root/netbt/hci_socket.c

DEFINITIONS

1. hci_security_check_opcode
2. hci_security_check_event
3. hci_drop
4. hci_cmdwait_flush
5. hci_send
6. hci_usrreq
7. hci_ctloutput
8. hci_mtap

    1 /*      $OpenBSD: hci_socket.c,v 1.3 2007/06/02 01:46:01 uwe Exp $      */
    2 /*      $NetBSD: hci_socket.c,v 1.10 2007/03/31 18:17:13 plunky Exp $   */
    4 /*-
    5  * Copyright (c) 2005 Iain Hibbert.
    6  * Copyright (c) 2006 Itronix Inc.
    7  * All rights reserved.
    8  *
    9  * Redistribution and use in source and binary forms, with or without
   10  * modification, are permitted provided that the following conditions
   11  * are met:
   12  * 1. Redistributions of source code must retain the above copyright
   13  *    notice, this list of conditions and the following disclaimer.
   14  * 2. Redistributions in binary form must reproduce the above copyright
   15  *    notice, this list of conditions and the following disclaimer in the
   16  *    documentation and/or other materials provided with the distribution.
   17  * 3. The name of Itronix Inc. may not be used to endorse
   18  *    or promote products derived from this software without specific
   19  *    prior written permission.
   20  *
   21  * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
   22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
   23  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   24  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
   25  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   26  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   27  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   28  * ON ANY THEORY OF LIABILITY, WHETHER IN
   29  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   30  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   31  * POSSIBILITY OF SUCH DAMAGE.
   32  */
   34 #include <sys/cdefs.h>
   36 /* load symbolic names */
   37 #ifdef BLUETOOTH_DEBUG
   38 #define PRUREQUESTS
   39 #define PRCOREQUESTS
   40 #endif
   42 #include <sys/param.h>
   43 #include <sys/domain.h>
   44 #include <sys/kernel.h>
   45 #include <sys/mbuf.h>
   46 #include <sys/proc.h>
   47 #include <sys/protosw.h>
   48 #include <sys/socket.h>
   49 #include <sys/socketvar.h>
   50 #include <sys/systm.h>
   52 #include <netbt/bluetooth.h>
   53 #include <netbt/hci.h>
   55 /*******************************************************************************
   56  *
   57  * HCI SOCK_RAW Sockets - for control of Bluetooth Devices
   58  *
   59  */
   61 /*
   62  * the raw HCI protocol control block
   63  */
   64 struct hci_pcb {
   65         struct socket           *hp_socket;     /* socket */
   66         unsigned int            hp_flags;       /* flags */
bdaddr_t                hp_laddr;       /* local address */
bdaddr_t                hp_raddr;       /* remote address */
   69         struct hci_filter       hp_efilter;     /* user event filter */
   70         struct hci_filter       hp_pfilter;     /* user packet filter */
LIST_ENTRY(hci_pcb)     hp_next;        /* next HCI pcb */
   72 };
   74 /* hp_flags */
   75 #define HCI_PRIVILEGED          (1<<0)  /* no security filter for root */
   76 #define HCI_DIRECTION           (1<<1)  /* direction control messages */
   77 #define HCI_PROMISCUOUS         (1<<2)  /* listen to all units */
LIST_HEAD(hci_pcb_list, hci_pcb) hci_pcb = LIST_HEAD_INITIALIZER(hci_pcb);
   81 /* sysctl defaults */
   82 int hci_sendspace = HCI_CMD_PKT_SIZE;
   83 int hci_recvspace = 4096;
   85 /*
   86  * Security filter routines for unprivileged users.
   87  *      Allow all but a few critical events, and only permit read commands.
