FreeBSD/Linux Kernel Cross Reference
sys/netbt/hci_event.c
1 /* $NetBSD: hci_event.c,v 1.2.4.1 2007/07/19 16:04:20 liamjfoy Exp $ */
2
3 /*-
4 * Copyright (c) 2005 Iain Hibbert.
5 * Copyright (c) 2006 Itronix Inc.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of Itronix Inc. may not be used to endorse
17 * or promote products derived from this software without specific
18 * prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #include <sys/cdefs.h>
34 __KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.2.4.1 2007/07/19 16:04:20 liamjfoy Exp $");
35
36 #include <sys/param.h>
37 #include <sys/kernel.h>
38 #include <sys/malloc.h>
39 #include <sys/mbuf.h>
40 #include <sys/proc.h>
41 #include <sys/systm.h>
42
43 #include <netbt/bluetooth.h>
44 #include <netbt/hci.h>
45 #include <netbt/sco.h>
46
47 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *);
48 static void hci_event_command_status(struct hci_unit *, struct mbuf *);
49 static void hci_event_command_compl(struct hci_unit *, struct mbuf *);
50 static void hci_event_con_compl(struct hci_unit *, struct mbuf *);
51 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *);
52 static void hci_event_con_req(struct hci_unit *, struct mbuf *);
53 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *);
54 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *);
55 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *);
56 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *);
57 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *);
58 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *);
59 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *);
60 static void hci_cmd_reset(struct hci_unit *, struct mbuf *);
61
62 #ifdef BLUETOOTH_DEBUG
63 int bluetooth_debug = BLUETOOTH_DEBUG;
64
65 static const char *hci_eventnames[] = {
66 /* 0x00 */ "NULL",
67 /* 0x01 */ "INQUIRY COMPLETE",
68 /* 0x02 */ "INQUIRY RESULT",
69 /* 0x03 */ "CONN COMPLETE",
70 /* 0x04 */ "CONN REQ",
71 /* 0x05 */ "DISCONN COMPLETE",
72 /* 0x06 */ "AUTH COMPLETE",
73 /* 0x07 */ "REMOTE NAME REQ COMPLETE",
74 /* 0x08 */ "ENCRYPTION CHANGE",
75 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE",
76 /* 0x0a */ "MASTER LINK KEY COMPLETE",
77 /* 0x0b */ "READ REMOTE FEATURES COMPLETE",
78 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE",
79 /* 0x0d */ "QoS SETUP COMPLETE",
80 /* 0x0e */ "COMMAND COMPLETE",
81 /* 0x0f */ "COMMAND STATUS",
82 /* 0x10 */ "HARDWARE ERROR",
83 /* 0x11 */ "FLUSH OCCUR",
84 /* 0x12 */ "ROLE CHANGE",
85 /* 0x13 */ "NUM COMPLETED PACKETS",
86 /* 0x14 */ "MODE CHANGE",
87 /* 0x15 */ "RETURN LINK KEYS",
88 /* 0x16 */ "PIN CODE REQ",
89 /* 0x17 */ "LINK KEY REQ",
90 /* 0x18 */ "LINK KEY NOTIFICATION",
91 /* 0x19 */ "LOOPBACK COMMAND",
92 /* 0x1a */ "DATA BUFFER OVERFLOW",
93 /* 0x1b */ "MAX SLOT CHANGE",
94 /* 0x1c */ "READ CLOCK OFFSET COMPLETE",
95 /* 0x1d */ "CONN PKT TYPE CHANGED",
96 /* 0x1e */ "QOS VIOLATION",
97 /* 0x1f */ "PAGE SCAN MODE CHANGE",
98 /* 0x20 */ "PAGE SCAN REP MODE CHANGE",
99 /* 0x21 */ "FLOW SPECIFICATION COMPLETE",
100 /* 0x22 */ "RSSI RESULT",
101 /* 0x23 */ "READ REMOTE EXT FEATURES"
102 };
103
104 static const char *
105 hci_eventstr(unsigned int event)
106 {
107
108 if (event < (sizeof(hci_eventnames) / sizeof(*hci_eventnames)))
109 return hci_eventnames[event];
110
111 switch (event) {
112 case HCI_EVENT_SCO_CON_COMPL: /* 0x2c */
113 return "SCO CON COMPLETE";
114
115 case HCI_EVENT_SCO_CON_CHANGED: /* 0x2d */
116 return "SCO CON CHANGED";
117
118 case HCI_EVENT_BT_LOGO: /* 0xfe */
119 return "BT_LOGO";
120
121 case HCI_EVENT_VENDOR: /* 0xff */
122 return "VENDOR";
123 }
124
125 return "UNRECOGNISED";
126 }
127 #endif /* BLUETOOTH_DEBUG */
128
129 /*
130 * process HCI Events
131 *
132 * We will free the mbuf at the end, no need for any sub
133 * functions to handle that. We kind of assume that the
134 * device sends us valid events.
