Fix memory barrier in a debug function
[netbsd-mini2440.git] / sys / netbt / hci_event.c
blob8bb53b6d9b6ce4bbf8de9992db464c7c1ac40af0
1 /* $NetBSD: hci_event.c,v 1.20 2009/08/24 20:37:36 plunky Exp $ */
3 /*-
4 * Copyright (c) 2005 Iain Hibbert.
5 * Copyright (c) 2006 Itronix Inc.
6 * All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of Itronix Inc. may not be used to endorse
17 * or promote products derived from this software without specific
18 * prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
33 #include <sys/cdefs.h>
34 __KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.20 2009/08/24 20:37:36 plunky Exp $");
36 #include <sys/param.h>
37 #include <sys/kernel.h>
38 #include <sys/malloc.h>
39 #include <sys/mbuf.h>
40 #include <sys/proc.h>
41 #include <sys/systm.h>
43 #include <netbt/bluetooth.h>
44 #include <netbt/hci.h>
45 #include <netbt/sco.h>
47 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *);
48 static void hci_event_rssi_result(struct hci_unit *, struct mbuf *);
49 static void hci_event_extended_result(struct hci_unit *, struct mbuf *);
50 static void hci_event_command_status(struct hci_unit *, struct mbuf *);
51 static void hci_event_command_compl(struct hci_unit *, struct mbuf *);
52 static void hci_event_con_compl(struct hci_unit *, struct mbuf *);
53 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *);
54 static void hci_event_con_req(struct hci_unit *, struct mbuf *);
55 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *);
56 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *);
57 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *);
58 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *);
59 static void hci_event_read_clock_offset_compl(struct hci_unit *, struct mbuf *);
60 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *);
61 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *);
62 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *);
63 static void hci_cmd_read_local_ver(struct hci_unit *, struct mbuf *);
64 static void hci_cmd_read_local_commands(struct hci_unit *, struct mbuf *);
65 static void hci_cmd_reset(struct hci_unit *, struct mbuf *);
66 static void hci_cmd_create_con(struct hci_unit *unit, uint8_t status);
68 #ifdef BLUETOOTH_DEBUG
69 int bluetooth_debug;
71 static const char *hci_eventnames[] = {
72 /* 0x00 */ "NULL",
73 /* 0x01 */ "INQUIRY COMPLETE",
74 /* 0x02 */ "INQUIRY RESULT",
75 /* 0x03 */ "CONN COMPLETE",
76 /* 0x04 */ "CONN REQ",
77 /* 0x05 */ "DISCONN COMPLETE",
78 /* 0x06 */ "AUTH COMPLETE",
79 /* 0x07 */ "REMOTE NAME REQ COMPLETE",
80 /* 0x08 */ "ENCRYPTION CHANGE",
81 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE",
82 /* 0x0a */ "MASTER LINK KEY COMPLETE",
83 /* 0x0b */ "READ REMOTE FEATURES COMPLETE",
84 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE",
85 /* 0x0d */ "QoS SETUP COMPLETE",
86 /* 0x0e */ "COMMAND COMPLETE",
87 /* 0x0f */ "COMMAND STATUS",
88 /* 0x10 */ "HARDWARE ERROR",
89 /* 0x11 */ "FLUSH OCCUR",
90 /* 0x12 */ "ROLE CHANGE",
91 /* 0x13 */ "NUM COMPLETED PACKETS",
92 /* 0x14 */ "MODE CHANGE",
93 /* 0x15 */ "RETURN LINK KEYS",
94 /* 0x16 */ "PIN CODE REQ",
95 /* 0x17 */ "LINK KEY REQ",
96 /* 0x18 */ "LINK KEY NOTIFICATION",
97 /* 0x19 */ "LOOPBACK COMMAND",
98 /* 0x1a */ "DATA BUFFER OVERFLOW",
99 /* 0x1b */ "MAX SLOT CHANGE",
100 /* 0x1c */ "READ CLOCK OFFSET COMPLETE",
101 /* 0x1d */ "CONN PKT TYPE CHANGED",
102 /* 0x1e */ "QOS VIOLATION",
103 /* 0x1f */ "PAGE SCAN MODE CHANGE",
104 /* 0x20 */ "PAGE SCAN REP MODE CHANGE",
105 /* 0x21 */ "FLOW SPECIFICATION COMPLETE",
106 /* 0x22 */ "RSSI RESULT",
