search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'master' of ssh://crater.dragonflybsd.org/repository/git/dragonfly
[dragonfly.git] / sys / netbt / hci_socket.c
blob0489721e47e9645aea54fb7282544a60d02f9ee7
1 /* $DragonFly: src/sys/netbt/hci_socket.c,v 1.3 2008/06/20 20:52:29 aggelos Exp $ */
2 /* $OpenBSD: src/sys/netbt/hci_socket.c,v 1.5 2008/02/24 21:34:48 uwe Exp $ */
3 /* $NetBSD: hci_socket.c,v 1.14 2008/02/10 17:40:54 plunky Exp $ */
4
5 /*-
6 * Copyright (c) 2005 Iain Hibbert.
7 * Copyright (c) 2006 Itronix Inc.
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. The name of Itronix Inc. may not be used to endorse
19 * or promote products derived from this software without specific
20 * prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
25 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
26 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
29 * ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGE.
33 */
34
35 /* load symbolic names */
36 #ifdef BLUETOOTH_DEBUG
37 #define PRUREQUESTS
38 #define PRCOREQUESTS
39 #endif
40
41 #include <sys/param.h>
42 #include <sys/domain.h>
43 #include <sys/kernel.h>
44 #include <sys/mbuf.h>
45 #include <sys/proc.h>
46 #include <sys/priv.h>
47 #include <sys/protosw.h>
48 #include <sys/socket.h>
49 #include <sys/socketvar.h>
50 #include <sys/systm.h>
51 #include <sys/endian.h>
52 #include <net/if.h>
53 #include <net/if_var.h>
54 #include <sys/sysctl.h>
55 #include <sys/thread2.h>
56
57 #include <netbt/bluetooth.h>
58 #include <netbt/hci.h>
59
60 /*******************************************************************************
61 *
62 * HCI SOCK_RAW Sockets - for control of Bluetooth Devices
63 *
64 */
65
66 /*
67 * the raw HCI protocol control block
68 */
69 struct hci_pcb {
70 struct socket *hp_socket; /* socket */
71 unsigned int hp_flags; /* flags */
72 bdaddr_t hp_laddr; /* local address */
73 bdaddr_t hp_raddr; /* remote address */
74 struct hci_filter hp_efilter; /* user event filter */
75 struct hci_filter hp_pfilter; /* user packet filter */
76 LIST_ENTRY(hci_pcb) hp_next; /* next HCI pcb */
77 };
78
79 /* hp_flags */
80 #define HCI_PRIVILEGED (1<<0) /* no security filter for root */
81 #define HCI_DIRECTION (1<<1) /* direction control messages */
82 #define HCI_PROMISCUOUS (1<<2) /* listen to all units */
83
84 LIST_HEAD(hci_pcb_list, hci_pcb) hci_pcb = LIST_HEAD_INITIALIZER(hci_pcb);
85
86 /* sysctl defaults */
87 int hci_sendspace = HCI_CMD_PKT_SIZE;
88 int hci_recvspace = 4096;
89
90 extern struct pr_usrreqs hci_usrreqs;
91
92 /* Prototypes for usrreqs methods. */
93 static int hci_sabort (struct socket *so);
94 static int hci_sdetach(struct socket *so);
95 static int hci_sdisconnect (struct socket *so);
96 static int hci_scontrol (struct socket *so, u_long cmd, caddr_t data,
97 struct ifnet *ifp, struct thread *td);
98 static int hci_sattach (struct socket *so, int proto,
99 struct pru_attach_info *ai);
