src/sys/netbt/hci_event.c,v 1.2 2008/03/18 13:41:42 hasso Exp $ */ 2 /* $OpenBSD: src/sys/netbt/hci_event.c,v 1.7 2008/02/24 21:34:48 uwe Exp $ */ 3 /* $NetBSD: hci_event.c,v 1.14 2008/02/10 17:40:54 plunky Exp $ */ 4 5 /*- 6 * Copyright (c) 2005 Iain Hibbert. 7 * Copyright (c) 2006 Itronix Inc. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of Itronix Inc. may not be used to endorse 19 * or promote products derived from this software without specific 20 * prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 25 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 26 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 27 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 29 * ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32 * POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <sys/param.h> 36 #include <sys/kernel.h> 37 #include <sys/malloc.h> 38 #include <sys/mbuf.h> 39 #include <sys/proc.h> 40 #include <sys/systm.h> 41 #include <sys/endian.h> 42 #include <sys/bus.h> 43 44 #include <netbt/bluetooth.h> 45 #include <netbt/hci.h> 46 #include <netbt/sco.h> 47 48 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *); 49 static void hci_event_rssi_result(struct hci_unit *, struct mbuf *); 50 static void hci_event_command_status(struct hci_unit *, struct mbuf *); 51 static void hci_event_command_compl(struct hci_unit *, struct mbuf *); 52 static void hci_event_con_compl(struct hci_unit *, struct mbuf *); 53 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *); 54 static void hci_event_con_req(struct hci_unit *, struct mbuf *); 55 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *); 56 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *); 57 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *); 58 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *); 59 static void hci_event_read_clock_offset_compl(struct hci_unit *, struct mbuf *); 60 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *); 61 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *); 62 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *); 63 static void hci_cmd_read_local_ver(struct hci_unit *, struct mbuf *); 64 static void hci_cmd_read_local_commands(struct hci_unit *, struct mbuf *); 65 static void hci_cmd_reset(struct hci_unit *, struct mbuf *); 66 67 #ifdef BLUETOOTH_DEBUG 68 int bluetooth_debug = BLUETOOTH_DEBUG; 69 70 static const char *hci_eventnames[] = { 71 /* 0x00 */ "NULL", 72 /* 0x01 */ "INQUIRY COMPLETE", 73 /* 0x02 */ "INQUIRY RESULT", 74 /* 0x03 */ "CONN COMPLETE", 75 /* 0x04 */ "CONN REQ", 76 /* 0x05 */ "DISCONN COMPLETE", 77 /* 0x06 */ "AUTH COMPLETE", 78 /* 0x07 */ "REMOTE NAME REQ COMPLETE", 79 /* 0x08 */ "ENCRYPTION CHANGE", 80 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE", 81 /* 0x0a */ "MASTER LINK KEY COMPLETE", 82 /* 0x0b */ "READ REMOTE FEATURES COMPLETE", 83 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE", 84 /* 0x0d */ "QoS SETUP COMPLETE", 85 /* 0x0e */ "COMMAND COMPLETE", 86 /* 0x0f */ "COMMAND STATUS", 87 /* 0x10 */ "HARDWARE ERROR", 88 /* 0x11 */ "FLUSH OCCUR", 89 /* 0x12 */ "ROLE CHANGE", 90 /* 0x13 */ "NUM COMPLETED PACKETS", 91 /* 0x14 */ "MODE CHANGE", 92 /* 0x15 */ "RETURN LINK KEYS", 93 /* 0x16 */ "PIN CODE REQ", 94 /* 0x17 */ "LINK KEY REQ", 95 /* 0x18 */ "LINK KEY NOTIFICATION", 96 /* 0x19 */ "LOOPBACK COMMAND", 97 /* 0x1a */ "DATA BUFFER OVERFLOW", 98 /* 0x1b */ "MAX SLOT CHANGE", 99 /* 0x1c */ "READ CLOCK OFFSET COMPLETE", 100 /* 0x1d */ "CONN PKT TYPE CHANGED", 101 /* 0x1e */ "QOS VIOLATION", 102 /* 0x1f */ "PAGE SCAN MODE CHANGE", 103 /* 0x20 */ "PAGE SCAN REP MODE CHANGE", 104 /* 0x21 */ "FLOW SPECIFICATION COMPLETE", 105 /* 0x22 */ "RSSI RESULT", 106 /* 0x23 */ "READ REMOTE EXT FEATURES", 107 /* 0x24 */ "UNKNOWN", 108 /* 0x25 */ "UNKNOWN", 109 /* 0x26 */ "UNKNOWN", 110 /* 0x27 */ "UNKNOWN", 111 /* 0x28 */ "UNKNOWN", 112 /* 0x29 */ "UNKNOWN", 113 /* 0x2a */ "UNKNOWN", 114 /* 0x2b */ "UNKNOWN", 115 /* 0x2c */ "SCO CON COMPLETE", 116 /* 0x2d */ "SCO CON CHANGED", 117 /* 0x2e */ "SNIFF SUBRATING", 118 /* 0x2f */ "EXTENDED INQUIRY RESULT", 119 /* 0x30 */ "ENCRYPTION KEY REFRESH", 120 /* 0x31 */ "IO CAPABILITY REQUEST", 121 /* 0x32 */ "IO CAPABILITY RESPONSE", 122 /* 0x33 */ "USER CONFIRM REQUEST", 123 /* 0x34 */ "USER PASSKEY REQUEST", 124 /* 0x35 */ "REMOTE OOB DATA REQUEST", 125 /* 0x36 */ "SIMPLE PAIRING COMPLETE", 126 /* 0x37 */ "UNKNOWN", 127 /* 0x38 */ "LINK SUPERVISION TIMEOUT CHANGED", 128 /* 0x39 */ "ENHANCED FLUSH COMPLETE", 129 /* 0x3a */ "UNKNOWN", 130 /* 0x3b */ "USER PASSKEY NOTIFICATION", 131 /* 0x3c */ "KEYPRESS NOTIFICATION", 132 /* 0x3d */ "REMOTE HOST FEATURES NOTIFICATION", 133 }; 134 135 static const char * 136 hci_eventstr(unsigned int event) 137 { 138 139 if (event < (sizeof(hci_eventnames) / sizeof(*hci_eventnames))) 140 return hci_eventnames[event]; 141 142 switch (event) { 143 case HCI_EVENT_BT_LOGO: /* 0xfe */ 144 return "BT_LOGO"; 145 146 case HCI_EVENT_VENDOR: /* 0xff */ 147 return "VENDOR"; 148 } 149 150 return "UNKNOWN"; 151 } 152 #endif /* BLUETOOTH_DEBUG */ 153 154 /* 155 * process HCI Events 156 * 157 * We will free the mbuf at the end, no need for any sub 158 * functions to handle that. We kind of assume that the 159 * device sends us valid events. 160 */ 161 void 162 hci_event(struct mbuf *m, struct hci_unit *unit) 163 { 164 hci_event_hdr_t hdr; 165 166 KKASSERT(m->m_flags & M_PKTHDR); 167 168 KKASSERT(m->m_pkthdr.len >= sizeof(hdr)); 169 m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr); 170 m_adj(m, sizeof(hdr)); 171 172 KKASSERT(hdr.type == HCI_EVENT_PKT); 173 174 DPRINTFN(1, "(%s) event %s\n", 175 device_get_nameunit(unit->hci_dev), hci_eventstr(hdr.event)); 176 177 switch(hdr.event) { 178 case HCI_EVENT_COMMAND_STATUS: 179 hci_event_command_status(unit, m); 180 break; 181 182 case HCI_EVENT_COMMAND_COMPL: 183 hci_event_command_compl(unit, m); 184 break; 185 186 case HCI_EVENT_NUM_COMPL_PKTS: 187 hci_event_num_compl_pkts(unit, m); 188 break; 189 190 case HCI_EVENT_INQUIRY_RESULT: 191 hci_event_inquiry_result(unit, m); 192 break; 193 194 case HCI_EVENT_RSSI_RESULT: 195 hci_event_rssi_result(unit, m); 196 break; 197 198 case HCI_EVENT_CON_COMPL: 199 hci_event_con_compl(unit, m); 200 break; 201 202 case HCI_EVENT_DISCON_COMPL: 203 hci_event_discon_compl(unit, m); 204 break; 205 206 case HCI_EVENT_CON_REQ: 207 hci_event_con_req(unit, m); 208 break; 209 210 case HCI_EVENT_AUTH_COMPL: 211 hci_event_auth_compl(unit, m); 212 break; 213 214 case HCI_EVENT_ENCRYPTION_CHANGE: 215 hci_event_encryption_change(unit, m); 216 break; 217 218 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL: 219 hci_event_change_con_link_key_compl(unit, m); 220 break; 221 222 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL: 223 hci_event_read_clock_offset_compl(unit, m); 224 break; 225 226 default: 227 break; 228 } 229 230 m_freem(m); 231 } 232 233 /* 234 * Command Status 235 * 236 * Update our record of num_cmd_pkts then post-process any pending commands 237 * and optionally restart cmd output on the unit. 238 */ 239 static void 240 hci_event_command_status(struct hci_unit *unit, struct mbuf *m) 241 { 242 hci_command_status_ep ep; 243 struct hci_link *link; 244 245 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 246 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 247 m_adj(m, sizeof(ep)); 248 249 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n", 250 device_get_nameunit(unit->hci_dev), 251 HCI_OGF(letoh16(ep.opcode)), HCI_OCF(letoh16(ep.opcode)), 252 ep.status, 253 ep.num_cmd_pkts); 254 255 if (ep.status > 0) 256 kprintf("%s: CommandStatus opcode (%03x|%04x) failed " 257 "(status=0x%02x)\n", device_get_nameunit(unit->hci_dev), 258 HCI_OGF(letoh16(ep.opcode)), 259 HCI_OCF(letoh16(ep.opcode)), ep.status); 260 261 unit->hci_num_cmd_pkts = ep.num_cmd_pkts; 262 263 /* 264 * post processing