107 /* 0x23 */ "READ REMOTE EXT FEATURES",
108 /* 0x24 */ "UNKNOWN",
109 /* 0x25 */ "UNKNOWN",
110 /* 0x26 */ "UNKNOWN",
111 /* 0x27 */ "UNKNOWN",
112 /* 0x28 */ "UNKNOWN",
113 /* 0x29 */ "UNKNOWN",
114 /* 0x2a */ "UNKNOWN",
115 /* 0x2b */ "UNKNOWN",
116 /* 0x2c */ "SCO CON COMPLETE",
117 /* 0x2d */ "SCO CON CHANGED",
118 /* 0x2e */ "SNIFF SUBRATING",
119 /* 0x2f */ "EXTENDED INQUIRY RESULT",
120 /* 0x30 */ "ENCRYPTION KEY REFRESH",
121 /* 0x31 */ "IO CAPABILITY REQUEST",
122 /* 0x32 */ "IO CAPABILITY RESPONSE",
123 /* 0x33 */ "USER CONFIRM REQUEST",
124 /* 0x34 */ "USER PASSKEY REQUEST",
125 /* 0x35 */ "REMOTE OOB DATA REQUEST",
126 /* 0x36 */ "SIMPLE PAIRING COMPLETE",
127 /* 0x37 */ "UNKNOWN",
128 /* 0x38 */ "LINK SUPERVISION TIMEOUT CHANGED",
129 /* 0x39 */ "ENHANCED FLUSH COMPLETE",
130 /* 0x3a */ "UNKNOWN",
131 /* 0x3b */ "USER PASSKEY NOTIFICATION",
132 /* 0x3c */ "KEYPRESS NOTIFICATION",
133 /* 0x3d */ "REMOTE HOST FEATURES NOTIFICATION",
136 static const char *
137 hci_eventstr(unsigned int event)
140 if (event < __arraycount(hci_eventnames))
141 return hci_eventnames[event];
143 switch (event) {
144 case HCI_EVENT_BT_LOGO: /* 0xfe */
145 return "BT_LOGO";
147 case HCI_EVENT_VENDOR: /* 0xff */
148 return "VENDOR";
151 return "UNKNOWN";
153 #endif /* BLUETOOTH_DEBUG */
156 * process HCI Events
158 * We will free the mbuf at the end, no need for any sub
159 * functions to handle that. We kind of assume that the
160 * device sends us valid events.
162 void
163 hci_event(struct mbuf *m, struct hci_unit *unit)
165 hci_event_hdr_t hdr;
167 KASSERT(m->m_flags & M_PKTHDR);
169 KASSERT(m->m_pkthdr.len >= sizeof(hdr));
170 m_copydata(m, 0, sizeof(hdr), &hdr);
171 m_adj(m, sizeof(hdr));
173 KASSERT(hdr.type == HCI_EVENT_PKT);
175 DPRINTFN(1, "(%s) event %s\n",
176 device_xname(unit->hci_dev), hci_eventstr(hdr.event));
178 switch(hdr.event) {
179 case HCI_EVENT_COMMAND_STATUS:
180 hci_event_command_status(unit, m);
181 break;
183 case HCI_EVENT_COMMAND_COMPL:
184 hci_event_command_compl(unit, m);
185 break;
187 case HCI_EVENT_NUM_COMPL_PKTS:
188 hci_event_num_compl_pkts(unit, m);
189 break;
191 case HCI_EVENT_INQUIRY_RESULT:
192 hci_event_inquiry_result(unit, m);
193 break;
195 case HCI_EVENT_RSSI_RESULT:
196 hci_event_rssi_result(unit, m);
197 break;
199 case HCI_EVENT_EXTENDED_RESULT:
200 hci_event_extended_result(unit, m);
201 break;
203 case HCI_EVENT_CON_COMPL:
204 hci_event_con_compl(unit, m);
205 break;
207 case HCI_EVENT_DISCON_COMPL:
208 hci_event_discon_compl(unit, m);
209 break;
211 case HCI_EVENT_CON_REQ:
212 hci_event_con_req(unit, m);
213 break;
215 case HCI_EVENT_AUTH_COMPL:
216 hci_event_auth_compl(unit, m);
217 break;
219 case HCI_EVENT_ENCRYPTION_CHANGE:
220 hci_event_encryption_change(unit, m);
221 break;
223 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL:
224 hci_event_change_con_link_key_compl(unit, m);
225 break;
227 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL:
228 hci_event_read_clock_offset_compl(unit, m);
229 break;
231 default:
232 break;
235 m_freem(m);
239 * Command Status
241 * Restart command queue and post-process any pending commands
243 static void
244 hci_event_command_status(struct hci_unit *unit, struct mbuf *m)
246 hci_command_status_ep ep;
248 KASSERT(m->m_pkthdr.len >= sizeof(ep));
249 m_copydata(m, 0, sizeof(ep), &ep);
250 m_adj(m, sizeof(ep));
252 ep.opcode = le16toh(ep.opcode);
254 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n",
255 device_xname(unit->hci_dev),
256 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode),
257 ep.status,
258 ep.num_cmd_pkts);