100 static int hci_sbind (struct socket *so, struct sockaddr *nam,
101 struct thread *td);
102 static int hci_sconnect (struct socket *so, struct sockaddr *nam,
103 struct thread *td);
104 static int hci_speeraddr (struct socket *so, struct sockaddr **nam);
105 static int hci_ssockaddr (struct socket *so, struct sockaddr **nam);
106 static int hci_sshutdown (struct socket *so);
107 static int hci_ssend (struct socket *so, int flags, struct mbuf *m,
108 struct sockaddr *addr, struct mbuf *control,
109 struct thread *td);
110
111 /* supported commands opcode table */
112 static const struct {
113 uint16_t opcode;
114 uint8_t offs; /* 0 - 63 */
115 uint8_t mask; /* bit 0 - 7 */
116 int16_t length; /* -1 if privileged */
117 } hci_cmds[] = {
118 { HCI_CMD_INQUIRY,
119 0, 0x01, sizeof(hci_inquiry_cp) },
120 { HCI_CMD_INQUIRY_CANCEL,
121 0, 0x02, -1 },
122 { HCI_CMD_PERIODIC_INQUIRY,
123 0, 0x04, -1 },
124 { HCI_CMD_EXIT_PERIODIC_INQUIRY,
125 0, 0x08, -1 },
126 { HCI_CMD_CREATE_CON,
127 0, 0x10, -1 },
128 { HCI_CMD_DISCONNECT,
129 0, 0x20, -1 },
130 { HCI_CMD_ADD_SCO_CON,
131 0, 0x40, -1 },
132 { HCI_CMD_CREATE_CON_CANCEL,
133 0, 0x80, -1 },
134 { HCI_CMD_ACCEPT_CON,
135 1, 0x01, -1 },
136 { HCI_CMD_REJECT_CON,
137 1, 0x02, -1 },
138 { HCI_CMD_LINK_KEY_REP,
139 1, 0x04, -1 },
140 { HCI_CMD_LINK_KEY_NEG_REP,
141 1, 0x08, -1 },
142 { HCI_CMD_PIN_CODE_REP,
143 1, 0x10, -1 },
144 { HCI_CMD_PIN_CODE_NEG_REP,
145 1, 0x20, -1 },
146 { HCI_CMD_CHANGE_CON_PACKET_TYPE,
147 1, 0x40, -1 },
148 { HCI_CMD_AUTH_REQ,
149 1, 0x80, -1 },
150 { HCI_CMD_SET_CON_ENCRYPTION,
151 2, 0x01, -1 },
152 { HCI_CMD_CHANGE_CON_LINK_KEY,
153 2, 0x02, -1 },
154 { HCI_CMD_MASTER_LINK_KEY,
155 2, 0x04, -1 },
156 { HCI_CMD_REMOTE_NAME_REQ,
157 2, 0x08, sizeof(hci_remote_name_req_cp) },
158 { HCI_CMD_REMOTE_NAME_REQ_CANCEL,
159 2, 0x10, -1 },
160 { HCI_CMD_READ_REMOTE_FEATURES,
161 2, 0x20, sizeof(hci_read_remote_features_cp) },
162 { HCI_CMD_READ_REMOTE_EXTENDED_FEATURES,
163 2, 0x40, sizeof(hci_read_remote_extended_features_cp) },
164 { HCI_CMD_READ_REMOTE_VER_INFO,
165 2, 0x80, sizeof(hci_read_remote_ver_info_cp) },
166 { HCI_CMD_READ_CLOCK_OFFSET,
167 3, 0x01, sizeof(hci_read_clock_offset_cp) },
168 { HCI_CMD_READ_LMP_HANDLE,
169 3, 0x02, sizeof(hci_read_lmp_handle_cp) },
170 { HCI_CMD_HOLD_MODE,
171 4, 0x02, -1 },
172 { HCI_CMD_SNIFF_MODE,
173 4, 0x04, -1 },
174 { HCI_CMD_EXIT_SNIFF_MODE,
175 4, 0x08, -1 },
176 { HCI_CMD_PARK_MODE,
177 4, 0x10, -1 },
178 { HCI_CMD_EXIT_PARK_MODE,
179 4, 0x20, -1 },
180 { HCI_CMD_QOS_SETUP,
181 4, 0x40, -1 },
182 { HCI_CMD_ROLE_DISCOVERY,
183 4, 0x80, sizeof(hci_role_discovery_cp) },
184 { HCI_CMD_SWITCH_ROLE,
185 5, 0x01, -1 },
186 { HCI_CMD_READ_LINK_POLICY_SETTINGS,
187 5, 0x02, sizeof(hci_read_link_policy_settings_cp) },
188 { HCI_CMD_WRITE_LINK_POLICY_SETTINGS,
189 5, 0x04, -1 },
190 { HCI_CMD_READ_DEFAULT_LINK_POLICY_SETTINGS,
191 5, 0x08, 0 },
192 { HCI_CMD_WRITE_DEFAULT_LINK_POLICY_SETTINGS,
193 5, 0x10, -1 },
194 { HCI_CMD_FLOW_SPECIFICATION,
