root/netbt/hci_event.c

DEFINITIONS

1. hci_eventstr
2. hci_event
3. hci_event_command_status
4. hci_event_command_compl
5. hci_event_num_compl_pkts
6. hci_event_inquiry_result
7. hci_event_con_compl
8. hci_event_discon_compl
9. hci_event_con_req
10. hci_event_auth_compl
11. hci_event_encryption_change
12. hci_event_change_con_link_key_compl
13. hci_cmd_read_bdaddr
14. hci_cmd_read_buffer_size
15. hci_cmd_read_local_features
16. hci_cmd_reset

    1 /*      $OpenBSD: hci_event.c,v 1.5 2007/06/19 08:12:35 uwe Exp $       */
    2 /*      $NetBSD: hci_event.c,v 1.6 2007/04/21 06:15:23 plunky Exp $     */
    4 /*-
    5  * Copyright (c) 2005 Iain Hibbert.
    6  * Copyright (c) 2006 Itronix Inc.
    7  * All rights reserved.
    8  *
    9  * Redistribution and use in source and binary forms, with or without
   10  * modification, are permitted provided that the following conditions
   11  * are met:
   12  * 1. Redistributions of source code must retain the above copyright
   13  *    notice, this list of conditions and the following disclaimer.
   14  * 2. Redistributions in binary form must reproduce the above copyright
   15  *    notice, this list of conditions and the following disclaimer in the
   16  *    documentation and/or other materials provided with the distribution.
   17  * 3. The name of Itronix Inc. may not be used to endorse
   18  *    or promote products derived from this software without specific
   19  *    prior written permission.
   20  *
   21  * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
   22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
   23  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   24  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
   25  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   26  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   27  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   28  * ON ANY THEORY OF LIABILITY, WHETHER IN
   29  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   30  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   31  * POSSIBILITY OF SUCH DAMAGE.
   32  */
   34 #include <sys/cdefs.h>
   36 #include <sys/param.h>
   37 #include <sys/kernel.h>
   38 #include <sys/malloc.h>
   39 #include <sys/mbuf.h>
   40 #include <sys/proc.h>
   41 #include <sys/systm.h>
   43 #include <netbt/bluetooth.h>
   44 #include <netbt/hci.h>
   45 #include <netbt/sco.h>
   47 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *);
   48 static void hci_event_command_status(struct hci_unit *, struct mbuf *);
   49 static void hci_event_command_compl(struct hci_unit *, struct mbuf *);
   50 static void hci_event_con_compl(struct hci_unit *, struct mbuf *);
   51 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *);
   52 static void hci_event_con_req(struct hci_unit *, struct mbuf *);
   53 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *);
   54 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *);
   55 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *);
   56 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *);
   57 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *);
   58 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *);
   59 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *);
   60 static void hci_cmd_reset(struct hci_unit *, struct mbuf *);
   62 #ifdef BLUETOOTH_DEBUG
   63 int bluetooth_debug = 0;
   65 static const char *hci_eventnames[] = {
   66 /* 0x00 */ "NULL",
   67 /* 0x01 */ "INQUIRY COMPLETE",