260 hci_num_cmds(unit, ep.num_cmd_pkts);
263 * post processing of pending commands
265 switch(ep.opcode) {
266 case HCI_CMD_CREATE_CON:
267 hci_cmd_create_con(unit, ep.status);
268 break;
270 default:
271 if (ep.status == 0)
272 break;
274 aprint_error_dev(unit->hci_dev,
275 "CommandStatus opcode (%03x|%04x) failed (status=0x%02x)\n",
276 HCI_OGF(ep.opcode), HCI_OCF(ep.opcode),
277 ep.status);
279 break;
284 * Command Complete
286 * Restart command queue and handle the completed command
288 static void
289 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m)
291 hci_command_compl_ep ep;
292 hci_status_rp rp;
294 KASSERT(m->m_pkthdr.len >= sizeof(ep));
295 m_copydata(m, 0, sizeof(ep), &ep);
296 m_adj(m, sizeof(ep));
298 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n",
299 device_xname(unit->hci_dev),
300 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)),
301 ep.num_cmd_pkts);
303 hci_num_cmds(unit, ep.num_cmd_pkts);
306 * I am not sure if this is completely correct, it is not guaranteed
307 * that a command_complete packet will contain the status though most
308 * do seem to.
310 m_copydata(m, 0, sizeof(rp), &rp);
311 if (rp.status > 0)
312 aprint_error_dev(unit->hci_dev,
313 "CommandComplete opcode (%03x|%04x) failed (status=0x%02x)\n",
314 HCI_OGF(le16toh(ep.opcode)), HCI_OCF(le16toh(ep.opcode)),
315 rp.status);
318 * post processing of completed commands
320 switch(le16toh(ep.opcode)) {
321 case HCI_CMD_READ_BDADDR:
322 hci_cmd_read_bdaddr(unit, m);
323 break;
325 case HCI_CMD_READ_BUFFER_SIZE:
326 hci_cmd_read_buffer_size(unit, m);
327 break;
329 case HCI_CMD_READ_LOCAL_FEATURES:
330 hci_cmd_read_local_features(unit, m);
331 break;
333 case HCI_CMD_READ_LOCAL_VER:
334 hci_cmd_read_local_ver(unit, m);
335 break;
337 case HCI_CMD_READ_LOCAL_COMMANDS:
338 hci_cmd_read_local_commands(unit, m);
339 break;
341 case HCI_CMD_RESET:
342 hci_cmd_reset(unit, m);
343 break;
345 default:
346 break;
351 * Number of Completed Packets
353 * This is sent periodically by the Controller telling us how many
354 * buffers are now freed up and which handle was using them. From
355 * this we determine which type of buffer it was and add the qty
356 * back into the relevant packet counter, then restart output on
357 * links that have halted.
359 static void
360 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m)
362 hci_num_compl_pkts_ep ep;
363 struct hci_link *link, *next;
364 uint16_t handle, num;
365 int num_acl = 0, num_sco = 0;
367 KASSERT(m->m_pkthdr.len >= sizeof(ep));
368 m_copydata(m, 0, sizeof(ep), &ep);
369 m_adj(m, sizeof(ep));
371 while (ep.num_con_handles--) {
372 m_copydata(m, 0, sizeof(handle), &handle);
373 m_adj(m, sizeof(handle));
374 handle = le16toh(handle);
376 m_copydata(m, 0, sizeof(num), &num);
377 m_adj(m, sizeof(num));
378 num = le16toh(num);
380 link = hci_link_lookup_handle(unit, handle);
381 if (link) {
382 if (link->hl_type == HCI_LINK_ACL) {
383 num_acl += num;
384 hci_acl_complete(link, num);
385 } else {
386 num_sco += num;
387 hci_sco_complete(link, num);
389 } else {
390 /* XXX need to issue Read_Buffer_Size or Reset? */
391 aprint_error_dev(unit->hci_dev,
392 "unknown handle %d! (losing track of %d packet buffer%s)\n",
393 handle, num, (num == 1 ? "" : "s"));
398 * Move up any queued packets. When a link has sent data, it will move
399 * to the back of the queue - technically then if a link had something
400 * to send and there were still buffers available it could get started
401 * twice but it seemed more important to to handle higher loads fairly
402 * than worry about wasting cycles when we are not busy.