of pending commands 265 */ 266 switch(letoh16(ep.opcode)) { 267 case HCI_CMD_CREATE_CON: 268 switch (ep.status) { 269 case 0x12: /* Invalid HCI command parameters */ 270 DPRINTF("(%s) Invalid HCI command parameters\n", 271 device_get_nameunit(unit->hci_dev)); 272 while ((link = hci_link_lookup_state(unit, 273 HCI_LINK_ACL, HCI_LINK_WAIT_CONNECT)) != NULL) 274 hci_link_free(link, ECONNABORTED); 275 break; 276 } 277 break; 278 default: 279 break; 280 } 281 282 while (unit->hci_num_cmd_pkts > 0 && !IF_QEMPTY(&unit->hci_cmdwait)) { 283 IF_DEQUEUE(&unit->hci_cmdwait, m); 284 hci_output_cmd(unit, m); 285 } 286 } 287 288 /* 289 * Command Complete 290 * 291 * Update our record of num_cmd_pkts then handle the completed command, 292 * and optionally restart cmd output on the unit. 293 */ 294 static void 295 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m) 296 { 297 hci_command_compl_ep ep; 298 hci_status_rp rp; 299 300 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 301 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 302 m_adj(m, sizeof(ep)); 303 304 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n", 305 device_get_nameunit(unit->hci_dev), 306 HCI_OGF(letoh16(ep.opcode)), HCI_OCF(letoh16(ep.opcode)), 307 ep.num_cmd_pkts); 308 309 /* 310 * I am not sure if this is completely correct, it is not guaranteed 311 * that a command_complete packet will contain the status though most 312 * do seem to. 313 */ 314 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 315 if (rp.status > 0) 316 kprintf("%s: CommandComplete opcode (%03x|%04x) failed (status=0x%02x)\n", 317 device_get_nameunit(unit->hci_dev), HCI_OGF(letoh16(ep.opcode)), 318 HCI_OCF(letoh16(ep.opcode)), rp.status); 319 320 unit->hci_num_cmd_pkts = ep.num_cmd_pkts; 321 322 /* 323 * post processing of completed commands 324 */ 325 switch(letoh16(ep.opcode)) { 326 case HCI_CMD_READ_BDADDR: 327 hci_cmd_read_bdaddr(unit, m); 328 break; 329 330 case HCI_CMD_READ_BUFFER_SIZE: 331 hci_cmd_read_buffer_size(unit, m); 332 break; 333 334 case HCI_CMD_READ_LOCAL_FEATURES: 335 hci_cmd_read_local_features(unit, m); 336 break; 337 338 case HCI_CMD_READ_LOCAL_VER: 339 hci_cmd_read_local_ver(unit, m); 340 break; 341 342 case HCI_CMD_READ_LOCAL_COMMANDS: 343 hci_cmd_read_local_commands(unit, m); 344 break; 345 346 case HCI_CMD_RESET: 347 hci_cmd_reset(unit, m); 348 break; 349 350 default: 351 break; 352 } 353 354 while (unit->hci_num_cmd_pkts > 0 && !IF_QEMPTY(&unit->hci_cmdwait)) { 355 IF_DEQUEUE(&unit->hci_cmdwait, m); 356 hci_output_cmd(unit, m); 357 } 358 } 359 360 /* 361 * Number of Completed Packets 362 * 363 * This is sent periodically by the Controller telling us how many 364 * buffers are now freed up and which handle was using them. From 365 * this we determine which type of buffer it was and add the qty 366 * back into the relevant packet counter, then restart output on 367 * links that have halted. 368 */ 369 static void 370 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m) 371 { 372 hci_num_compl_pkts_ep ep; 373 struct hci_link *link, *next; 374 uint16_t handle, num; 375 int num_acl = 0, num_sco = 0; 376 377 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 378 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 379 m_adj(m, sizeof(ep)); 380 381 while (ep.num_con_handles--) { 382 m_copydata(m, 0, sizeof(handle), (caddr_t)&handle); 383 m_adj(m, sizeof(handle)); 384 handle = letoh16(handle); 385 386 m_copydata(m, 0, sizeof(num), (caddr_t)&num); 387 m_adj(m, sizeof(num)); 388 num = letoh16(num); 389 390 link = hci_link_lookup_handle(unit, handle); 391 if (link) { 392 if (link->hl_type == HCI_LINK_ACL) { 393 num_acl += num; 394 hci_acl_complete(link, num); 395 } else { 396 num_sco += num; 397 hci_sco_complete(link, num); 398 } 399 } else { 400 /* XXX need to issue Read_Buffer_Size or Reset? */ 401 kprintf("%s: unknown handle %d! " 402 "(losing track of %d packet buffer%s)\n", 403 