   88  */
   90 static int
hci_security_check_opcode(uint16_t opcode)
   92 {
   94         switch (opcode) {
   95         /* Link control */
   96         case HCI_CMD_INQUIRY:
   97                 return sizeof(hci_inquiry_cp);
   98         case HCI_CMD_REMOTE_NAME_REQ:
   99                 return sizeof(hci_remote_name_req_cp);
  100         case HCI_CMD_READ_REMOTE_FEATURES:
  101                 return sizeof(hci_read_remote_features_cp);
  102         case HCI_CMD_READ_REMOTE_EXTENDED_FEATURES:
  103                 return sizeof(hci_read_remote_extended_features_cp);
  104         case HCI_CMD_READ_REMOTE_VER_INFO:
  105                 return sizeof(hci_read_remote_ver_info_cp);
  106         case HCI_CMD_READ_CLOCK_OFFSET:
  107                 return sizeof(hci_read_clock_offset_cp);
  108         case HCI_CMD_READ_LMP_HANDLE:
  109                 return sizeof(hci_read_lmp_handle_cp);
  111         /* Link policy */
  112         case HCI_CMD_ROLE_DISCOVERY:
  113                 return sizeof(hci_role_discovery_cp);
  114         case HCI_CMD_READ_LINK_POLICY_SETTINGS:
  115                 return sizeof(hci_read_link_policy_settings_cp);
  116         case HCI_CMD_READ_DEFAULT_LINK_POLICY_SETTINGS:
  117                 return 0;       /* No command parameters */
  119         /* Host controller and baseband */
  120         case HCI_CMD_READ_PIN_TYPE:
  121         case HCI_CMD_READ_LOCAL_NAME:
  122         case HCI_CMD_READ_CON_ACCEPT_TIMEOUT:
  123         case HCI_CMD_READ_PAGE_TIMEOUT:
  124         case HCI_CMD_READ_SCAN_ENABLE:
  125         case HCI_CMD_READ_PAGE_SCAN_ACTIVITY:
  126         case HCI_CMD_READ_INQUIRY_SCAN_ACTIVITY:
  127         case HCI_CMD_READ_AUTH_ENABLE:
  128         case HCI_CMD_READ_ENCRYPTION_MODE:
  129         case HCI_CMD_READ_UNIT_CLASS:
  130         case HCI_CMD_READ_VOICE_SETTING:
  131                 return 0;       /* No command parameters */
  132         case HCI_CMD_READ_AUTO_FLUSH_TIMEOUT:
  133                 return sizeof(hci_read_auto_flush_timeout_cp);
  134         case HCI_CMD_READ_NUM_BROADCAST_RETRANS:
  135         case HCI_CMD_READ_HOLD_MODE_ACTIVITY:
  136                 return 0;       /* No command parameters */
  137         case HCI_CMD_READ_XMIT_LEVEL:
  138                 return sizeof(hci_read_xmit_level_cp);
  139         case HCI_CMD_READ_SCO_FLOW_CONTROL:
  140                 return 0;       /* No command parameters */
  141         case HCI_CMD_READ_LINK_SUPERVISION_TIMEOUT:
  142                 return sizeof(hci_read_link_supervision_timeout_cp);
  143         case HCI_CMD_READ_NUM_SUPPORTED_IAC:
  144         case HCI_CMD_READ_IAC_LAP:
  145         case HCI_CMD_READ_PAGE_SCAN_PERIOD:
  146         case HCI_CMD_READ_PAGE_SCAN:
  147         case HCI_CMD_READ_INQUIRY_SCAN_TYPE:
  148         case HCI_CMD_READ_INQUIRY_MODE:
  149         case HCI_CMD_READ_PAGE_SCAN_TYPE:
  150         case HCI_CMD_READ_AFH_ASSESSMENT:
  151                 return 0;       /* No command parameters */
  153         /* Informational */
  154         case HCI_CMD_READ_LOCAL_VER:
  155         case HCI_CMD_READ_LOCAL_COMMANDS:
  156         case HCI_CMD_READ_LOCAL_FEATURES:
  157                 return 0;       /* No command parameters */
  158         case HCI_CMD_READ_LOCAL_EXTENDED_FEATURES:
  159                 return sizeof(hci_read_local_extended_features_cp);
  160         case HCI_CMD_READ_BUFFER_SIZE:
  161         case HCI_CMD_READ_COUNTRY_CODE:
  162         case HCI_CMD_READ_BDADDR:
  163                 return 0;       /* No command parameters */
  165         /* Status */
  166         case HCI_CMD_READ_FAILED_CONTACT_CNTR:
  167                 return sizeof(hci_read_failed_contact_cntr_cp);
  168         case HCI_CMD_READ_LINK_QUALITY:
  169                 return sizeof(hci_read_link_quality_cp);
  170         case HCI_CMD_READ_RSSI:
  171                 return sizeof(hci_read_rssi_cp);
  172         case HCI_CMD_READ_AFH_CHANNEL_MAP:
  173                 return sizeof(hci_read_afh_channel_map_cp);
  174         case HCI_CMD_READ_CLOCK:
  175                 return sizeof(hci_read_clock_cp);
  177         /* Testing */
  178         case HCI_CMD_READ_LOOPBACK_MODE:
  179                 return 0;       /* No command parameters */
  180         }
  182         return -1;      /* disallowed */
  183 }
  185 static int
hci_security_check_event(uint8_t event)
  187 {
  189         switch (event) {
  190         case HCI_EVENT_RETURN_LINK_KEYS:
  191         case HCI_EVENT_LINK_KEY_NOTIFICATION:
  192         case HCI_EVENT_VENDOR:
  193                 return -1;      /* disallowed */
  194         }
  196         return 0;       /* ok */
  197 }
  199 /*
  200  * When command packet reaches the device, we can drop
  201  * it from the socket buffer (called from hci_output_acl)
  202  */
  203 void
hci_drop(void *arg)
  205 {
  206         struct socket *so = arg;
sbdroprecord(&so->so_snd);
sowwakeup(so);
  210 }
  212 /*
  213  * HCI socket is going away and has some pending packets. We let them
  214  * go by design, but remove the context pointer as it will be invalid
  215  * and we no longer need to be notified.