135 */
136 void
137 hci_event(struct mbuf *m, struct hci_unit *unit)
138 {
139 hci_event_hdr_t hdr;
140
141 KASSERT(m->m_flags & M_PKTHDR);
142
143 KASSERT(m->m_pkthdr.len >= sizeof(hdr));
144 m_copydata(m, 0, sizeof(hdr), &hdr);
145 m_adj(m, sizeof(hdr));
146
147 KASSERT(hdr.type == HCI_EVENT_PKT);
148
149 DPRINTFN(1, "(%s) event %s\n", unit->hci_devname, hci_eventstr(hdr.event));
150
151 switch(hdr.event) {
152 case HCI_EVENT_COMMAND_STATUS:
153 hci_event_command_status(unit, m);
154 break;
155
156 case HCI_EVENT_COMMAND_COMPL:
157 hci_event_command_compl(unit, m);
158 break;
159
160 case HCI_EVENT_NUM_COMPL_PKTS:
161 hci_event_num_compl_pkts(unit, m);
162 break;
163
164 case HCI_EVENT_INQUIRY_RESULT:
165 hci_event_inquiry_result(unit, m);
166 break;
167
168 case HCI_EVENT_CON_COMPL:
169 hci_event_con_compl(unit, m);
170 break;
171
172 case HCI_EVENT_DISCON_COMPL:
173 hci_event_discon_compl(unit, m);
174 break;
175
176 case HCI_EVENT_CON_REQ:
177 hci_event_con_req(unit, m);
178 break;
179
180 case HCI_EVENT_AUTH_COMPL:
181 hci_event_auth_compl(unit, m);
182 break;
183
184 case HCI_EVENT_ENCRYPTION_CHANGE:
185 hci_event_encryption_change(unit, m);
186 break;
187
188 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL:
189 hci_event_change_con_link_key_compl(unit, m);
190 break;
191
192 case HCI_EVENT_SCO_CON_COMPL:
193 case HCI_EVENT_INQUIRY_COMPL:
194 case HCI_EVENT_REMOTE_NAME_REQ_COMPL:
195 case HCI_EVENT_MASTER_LINK_KEY_COMPL:
196 case HCI_EVENT_READ_REMOTE_FEATURES_COMPL:
197 case HCI_EVENT_READ_REMOTE_VER_INFO_COMPL:
198 case HCI_EVENT_QOS_SETUP_COMPL:
199 case HCI_EVENT_HARDWARE_ERROR:
200 case HCI_EVENT_FLUSH_OCCUR:
201 case HCI_EVENT_ROLE_CHANGE:
202 case HCI_EVENT_MODE_CHANGE:
203 case HCI_EVENT_RETURN_LINK_KEYS:
204 case HCI_EVENT_PIN_CODE_REQ:
205 case HCI_EVENT_LINK_KEY_REQ:
206 case HCI_EVENT_LINK_KEY_NOTIFICATION:
207 case HCI_EVENT_LOOPBACK_COMMAND:
208 case HCI_EVENT_DATA_BUFFER_OVERFLOW:
209 case HCI_EVENT_MAX_SLOT_CHANGE:
210 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL:
211 case HCI_EVENT_CON_PKT_TYPE_CHANGED:
212 case HCI_EVENT_QOS_VIOLATION:
213 case HCI_EVENT_PAGE_SCAN_MODE_CHANGE:
214 case HCI_EVENT_PAGE_SCAN_REP_MODE_CHANGE:
215 case HCI_EVENT_FLOW_SPECIFICATION_COMPL:
216 case HCI_EVENT_RSSI_RESULT:
217 case HCI_EVENT_READ_REMOTE_EXTENDED_FEATURES:
218 case HCI_EVENT_SCO_CON_CHANGED:
219 case HCI_EVENT_BT_LOGO:
220 case HCI_EVENT_VENDOR:
221 break;
222
223 default:
224 UNKNOWN(hdr.event);
225 break;
226 }
227
228 m_freem(m);
229 }
230
231 /*
232 * Command Status
233 *
234 * Update our record of num_cmd_pkts then post-process any pending commands
235 * and optionally restart cmd output on the unit.