405 unit->hci_num_acl_pkts += num_acl;
406 unit->hci_num_sco_pkts += num_sco;
408 link = TAILQ_FIRST(&unit->hci_links);
409 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) {
410 next = TAILQ_NEXT(link, hl_next);
412 if (link->hl_type == HCI_LINK_ACL) {
413 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0)
414 hci_acl_start(link);
415 } else {
416 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0)
417 hci_sco_start(link);
420 link = next;
425 * Inquiry Result
427 * keep a note of devices seen, so we know which unit to use
428 * on outgoing connections
430 static void
431 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m)
433 hci_inquiry_result_ep ep;
434 hci_inquiry_response ir;
435 struct hci_memo *memo;
437 KASSERT(m->m_pkthdr.len >= sizeof(ep));
438 m_copydata(m, 0, sizeof(ep), &ep);
439 m_adj(m, sizeof(ep));
441 DPRINTFN(1, "%d response%s\n", ep.num_responses,
442 (ep.num_responses == 1 ? "" : "s"));
444 while(ep.num_responses--) {
445 KASSERT(m->m_pkthdr.len >= sizeof(ir));
446 m_copydata(m, 0, sizeof(ir), &ir);
447 m_adj(m, sizeof(ir));
449 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n",
450 ir.bdaddr.b[5], ir.bdaddr.b[4], ir.bdaddr.b[3],
451 ir.bdaddr.b[2], ir.bdaddr.b[1], ir.bdaddr.b[0]);
453 memo = hci_memo_new(unit, &ir.bdaddr);
454 if (memo != NULL) {
455 memo->page_scan_rep_mode = ir.page_scan_rep_mode;
456 memo->page_scan_mode = ir.page_scan_mode;
457 memo->clock_offset = ir.clock_offset;
463 * Inquiry Result with RSSI
465 * as above but different packet when RSSI result is enabled
467 static void
468 hci_event_rssi_result(struct hci_unit *unit, struct mbuf *m)
470 hci_rssi_result_ep ep;
471 hci_rssi_response rr;
472 struct hci_memo *memo;
474 KASSERT(m->m_pkthdr.len >= sizeof(ep));
475 m_copydata(m, 0, sizeof(ep), &ep);
476 m_adj(m, sizeof(ep));
478 DPRINTFN(1, "%d response%s\n", ep.num_responses,
479 (ep.num_responses == 1 ? "" : "s"));
481 while(ep.num_responses--) {
482 KASSERT(m->m_pkthdr.len >= sizeof(rr));
483 m_copydata(m, 0, sizeof(rr), &rr);
484 m_adj(m, sizeof(rr));
486 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n",
487 rr.bdaddr.b[5], rr.bdaddr.b[4], rr.bdaddr.b[3],
488 rr.bdaddr.b[2], rr.bdaddr.b[1], rr.bdaddr.b[0]);
490 memo = hci_memo_new(unit, &rr.bdaddr);
491 if (memo != NULL) {
492 memo->page_scan_rep_mode = rr.page_scan_rep_mode;
493 memo->page_scan_mode = 0;
494 memo->clock_offset = rr.clock_offset;
500 * Extended Inquiry Result
502 * as above but provides only one response and extended service info
504 static void
505 hci_event_extended_result(struct hci_unit *unit, struct mbuf *m)
507 hci_extended_result_ep ep;
508 struct hci_memo *memo;
510 KASSERT(m->m_pkthdr.len >= sizeof(ep));
511 m_copydata(m, 0, sizeof(ep), &ep);
512 m_adj(m, sizeof(ep));
514 if (ep.num_responses != 1)
515 return;
517 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n",
518 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3],
519 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0]);
521 memo = hci_memo_new(unit, &ep.bdaddr);
522 if (memo != NULL) {
523 memo->page_scan_rep_mode = ep.page_scan_rep_mode;
524 memo->page_scan_mode = 0;
525 memo->clock_offset = ep.clock_offset;
530 * Connection Complete
532 * Sent to us when a connection is made. If there is no link
533 * structure already allocated for this, we must have changed
534 * our mind, so just disconnect.