  216  */
  217 static void
hci_cmdwait_flush(struct socket *so)
  219 {
  220         struct hci_unit *unit;
  221         struct socket *ctx;
  222         struct mbuf *m;
DPRINTF("flushing %p\n", so);
TAILQ_FOREACH(unit, &hci_unit_list, hci_next) {
IF_POLL(&unit->hci_cmdwait, m);
  228                 while (m != NULL) {
ctx = M_GETCTX(m, struct socket *);
  230                         if (ctx == so)
M_SETCTX(m, NULL);
m = m->m_nextpkt;
  234                 }
  235         }
  236 }
  238 /*
  239  * HCI send packet
  240  *     This came from userland, so check it out.
  241  */
  242 static int
hci_send(struct hci_pcb *pcb, struct mbuf *m, bdaddr_t *addr)
  244 {
  245         struct hci_unit *unit;
  246         struct mbuf *m0;
hci_cmd_hdr_t hdr;
  248         int err;
KASSERT(m != NULL);
KASSERT(addr != NULL);
  253         /* wants at least a header to start with */
  254         if (m->m_pkthdr.len < sizeof(hdr)) {
err = EMSGSIZE;
  256                 goto bad;
  257         }
m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr);
  260         /* only allows CMD packets to be sent */
  261         if (hdr.type != HCI_CMD_PKT) {
err = EINVAL;
  263                 goto bad;
  264         }
  266         /* validates packet length */
  267         if (m->m_pkthdr.len != sizeof(hdr) + hdr.length) {
err = EMSGSIZE;
  269                 goto bad;
  270         }
  272         /* security checks for unprivileged users */
  273         if ((pcb->hp_flags & HCI_PRIVILEGED) == 0
  274             && hci_security_check_opcode(letoh16(hdr.opcode)) != hdr.length) {
err = EPERM;
  276                 goto bad;
  277         }
  279         /* finds destination */
unit = hci_unit_lookup(addr);
  281         if (unit == NULL) {
err = ENETDOWN;
  283                 goto bad;
  284         }
  286         /* makes a copy for precious to keep */
m0 = m_copym(m, 0, M_COPYALL, M_DONTWAIT);
  288         if (m0 == NULL) {
err = ENOMEM;
  290                 goto bad;
  291         }
sbappendrecord(&pcb->hp_socket->so_snd, m0);
M_SETCTX(m, pcb->hp_socket);    /* enable drop callback */
DPRINTFN(2, "(%s) opcode (%03x|%04x)\n", unit->hci_devname,
HCI_OGF(letoh16(hdr.opcode)), HCI_OCF(letoh16(hdr.opcode)));
  298         /* Sendss it */
  299         if (unit->hci_num_cmd_pkts == 0)
IF_ENQUEUE(&unit->hci_cmdwait, m);
  301         else
hci_output_cmd(unit, m);
  304         return 0;
bad:
DPRINTF("packet (%d bytes) not sent (error %d)\n",
m->m_pkthdr.len, err);
  309         if (m) m_freem(m);
  310         return err;
  311 }
  313 /*
  314  * User Request.