195 5, 0x20, -1 },
196 { HCI_CMD_SET_EVENT_MASK,
197 5, 0x40, -1 },
198 { HCI_CMD_RESET,
199 5, 0x80, -1 },
200 { HCI_CMD_SET_EVENT_FILTER,
201 6, 0x01, -1 },
202 { HCI_CMD_FLUSH,
203 6, 0x02, -1 },
204 { HCI_CMD_READ_PIN_TYPE,
205 6, 0x04, 0 },
206 { HCI_CMD_WRITE_PIN_TYPE,
207 6, 0x08, -1 },
208 { HCI_CMD_CREATE_NEW_UNIT_KEY,
209 6, 0x10, -1 },
210 { HCI_CMD_READ_STORED_LINK_KEY,
211 6, 0x20, -1 },
212 { HCI_CMD_WRITE_STORED_LINK_KEY,
213 6, 0x40, -1 },
214 { HCI_CMD_DELETE_STORED_LINK_KEY,
215 6, 0x80, -1 },
216 { HCI_CMD_WRITE_LOCAL_NAME,
217 7, 0x01, -1 },
218 { HCI_CMD_READ_LOCAL_NAME,
219 7, 0x02, 0 },
220 { HCI_CMD_READ_CON_ACCEPT_TIMEOUT,
221 7, 0x04, 0 },
222 { HCI_CMD_WRITE_CON_ACCEPT_TIMEOUT,
223 7, 0x08, -1 },
224 { HCI_CMD_READ_PAGE_TIMEOUT,
225 7, 0x10, 0 },
226 { HCI_CMD_WRITE_PAGE_TIMEOUT,
227 7, 0x20, -1 },
228 { HCI_CMD_READ_SCAN_ENABLE,
229 7, 0x40, 0 },
230 { HCI_CMD_WRITE_SCAN_ENABLE,
231 7, 0x80, -1 },
232 { HCI_CMD_READ_PAGE_SCAN_ACTIVITY,
233 8, 0x01, 0 },
234 { HCI_CMD_WRITE_PAGE_SCAN_ACTIVITY,
235 8, 0x02, -1 },
236 { HCI_CMD_READ_INQUIRY_SCAN_ACTIVITY,
237 8, 0x04, 0 },
238 { HCI_CMD_WRITE_INQUIRY_SCAN_ACTIVITY,
239 8, 0x08, -1 },
240 { HCI_CMD_READ_AUTH_ENABLE,
241 8, 0x10, 0 },
242 { HCI_CMD_WRITE_AUTH_ENABLE,
243 8, 0x20, -1 },
244 { HCI_CMD_READ_ENCRYPTION_MODE,
245 8, 0x40, 0 },
246 { HCI_CMD_WRITE_ENCRYPTION_MODE,
247 8, 0x80, -1 },
248 { HCI_CMD_READ_UNIT_CLASS,
249 9, 0x01, 0 },
250 { HCI_CMD_WRITE_UNIT_CLASS,
251 9, 0x02, -1 },
252 { HCI_CMD_READ_VOICE_SETTING,
253 9, 0x04, 0 },
254 { HCI_CMD_WRITE_VOICE_SETTING,
255 9, 0x08, -1 },
256 { HCI_CMD_READ_AUTO_FLUSH_TIMEOUT,
257 9, 0x10, sizeof(hci_read_auto_flush_timeout_cp) },
258 { HCI_CMD_WRITE_AUTO_FLUSH_TIMEOUT,
259 9, 0x20, -1 },
260 { HCI_CMD_READ_NUM_BROADCAST_RETRANS,
261 9, 0x40, 0 },
262 { HCI_CMD_WRITE_NUM_BROADCAST_RETRANS,
263 9, 0x80, -1 },
264 { HCI_CMD_READ_HOLD_MODE_ACTIVITY,
265 10, 0x01, 0 },
266 { HCI_CMD_WRITE_HOLD_MODE_ACTIVITY,
267 10, 0x02, -1 },
268 { HCI_CMD_READ_XMIT_LEVEL,
269 10, 0x04, sizeof(hci_read_xmit_level_cp) },
270 { HCI_CMD_READ_SCO_FLOW_CONTROL,
271 10, 0x08, 0 },
272 { HCI_CMD_WRITE_SCO_FLOW_CONTROL,
273 10, 0x10, -1 },
274 { HCI_CMD_HC2H_FLOW_CONTROL,
275 10, 0x20, -1 },
276 { HCI_CMD_HOST_BUFFER_SIZE,
277 10, 0x40, -1 },
278 { HCI_CMD_HOST_NUM_COMPL_PKTS,
279 10, 0x80, -1 },
280 { HCI_CMD_READ_LINK_SUPERVISION_TIMEOUT,
281 11, 0x01, sizeof(hci_read_link_supervision_timeout_cp) },
282 { HCI_CMD_WRITE_LINK_SUPERVISION_TIMEOUT,
283 11, 0x02, -1 },
284 { HCI_CMD_READ_NUM_SUPPORTED_IAC,
285 11, 0x04, 0 },
286 { HCI_CMD_READ_IAC_LAP,
287 11, 0x08, 0 },
288 { HCI_CMD_WRITE_IAC_LAP,
289 11, 0x10, -1 },
290 { HCI_CMD_READ_PAGE_SCAN_PERIOD,
291 11, 0x20, 0 },
292 { HCI_CMD_WRITE_PAGE_SCAN_PERIOD,
293 11, 0x40, -1 },
294 { HCI_CMD_READ_PAGE_SCAN,
295 11, 0x80, 0 },
296 { HCI_CMD_WRITE_PAGE_SCAN,
297 12, 0x01, -1 },
298 { HCI_CMD_SET_AFH_CLASSIFICATION,
299 12, 0x02, -1 },
300 { HCI_CMD_READ_INQUIRY_SCAN_TYPE,