536 static void
537 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m)
539 hci_con_compl_ep ep;
540 hci_write_link_policy_settings_cp cp;
541 struct hci_link *link;
542 int err;
544 KASSERT(m->m_pkthdr.len >= sizeof(ep));
545 m_copydata(m, 0, sizeof(ep), &ep);
546 m_adj(m, sizeof(ep));
548 DPRINTFN(1, "(%s) %s connection complete for "
549 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n",
550 device_xname(unit->hci_dev),
551 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"),
552 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3],
553 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0],
554 ep.status);
556 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type);
558 if (ep.status) {
559 if (link != NULL) {
560 switch (ep.status) {
561 case 0x04: /* "Page Timeout" */
562 err = EHOSTDOWN;
563 break;
565 case 0x08: /* "Connection Timed Out" */
566 err = ETIMEDOUT;
567 break;
569 case 0x16: /* "Connection Terminated by Local Host" */
570 err = 0;
571 break;
573 default:
574 err = ECONNREFUSED;
575 break;
578 hci_link_free(link, err);
581 return;
584 if (link == NULL) {
585 hci_discon_cp dp;
587 dp.con_handle = ep.con_handle;
588 dp.reason = 0x13; /* "Remote User Terminated Connection" */
590 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp));
591 return;
594 /* XXX could check auth_enable here */
596 if (ep.encryption_mode)
597 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
599 link->hl_state = HCI_LINK_OPEN;
600 link->hl_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
602 if (ep.link_type == HCI_LINK_ACL) {
603 cp.con_handle = ep.con_handle;
604 cp.settings = htole16(unit->hci_link_policy);
605 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS,
606 &cp, sizeof(cp));
607 if (err)
608 aprint_error_dev(unit->hci_dev,
609 "Warning, could not write link policy\n");
611 err = hci_send_cmd(unit, HCI_CMD_READ_CLOCK_OFFSET,
612 &cp.con_handle, sizeof(cp.con_handle));
613 if (err)
614 aprint_error_dev(unit->hci_dev,
615 "Warning, could not read clock offset\n");
617 err = hci_acl_setmode(link);
618 if (err == EINPROGRESS)
619 return;
621 hci_acl_linkmode(link);
622 } else {
623 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper);
628 * Disconnection Complete
630 * This is sent in response to a disconnection request, but also if
631 * the remote device goes out of range.
633 static void
634 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m)
636 hci_discon_compl_ep ep;
637 struct hci_link *link;
639 KASSERT(m->m_pkthdr.len >= sizeof(ep));
640 m_copydata(m, 0, sizeof(ep), &ep);
641 m_adj(m, sizeof(ep));
643 ep.con_handle = le16toh(ep.con_handle);
645 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
647 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle));
648 if (link)
649 hci_link_free(link, ENOLINK);
653 * Connect Request
655 * We check upstream for appropriate listeners and accept connections
656 * that are wanted.
658 static void
659 hci_event_con_req(struct hci_unit *unit, struct mbuf *m)
661 hci_con_req_ep ep;
662 hci_accept_con_cp ap;
663 hci_reject_con_cp rp;
664 struct hci_link *link;
666 KASSERT(m->m_pkthdr.len >= sizeof(ep));
667 m_copydata(m, 0, sizeof(ep), &ep);
668 m_adj(m, sizeof(ep));
670 DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x "
671 "class %2.2x%2.2x%2.2x type %s\n",
672 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3],
673 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0],
674 ep.uclass[0], ep.uclass[1], ep.uclass[2],
675 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO");
677 if (ep.link_type == HCI_LINK_ACL)
678 link = hci_acl_newconn(unit, &ep.bdaddr);
679 else
680 link = hci_sco_newconn(unit, &ep.bdaddr);
682 if (link == NULL) {
683 memset(&rp, 0, sizeof(rp));
684 bdaddr_copy(&rp.bdaddr, &ep.bdaddr);
685 rp.reason = 0x0f; /* Unacceptable BD_ADDR */
687 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp));
688 } else {
689 memset(&ap, 0, sizeof(ap));
690 bdaddr_copy(&ap.bdaddr, &ep.bdaddr);
691 if (unit->hci_flags & BTF_MASTER)
692 ap.role = HCI_ROLE_MASTER;
693 else
694 ap.role = HCI_ROLE_SLAVE;
696 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap));
701 * Auth Complete
703 * Authentication has been completed on an ACL link. We can notify the
704 * upper layer protocols unless further mode changes are pending.