  315  * up is socket
  316  * m is either
  317  *      optional mbuf chain containing message
  318  *      ioctl command (PRU_CONTROL)
  319  * nam is either
  320  *      optional mbuf chain containing an address
  321  *      ioctl data (PRU_CONTROL)
  322  *      optionally, protocol number (PRU_ATTACH)
  323  * ctl is optional mbuf chain containing socket options
  324  * l is pointer to process requesting action (if any)
  325  *
  326  * we are responsible for disposing of m and ctl if
  327  * they are mbuf chains
  328  */
  329 int
hci_usrreq(struct socket *up, int req, struct mbuf *m,
  331     struct mbuf *nam, struct mbuf *ctl)
  332 {
  333         struct hci_pcb *pcb = (struct hci_pcb *)up->so_pcb;
  334         struct sockaddr_bt *sa;
  335         int err = 0;
  337 #ifdef notyet                   /* XXX */
DPRINTFN(2, "%s\n", prurequests[req]);
  339 #endif
  341         switch(req) {
  342         case PRU_CONTROL:
  343                 return hci_ioctl((unsigned long)m, (void *)nam, curproc);
  345         case PRU_ATTACH:
  346                 if (pcb)
  347                         return EINVAL;
err = soreserve(up, hci_sendspace, hci_recvspace);
  350                 if (err)
  351                         return err;
pcb = malloc(sizeof *pcb, M_PCB, M_NOWAIT);
  354                 if (pcb == NULL)
  355                         return ENOMEM;
bzero(pcb, sizeof *pcb);
up->so_pcb = pcb;
pcb->hp_socket = up;
  361                 if (curproc == NULL || suser(curproc, 0) == 0)
pcb->hp_flags |= HCI_PRIVILEGED;
  364                 /*
  365                  * Set default user filter. By default, socket only passes
  366                  * Command_Complete and Command_Status Events.
  367                  */
hci_filter_set(HCI_EVENT_COMMAND_COMPL, &pcb->hp_efilter);
hci_filter_set(HCI_EVENT_COMMAND_STATUS, &pcb->hp_efilter);
hci_filter_set(HCI_EVENT_PKT, &pcb->hp_pfilter);
LIST_INSERT_HEAD(&hci_pcb, pcb, hp_next);
  374                 return 0;
  375         }
  377         /* anything after here *requires* a pcb */
  378         if (pcb == NULL) {
err = EINVAL;
  380                 goto release;
  381         }
  383         switch(req) {
  384         case PRU_DISCONNECT:
bdaddr_copy(&pcb->hp_raddr, BDADDR_ANY);
  387                 /* XXX we cannot call soisdisconnected() here, as it sets
  388                  * SS_CANTRCVMORE and SS_CANTSENDMORE. The problem being,
  389                  * that soisconnected() does not clear these and if you
  390                  * try to reconnect this socket (which is permitted) you
  391                  * get a broken pipe when you try to write any data.
  392                  */
up->so_state &= ~SS_ISCONNECTED;
  394                 break;
  396         case PRU_ABORT:
soisdisconnected(up);
  398                 /* fall through to */
  399         case PRU_DETACH:
  400                 if (up->so_snd.sb_mb != NULL)
hci_cmdwait_flush(up);
up->so_pcb = NULL;
LIST_REMOVE(pcb, hp_next);
free(pcb, M_PCB);
  406                 return 0;
  408         case PRU_BIND:
KASSERT(nam != NULL);
sa = mtod(nam, struct sockaddr_bt *);
  412                 if (sa->bt_len != sizeof(struct sockaddr_bt))
  413                         return EINVAL;
  415                 if (sa->bt_family != AF_BLUETOOTH)
  416                         return EAFNOSUPPORT;
bdaddr_copy(&pcb->hp_laddr, &sa->bt_bdaddr);
  420                 if (bdaddr_any(&sa->bt_bdaddr))
pcb->hp_flags |= HCI_PROMISCUOUS;
  422                 else
pcb->hp_flags &= ~HCI_PROMISCUOUS;
  425                 return 0;
  427         case PRU_CONNECT:
KASSERT(nam != NULL);
sa = mtod(nam, struct sockaddr_bt *);
  431                 if (sa->bt_len != sizeof(struct sockaddr_bt))
  432                         return EINVAL;
  434                 if (sa->bt_family != AF_BLUETOOTH)
  435                         return EAFNOSUPPORT;
  437                 if (hci_unit_lookup(&sa->bt_bdaddr) == NULL)
  438                         return EADDRNOTAVAIL;
bdaddr_copy(&pcb->hp_raddr, &sa->bt_bdaddr);