236 */
237 static void
238 hci_event_command_status(struct hci_unit *unit, struct mbuf *m)
239 {
240 hci_command_status_ep ep;
241
242 KASSERT(m->m_pkthdr.len >= sizeof(ep));
243 m_copydata(m, 0, sizeof(ep), &ep);
244 m_adj(m, sizeof(ep));
245
246 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n",
247 unit->hci_devname,
248 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)),
249 ep.status,
250 ep.num_cmd_pkts);
251
252 unit->hci_num_cmd_pkts = ep.num_cmd_pkts;
253
254 /*
255 * post processing of pending commands
256 */
257 switch(le16toh(ep.opcode)) {
258 default:
259 break;
260 }
261
262 while (unit->hci_num_cmd_pkts > 0 && MBUFQ_FIRST(&unit->hci_cmdwait)) {
263 MBUFQ_DEQUEUE(&unit->hci_cmdwait, m);
264 hci_output_cmd(unit, m);
265 }
266 }
267
268 /*
269 * Command Complete
270 *
271 * Update our record of num_cmd_pkts then handle the completed command,
272 * and optionally restart cmd output on the unit.
273 */
274 static void
275 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m)
276 {
277 hci_command_compl_ep ep;
278
279 KASSERT(m->m_pkthdr.len >= sizeof(ep));
280 m_copydata(m, 0, sizeof(ep), &ep);
281 m_adj(m, sizeof(ep));
282
283 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n",
284 unit->hci_devname,
285 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)),
286 ep.num_cmd_pkts);
287
288 unit->hci_num_cmd_pkts = ep.num_cmd_pkts;
289
290 /*
291 * post processing of completed commands
292 */
293 switch(le16toh(ep.opcode)) {
294 case HCI_CMD_READ_BDADDR:
295 hci_cmd_read_bdaddr(unit, m);
296 break;
297
298 case HCI_CMD_READ_BUFFER_SIZE:
299 hci_cmd_read_buffer_size(unit, m);
300 break;
301
302 case HCI_CMD_READ_LOCAL_FEATURES:
303 hci_cmd_read_local_features(unit, m);
304 break;
305
306 case HCI_CMD_RESET:
307 hci_cmd_reset(unit, m);
308 break;
309
310 default:
311 break;
312 }
313
314 while (unit->hci_num_cmd_pkts > 0 && MBUFQ_FIRST(&unit->hci_cmdwait)) {
315 MBUFQ_DEQUEUE(&unit->hci_cmdwait, m);
316 hci_output_cmd(unit, m);
317 }
318 }
319
320 /*
321 * Number of Completed Packets
322 *
323 * This is sent periodically by the Controller telling us how many
324 * buffers are now freed up and which handle was using them. From
325 * this we determine which type of buffer it was and add the qty
326 * back into the relevant packet counter, then restart output on
327 * links that have halted.
328 */
329 static void
330 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m)
331 {
332 hci_num_compl_pkts_ep ep;
333 struct hci_link *link, *next;
334 uint16_t handle, num;
335 int num_acl = 0, num_sco = 0;
336
337 KASSERT(m->m_pkthdr.len >= sizeof(ep));
338 m_copydata(m, 0, sizeof(ep), &ep);
339 m_adj(m, sizeof(ep));
340
341 while (ep.num_con_handles--) {
342 m_copydata(m, 0, sizeof(handle), (caddr_t)&handle);
343 m_adj(m, sizeof(handle));
344 handle = le16toh(handle);
345
346 m_copydata(m, 0, sizeof(num), (caddr_t)&num);
347 m_adj(m, sizeof(num));
348 num = le16toh(num);
349
350 link = hci_link_lookup_handle(unit, handle);
351 if (link) {
352 if (link->hl_type == HCI_LINK_ACL) {
353 num_acl += num;
354 hci_acl_complete(link, num);
355 } else {
356 num_sco += num;
357 hci_sco_complete(link, num);
358 }
359 } else {
360 // XXX need to issue Read_Buffer_Size or Reset?