device_get_nameunit(unit->hci_dev), handle, 404 num, (num == 1 ? "" : "s")); 405 } 406 } 407 408 /* 409 * Move up any queued packets. When a link has sent data, it will move 410 * to the back of the queue - technically then if a link had something 411 * to send and there were still buffers available it could get started 412 * twice but it seemed more important to to handle higher loads fairly 413 * than worry about wasting cycles when we are not busy. 414 */ 415 416 unit->hci_num_acl_pkts += num_acl; 417 unit->hci_num_sco_pkts += num_sco; 418 419 link = TAILQ_FIRST(&unit->hci_links); 420 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) { 421 next = TAILQ_NEXT(link, hl_next); 422 423 if (link->hl_type == HCI_LINK_ACL) { 424 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0) 425 hci_acl_start(link); 426 } else { 427 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0) 428 hci_sco_start(link); 429 } 430 431 link = next; 432 } 433 } 434 435 /* 436 * Inquiry Result 437 * 438 * keep a note of devices seen, so we know which unit to use 439 * on outgoing connections 440 */ 441 static void 442 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m) 443 { 444 hci_inquiry_result_ep ep; 445 hci_inquiry_response ir; 446 struct hci_memo *memo; 447 448 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 449 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 450 m_adj(m, sizeof(ep)); 451 452 DPRINTFN(1, "(%s) %d response%s\n", device_get_nameunit(unit->hci_dev), 453 ep.num_responses, (ep.num_responses == 1 ? "" : "s")); 454 455 while(ep.num_responses--) { 456 KKASSERT(m->m_pkthdr.len >= sizeof(ir)); 457 m_copydata(m, 0, sizeof(ir), (caddr_t)&ir); 458 m_adj(m, sizeof(ir)); 459 460 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 461 ir.bdaddr.b[5], ir.bdaddr.b[4], ir.bdaddr.b[3], 462 ir.bdaddr.b[2], ir.bdaddr.b[1], ir.bdaddr.b[0]); 463 464 memo = hci_memo_new(unit, &ir.bdaddr); 465 if (memo != NULL) { 466 memo->page_scan_rep_mode = ir.page_scan_rep_mode; 467 memo->page_scan_mode = ir.page_scan_mode; 468 memo->clock_offset = ir.clock_offset; 469 } 470 } 471 } 472 473 /* 474 * Inquiry Result with RSSI 475 * 476 * as above but different packet when RSSI result is enabled 477 */ 478 static void 479 hci_event_rssi_result(struct hci_unit *unit, struct mbuf *m) 480 { 481 hci_rssi_result_ep ep; 482 hci_rssi_response rr; 483 struct hci_memo *memo; 484 485 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 486 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 487 m_adj(m, sizeof(ep)); 488 489 DPRINTFN(1, "%d response%s\n", ep.num_responses, 490 (ep.num_responses == 1 ? "" : "s")); 491 492 while(ep.num_responses--) { 493 KKASSERT(m->m_pkthdr.len >= sizeof(rr)); 494 m_copydata(m, 0, sizeof(rr), (caddr_t)&rr); 495 m_adj(m, sizeof(rr)); 496 497 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n", 498 rr.bdaddr.b[5], rr.bdaddr.b[4], rr.bdaddr.b[3], 499 rr.bdaddr.b[2], rr.bdaddr.b[1], rr.bdaddr.b[0]); 500 501 memo = hci_memo_new(unit, &rr.bdaddr); 502 if (memo != NULL) { 503 memo->page_scan_rep_mode = rr.page_scan_rep_mode; 504 memo->page_scan_mode = 0; 505 memo->clock_offset = rr.clock_offset; 506 } 507 } 508 } 509 510 /* 511 * Connection Complete 512 * 513 * Sent to us when a connection is made. If there is no link 514 * structure already allocated for this, we must have changed 515 * our mind, so just disconnect. 