301 12, 0x10, 0 },
302 { HCI_CMD_WRITE_INQUIRY_SCAN_TYPE,
303 12, 0x20, -1 },
304 { HCI_CMD_READ_INQUIRY_MODE,
305 12, 0x40, 0 },
306 { HCI_CMD_WRITE_INQUIRY_MODE,
307 12, 0x80, -1 },
308 { HCI_CMD_READ_PAGE_SCAN_TYPE,
309 13, 0x01, 0 },
310 { HCI_CMD_WRITE_PAGE_SCAN_TYPE,
311 13, 0x02, -1 },
312 { HCI_CMD_READ_AFH_ASSESSMENT,
313 13, 0x04, 0 },
314 { HCI_CMD_WRITE_AFH_ASSESSMENT,
315 13, 0x08, -1 },
316 { HCI_CMD_READ_LOCAL_VER,
317 14, 0x08, 0 },
318 { HCI_CMD_READ_LOCAL_COMMANDS,
319 14, 0x10, 0 },
320 { HCI_CMD_READ_LOCAL_FEATURES,
321 14, 0x20, 0 },
322 { HCI_CMD_READ_LOCAL_EXTENDED_FEATURES,
323 14, 0x40, sizeof(hci_read_local_extended_features_cp) },
324 { HCI_CMD_READ_BUFFER_SIZE,
325 14, 0x80, 0 },
326 { HCI_CMD_READ_COUNTRY_CODE,
327 15, 0x01, 0 },
328 { HCI_CMD_READ_BDADDR,
329 15, 0x02, 0 },
330 { HCI_CMD_READ_FAILED_CONTACT_CNTR,
331 15, 0x04, sizeof(hci_read_failed_contact_cntr_cp) },
332 { HCI_CMD_RESET_FAILED_CONTACT_CNTR,
333 15, 0x08, -1 },
334 { HCI_CMD_READ_LINK_QUALITY,
335 15, 0x10, sizeof(hci_read_link_quality_cp) },
336 { HCI_CMD_READ_RSSI,
337 15, 0x20, sizeof(hci_read_rssi_cp) },
338 { HCI_CMD_READ_AFH_CHANNEL_MAP,
339 15, 0x40, sizeof(hci_read_afh_channel_map_cp) },
340 { HCI_CMD_READ_CLOCK,
341 15, 0x80, sizeof(hci_read_clock_cp) },
342 { HCI_CMD_READ_LOOPBACK_MODE,
343 16, 0x01, 0 },
344 { HCI_CMD_WRITE_LOOPBACK_MODE,
345 16, 0x02, -1 },
346 { HCI_CMD_ENABLE_UNIT_UNDER_TEST,
347 16, 0x04, -1 },
348 { HCI_CMD_SETUP_SCO_CON,
349 16, 0x08, -1 },
350 { HCI_CMD_ACCEPT_SCO_CON_REQ,
351 16, 0x10, -1 },
352 { HCI_CMD_REJECT_SCO_CON_REQ,
353 16, 0x20, -1 },
354 { HCI_CMD_READ_EXTENDED_INQUIRY_RSP,
355 17, 0x01, 0 },
356 { HCI_CMD_WRITE_EXTENDED_INQUIRY_RSP,
357 17, 0x02, -1 },
358 { HCI_CMD_REFRESH_ENCRYPTION_KEY,
359 17, 0x04, -1 },
360 { HCI_CMD_SNIFF_SUBRATING,
361 17, 0x10, -1 },
362 { HCI_CMD_READ_SIMPLE_PAIRING_MODE,
363 17, 0x20, 0 },
364 { HCI_CMD_WRITE_SIMPLE_PAIRING_MODE,
365 17, 0x40, -1 },
366 { HCI_CMD_READ_LOCAL_OOB_DATA,
367 17, 0x80, -1 },
368 { HCI_CMD_READ_INQUIRY_RSP_XMIT_POWER,
369 18, 0x01, 0 },
370 { HCI_CMD_WRITE_INQUIRY_RSP_XMIT_POWER,
371 18, 0x02, -1 },
372 { HCI_CMD_READ_DEFAULT_ERRDATA_REPORTING,
373 18, 0x04, 0 },
374 { HCI_CMD_WRITE_DEFAULT_ERRDATA_REPORTING,
375 18, 0x08, -1 },
376 { HCI_CMD_IO_CAPABILITY_REP,
377 18, 0x80, -1 },
378 { HCI_CMD_USER_CONFIRM_REP,
379 19, 0x01, -1 },
380 { HCI_CMD_USER_CONFIRM_NEG_REP,
381 19, 0x02, -1 },
382 { HCI_CMD_USER_PASSKEY_REP,
383 19, 0x04, -1 },
384 { HCI_CMD_USER_PASSKEY_NEG_REP,
385 19, 0x08, -1 },
386 { HCI_CMD_OOB_DATA_REP,
387 19, 0x10, -1 },
388 { HCI_CMD_WRITE_SIMPLE_PAIRING_DEBUG_MODE,
389 19, 0x20, -1 },
390 { HCI_CMD_ENHANCED_FLUSH,
391 19, 0x40, -1 },
392 { HCI_CMD_OOB_DATA_NEG_REP,
393 19, 0x80, -1 },
394 { HCI_CMD_SEND_KEYPRESS_NOTIFICATION,
395 20, 0x40, -1 },
396 { HCI_CMD_IO_CAPABILITY_NEG_REP,
397 20, 0x80, -1 },
398 };
399
400 /*
401 * Security filter routines for unprivileged users.