   68 /* 0x02 */ "INQUIRY RESULT",
   69 /* 0x03 */ "CONN COMPLETE",
   70 /* 0x04 */ "CONN REQ",
   71 /* 0x05 */ "DISCONN COMPLETE",
   72 /* 0x06 */ "AUTH COMPLETE",
   73 /* 0x07 */ "REMOTE NAME REQ COMPLETE",
   74 /* 0x08 */ "ENCRYPTION CHANGE",
   75 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE",
   76 /* 0x0a */ "MASTER LINK KEY COMPLETE",
   77 /* 0x0b */ "READ REMOTE FEATURES COMPLETE",
   78 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE",
   79 /* 0x0d */ "QoS SETUP COMPLETE",
   80 /* 0x0e */ "COMMAND COMPLETE",
   81 /* 0x0f */ "COMMAND STATUS",
   82 /* 0x10 */ "HARDWARE ERROR",
   83 /* 0x11 */ "FLUSH OCCUR",
   84 /* 0x12 */ "ROLE CHANGE",
   85 /* 0x13 */ "NUM COMPLETED PACKETS",
   86 /* 0x14 */ "MODE CHANGE",
   87 /* 0x15 */ "RETURN LINK KEYS",
   88 /* 0x16 */ "PIN CODE REQ",
   89 /* 0x17 */ "LINK KEY REQ",
   90 /* 0x18 */ "LINK KEY NOTIFICATION",
   91 /* 0x19 */ "LOOPBACK COMMAND",
   92 /* 0x1a */ "DATA BUFFER OVERFLOW",
   93 /* 0x1b */ "MAX SLOT CHANGE",
   94 /* 0x1c */ "READ CLOCK OFFSET COMPLETE",
   95 /* 0x1d */ "CONN PKT TYPE CHANGED",
   96 /* 0x1e */ "QOS VIOLATION",
   97 /* 0x1f */ "PAGE SCAN MODE CHANGE",
   98 /* 0x20 */ "PAGE SCAN REP MODE CHANGE",
   99 /* 0x21 */ "FLOW SPECIFICATION COMPLETE",
  100 /* 0x22 */ "RSSI RESULT",
  101 /* 0x23 */ "READ REMOTE EXT FEATURES"
  102 };
  104 static const char *
hci_eventstr(unsigned int event)
  106 {
  108         if (event < (sizeof(hci_eventnames) / sizeof(*hci_eventnames)))
  109                 return hci_eventnames[event];
  111         switch (event) {
  112         case HCI_EVENT_SCO_CON_COMPL:   /* 0x2c */
  113                 return "SCO CON COMPLETE";
  115         case HCI_EVENT_SCO_CON_CHANGED: /* 0x2d */
  116                 return "SCO CON CHANGED";
  118         case HCI_EVENT_BT_LOGO:         /* 0xfe */
  119                 return "BT_LOGO";
  121         case HCI_EVENT_VENDOR:          /* 0xff */
  122                 return "VENDOR";
  123         }
  125         return "UNRECOGNISED";
  126 }
  127 #endif  /* BLUETOOTH_DEBUG */
  129 /*
  130  * process HCI Events
  131  *
  132  * We will free the mbuf at the end, no need for any sub
  133  * functions to handle that. We kind of assume that the
  134  * device sends us valid events.
  135  * XXX "kind of"? This needs to be fixed.
  136  */
  137 void
hci_event(struct mbuf *m, struct hci_unit *unit)
  139 {
hci_event_hdr_t hdr;
KASSERT(m->m_flags & M_PKTHDR);
KASSERT(m->m_pkthdr.len >= sizeof(hdr));
m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr);
m_adj(m, sizeof(hdr));
KASSERT(hdr.type == HCI_EVENT_PKT);
DPRINTFN(1, "(%s) event %s\n", unit->hci_devname, hci_eventstr(hdr.event));
  152         switch(hdr.event) {
  153         case HCI_EVENT_COMMAND_STATUS:
hci_event_command_status(unit, m);
  155                 break;
  157         case HCI_EVENT_COMMAND_COMPL:
hci_event_command_compl(unit, m);
  159                 break;
  161         case HCI_EVENT_NUM_COMPL_PKTS:
hci_event_num_compl_pkts(unit, m);
  163                 break;
  165         case HCI_EVENT_INQUIRY_RESULT:
hci_event_inquiry_result(unit, m);
  167                 break;
  169         case HCI_EVENT_CON_COMPL:
hci_event_con_compl(unit, m);
  171                 break;
  173         case HCI_EVENT_DISCON_COMPL:
hci_event_discon_compl(unit, m);
  175                 break;
  177         case HCI_EVENT_CON_REQ:
hci_event_con_req(unit, m);
  179                 break;
  181         case HCI_EVENT_AUTH_COMPL:
hci_event_auth_compl(unit, m);
  183                 break;
  185         case HCI_EVENT_ENCRYPTION_CHANGE:
hci_event_encryption_change(unit, m);
  187                 break;
  189         case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL:
hci_event_change_con_link_key_compl(unit, m);
  191                 break;
  193         case HCI_EVENT_SCO_CON_COMPL:
  194         case HCI_EVENT_INQUIRY_COMPL:
  195         case HCI_EVENT_REMOTE_NAME_REQ_COMPL:
  196         case HCI_EVENT_MASTER_LINK_KEY_COMPL:
  197         case HCI_EVENT_READ_REMOTE_FEATURES_COMPL:
  198         case HCI_EVENT_READ_REMOTE_VER_INFO_COMPL:
  199         case HCI_EVENT_QOS_SETUP_COMPL:
  200         case HCI_EVENT_HARDWARE_ERROR:
  201         case HCI_EVENT_FLUSH_OCCUR:
  202         case HCI_EVENT_ROLE_CHANGE:
  203         case HCI_EVENT_MODE_CHANGE:
  204         case HCI_EVENT_RETURN_LINK_KEYS:
  205         case HCI_EVENT_PIN_CODE_REQ:
  206         case HCI_EVENT_LINK_KEY_REQ:
  207         case HCI_EVENT_LINK_KEY_NOTIFICATION:
  208         case HCI_EVENT_LOOPBACK_COMMAND:
  209         case HCI_EVENT_DATA_BUFFER_OVERFLOW:
  210         case HCI_EVENT_MAX_SLOT_CHANGE:
  211         case HCI_EVENT_READ_CLOCK_OFFSET_COMPL:
  212         case HCI_EVENT_CON_PKT_TYPE_CHANGED:
  213         case HCI_EVENT_QOS_VIOLATION:
  214         case HCI_EVENT_PAGE_SCAN_MODE_CHANGE:
  215         case HCI_EVENT_PAGE_SCAN_REP_MODE_CHANGE:
  216         case HCI_EVENT_FLOW_SPECIFICATION_COMPL:
  217         case HCI_EVENT_RSSI_RESULT:
  218         case HCI_EVENT_READ_REMOTE_EXTENDED_FEATURES:
  219         case HCI_EVENT_SCO_CON_CHANGED:
  220         case HCI_EVENT_BT_LOGO:
  221         case HCI_EVENT_VENDOR:
  222                 break;
  224         default:
UNKNOWN(hdr.event);
  226                 break;
  227         }
m_freem(m);
  230 }
  232 /*
  233  * Command Status
  234  *
  235  * Update our record of num_cmd_pkts then post-process any pending commands
  236  * and optionally restart cmd output on the unit.
  237  */
  238 static void
hci_event_command_status(struct hci_unit *unit, struct mbuf *m)
  240 {
hci_command_status_ep ep;
  242         struct hci_link *link;
KASSERT(m->m_pkthdr.len >= sizeof(ep));
m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
m_adj(m, sizeof(ep));
DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n",
unit->hci_devname,
HCI_OGF(letoh16(ep.opcode)), HCI_OCF(letoh16(ep.opcode)),
ep.status,
ep.num_cmd_pkts);
unit->hci_num_cmd_pkts = ep.num_cmd_pkts;
  256         /*
  257          * post processing of pending commands
  258          */
  259         switch(letoh16(ep.opcode)) {
  260         case HCI_CMD_CREATE_CON:
  261                 switch (ep.status) {
  262                 case 0x12:      /* Invalid HCI command parameters */
DPRINTF("(%s) Invalid HCI command parameters\n",
unit->hci_devname);
  265                         while ((link = hci_link_lookup_state(unit,
HCI_LINK_ACL, HCI_LINK_WAIT_CONNECT)) != NULL)
hci_link_free(link, ECONNABORTED);
  268                         break;
  269                 }
  270                 break;
  271         default:
  272                 break;
  273         }
  275         while (unit->hci_num_cmd_pkts > 0 && !IF_IS_EMPTY(&unit->hci_cmdwait)) {
IF_DEQUEUE(&unit->hci_cmdwait, m);
hci_output_cmd(unit, m);
  278         }
  279 }
  281 /*
  282  * Command Complete
  283  *
  284  * Update our record of num_cmd_pkts then handle the completed command,
  285  * and optionally restart cmd output on the unit.