soisconnected(up);
  442                 return 0;
  444         case PRU_PEERADDR:
KASSERT(nam != NULL);
sa = mtod(nam, struct sockaddr_bt *);
memset(sa, 0, sizeof(struct sockaddr_bt));
nam->m_len =
sa->bt_len = sizeof(struct sockaddr_bt);
sa->bt_family = AF_BLUETOOTH;
bdaddr_copy(&sa->bt_bdaddr, &pcb->hp_raddr);
  453                 return 0;
  455         case PRU_SOCKADDR:
KASSERT(nam != NULL);
sa = mtod(nam, struct sockaddr_bt *);
memset(sa, 0, sizeof(struct sockaddr_bt));
nam->m_len =
sa->bt_len = sizeof(struct sockaddr_bt);
sa->bt_family = AF_BLUETOOTH;
bdaddr_copy(&sa->bt_bdaddr, &pcb->hp_laddr);
  464                 return 0;
  466         case PRU_SHUTDOWN:
socantsendmore(up);
  468                 break;
  470         case PRU_SEND:
sa = NULL;
  472                 if (nam) {
sa = mtod(nam, struct sockaddr_bt *);
  475                         if (sa->bt_len != sizeof(struct sockaddr_bt)) {
err = EINVAL;
  477                                 goto release;
  478                         }
  480                         if (sa->bt_family != AF_BLUETOOTH) {
err = EAFNOSUPPORT;
  482                                 goto release;
  483                         }
  484                 }
  486                 if (ctl) /* have no use for this */
m_freem(ctl);
  489                 return hci_send(pcb, m, (sa ? &sa->bt_bdaddr : &pcb->hp_raddr));
  491         case PRU_SENSE:
  492                 return 0;               /* (no sense - Doh!) */
  494         case PRU_RCVD:
  495         case PRU_RCVOOB:
  496                 return EOPNOTSUPP;      /* (no release) */
  498         case PRU_ACCEPT:
  499         case PRU_CONNECT2:
  500         case PRU_LISTEN:
  501         case PRU_SENDOOB:
  502         case PRU_FASTTIMO:
  503         case PRU_SLOWTIMO:
  504         case PRU_PROTORCV:
  505         case PRU_PROTOSEND:
err = EOPNOTSUPP;
  507                 break;
  509         default:
UNKNOWN(req);
err = EOPNOTSUPP;
  512                 break;
  513         }
release:
  516         if (m)
m_freem(m);
  518         if (ctl)
m_freem(ctl);
  520         return err;
  521 }
  523 /*
  524  * get/set socket options
  525  */
  526 int
hci_ctloutput(int req, struct socket *so, int level,
  528                 int optname, struct mbuf **opt)
  529 {
  530         struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb;
  531         struct mbuf *m;
  532         int err = 0;
  534 #ifdef notyet                   /* XXX */
DPRINTFN(2, "req %s\n", prcorequests[req]);
  536 #endif
  538         if (pcb == NULL)
  539                 return EINVAL;
  541         if (level != BTPROTO_HCI)
  542                 return ENOPROTOOPT;
  544         switch(req) {
  545         case PRCO_GETOPT:
m = m_get(M_WAIT, MT_SOOPTS);
  547                 switch (optname) {
  548                 case SO_HCI_EVT_FILTER:
m->m_len = sizeof(struct hci_filter);
memcpy(mtod(m, void *), &pcb->hp_efilter, m->m_len);
  551                         break;
  553                 case SO_HCI_PKT_FILTER:
m->m_len = sizeof(struct hci_filter);
memcpy(mtod(m, void *), &pcb->hp_pfilter, m->m_len);
  556                         break;
  558                 case SO_HCI_DIRECTION:
m->m_len = sizeof(int);
  560                         if (pcb->hp_flags & HCI_DIRECTION)
  561                                 *mtod(m, int *) = 1;
  562                         else
  563                                 *mtod(m, int *) = 0;
  564                         break;
  566                 default:
err = ENOPROTOOPT;
m_freem(m);
m = NULL;
  570                         break;
  571                 }
  572                 *opt = m;
  573                 break;
  575         case PRCO_SETOPT:
m = *opt;
  577                 if (m) switch (optname) {
  578                 case SO_HCI_EVT_FILTER: /* set event filter */
m->m_len = min(m->m_len, sizeof(struct hci_filter));
memcpy(&pcb->hp_efilter, mtod(m, void *), m->m_len);
  581                         break;
  583                 case SO_HCI_PKT_FILTER: /* set packet filter */