402 * Allow all but a few critical events, and only permit read commands.
403 * If a unit is given, verify the command is supported.
404 */
405
406 static int
407 hci_security_check_opcode(struct hci_unit *unit, uint16_t opcode)
408 {
409 int i;
410
411 for (i = 0 ; i < sizeof(hci_cmds) / sizeof(hci_cmds[0]); i++) {
412 if (opcode != hci_cmds[i].opcode)
413 continue;
414
415 if (unit == NULL
416 || (unit->hci_cmds[hci_cmds[i].offs] & hci_cmds[i].mask))
417 return hci_cmds[i].length;
418
419 break;
420 }
421
422 return -1;
423 }
424
425 static int
426 hci_security_check_event(uint8_t event)
427 {
428
429 switch (event) {
430 case HCI_EVENT_RETURN_LINK_KEYS:
431 case HCI_EVENT_LINK_KEY_NOTIFICATION:
432 case HCI_EVENT_USER_CONFIRM_REQ:
433 case HCI_EVENT_USER_PASSKEY_NOTIFICATION:
434 case HCI_EVENT_VENDOR:
435 return -1; /* disallowed */
436 }
437
438 return 0; /* ok */
439 }
440
441 /*
442 * When command packet reaches the device, we can drop
443 * it from the socket buffer (called from hci_output_acl)
444 */
445 void
446 hci_drop(void *arg)
447 {
448 struct socket *so = arg;
449
450 sbdroprecord(&so->so_snd.sb);
451 sowwakeup(so);
452 }
453
454 /*
455 * HCI socket is going away and has some pending packets. We let them
456 * go by design, but remove the context pointer as it will be invalid
457 * and we no longer need to be notified.
458 */
459 static void
460 hci_cmdwait_flush(struct socket *so)
461 {
462 struct hci_unit *unit;
463 struct socket *ctx;
464 struct mbuf *m;
465
466 DPRINTF("flushing %p\n", so);
467
468 TAILQ_FOREACH(unit, &hci_unit_list, hci_next) {
469 IF_POLL(&unit->hci_cmdwait, m);
470 while (m != NULL) {
471 ctx = M_GETCTX(m, struct socket *);
472 if (ctx == so)
473 M_SETCTX(m, NULL);
474
475 m = m->m_nextpkt;
476 }
477 }
478 }
479
480 /*
481 * HCI send packet
482 * This came from userland, so check it out.
483 */
484 static int
485 hci_send(struct hci_pcb *pcb, struct mbuf *m, bdaddr_t *addr)
486 {
487 struct hci_unit *unit;
488 struct mbuf *m0;
489 hci_cmd_hdr_t hdr;
490 int err;
491
492 KKASSERT(m != NULL);
493 KKASSERT(addr != NULL);
494
495 /* wants at least a header to start with */
496 if (m->m_pkthdr.len < sizeof(hdr)) {
497 err = EMSGSIZE;
498 goto bad;
499 }
500 m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr);
501 hdr.opcode = letoh16(hdr.opcode);
502
503 /* only allows CMD packets to be sent */
504 if (hdr.type != HCI_CMD_PKT) {
505 err = EINVAL;
506 goto bad;
507 }
508
509 /* validates packet length */
510 if (m->m_pkthdr.len != sizeof(hdr) + hdr.length) {
511 err = EMSGSIZE;
512 goto bad;
513 }
514
515 /* finds destination */
516 unit = hci_unit_lookup(addr);
517 if (unit == NULL) {
518 err = ENETDOWN;
519 goto bad;
520 }
521
522 /* security checks for unprivileged users */
523 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0
524 && hci_security_check_opcode(unit, hdr.opcode) != hdr.length) {
525 err = EPERM;
526 goto bad;
527 }
528
529 /* makes a copy for precious to keep */
530 m0 = m_copym(m, 0, M_COPYALL, MB_DONTWAIT);
531 if (m0 == NULL) {
532 err = ENOMEM;
533 goto bad;
534 }
535 sbappendrecord(&pcb->hp_socket->so_snd.sb, m0);
536 M_SETCTX(m, pcb->hp_socket); /* enable drop callback */
537
538 DPRINTFN(2, "(%s) opcode (%03x|%04x)\n",
539 device_get_nameunit(unit->hci_dev),
540 HCI_OGF(hdr.opcode), HCI_OCF(hdr.opcode));
541
542 /* Sendss it */
543 if (unit->hci_num_cmd_pkts == 0)
544 IF_ENQUEUE(&unit->hci_cmdwait, m);
545 else
546 hci_output_cmd(unit, m);
547
548 return 0;
549
550 bad:
551 DPRINTF("packet (%d bytes) not sent (error %d)\n",
552 m->m_pkthdr.len, err);
553 if (m) m_freem(m);
554 return err;
555 }
556
557 /*
558 * Implementation of usrreqs.