361 printf("%s: unknown handle %d! "
362 "(losing track of %d packet buffer%s)\n",
363 unit->hci_devname, handle,
364 num, (num == 1 ? "" : "s"));
365 }
366 }
367
368 /*
369 * Move up any queued packets. When a link has sent data, it will move
370 * to the back of the queue - technically then if a link had something
371 * to send and there were still buffers available it could get started
372 * twice but it seemed more important to to handle higher loads fairly
373 * than worry about wasting cycles when we are not busy.
374 */
375
376 unit->hci_num_acl_pkts += num_acl;
377 unit->hci_num_sco_pkts += num_sco;
378
379 link = TAILQ_FIRST(&unit->hci_links);
380 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) {
381 next = TAILQ_NEXT(link, hl_next);
382
383 if (link->hl_type == HCI_LINK_ACL) {
384 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0)
385 hci_acl_start(link);
386 } else {
387 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0)
388 hci_sco_start(link);
389 }
390
391 link = next;
392 }
393 }
394
395 /*
396 * Inquiry Result
397 *
398 * keep a note of devices seen, so we know which unit to use
399 * on outgoing connections
400 */
401 static void
402 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m)
403 {
404 hci_inquiry_result_ep ep;
405 struct hci_memo *memo;
406 bdaddr_t bdaddr;
407
408 KASSERT(m->m_pkthdr.len >= sizeof(ep));
409 m_copydata(m, 0, sizeof(ep), &ep);
410 m_adj(m, sizeof(ep));
411
412 DPRINTFN(1, "%d response%s\n", ep.num_responses,
413 (ep.num_responses == 1 ? "" : "s"));
414
415 while(ep.num_responses--) {
416 m_copydata(m, 0, sizeof(bdaddr_t), (caddr_t)&bdaddr);
417
418 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n",
419 bdaddr.b[5], bdaddr.b[4], bdaddr.b[3],
420 bdaddr.b[2], bdaddr.b[1], bdaddr.b[0]);
421
422 memo = hci_memo_find(unit, &bdaddr);
423 if (memo == NULL) {
424 memo = malloc(sizeof(struct hci_memo),
425 M_BLUETOOTH, M_NOWAIT | M_ZERO);
426 if (memo == NULL) {
427 DPRINTFN(0, "out of memo memory!\n");
428 break;
429 }
430
431 LIST_INSERT_HEAD(&unit->hci_memos, memo, next);
432 }
433
434 microtime(&memo->time);
435 m_copydata(m, 0, sizeof(hci_inquiry_response),
436 (caddr_t)&memo->response);
437 m_adj(m, sizeof(hci_inquiry_response));
438
439 memo->response.clock_offset =
440 le16toh(memo->response.clock_offset);
441 }
442 }
443
444 /*
445 * Connection Complete
446 *
447 * Sent to us when a connection is made. If there is no link
448 * structure already allocated for this, we must have changed
449 * our mind, so just disconnect.
450 */
451 static void
452 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m)
453 {
454 hci_con_compl_ep ep;
455 hci_write_link_policy_settings_cp cp;
456 struct hci_link *link;
457 int err;
458
459 KASSERT(m->m_pkthdr.len >= sizeof(ep));
460 m_copydata(m, 0, sizeof(ep), &ep);
461 m_adj(m, sizeof(ep));
462
463 DPRINTFN(1, "(%s) %s connection complete for "
464 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n",
465 unit->hci_devname,
466 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"),
467 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3],
468 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0],
469 ep.status);
470
471 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type);
472
473 if (ep.status) {
474 if (link != NULL) {
475 switch (ep.status) {
476 case 0x04: /* "Page Timeout" */
477 err = EHOSTDOWN;
478 break;
479
480 case 0x08: /* "Connection Timed Out" */
481 err = ETIMEDOUT;
482 break;
483
484 case 0x16: /* "Connection Terminated by Local Host" */
485 err = 0;
486 break;
487
488 default:
489 err = ECONNREFUSED;
490 break;
491 }
492
493 hci_link_free(link, err);
494 }
495
496 return;
497 }
498
499 if (link == NULL) {
500 hci_discon_cp dp;
501
502 dp.con_handle = ep.con_handle;
503 dp.reason = 0x13; /* "Remote User Terminated Connection" */
504
505 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp));
506 return;
507 }
508
509 /* XXX could check auth_enable here */
510
511 if (ep.encryption_mode)
512 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
513
514 link->hl_state = HCI_LINK_OPEN;
515 link->hl_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
516
517 if (ep.link_type == HCI_LINK_ACL) {
518 cp.con_handle = ep.con_handle;
519 cp.settings = htole16(unit->hci_link_policy);
520 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS,
521 &cp, sizeof(cp));
522 if (err)
523 printf("%s: Warning, could not write link policy\n",
524 unit->hci_devname);
525
526 err = hci_acl_setmode(link);
527 if (err == EINPROGRESS)
528 return;
529
530 hci_acl_linkmode(link);
531 } else {
532 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper);
533 }
534 }
535
536 /*
537 * Disconnection Complete
538 *
539 * This is sent in response to a disconnection request, but also if
540 * the remote device goes out of range.