  286  */
  287 static void
hci_event_command_compl(struct hci_unit *unit, struct mbuf *m)
  289 {
hci_command_compl_ep ep;
KASSERT(m->m_pkthdr.len >= sizeof(ep));
m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
m_adj(m, sizeof(ep));
DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n",
unit->hci_devname,
HCI_OGF(letoh16(ep.opcode)), HCI_OCF(letoh16(ep.opcode)),
ep.num_cmd_pkts);
unit->hci_num_cmd_pkts = ep.num_cmd_pkts;
  303         /*
  304          * post processing of completed commands
  305          */
  306         switch(letoh16(ep.opcode)) {
  307         case HCI_CMD_READ_BDADDR:
hci_cmd_read_bdaddr(unit, m);
  309                 break;
  311         case HCI_CMD_READ_BUFFER_SIZE:
hci_cmd_read_buffer_size(unit, m);
  313                 break;
  315         case HCI_CMD_READ_LOCAL_FEATURES:
hci_cmd_read_local_features(unit, m);
  317                 break;
  319         case HCI_CMD_RESET:
hci_cmd_reset(unit, m);
  321                 break;
  323         default:
  324                 break;
  325         }
  327         while (unit->hci_num_cmd_pkts > 0 && !IF_IS_EMPTY(&unit->hci_cmdwait)) {
IF_DEQUEUE(&unit->hci_cmdwait, m);
hci_output_cmd(unit, m);
  330         }
  331 }
  333 /*
  334  * Number of Completed Packets
  335  *
  336  * This is sent periodically by the Controller telling us how many
  337  * buffers are now freed up and which handle was using them. From
  338  * this we determine which type of buffer it was and add the qty
  339  * back into the relevant packet counter, then restart output on
  340  * links that have halted.
  341  */
  342 static void
hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m)
  344 {
hci_num_compl_pkts_ep ep;
  346         struct hci_link *link, *next;
uint16_t handle, num;
  348         int num_acl = 0, num_sco = 0;
KASSERT(m->m_pkthdr.len >= sizeof(ep));
m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
m_adj(m, sizeof(ep));
  354         while (ep.num_con_handles--) {
m_copydata(m, 0, sizeof(handle), (caddr_t)&handle);
m_adj(m, sizeof(handle));
handle = letoh16(handle);
m_copydata(m, 0, sizeof(num), (caddr_t)&num);
m_adj(m, sizeof(num));
num = letoh16(num);
link = hci_link_lookup_handle(unit, handle);
  364                 if (link) {
  365                         if (link->hl_type == HCI_LINK_ACL) {
num_acl += num;
hci_acl_complete(link, num);
  368                         } else {
num_sco += num;
hci_sco_complete(link, num);
  371                         }
  372                 } else {
  373                         /* XXX need to issue Read_Buffer_Size or Reset? */
printf("%s: unknown handle %d! "
  375                                 "(losing track of %d packet buffer%s)\n",
unit->hci_devname, handle,
num, (num == 1 ? "" : "s"));
  378                 }
  379         }
  381         /*
  382          * Move up any queued packets. When a link has sent data, it will move
  383          * to the back of the queue - technically then if a link had something
  384          * to send and there were still buffers available it could get started
  385          * twice but it seemed more important to to handle higher loads fairly
  386          * than worry about wasting cycles when we are not busy.