559 */
560 static int
561 hci_sabort (struct socket *so)
562 {
563 /* struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; */
564
565 soisdisconnected(so);
566 return hci_sdetach(so);
567 }
568
569 static int
570 hci_sdetach(struct socket *so)
571 {
572 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb;
573
574 if (pcb == NULL)
575 return EINVAL;
576 if (so->so_snd.ssb_mb != NULL)
577 hci_cmdwait_flush(so);
578
579 so->so_pcb = NULL;
580 LIST_REMOVE(pcb, hp_next);
581 kfree(pcb, M_PCB);
582
583 return 0;
584 }
585
586 static int
587 hci_sdisconnect (struct socket *so)
588 {
589 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb;
590
591 if (pcb==NULL)
592 return EINVAL;
593
594 bdaddr_copy(&pcb->hp_raddr, BDADDR_ANY);
595 /*
596 * XXX We cannot call soisdisconnected() here, as it sets
597 * SS_CANTRCVMORE and SS_CANTSENDMORE. The problem is that
598 * soisconnected() does not clear these and if you try to reconnect
599 * this socket (which is permitted) you get a broken pipe when you
600 * try to write any data.
601 */
602 so->so_state &= ~SS_ISCONNECTED;
603
604 return 0;
605 }
606
607 static int
608 hci_scontrol (struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp,
609 struct thread *td)
610 {
611 return hci_ioctl(cmd, (void*)data, NULL);
612 }
613
614 static int
615 hci_sattach (struct socket *so, int proto, struct pru_attach_info *ai)
616 {
617 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb;
618 int err = 0;
619
620 if (pcb)
621 return EINVAL;
622
623 err = soreserve(so, hci_sendspace, hci_recvspace,NULL);
624 if (err)
625 return err;
626
627 pcb = kmalloc(sizeof *pcb, M_PCB, M_NOWAIT | M_ZERO);
628 if (pcb == NULL)
629 return ENOMEM;
630
631 so->so_pcb = pcb;
632 pcb->hp_socket = so;
633
634 if (curproc == NULL || priv_check(curthread, PRIV_ROOT) == 0)
635 pcb->hp_flags |= HCI_PRIVILEGED;
636
637 /*
638 * Set default user filter. By default, socket only passes
639 * Command_Complete and Command_Status Events.
640 */
641 hci_filter_set(HCI_EVENT_COMMAND_COMPL, &pcb->hp_efilter);
642 hci_filter_set(HCI_EVENT_COMMAND_STATUS, &pcb->hp_efilter);
643 hci_filter_set(HCI_EVENT_PKT, &pcb->hp_pfilter);
644
645 crit_enter();
646 LIST_INSERT_HEAD(&hci_pcb, pcb, hp_next);
647 crit_exit();
648
649 return 0;
650 }
651
652 static int
653 hci_sbind (struct socket *so, struct sockaddr *nam,
654 struct thread *td)
655 {
656 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb;
657 struct sockaddr_bt *sa;
658
659 KKASSERT(nam != NULL);
660 sa = (struct sockaddr_bt *)nam;
661
662 if (sa->bt_len != sizeof(struct sockaddr_bt))
663 return EINVAL;
664
665 if (sa->bt_family != AF_BLUETOOTH)
666 return EAFNOSUPPORT;
667
668 bdaddr_copy(&pcb->hp_laddr, &sa->bt_bdaddr);
669
670 if (bdaddr_any(&sa->bt_bdaddr))
671 pcb->hp_flags |= HCI_PROMISCUOUS;
672 else
673 pcb->hp_flags &= ~HCI_PROMISCUOUS;
674
675 return 0;
676 }
677
678 static int
679 hci_sconnect (struct socket *so, struct sockaddr *nam,
680 struct thread *td)
681 {
682 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb;
683 struct sockaddr_bt *sa;
684 KKASSERT(nam != NULL);
685 sa = (struct sockaddr_bt *)nam;
686
687 if (sa->bt_len != sizeof(struct sockaddr_bt))
688 return EINVAL;
689
690 if (sa->bt_family != AF_BLUETOOTH)
691 return EAFNOSUPPORT;
692
693 if (hci_unit_lookup(&sa->bt_bdaddr) == NULL)
694 return EADDRNOTAVAIL;
695
696 bdaddr_copy(&pcb->hp_raddr, &sa->bt_bdaddr);