516 */ 517 static void 518 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m) 519 { 520 hci_con_compl_ep ep; 521 hci_write_link_policy_settings_cp cp; 522 struct hci_link *link; 523 int err; 524 525 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 526 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 527 m_adj(m, sizeof(ep)); 528 529 DPRINTFN(1, "(%s) %s connection complete for " 530 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n", 531 device_get_nameunit(unit->hci_dev), 532 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"), 533 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 534 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 535 ep.status); 536 537 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type); 538 539 if (ep.status) { 540 if (link != NULL) { 541 switch (ep.status) { 542 case 0x04: /* "Page Timeout" */ 543 err = EHOSTDOWN; 544 break; 545 546 case 0x08: /* "Connection Timed Out" */ 547 case 0x10: /* "Connection Accept Timeout Exceeded" */ 548 err = ETIMEDOUT; 549 break; 550 551 case 0x16: /* "Connection Terminated by Local Host" */ 552 err = 0; 553 break; 554 555 default: 556 err = ECONNREFUSED; 557 break; 558 } 559 560 hci_link_free(link, err); 561 } 562 563 return; 564 } 565 566 if (link == NULL) { 567 hci_discon_cp dp; 568 569 dp.con_handle = ep.con_handle; 570 dp.reason = 0x13; /* "Remote User Terminated Connection" */ 571 572 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp)); 573 return; 574 } 575 576 /* XXX could check auth_enable here */ 577 578 if (ep.encryption_mode) 579 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 580 581 link->hl_state = HCI_LINK_OPEN; 582 link->hl_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 583 584 if (ep.link_type == HCI_LINK_ACL) { 585 cp.con_handle = ep.con_handle; 586 cp.settings = htole16(unit->hci_link_policy); 587 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS, 588 &cp, sizeof(cp)); 589 if (err) 590 kprintf("%s: Warning, could not write link policy\n", 591 device_get_nameunit(unit->hci_dev)); 592 593 err = hci_send_cmd(unit, HCI_CMD_READ_CLOCK_OFFSET, 594 &cp.con_handle, sizeof(cp.con_handle)); 595 if (err) 596 kprintf("%s: Warning, could not read clock offset\n", 597 device_get_nameunit(unit->hci_dev)); 598 599 err = hci_acl_setmode(link); 600 if (err == EINPROGRESS) 601 return; 602 603 hci_acl_linkmode(link); 604 } else { 605 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper); 606 } 607 } 608 609 /* 610 * Disconnection Complete 611 * 612 * This is sent in response to a disconnection request, but also if 613 * the remote device goes out of range. 614 */ 615 static void 616 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m) 617 { 618 hci_discon_compl_ep ep; 619 struct hci_link *link; 620 621 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 622 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 623 m_adj(m, sizeof(ep)); 624 625 ep.con_handle = letoh16(ep.con_handle); 626 627 DPRINTFN(1, "(%s) handle #%d, status=0x%x\n", 628 device_get_nameunit(unit->hci_dev), ep.con_handle, ep.status); 629 630 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle)); 631 if (link) 632 hci_link_free(link, ENOENT); /* XXX NetBSD used ENOLINK here */ 633 } 634 635 /* 636 * Connect Request 637 * 638 * We check upstream for appropriate listeners and accept connections 639 * that are wanted. 640 */ 641 static void 642 hci_event_con_req(struct hci_unit *unit, struct mbuf *m) 643 { 644 hci_con_req_ep ep; 645 hci_accept_con_cp ap; 646 hci_reject_con_cp rp; 647 struct hci_link *link; 648 649 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 650 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 651 m_adj(m, sizeof(ep)); 652 653 DPRINTFN(1, "(%s) bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x " 654 "class %2.2x%2.2x%2.2x type %s\n", 655 device_get_nameunit(unit->hci_dev), 656 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3], 657 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0], 658 ep.uclass[0], ep.uclass[1], ep.uclass[2], 659 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"); 660 661 if (ep.link_type == HCI_LINK_ACL) 662 link = hci_acl_newconn(unit, &ep.bdaddr); 663 else 664 link = hci_sco_newconn(unit, &ep.bdaddr); 665 666 if (link == NULL) { 667 memset(&rp, 0, sizeof(rp)); 668 bdaddr_copy(&rp.bdaddr, &ep.bdaddr); 669 rp.reason = 0x0f; /* Unacceptable BD_ADDR */ 670 671 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp)); 672 } else { 673 memset(&ap, 0, sizeof(ap)); 674 bdaddr_copy(&ap.bdaddr, &ep.bdaddr); 675 if (unit->hci_link_policy & HCI_LINK_POLICY_ENABLE_ROLE_SWITCH) 676 ap.role = HCI_ROLE_MASTER; 677 else 678 ap.role = HCI_ROLE_SLAVE; 679 680 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap)); 681 } 682 } 683 684 /* 685 * Auth Complete 686 * 687 * Authentication has been completed on an ACL link. We can notify the 688 * upper layer protocols unless further mode changes are pending. 