m->m_len = min(m->m_len, sizeof(struct hci_filter));
memcpy(&pcb->hp_pfilter, mtod(m, void *), m->m_len);
  586                         break;
  588                 case SO_HCI_DIRECTION:  /* request direction ctl messages */
  589                         if (*mtod(m, int *))
pcb->hp_flags |= HCI_DIRECTION;
  591                         else
pcb->hp_flags &= ~HCI_DIRECTION;
  593                         break;
  595                 default:
err = ENOPROTOOPT;
  597                         break;
  598                 }
m_freem(m);
  600                 break;
  602         default:
err = ENOPROTOOPT;
  604                 break;
  605         }
  607         return err;
  608 }
  610 /*
  611  * HCI mbuf tap routine
  612  *
  613  * copy packets to any raw HCI sockets that wish (and are
  614  * permitted) to see them
  615  */
  616 void
hci_mtap(struct mbuf *m, struct hci_unit *unit)
  618 {
  619         struct hci_pcb *pcb;
  620         struct mbuf *m0, *ctlmsg, **ctl;
  621         struct sockaddr_bt sa;
uint8_t type;
uint8_t event;
uint16_t opcode;
KASSERT(m->m_len >= sizeof(type));
type = *mtod(m, uint8_t *);
memset(&sa, 0, sizeof(sa));
sa.bt_len = sizeof(struct sockaddr_bt);
sa.bt_family = AF_BLUETOOTH;
bdaddr_copy(&sa.bt_bdaddr, &unit->hci_bdaddr);
LIST_FOREACH(pcb, &hci_pcb, hp_next) {
  636                 /*
  637                  * filter according to source address
  638                  */
  639                 if ((pcb->hp_flags & HCI_PROMISCUOUS) == 0
  640                     && bdaddr_same(&pcb->hp_laddr, &sa.bt_bdaddr) == 0)
  641                         continue;
  643                 /*
  644                  * filter according to packet type filter
  645                  */
  646                 if (hci_filter_test(type, &pcb->hp_pfilter) == 0)
  647                         continue;
  649                 /*
  650                  * filter according to event/security filters
  651                  */
  652                 switch(type) {
  653                 case HCI_EVENT_PKT:
KASSERT(m->m_len >= sizeof(hci_event_hdr_t));
event = mtod(m, hci_event_hdr_t *)->event;
  658                         if (hci_filter_test(event, &pcb->hp_efilter) == 0)
  659                                 continue;
  661                         if ((pcb->hp_flags & HCI_PRIVILEGED) == 0
  662                             && hci_security_check_event(event) == -1)
  663                                 continue;
  664                         break;
  666                 case HCI_CMD_PKT:
KASSERT(m->m_len >= sizeof(hci_cmd_hdr_t));
opcode = letoh16(mtod(m, hci_cmd_hdr_t *)->opcode);
  671                         if ((pcb->hp_flags & HCI_PRIVILEGED) == 0
  672                             && hci_security_check_opcode(opcode) == -1)
  673                                 continue;
  674                         break;
  676                 case HCI_ACL_DATA_PKT:
  677                 case HCI_SCO_DATA_PKT:
  678                 default:
  679                         if ((pcb->hp_flags & HCI_PRIVILEGED) == 0)
  680                                 continue;
  682                         break;
  683                 }
  685                 /*
  686                  * create control messages
  687                  */
ctlmsg = NULL;
ctl = &ctlmsg;
  690                 if (pcb->hp_flags & HCI_DIRECTION) {
  691                         int dir = m->m_flags & M_LINK0 ? 1 : 0;
  693                         *ctl = sbcreatecontrol((void *)&dir, sizeof(dir),
SCM_HCI_DIRECTION, BTPROTO_HCI);
  696                         if (*ctl != NULL)
ctl = &((*ctl)->m_next);
  698                 }
  700                 /*
  701                  * copy to socket
  702                  */
m0 = m_copym(m, 0, M_COPYALL, M_DONTWAIT);
  704                 if (m0 && sbappendaddr(&pcb->hp_socket->so_rcv,
  705                                 (struct sockaddr *)&sa, m0, ctlmsg)) {
sorwakeup(pcb->hp_socket);
  707                 } else {
m_freem(ctlmsg);
m_freem(m0);
  710                 }
  711         }
  712 }