697 soisconnected(so);
698
699 return 0;
700 }
701
702 static int
703 hci_speeraddr (struct socket *so, struct sockaddr **nam)
704 {
705 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb;
706 struct sockaddr_bt *sa;
707
708 KKASSERT(nam != NULL);
709 sa = (struct sockaddr_bt *)nam;
710
711 memset(sa, 0, sizeof(struct sockaddr_bt));
712 sa->bt_len = sizeof(struct sockaddr_bt);
713 sa->bt_family = AF_BLUETOOTH;
714 bdaddr_copy(&sa->bt_bdaddr, &pcb->hp_raddr);
715
716 return 0;
717 }
718
719 static int
720 hci_ssockaddr (struct socket *so, struct sockaddr **nam)
721 {
722 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb;
723 struct sockaddr_bt *sa;
724
725 KKASSERT(nam != NULL);
726 sa = (struct sockaddr_bt *)nam;
727
728 memset(sa, 0, sizeof(struct sockaddr_bt));
729 sa->bt_len = sizeof(struct sockaddr_bt);
730 sa->bt_family = AF_BLUETOOTH;
731 bdaddr_copy(&sa->bt_bdaddr, &pcb->hp_laddr);
732
733 return 0;
734 }
735
736 static int
737 hci_sshutdown (struct socket *so)
738 {
739 socantsendmore(so);
740 return 0;
741 }
742
743 static int
744 hci_ssend (struct socket *so, int flags, struct mbuf *m,
745 struct sockaddr *addr, struct mbuf *control,
746 struct thread *td)
747 {
748 int err = 0;
749 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb;
750 struct sockaddr_bt *sa;
751
752 sa = NULL;
753 if (addr) {
754 sa = (struct sockaddr_bt *)addr;
755
756 if (sa->bt_len != sizeof(struct sockaddr_bt)) {
757 err = EINVAL;
758 if (m) m_freem(m);
759 if (control) m_freem(control);
760 return err;
761 }
762
763 if (sa->bt_family != AF_BLUETOOTH) {
764 err = EAFNOSUPPORT;
765 if (m) m_freem(m);
766 if (control) m_freem(control);
767 return err;
768 }
769 }
770
771 if (control) /* have no use for this */
772 m_freem(control);
773
774 return hci_send(pcb, m, (sa ? &sa->bt_bdaddr : &pcb->hp_raddr));
775 }
776
777 /*
778 * get/set socket options
779 */
780 int
781 hci_ctloutput (struct socket *so, struct sockopt *sopt)
782 {
783 struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb;
784 int idir = 0;
785 int err = 0;
786
787 #ifdef notyet /* XXX */
788 DPRINTFN(2, "req %s\n", prcorequests[req]);
789 #endif
790
791 if (pcb == NULL)
792 return EINVAL;
793
794 if (sopt->sopt_level != BTPROTO_HCI)
795 return ENOPROTOOPT;
796
797 switch(sopt->sopt_dir) {
798 case PRCO_GETOPT:
799 switch (sopt->sopt_name) {
800 case SO_HCI_EVT_FILTER:
801 soopt_from_kbuf(sopt, &pcb->hp_efilter,
802 sizeof(struct hci_filter));
803 break;
804
805 case SO_HCI_PKT_FILTER:
806 soopt_from_kbuf(sopt, &pcb->hp_pfilter,
807 sizeof(struct hci_filter));
808 break;
809
810 case SO_HCI_DIRECTION:
811 if (pcb->hp_flags & HCI_DIRECTION)
812 idir = 1;
813 else
814 idir = 0;
815 soopt_from_kbuf(sopt, &idir, sizeof(int));
816 break;
817
818 default:
819 err = ENOPROTOOPT;
820 break;
821 }
822 break;
823
824 case PRCO_SETOPT:
825 switch (sopt->sopt_name) {
826 case SO_HCI_EVT_FILTER: /* set event filter */
827 err = soopt_to_kbuf(sopt, &pcb->hp_efilter,
828 sizeof(struct hci_filter),
829 sizeof(struct hci_filter));
830 break;
831
832 case SO_HCI_PKT_FILTER: /* set packet filter */
833 err = soopt_to_kbuf(sopt, &pcb->hp_pfilter,
834 sizeof(struct hci_filter),
835 sizeof(struct hci_filter));
836 break;
837
838 case SO_HCI_DIRECTION: /* request direction ctl messages */
839 err = soopt_to_kbuf(sopt, &idir, sizeof(int),
840 sizeof(int));
841 if (err) break;