689 */ 690 static void 691 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m) 692 { 693 hci_auth_compl_ep ep; 694 struct hci_link *link; 695 int err; 696 697 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 698 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 699 m_adj(m, sizeof(ep)); 700 701 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 702 703 DPRINTFN(1, "(%s) handle #%d, status=0x%x\n", 704 device_get_nameunit(unit->hci_dev), ep.con_handle, ep.status); 705 706 link = hci_link_lookup_handle(unit, ep.con_handle); 707 if (link == NULL || link->hl_type != HCI_LINK_ACL) 708 return; 709 710 if (ep.status == 0) { 711 link->hl_flags |= HCI_LINK_AUTH; 712 713 if (link->hl_state == HCI_LINK_WAIT_AUTH) 714 link->hl_state = HCI_LINK_OPEN; 715 716 err = hci_acl_setmode(link); 717 if (err == EINPROGRESS) 718 return; 719 } 720 721 hci_acl_linkmode(link); 722 } 723 724 /* 725 * Encryption Change 726 * 727 * The encryption status has changed. Basically, we note the change 728 * then notify the upper layer protocol unless further mode changes 729 * are pending. 730 * Note that if encryption gets disabled when it has been requested, 731 * we will attempt to enable it again.. (its a feature not a bug :) 732 */ 733 static void 734 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m) 735 { 736 hci_encryption_change_ep ep; 737 struct hci_link *link; 738 int err; 739 740 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 741 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 742 m_adj(m, sizeof(ep)); 743 744 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 745 746 DPRINTFN(1, "(%s) handle #%d, status=0x%x, encryption_enable=0x%x\n", 747 device_get_nameunit(unit->hci_dev), ep.con_handle, ep.status, 748 ep.encryption_enable); 749 750 link = hci_link_lookup_handle(unit, ep.con_handle); 751 if (link == NULL || link->hl_type != HCI_LINK_ACL) 752 return; 753 754 if (ep.status == 0) { 755 if (ep.encryption_enable == 0) 756 link->hl_flags &= ~HCI_LINK_ENCRYPT; 757 else 758 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT); 759 760 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT) 761 link->hl_state = HCI_LINK_OPEN; 762 763 err = hci_acl_setmode(link); 764 if (err == EINPROGRESS) 765 return; 766 } 767 768 hci_acl_linkmode(link); 769 } 770 771 /* 772 * Change Connection Link Key Complete 773 * 774 * Link keys are handled in userland but if we are waiting to secure 775 * this link, we should notify the upper protocols. A SECURE request 776 * only needs a single key change, so we can cancel the request. 777 */ 778 static void 779 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m) 780 { 781 hci_change_con_link_key_compl_ep ep; 782 struct hci_link *link; 783 int err; 784 785 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 786 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 787 m_adj(m, sizeof(ep)); 788 789 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 790 791 DPRINTFN(1, "(%s) handle #%d, status=0x%x\n", 792 device_get_nameunit(unit->hci_dev), ep.con_handle, ep.status); 793 794 link = hci_link_lookup_handle(unit, ep.con_handle); 795 if (link == NULL || link->hl_type != HCI_LINK_ACL) 796 return; 797 798 link->hl_flags &= ~HCI_LINK_SECURE_REQ; 799 800 if (ep.status == 0) { 801 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE); 802 803 if (link->hl_state == HCI_LINK_WAIT_SECURE) 804 link->hl_state = HCI_LINK_OPEN; 805 806 err = hci_acl_setmode(link); 807 if (err == EINPROGRESS) 808 return; 809 } 810 811 hci_acl_linkmode(link); 812 } 813 814 /* 815 * Read Clock Offset Complete 816 * 817 * We keep a note of the clock offset of remote devices when a 818 * link is made, in order to facilitate reconnections to the device 819 */ 820 static void 821 hci_event_read_clock_offset_compl(struct hci_unit *unit, struct mbuf *m) 822 { 823 hci_read_clock_offset_compl_ep ep; 824 struct hci_link *link; 825 826 KKASSERT(m->m_pkthdr.len >= sizeof(ep)); 827 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep); 828 m_adj(m, sizeof(ep)); 829 830 DPRINTFN(1, "handle #%d, offset=%u, status=0x%x\n", 831 letoh16(ep.con_handle), letoh16(ep.clock_offset), ep.status); 832 833 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle)); 834 link = hci_link_lookup_handle(unit, ep.con_handle); 835 836 if (ep.status != 0 || link == NULL) 837 return; 838 839 link->hl_clock = ep.clock_offset; 840 } 841 842 /* 843 * process results of read_bdaddr command_complete event 844 */ 845 static void 846 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m) 847 { 848 hci_read_bdaddr_rp rp; 849 850 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 851 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 852 m_adj(m, sizeof(rp)); 853 854 if (rp.status > 0) 855 return; 856 857 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0) 858 return; 859 860 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr); 861 862 unit->hci_flags &= ~BTF_INIT_BDADDR; 863 864 wakeup(unit); 865 } 866 867 /* 868 * process results of read_buffer_size command_complete event 869 */ 870 static void 871 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m) 872 { 873 hci_read_buffer_size_rp rp; 874 875 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 876 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 877 m_adj(m, sizeof(rp)); 878 879 if (rp.status > 0) 880 return; 881 882 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0) 883 return; 884 885 unit->hci_max_acl_size = letoh16(rp.max_acl_size); 886 unit->hci_num_acl_pkts = letoh16(rp.num_acl_pkts); 887 unit->hci_max_sco_size = rp.max_sco_size; 888 unit->hci_num_sco_pkts = letoh16(rp.num_sco_pkts); 889 890 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE; 891 892 wakeup(unit); 893 } 894 895 /* 896 * process results of read_local_features command_complete event 897 */ 898 static void 899 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m) 900 { 901 hci_read_local_features_rp rp; 902 903 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 904 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 905 m_adj(m, sizeof(rp)); 906 907 if (rp.status > 0) 908 return; 909 910 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0) 911 return; 912 913 unit->hci_lmp_mask = 0; 914 915 if (rp.features[0] & HCI_LMP_ROLE_SWITCH) 916 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH; 917 918 if (rp.features[0] & HCI_LMP_HOLD_MODE) 919 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE; 920 921 if (rp.features[0] & HCI_LMP_SNIFF_MODE) 922 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE; 923 924 if (rp.features[1] & HCI_LMP_PARK_MODE) 925 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE; 926 927 /* ACL packet mask */ 928 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1; 929 930 if (rp.features[0] & HCI_LMP_3SLOT) 931 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3; 932 933 if (rp.features[0] & HCI_LMP_5SLOT) 934 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5; 935 936 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0) 937 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1 938 | HCI_PKT_2MBPS_DH3 939 | HCI_PKT_2MBPS_DH5; 940 941 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0) 942 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1 943 | HCI_PKT_3MBPS_DH3 944 | HCI_PKT_3MBPS_DH5; 945 946 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0) 