541 */
542 static void
543 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m)
544 {
545 hci_discon_compl_ep ep;
546 struct hci_link *link;
547
548 KASSERT(m->m_pkthdr.len >= sizeof(ep));
549 m_copydata(m, 0, sizeof(ep), &ep);
550 m_adj(m, sizeof(ep));
551
552 ep.con_handle = le16toh(ep.con_handle);
553
554 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
555
556 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle));
557 if (link)
558 hci_link_free(link, ENOLINK);
559 }
560
561 /*
562 * Connect Request
563 *
564 * We check upstream for appropriate listeners and accept connections
565 * that are wanted.
566 */
567 static void
568 hci_event_con_req(struct hci_unit *unit, struct mbuf *m)
569 {
570 hci_con_req_ep ep;
571 hci_accept_con_cp ap;
572 hci_reject_con_cp rp;
573 struct hci_link *link;
574
575 KASSERT(m->m_pkthdr.len >= sizeof(ep));
576 m_copydata(m, 0, sizeof(ep), &ep);
577 m_adj(m, sizeof(ep));
578
579 DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x "
580 "class %2.2x%2.2x%2.2x type %s\n",
581 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3],
582 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0],
583 ep.uclass[0], ep.uclass[1], ep.uclass[2],
584 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO");
585
586 if (ep.link_type == HCI_LINK_ACL)
587 link = hci_acl_newconn(unit, &ep.bdaddr);
588 else
589 link = hci_sco_newconn(unit, &ep.bdaddr);
590
591 if (link == NULL) {
592 memset(&rp, 0, sizeof(rp));
593 bdaddr_copy(&rp.bdaddr, &ep.bdaddr);
594 rp.reason = 0x0f; /* Unacceptable BD_ADDR */
595
596 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp));
597 } else {
598 memset(&ap, 0, sizeof(ap));
599 bdaddr_copy(&ap.bdaddr, &ep.bdaddr);
600 if (unit->hci_link_policy & HCI_LINK_POLICY_ENABLE_ROLE_SWITCH)
601 ap.role = HCI_ROLE_MASTER;
602 else
603 ap.role = HCI_ROLE_SLAVE;
604
605 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap));
606 }
607 }
608
609 /*
610 * Auth Complete
611 *
612 * Authentication has been completed on an ACL link. We can notify the
613 * upper layer protocols unless further mode changes are pending.
614 */
615 static void
616 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m)
617 {
618 hci_auth_compl_ep ep;
619 struct hci_link *link;
620 int err;
621
622 KASSERT(m->m_pkthdr.len >= sizeof(ep));
623 m_copydata(m, 0, sizeof(ep), &ep);
624 m_adj(m, sizeof(ep));
625
626 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
627
628 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
629
630 link = hci_link_lookup_handle(unit, ep.con_handle);
631 if (link == NULL || link->hl_type != HCI_LINK_ACL)
632 return;
633
634 if (ep.status == 0) {
635 link->hl_flags |= HCI_LINK_AUTH;
636
637 if (link->hl_state == HCI_LINK_WAIT_AUTH)
638 link->hl_state = HCI_LINK_OPEN;
639
640 err = hci_acl_setmode(link);
641 if (err == EINPROGRESS)
642 return;
643 }
644
645 hci_acl_linkmode(link);
646 }
647
648 /*
649 * Encryption Change
650 *
651 * The encryption status has changed. Basically, we note the change
652 * then notify the upper layer protocol unless further mode changes
653 * are pending.