706 static void
707 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m)
709 hci_auth_compl_ep ep;
710 struct hci_link *link;
711 int err;
713 KASSERT(m->m_pkthdr.len >= sizeof(ep));
714 m_copydata(m, 0, sizeof(ep), &ep);
715 m_adj(m, sizeof(ep));
717 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
719 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
721 link = hci_link_lookup_handle(unit, ep.con_handle);
722 if (link == NULL || link->hl_type != HCI_LINK_ACL)
723 return;
725 if (ep.status == 0) {
726 link->hl_flags |= HCI_LINK_AUTH;
728 if (link->hl_state == HCI_LINK_WAIT_AUTH)
729 link->hl_state = HCI_LINK_OPEN;
731 err = hci_acl_setmode(link);
732 if (err == EINPROGRESS)
733 return;
736 hci_acl_linkmode(link);
740 * Encryption Change
742 * The encryption status has changed. Basically, we note the change
743 * then notify the upper layer protocol unless further mode changes
744 * are pending.
745 * Note that if encryption gets disabled when it has been requested,
746 * we will attempt to enable it again.. (its a feature not a bug :)
748 static void
749 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m)
751 hci_encryption_change_ep ep;
752 struct hci_link *link;
753 int err;
755 KASSERT(m->m_pkthdr.len >= sizeof(ep));
756 m_copydata(m, 0, sizeof(ep), &ep);
757 m_adj(m, sizeof(ep));
759 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
761 DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n",
762 ep.con_handle, ep.status, ep.encryption_enable);
764 link = hci_link_lookup_handle(unit, ep.con_handle);
765 if (link == NULL || link->hl_type != HCI_LINK_ACL)
766 return;
768 if (ep.status == 0) {
769 if (ep.encryption_enable == 0)
770 link->hl_flags &= ~HCI_LINK_ENCRYPT;
771 else
772 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
774 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT)
775 link->hl_state = HCI_LINK_OPEN;
777 err = hci_acl_setmode(link);
778 if (err == EINPROGRESS)
779 return;
782 hci_acl_linkmode(link);
786 * Change Connection Link Key Complete
788 * Link keys are handled in userland but if we are waiting to secure
789 * this link, we should notify the upper protocols. A SECURE request
790 * only needs a single key change, so we can cancel the request.
792 static void
793 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m)
795 hci_change_con_link_key_compl_ep ep;
796 struct hci_link *link;
797 int err;
799 KASSERT(m->m_pkthdr.len >= sizeof(ep));
800 m_copydata(m, 0, sizeof(ep), &ep);
801 m_adj(m, sizeof(ep));
803 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
805 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
807 link = hci_link_lookup_handle(unit, ep.con_handle);
808 if (link == NULL || link->hl_type != HCI_LINK_ACL)
809 return;
811 link->hl_flags &= ~HCI_LINK_SECURE_REQ;
813 if (ep.status == 0) {
814 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE);
816 if (link->hl_state == HCI_LINK_WAIT_SECURE)
817 link->hl_state = HCI_LINK_OPEN;
819 err = hci_acl_setmode(link);
820 if (err == EINPROGRESS)
821 return;
824 hci_acl_linkmode(link);
828 * Read Clock Offset Complete
830 * We keep a note of the clock offset of remote devices when a
831 * link is made, in order to facilitate reconnections to the device
833 static void
834 hci_event_read_clock_offset_compl(struct hci_unit *unit, struct mbuf *m)
836 hci_read_clock_offset_compl_ep ep;
837 struct hci_link *link;
839 KASSERT(m->m_pkthdr.len >= sizeof(ep));
840 m_copydata(m, 0, sizeof(ep), &ep);
841 m_adj(m, sizeof(ep));
843 DPRINTFN(1, "handle #%d, offset=%u, status=0x%x\n",
844 le16toh(ep.con_handle), le16toh(ep.clock_offset), ep.status);
846 ep.con_handle = HCI_CON_HANDLE(le16toh(ep.con_handle));
847 link = hci_link_lookup_handle(unit, ep.con_handle);
848 if (link == NULL || link->hl_type != HCI_LINK_ACL)