  387          */
unit->hci_num_acl_pkts += num_acl;
unit->hci_num_sco_pkts += num_sco;
link = TAILQ_FIRST(&unit->hci_links);
  393         while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) {
next = TAILQ_NEXT(link, hl_next);
  396                 if (link->hl_type == HCI_LINK_ACL) {
  397                         if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0)
hci_acl_start(link);
  399                 } else {
  400                         if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0)
hci_sco_start(link);
  402                 }
link = next;
  405         }
  406 }
  408 /*
  409  * Inquiry Result
  410  *
  411  * keep a note of devices seen, so we know which unit to use
  412  * on outgoing connections
  413  */
  414 static void
hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m)
  416 {
hci_inquiry_result_ep ep;
  418         struct hci_memo *memo;
bdaddr_t bdaddr;
KASSERT(m->m_pkthdr.len >= sizeof(ep));
m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
m_adj(m, sizeof(ep));
DPRINTFN(1, "%d response%s\n", ep.num_responses,
  426                                 (ep.num_responses == 1 ? "" : "s"));
  428         while(ep.num_responses--) {
m_copydata(m, 0, sizeof(bdaddr_t), (caddr_t)&bdaddr);
DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n",
bdaddr.b[5], bdaddr.b[4], bdaddr.b[3],
bdaddr.b[2], bdaddr.b[1], bdaddr.b[0]);
memo = hci_memo_find(unit, &bdaddr);
  436                 if (memo == NULL) {
memo = malloc(sizeof(struct hci_memo),
M_BLUETOOTH, M_NOWAIT);
  439                         if (memo == NULL) {
DPRINTFN(0, "out of memo memory!\n");
  441                                 break;
  442                         }
bzero(memo, sizeof *memo);
LIST_INSERT_HEAD(&unit->hci_memos, memo, next);
  446                 }
microtime(&memo->time);
m_copydata(m, 0, sizeof(hci_inquiry_response),
  450                         (caddr_t)&memo->response);
m_adj(m, sizeof(hci_inquiry_response));
memo->response.clock_offset =
letoh16(memo->response.clock_offset);
  455         }
  456 }
  458 /*
  459  * Connection Complete
  460  *
  461  * Sent to us when a connection is made. If there is no link
  462  * structure already allocated for this, we must have changed
  463  * our mind, so just disconnect.
  464  */
  465 static void
hci_event_con_compl(struct hci_unit *unit, struct mbuf *m)
  467 {
hci_con_compl_ep ep;
hci_write_link_policy_settings_cp cp;
  470         struct hci_link *link;
  471         int err;
KASSERT(m->m_pkthdr.len >= sizeof(ep));
m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
m_adj(m, sizeof(ep));
DPRINTFN(1, "(%s) %s connection complete for "
  478                 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n",
unit->hci_devname,
  480                 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"),
ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3],
ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0],
ep.status);
link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type);
  487         if (ep.status) {
  488                 if (link != NULL) {
  489                         switch (ep.status) {
  490                         case 0x04: /* "Page Timeout" */
err = EHOSTDOWN;
  492                                 break;
  494                         case 0x08: /* "Connection Timed Out" */
  495                         case 0x10: /* "Connection Accept Timeout Exceeded" */
err = ETIMEDOUT;
  497                                 break;
  499                         case 0x16: /* "Connection Terminated by Local Host" */
err = 0;
  501                                 break;
  503                         default:
err = ECONNREFUSED;
  505                                 break;
  506                         }
hci_link_free(link, err);
  509                 }
  511                 return;
  512         }
  514         if (link == NULL) {
hci_discon_cp dp;
dp.con_handle = ep.con_handle;
dp.reason = 0x13; /* "Remote User Terminated Connection" */
hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp));
  521                 return;
  522         }
  524         /* XXX could check auth_enable here */
  526         if (ep.encryption_mode)
link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
link->hl_state = HCI_LINK_OPEN;
link->hl_handle = HCI_CON_HANDLE(letoh16(ep.con_handle));
  532         if (ep.link_type == HCI_LINK_ACL) {
cp.con_handle = ep.con_handle;
cp.settings = htole16(unit->hci_link_policy);
err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS,
  536                                                 &cp, sizeof(cp));
  537                 if (err)
printf("%s: Warning, could not write link policy\n",
unit->hci_devname);
err = hci_acl_setmode(link);
  542                 if (err == EINPROGRESS)
  543                         return;
hci_acl_linkmode(link);
  546         } else {
  547                 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper);
  548         }
  549 }
  551 /*
  552  * Disconnection Complete
  553  *
  554  * This is sent in response to a disconnection request, but also if
  555  * the remote device goes out of range.