654 * Note that if encryption gets disabled when it has been requested,
655 * we will attempt to enable it again.. (its a feature not a bug :)
656 */
657 static void
658 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m)
659 {
660 hci_encryption_change_ep ep;
661 struct hci_link *link;
662 int err;
663
664 KASSERT(m->m_pkthdr.len >= sizeof(ep));
665 m_copydata(m, 0, sizeof(ep), &ep);
666 m_adj(m, sizeof(ep));
667
668 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
669
670 DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n",
671 ep.con_handle, ep.status, ep.encryption_enable);
672
673 link = hci_link_lookup_handle(unit, ep.con_handle);
674 if (link == NULL || link->hl_type != HCI_LINK_ACL)
675 return;
676
677 if (ep.status == 0) {
678 if (ep.encryption_enable == 0)
679 link->hl_flags &= ~HCI_LINK_ENCRYPT;
680 else
681 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
682
683 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT)
684 link->hl_state = HCI_LINK_OPEN;
685
686 err = hci_acl_setmode(link);
687 if (err == EINPROGRESS)
688 return;
689 }
690
691 hci_acl_linkmode(link);
692 }
693
694 /*
695 * Change Connection Link Key Complete
696 *
697 * Link keys are handled in userland but if we are waiting to secure
698 * this link, we should notify the upper protocols. A SECURE request
699 * only needs a single key change, so we can cancel the request.
700 */
701 static void
702 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m)
703 {
704 hci_change_con_link_key_compl_ep ep;
705 struct hci_link *link;
706 int err;
707
708 KASSERT(m->m_pkthdr.len >= sizeof(ep));
709 m_copydata(m, 0, sizeof(ep), &ep);
710 m_adj(m, sizeof(ep));
711
712 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
713
714 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
715
716 link = hci_link_lookup_handle(unit, ep.con_handle);
717 if (link == NULL || link->hl_type != HCI_LINK_ACL)
718 return;
719
720 link->hl_flags &= ~HCI_LINK_SECURE_REQ;
721
722 if (ep.status == 0) {
723 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE);
724
725 if (link->hl_state == HCI_LINK_WAIT_SECURE)
726 link->hl_state = HCI_LINK_OPEN;
727
728 err = hci_acl_setmode(link);
729 if (err == EINPROGRESS)
730 return;
731 }
732
733 hci_acl_linkmode(link);
734 }
735
736 /*
737 * process results of read_bdaddr command_complete event
738 */
739 static void
740 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m)
741 {
742 hci_read_bdaddr_rp rp;
743 int s;
744
745 KASSERT(m->m_pkthdr.len >= sizeof(rp));
746 m_copydata(m, 0, sizeof(rp), &rp);
747 m_adj(m, sizeof(rp));
748
749 if (rp.status > 0)
750 return;
751
752 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0)
753 return;
754
755 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr);
756
757 s = splraiseipl(unit->hci_ipl);
758 unit->hci_flags &= ~BTF_INIT_BDADDR;
759 splx(s);
760
761 wakeup(unit);
762 }
763
764 /*
765 * process results of read_buffer_size command_complete event
766 */
767 static void
768 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m)
769 {
770 hci_read_buffer_size_rp rp;
771 int s;
772
773 KASSERT(m->m_pkthdr.len >= sizeof(rp));
774 m_copydata(m, 0, sizeof(rp), &rp);
775 m_adj(m, sizeof(rp));
776
777 if (rp.status > 0)
778 return;
779
780 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0)
781 return;
782
783 unit->hci_max_acl_size = le16toh(rp.max_acl_size);
784 unit->hci_num_acl_pkts = le16toh(rp.num_acl_pkts);
785 unit->hci_max_sco_size = rp.max_sco_size;
786 unit->hci_num_sco_pkts = le16toh(rp.num_sco_pkts);
787
788 s = splraiseipl(unit->hci_ipl);
789 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE;
790 splx(s);
791
792 wakeup(unit);
793 }
794
795 /*
796 * process results of read_local_features command_complete event
797 */
798 static void
799 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m)