849 return;
851 if (ep.status == 0)
852 link->hl_clock = ep.clock_offset;
856 * process results of read_bdaddr command_complete event
858 static void
859 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m)
861 hci_read_bdaddr_rp rp;
863 KASSERT(m->m_pkthdr.len >= sizeof(rp));
864 m_copydata(m, 0, sizeof(rp), &rp);
865 m_adj(m, sizeof(rp));
867 if (rp.status > 0)
868 return;
870 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0)
871 return;
873 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr);
875 unit->hci_flags &= ~BTF_INIT_BDADDR;
877 cv_broadcast(&unit->hci_init);
881 * process results of read_buffer_size command_complete event
883 static void
884 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m)
886 hci_read_buffer_size_rp rp;
888 KASSERT(m->m_pkthdr.len >= sizeof(rp));
889 m_copydata(m, 0, sizeof(rp), &rp);
890 m_adj(m, sizeof(rp));
892 if (rp.status > 0)
893 return;
895 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0)
896 return;
898 unit->hci_max_acl_size = le16toh(rp.max_acl_size);
899 unit->hci_num_acl_pkts = le16toh(rp.num_acl_pkts);
900 unit->hci_max_sco_size = rp.max_sco_size;
901 unit->hci_num_sco_pkts = le16toh(rp.num_sco_pkts);
903 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE;
905 cv_broadcast(&unit->hci_init);
909 * process results of read_local_features command_complete event
911 static void
912 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m)
914 hci_read_local_features_rp rp;
916 KASSERT(m->m_pkthdr.len >= sizeof(rp));
917 m_copydata(m, 0, sizeof(rp), &rp);
918 m_adj(m, sizeof(rp));
920 if (rp.status > 0)
921 return;
923 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0)
924 return;
926 unit->hci_lmp_mask = 0;
928 if (rp.features[0] & HCI_LMP_ROLE_SWITCH)
929 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH;
931 if (rp.features[0] & HCI_LMP_HOLD_MODE)
932 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE;
934 if (rp.features[0] & HCI_LMP_SNIFF_MODE)
935 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE;
937 if (rp.features[1] & HCI_LMP_PARK_MODE)
938 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE;
940 /* ACL packet mask */
941 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1;
943 if (rp.features[0] & HCI_LMP_3SLOT)
944 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3;
946 if (rp.features[0] & HCI_LMP_5SLOT)
947 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5;
949 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0)
950 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1
951 | HCI_PKT_2MBPS_DH3
952 | HCI_PKT_2MBPS_DH5;
954 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0)
955 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1
956 | HCI_PKT_3MBPS_DH3
957 | HCI_PKT_3MBPS_DH5;
959 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0)
960 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3
961 | HCI_PKT_3MBPS_DH3;
963 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0)
964 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5
965 | HCI_PKT_3MBPS_DH5;
967 unit->hci_packet_type = unit->hci_acl_mask;
969 /* SCO packet mask */
970 unit->hci_sco_mask = 0;
971 if (rp.features[1] & HCI_LMP_SCO_LINK)
972 unit->hci_sco_mask |= HCI_PKT_HV1;
974 if (rp.features[1] & HCI_LMP_HV2_PKT)
975 unit->hci_sco_mask |= HCI_PKT_HV2;
977 if (rp.features[1] & HCI_LMP_HV3_PKT)
978 unit->hci_sco_mask |= HCI_PKT_HV3;
980 if (rp.features[3] & HCI_LMP_EV3_PKT)
981 unit->hci_sco_mask |= HCI_PKT_EV3;
983 if (rp.features[4] & HCI_LMP_EV4_PKT)
984 unit->hci_sco_mask |= HCI_PKT_EV4;
986 if (rp.features[4] & HCI_LMP_EV5_PKT)
987 unit->hci_sco_mask |= HCI_PKT_EV5;
989 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */
991 unit->hci_flags &= ~BTF_INIT_FEATURES;
993 cv_broadcast(&unit->hci_init);