947 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3 948 | HCI_PKT_3MBPS_DH3; 949 950 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0) 951 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5 952 | HCI_PKT_3MBPS_DH5; 953 954 unit->hci_packet_type = unit->hci_acl_mask; 955 956 /* SCO packet mask */ 957 unit->hci_sco_mask = 0; 958 if (rp.features[1] & HCI_LMP_SCO_LINK) 959 unit->hci_sco_mask |= HCI_PKT_HV1; 960 961 if (rp.features[1] & HCI_LMP_HV2_PKT) 962 unit->hci_sco_mask |= HCI_PKT_HV2; 963 964 if (rp.features[1] & HCI_LMP_HV3_PKT) 965 unit->hci_sco_mask |= HCI_PKT_HV3; 966 967 if (rp.features[3] & HCI_LMP_EV3_PKT) 968 unit->hci_sco_mask |= HCI_PKT_EV3; 969 970 if (rp.features[4] & HCI_LMP_EV4_PKT) 971 unit->hci_sco_mask |= HCI_PKT_EV4; 972 973 if (rp.features[4] & HCI_LMP_EV5_PKT) 974 unit->hci_sco_mask |= HCI_PKT_EV5; 975 976 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */ 977 978 unit->hci_flags &= ~BTF_INIT_FEATURES; 979 980 wakeup(unit); 981 982 DPRINTFN(1, "%s: lmp_mask %4.4x, acl_mask %4.4x, sco_mask %4.4x\n", 983 device_get_nameunit(unit->hci_dev), unit->hci_lmp_mask, 984 unit->hci_acl_mask, unit->hci_sco_mask); 985 } 986 987 /* 988 * process results of read_local_ver command_complete event 989 * 990 * reading local supported commands is only supported from 1.2 spec 991 */ 992 static void 993 hci_cmd_read_local_ver(struct hci_unit *unit, struct mbuf *m) 994 { 995 hci_read_local_ver_rp rp; 996 997 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 998 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 999 m_adj(m, sizeof(rp)); 1000 1001 if (rp.status != 0) 1002 return; 1003 1004 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1005 return; 1006 1007 if (rp.hci_version < HCI_SPEC_V12) { 1008 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1009 wakeup(unit); 1010 return; 1011 } 1012 1013 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_COMMANDS, NULL, 0); 1014 } 1015 1016 /* 1017 * process results of read_local_commands command_complete event 1018 */ 1019 static void 1020 hci_cmd_read_local_commands(struct hci_unit *unit, struct mbuf *m) 1021 { 1022 hci_read_local_commands_rp rp; 1023 1024 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 1025 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 1026 m_adj(m, sizeof(rp)); 1027 1028 if (rp.status != 0) 1029 return; 1030 1031 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0) 1032 return; 1033 1034 unit->hci_flags &= ~BTF_INIT_COMMANDS; 1035 memcpy(unit->hci_cmds, rp.commands, HCI_COMMANDS_SIZE); 1036 1037 wakeup(unit); 1038 } 1039 1040 /* 1041 * process results of reset command_complete event 1042 * 1043 * This has killed all the connections, so close down anything we have left, 1044 * and reinitialise the unit. 1045 */ 1046 static void 1047 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m) 1048 { 1049 hci_reset_rp rp; 1050 struct hci_link *link, *next; 1051 int acl; 1052 1053 KKASSERT(m->m_pkthdr.len >= sizeof(rp)); 1054 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp); 1055 m_adj(m, sizeof(rp)); 1056 1057 if (rp.status != 0) 1058 return; 1059 1060 /* 1061 * release SCO links first, since they may be holding 1062 * an ACL link reference. 1063 */ 1064 for (acl = 0 ; acl < 2 ; acl++) { 1065 next = TAILQ_FIRST(&unit->hci_links); 1066 while ((link = next) != NULL) { 1067 next = TAILQ_NEXT(link, hl_next); 1068 if (acl || link->hl_type != HCI_LINK_ACL) 1069 hci_link_free(link, ECONNABORTED); 1070 } 1071 } 1072 1073 unit->hci_num_acl_pkts = 0; 1074 unit->hci_num_sco_pkts = 0; 1075 1076 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0)) 1077 return; 1078 1079 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0)) 1080 return; 1081 1082 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0)) 1083 return; 1084 1085 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_VER, NULL, 0)) 1086 return; 1087 } 1088