800 {
801 hci_read_local_features_rp rp;
802 int s;
803
804 KASSERT(m->m_pkthdr.len >= sizeof(rp));
805 m_copydata(m, 0, sizeof(rp), &rp);
806 m_adj(m, sizeof(rp));
807
808 if (rp.status > 0)
809 return;
810
811 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0)
812 return;
813
814 unit->hci_lmp_mask = 0;
815
816 if (rp.features[0] & HCI_LMP_ROLE_SWITCH)
817 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH;
818
819 if (rp.features[0] & HCI_LMP_HOLD_MODE)
820 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE;
821
822 if (rp.features[0] & HCI_LMP_SNIFF_MODE)
823 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE;
824
825 if (rp.features[1] & HCI_LMP_PARK_MODE)
826 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE;
827
828 /* ACL packet mask */
829 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1;
830
831 if (rp.features[0] & HCI_LMP_3SLOT)
832 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3;
833
834 if (rp.features[0] & HCI_LMP_5SLOT)
835 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5;
836
837 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0)
838 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1
839 | HCI_PKT_2MBPS_DH3
840 | HCI_PKT_2MBPS_DH5;
841
842 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0)
843 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1
844 | HCI_PKT_3MBPS_DH3
845 | HCI_PKT_3MBPS_DH5;
846
847 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0)
848 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3
849 | HCI_PKT_3MBPS_DH3;
850
851 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0)
852 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5
853 | HCI_PKT_3MBPS_DH5;
854
855 unit->hci_packet_type = unit->hci_acl_mask;
856
857 /* SCO packet mask */
858 unit->hci_sco_mask = 0;
859 if (rp.features[1] & HCI_LMP_SCO_LINK)
860 unit->hci_sco_mask |= HCI_PKT_HV1;
861
862 if (rp.features[1] & HCI_LMP_HV2_PKT)
863 unit->hci_sco_mask |= HCI_PKT_HV2;
864
865 if (rp.features[1] & HCI_LMP_HV3_PKT)
866 unit->hci_sco_mask |= HCI_PKT_HV3;
867
868 if (rp.features[3] & HCI_LMP_EV3_PKT)
869 unit->hci_sco_mask |= HCI_PKT_EV3;
870
871 if (rp.features[4] & HCI_LMP_EV4_PKT)
872 unit->hci_sco_mask |= HCI_PKT_EV4;
873
874 if (rp.features[4] & HCI_LMP_EV5_PKT)
875 unit->hci_sco_mask |= HCI_PKT_EV5;
876
877 // XXX what do 2MBPS/3MBPS/3SLOT eSCO mean?
878
879 s = splraiseipl(unit->hci_ipl);
880 unit->hci_flags &= ~BTF_INIT_FEATURES;
881 splx(s);
882
883 wakeup(unit);
884
885 DPRINTFN(1, "%s: lmp_mask %4.4x, acl_mask %4.4x, sco_mask %4.4x\n",
886 unit->hci_devname, unit->hci_lmp_mask,
887 unit->hci_acl_mask, unit->hci_sco_mask);
888 }
889
890 /*
891 * process results of reset command_complete event
892 *
893 * This has killed all the connections, so close down anything we have left,
894 * and reinitialise the unit.
895 */
896 static void
897 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m)
898 {
899 hci_reset_rp rp;
900 struct hci_link *link, *next;
901 int acl;
902
903 KASSERT(m->m_pkthdr.len >= sizeof(rp));
904 m_copydata(m, 0, sizeof(rp), &rp);
905 m_adj(m, sizeof(rp));
906
907 if (rp.status != 0)
908 return;
909
910 /*
911 * release SCO links first, since they may be holding
912 * an ACL link reference.
913 */
914 for (acl = 0 ; acl < 2 ; acl++) {
915 next = TAILQ_FIRST(&unit->hci_links);
916 while ((link = next) != NULL) {
917 next = TAILQ_NEXT(link, hl_next);
918 if (acl || link->hl_type != HCI_LINK_ACL)
919 hci_link_free(link, ECONNABORTED);
920 }
921 }
922
923 unit->hci_num_acl_pkts = 0;
924 unit->hci_num_sco_pkts = 0;
925
926 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0))
927 return;
928
929 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0))
930 return;
931
932 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0))
933 return;
934 }
Cache object: 18a340409c9baa7950c788dd625eedb1
|