995 DPRINTFN(1, "%s: lmp_mask %4.4x, acl_mask %4.4x, sco_mask %4.4x\n",
996 device_xname(unit->hci_dev), unit->hci_lmp_mask,
997 unit->hci_acl_mask, unit->hci_sco_mask);
1001 * process results of read_local_ver command_complete event
1003 * reading local supported commands is only supported from 1.2 spec
1005 static void
1006 hci_cmd_read_local_ver(struct hci_unit *unit, struct mbuf *m)
1008 hci_read_local_ver_rp rp;
1010 KASSERT(m->m_pkthdr.len >= sizeof(rp));
1011 m_copydata(m, 0, sizeof(rp), &rp);
1012 m_adj(m, sizeof(rp));
1014 if (rp.status != 0)
1015 return;
1017 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0)
1018 return;
1020 if (rp.hci_version < HCI_SPEC_V12) {
1021 unit->hci_flags &= ~BTF_INIT_COMMANDS;
1022 cv_broadcast(&unit->hci_init);
1023 return;
1026 hci_send_cmd(unit, HCI_CMD_READ_LOCAL_COMMANDS, NULL, 0);
1030 * process results of read_local_commands command_complete event
1032 static void
1033 hci_cmd_read_local_commands(struct hci_unit *unit, struct mbuf *m)
1035 hci_read_local_commands_rp rp;
1037 KASSERT(m->m_pkthdr.len >= sizeof(rp));
1038 m_copydata(m, 0, sizeof(rp), &rp);
1039 m_adj(m, sizeof(rp));
1041 if (rp.status != 0)
1042 return;
1044 if ((unit->hci_flags & BTF_INIT_COMMANDS) == 0)
1045 return;
1047 unit->hci_flags &= ~BTF_INIT_COMMANDS;
1048 memcpy(unit->hci_cmds, rp.commands, HCI_COMMANDS_SIZE);
1050 cv_broadcast(&unit->hci_init);
1054 * process results of reset command_complete event
1056 * This has killed all the connections, so close down anything we have left,
1057 * and reinitialise the unit.
1059 static void
1060 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m)
1062 hci_reset_rp rp;
1063 struct hci_link *link, *next;
1064 int acl;
1066 KASSERT(m->m_pkthdr.len >= sizeof(rp));
1067 m_copydata(m, 0, sizeof(rp), &rp);
1068 m_adj(m, sizeof(rp));
1070 if (rp.status != 0)
1071 return;
1074 * release SCO links first, since they may be holding
1075 * an ACL link reference.
1077 for (acl = 0 ; acl < 2 ; acl++) {
1078 next = TAILQ_FIRST(&unit->hci_links);
1079 while ((link = next) != NULL) {
1080 next = TAILQ_NEXT(link, hl_next);
1081 if (acl || link->hl_type != HCI_LINK_ACL)
1082 hci_link_free(link, ECONNABORTED);
1086 unit->hci_num_acl_pkts = 0;
1087 unit->hci_num_sco_pkts = 0;
1089 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0))
1090 return;
1092 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0))
1093 return;
1095 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0))
1096 return;
1098 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_VER, NULL, 0))
1099 return;
1103 * process command_status event for create_con command
1105 * a "Create Connection" command can sometimes fail to start for whatever
1106 * reason and the command_status event returns failure but we get no
1107 * indication of which connection failed (for instance in the case where
1108 * we tried to open too many connections all at once) So, we keep a flag
1109 * on the link to indicate pending status until the command_status event
1110 * is returned to help us decide which needs to be failed.
1112 * since created links are inserted at the tail of hci_links, we know that
1113 * the first pending link we find will be the one that this command status
1114 * refers to.
1116 static void
1117 hci_cmd_create_con(struct hci_unit *unit, uint8_t status)
1119 struct hci_link *link;
1121 TAILQ_FOREACH(link, &unit->hci_links, hl_next) {
1122 if ((link->hl_flags & HCI_LINK_CREATE_CON) == 0)
1123 continue;
1125 link->hl_flags &= ~HCI_LINK_CREATE_CON;
1127 switch(status) {
1128 case 0x00: /* success */
1129 break;
1131 case 0x0c: /* "Command Disallowed" */
1132 hci_link_free(link, EBUSY);
1133 break;
1135 default: /* some other trouble */
1136 hci_link_free(link, EPROTO);
1137 break;
1140 return;