  556  */
  557 static void
hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m)
  559 {
hci_discon_compl_ep ep;
  561         struct hci_link *link;
KASSERT(m->m_pkthdr.len >= sizeof(ep));
m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
m_adj(m, sizeof(ep));
ep.con_handle = letoh16(ep.con_handle);
DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle));
  572         if (link)
hci_link_free(link, ENOENT); /* XXX NetBSD used ENOLINK here */
  574 }
  576 /*
  577  * Connect Request
  578  *
  579  * We check upstream for appropriate listeners and accept connections
  580  * that are wanted.
  581  */
  582 static void
hci_event_con_req(struct hci_unit *unit, struct mbuf *m)
  584 {
hci_con_req_ep ep;
hci_accept_con_cp ap;
hci_reject_con_cp rp;
  588         struct hci_link *link;
KASSERT(m->m_pkthdr.len >= sizeof(ep));
m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
m_adj(m, sizeof(ep));
DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x "
  595                 "class %2.2x%2.2x%2.2x type %s\n",
ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3],
ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0],
ep.uclass[0], ep.uclass[1], ep.uclass[2],
ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO");
  601         if (ep.link_type == HCI_LINK_ACL)
link = hci_acl_newconn(unit, &ep.bdaddr);
  603         else
link = hci_sco_newconn(unit, &ep.bdaddr);
  606         if (link == NULL) {
memset(&rp, 0, sizeof(rp));
bdaddr_copy(&rp.bdaddr, &ep.bdaddr);
rp.reason = 0x0f;       /* Unacceptable BD_ADDR */
hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp));
  612         } else {
memset(&ap, 0, sizeof(ap));
bdaddr_copy(&ap.bdaddr, &ep.bdaddr);
  615                 if (unit->hci_link_policy & HCI_LINK_POLICY_ENABLE_ROLE_SWITCH)
ap.role = HCI_ROLE_MASTER;
  617                 else
ap.role = HCI_ROLE_SLAVE;
hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap));
  621         }
  622 }
  624 /*
  625  * Auth Complete
  626  *
  627  * Authentication has been completed on an ACL link. We can notify the
  628  * upper layer protocols unless further mode changes are pending.
  629  */
  630 static void
hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m)
  632 {
hci_auth_compl_ep ep;
  634         struct hci_link *link;
  635         int err;
KASSERT(m->m_pkthdr.len >= sizeof(ep));
m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
m_adj(m, sizeof(ep));
ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle));
DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
link = hci_link_lookup_handle(unit, ep.con_handle);
  646         if (link == NULL || link->hl_type != HCI_LINK_ACL)
  647                 return;
  649         if (ep.status == 0) {
link->hl_flags |= HCI_LINK_AUTH;
  652                 if (link->hl_state == HCI_LINK_WAIT_AUTH)
link->hl_state = HCI_LINK_OPEN;
err = hci_acl_setmode(link);
  656                 if (err == EINPROGRESS)
  657                         return;
  658         }
hci_acl_linkmode(link);
  661 }
  663 /*
  664  * Encryption Change
  665  *
  666  * The encryption status has changed. Basically, we note the change
  667  * then notify the upper layer protocol unless further mode changes
  668  * are pending.