842 if (idir)
843 pcb->hp_flags |= HCI_DIRECTION;
844 else
845 pcb->hp_flags &= ~HCI_DIRECTION;
846 break;
847
848 default:
849 err = ENOPROTOOPT;
850 break;
851 }
852 break;
853
854 default:
855 err = ENOPROTOOPT;
856 break;
857 }
858
859 return err;
860 }
861
862 /*
863 * HCI mbuf tap routine
864 *
865 * copy packets to any raw HCI sockets that wish (and are
866 * permitted) to see them
867 */
868 void
869 hci_mtap(struct mbuf *m, struct hci_unit *unit)
870 {
871 struct hci_pcb *pcb;
872 struct mbuf *m0, *ctlmsg, **ctl;
873 struct sockaddr_bt sa;
874 uint8_t type;
875 uint8_t event;
876 uint16_t opcode;
877
878 KKASSERT(m->m_len >= sizeof(type));
879
880 type = *mtod(m, uint8_t *);
881
882 memset(&sa, 0, sizeof(sa));
883 sa.bt_len = sizeof(struct sockaddr_bt);
884 sa.bt_family = AF_BLUETOOTH;
885 bdaddr_copy(&sa.bt_bdaddr, &unit->hci_bdaddr);
886
887 LIST_FOREACH(pcb, &hci_pcb, hp_next) {
888 /*
889 * filter according to source address
890 */
891 if ((pcb->hp_flags & HCI_PROMISCUOUS) == 0
892 && bdaddr_same(&pcb->hp_laddr, &sa.bt_bdaddr) == 0)
893 continue;
894
895 /*
896 * filter according to packet type filter
897 */
898 if (hci_filter_test(type, &pcb->hp_pfilter) == 0)
899 continue;
900
901 /*
902 * filter according to event/security filters
903 */
904 switch(type) {
905 case HCI_EVENT_PKT:
906 KKASSERT(m->m_len >= sizeof(hci_event_hdr_t));
907
908 event = mtod(m, hci_event_hdr_t *)->event;
909
910 if (hci_filter_test(event, &pcb->hp_efilter) == 0)
911 continue;
912
913 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0
914 && hci_security_check_event(event) == -1)
915 continue;
916 break;
917
918 case HCI_CMD_PKT:
919 KKASSERT(m->m_len >= sizeof(hci_cmd_hdr_t));
920
921 opcode = letoh16(mtod(m, hci_cmd_hdr_t *)->opcode);
922
923 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0
924 && hci_security_check_opcode(NULL, opcode) == -1)
925 continue;
926 break;
927
928 case HCI_ACL_DATA_PKT:
929 case HCI_SCO_DATA_PKT:
930 default:
931 if ((pcb->hp_flags & HCI_PRIVILEGED) == 0)
932 continue;
933
934 break;
935 }
936
937 /*
938 * create control messages
939 */
940 ctlmsg = NULL;
941 ctl = &ctlmsg;
942 if (pcb->hp_flags & HCI_DIRECTION) {
943 int dir = m->m_flags & IFF_LINK0 ? 1 : 0;
944
945 *ctl = sbcreatecontrol((void *)&dir, sizeof(dir),
946 SCM_HCI_DIRECTION, BTPROTO_HCI);
947
948 if (*ctl != NULL)
949 ctl = &((*ctl)->m_next);
950 }
951
952 /*
953 * copy to socket
954 */
955 m0 = m_copym(m, 0, M_COPYALL, MB_DONTWAIT);
956 if (m0 && sbappendaddr(&pcb->hp_socket->so_rcv.sb,
957 (struct sockaddr *)&sa, m0, ctlmsg)) {
958 sorwakeup(pcb->hp_socket);
959 } else {
960 m_freem(ctlmsg);
961 m_freem(m0);
962 }
963 }
964 }
965
966 struct pr_usrreqs hci_usrreqs = {
967 .pru_abort = hci_sabort,
968 .pru_accept = pru_accept_notsupp,
969 .pru_attach = hci_sattach,
970 .pru_bind = hci_sbind,
971 .pru_connect = hci_sconnect,
972 .pru_connect2 = pru_connect2_notsupp,
973 .pru_control = hci_scontrol,
974 .pru_detach = hci_sdetach,
975 .pru_disconnect = hci_sdisconnect,
976 .pru_listen = pru_listen_notsupp,
977 .pru_peeraddr = hci_speeraddr,
978 .pru_rcvd = pru_rcvd_notsupp,
979 .pru_rcvoob = pru_rcvoob_notsupp,
980 .pru_send = hci_ssend,
981 .pru_sense = pru_sense_null,
982 .pru_shutdown = hci_sshutdown,
983 .pru_sockaddr = hci_ssockaddr,
984 .pru_sosend = sosend,
985 .pru_soreceive = soreceive,
986 .pru_sopoll = sopoll
987 };
DragonFly BSD