  669  * Note that if encryption gets disabled when it has been requested,
  670  * we will attempt to enable it again.. (its a feature not a bug :)
  671  */
  672 static void
hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m)
  674 {
hci_encryption_change_ep ep;
  676         struct hci_link *link;
  677         int err;
KASSERT(m->m_pkthdr.len >= sizeof(ep));
m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
m_adj(m, sizeof(ep));
ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle));
DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n",
ep.con_handle, ep.status, ep.encryption_enable);
link = hci_link_lookup_handle(unit, ep.con_handle);
  689         if (link == NULL || link->hl_type != HCI_LINK_ACL)
  690                 return;
  692         if (ep.status == 0) {
  693                 if (ep.encryption_enable == 0)
link->hl_flags &= ~HCI_LINK_ENCRYPT;
  695                 else
link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
  698                 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT)
link->hl_state = HCI_LINK_OPEN;
err = hci_acl_setmode(link);
  702                 if (err == EINPROGRESS)
  703                         return;
  704         }
hci_acl_linkmode(link);
  707 }
  709 /*
  710  * Change Connection Link Key Complete
  711  *
  712  * Link keys are handled in userland but if we are waiting to secure
  713  * this link, we should notify the upper protocols. A SECURE request
  714  * only needs a single key change, so we can cancel the request.
  715  */
  716 static void
hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m)
  718 {
hci_change_con_link_key_compl_ep ep;
  720         struct hci_link *link;
  721         int err;
KASSERT(m->m_pkthdr.len >= sizeof(ep));
m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
m_adj(m, sizeof(ep));
ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle));
DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
link = hci_link_lookup_handle(unit, ep.con_handle);
  732         if (link == NULL || link->hl_type != HCI_LINK_ACL)
  733                 return;
link->hl_flags &= ~HCI_LINK_SECURE_REQ;
  737         if (ep.status == 0) {
link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE);
  740                 if (link->hl_state == HCI_LINK_WAIT_SECURE)
link->hl_state = HCI_LINK_OPEN;
err = hci_acl_setmode(link);
  744                 if (err == EINPROGRESS)
  745                         return;
  746         }
hci_acl_linkmode(link);
  749 }
  751 /*
  752  * process results of read_bdaddr command_complete event
  753  */
  754 static void
hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m)
  756 {
hci_read_bdaddr_rp rp;
  758         int s;
KASSERT(m->m_pkthdr.len >= sizeof(rp));
m_copydata(m, 0, sizeof(rp), (caddr_t)&rp);
m_adj(m, sizeof(rp));
  764         if (rp.status > 0)
  765                 return;
  767         if ((unit->hci_flags & BTF_INIT_BDADDR) == 0)
  768                 return;
bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr);
s = splraiseipl(unit->hci_ipl);
unit->hci_flags &= ~BTF_INIT_BDADDR;
splx(s);
wakeup(unit);
  777 }
  779 /*
  780  * process results of read_buffer_size command_complete event
  781  */
  782 static void
hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m)
  784 {
hci_read_buffer_size_rp rp;
  786         int s;
KASSERT(m->m_pkthdr.len >= sizeof(rp));
m_copydata(m, 0, sizeof(rp), (caddr_t)&rp);
m_adj(m, sizeof(rp));
  792         if (rp.status > 0)
  793                 return;
  795         if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0)
  796                 return;
unit->hci_max_acl_size = letoh16(rp.max_acl_size);
unit->hci_num_acl_pkts = letoh16(rp.num_acl_pkts);
unit->hci_max_sco_size = rp.max_sco_size;
unit->hci_num_sco_pkts = letoh16(rp.num_sco_pkts);
s = splraiseipl(unit->hci_ipl);
unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE;
splx(s);
wakeup(unit);
  808 }
  810 /*
  811  * process results of read_local_features command_complete event
  812  */
  813 static void
hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m)
  815 {
hci_read_local_features_rp rp;
  817         int s;
KASSERT(m->m_pkthdr.len >= sizeof(rp));
m_copydata(m, 0, sizeof(rp), (caddr_t)&rp);
m_adj(m, sizeof(rp));
  823         if (rp.status > 0)
  824                 return;
  826         if ((unit->hci_flags & BTF_INIT_FEATURES) == 0)
  827                 return;
unit->hci_lmp_mask = 0;
  831         if (rp.features[0] & HCI_LMP_ROLE_SWITCH)
unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH;
  834         if (rp.features[0] & HCI_LMP_HOLD_MODE)
unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE;
  837         if (rp.features[0] & HCI_LMP_SNIFF_MODE)
unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE;
  840         if (rp.features[1] & HCI_LMP_PARK_MODE)
unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE;
  843         /* ACL packet mask */
unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1;
  846         if (rp.features[0] & HCI_LMP_3SLOT)
unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3;
  849         if (rp.features[0] & HCI_LMP_5SLOT)
unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5;
  852         if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0)
unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1
  854                                     | HCI_PKT_2MBPS_DH3
  855                                     | HCI_PKT_2MBPS_DH5;
  857         if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0)
unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1
  859                                     | HCI_PKT_3MBPS_DH3
  860                                     | HCI_PKT_3MBPS_DH5;
  862         if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0)
unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3
  864                                     | HCI_PKT_3MBPS_DH3;
  866         if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0)
unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5
  868                                     | HCI_PKT_3MBPS_DH5;
unit->hci_packet_type = unit->hci_acl_mask;
  872         /* SCO packet mask */
unit->hci_sco_mask = 0;
  874         if (rp.features[1] & HCI_LMP_SCO_LINK)
unit->hci_sco_mask |= HCI_PKT_HV1;
  877         if (rp.features[1] & HCI_LMP_HV2_PKT)
unit->hci_sco_mask |= HCI_PKT_HV2;
  880         if (rp.features[1] & HCI_LMP_HV3_PKT)
unit->hci_sco_mask |= HCI_PKT_HV3;
  883         if (rp.features[3] & HCI_LMP_EV3_PKT)
unit->hci_sco_mask |= HCI_PKT_EV3;
  886         if (rp.features[4] & HCI_LMP_EV4_PKT)
unit->hci_sco_mask |= HCI_PKT_EV4;
  889         if (rp.features[4] & HCI_LMP_EV5_PKT)
unit->hci_sco_mask |= HCI_PKT_EV5;
  892         /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */
s = splraiseipl(unit->hci_ipl);
unit->hci_flags &= ~BTF_INIT_FEATURES;
splx(s);
wakeup(unit);
DPRINTFN(1, "%s: lmp_mask %4.4x, acl_mask %4.4x, sco_mask %4.4x\n",
unit->hci_devname, unit->hci_lmp_mask,
unit->hci_acl_mask, unit->hci_sco_mask);
  903 }
  905 /*
  906  * process results of reset command_complete event
  907  *
  908  * This has killed all the connections, so close down anything we have left,
  909  * and reinitialise the unit.
  910  */
  911 static void
hci_cmd_reset(struct hci_unit *unit, struct mbuf *m)
  913 {
hci_reset_rp rp;
  915         struct hci_link *link, *next;
  916         int acl;
KASSERT(m->m_pkthdr.len >= sizeof(rp));
m_copydata(m, 0, sizeof(rp), (caddr_t)&rp);
m_adj(m, sizeof(rp));
  922         if (rp.status != 0)
  923                 return;
  925         /*
  926          * release SCO links first, since they may be holding
  927          * an ACL link reference.
  928          */
  929         for (acl = 0 ; acl < 2 ; acl++) {
next = TAILQ_FIRST(&unit->hci_links);
  931                 while ((link = next) != NULL) {
next = TAILQ_NEXT(link, hl_next);
  933                         if (acl || link->hl_type != HCI_LINK_ACL)
hci_link_free(link, ECONNABORTED);
  935                 }
  936         }
unit->hci_num_acl_pkts = 0;
unit->hci_num_sco_pkts = 0;
  941         if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0))
  942                 return;
  944         if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0))
  945                 return;
  947         if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0))
  948                 return;
  949 }