2 * QEMU Bluetooth HCI logic.
4 * Copyright (C) 2007 OpenMoko, Inc.
5 * Copyright (C) 2008 Andrzej Zaborowski <balrog@zabor.org>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation; either version 2 of
10 * the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
22 #include "qemu-common.h"
23 #include "qemu/timer.h"
25 #include "sysemu/bt.h"
27 #include "qapi/qmp/qerror.h"
28 #include "sysemu/replay.h"
31 uint8_t *(*evt_packet
)(void *opaque
);
32 void (*evt_submit
)(void *opaque
, int len
);
36 uint8_t acl_buf
[4096];
42 int last_cmd
; /* Note: Always little-endian */
44 struct bt_device_s
*conn_req_host
;
51 QEMUTimer
*inquiry_done
;
52 QEMUTimer
*inquiry_next
;
57 #define HCI_HANDLE_OFFSET 0x20
58 #define HCI_HANDLES_MAX 0x10
59 struct bt_hci_master_link_s
{
60 struct bt_link_s
*link
;
61 void (*lmp_acl_data
)(struct bt_link_s
*link
,
62 const uint8_t *data
, int start
, int len
);
63 QEMUTimer
*acl_mode_timer
;
64 } handle
[HCI_HANDLES_MAX
];
68 bdaddr_t awaiting_bdaddr
[HCI_HANDLES_MAX
];
71 uint8_t event_mask
[8];
72 uint16_t voice_setting
; /* Notw: Always little-endian */
73 uint16_t conn_accept_tout
;
74 QEMUTimer
*conn_accept_timer
;
77 struct bt_device_s device
;
79 Error
*replay_blocker
;
82 #define DEFAULT_RSSI_DBM 20
84 #define hci_from_info(ptr) container_of((ptr), struct bt_hci_s, info)
85 #define hci_from_device(ptr) container_of((ptr), struct bt_hci_s, device)
87 struct bt_hci_link_s
{
88 struct bt_link_s btlink
;
89 uint16_t handle
; /* Local */
92 /* LMP layer emulation */
94 static void bt_submit_lmp(struct bt_device_s
*bt
, int length
, uint8_t *data
)
96 int resp
, resplen
, error
, op
, tr
;
103 op
= *(data
++) >> 1;
110 if (op
>= 0x7c) { /* Extended opcode */
111 op
|= *(data
++) << 8;
112 resp
= LMP_ACCEPTED_EXT
;
114 respdata
[0] = op
>> 8;
115 respdata
[1] = op
& 0xff;
124 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
130 case LMP_ACCEPTED_EXT
:
131 /* data[0] Escape op code
132 * data[1] Extended op code
135 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
141 case LMP_NOT_ACCEPTED
:
146 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
152 case LMP_NOT_ACCEPTED_EXT
:
154 * data[1] Extended op code
158 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
164 case LMP_HOST_CONNECTION_REQ
:
167 case LMP_SETUP_COMPLETE
:
168 resp
= LMP_SETUP_COMPLETE
;
174 /* data[0] Error code
177 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
184 case LMP_SUPERVISION_TIMEOUT
:
185 /* data[0,1] Supervision timeout
188 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
194 case LMP_QUALITY_OF_SERVICE
:
198 /* data[0,1] Poll interval
202 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
210 case LMP_MAX_SLOT_REQ
:
214 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
222 /* data[0-15] Random number
225 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
228 if (op
== LMP_AU_RAND
) {
229 if (bt
->key_present
) {
232 /* XXX: [Part H] Section 6.1 on page 801 */
234 error
= HCI_PIN_OR_KEY_MISSING
;
237 } else if (op
== LMP_IN_RAND
) {
238 error
= HCI_PAIRING_NOT_ALLOWED
;
241 /* XXX: [Part H] Section 3.2 on page 779 */
244 memcpy(respdata
+ 1, bt
->key
, 16);
246 error
= HCI_UNIT_LINK_KEY_USED
;
255 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
258 memcpy(bt
->key
, data
, 16);
263 /* data[0-3] Authentication response
266 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
271 case LMP_CLKOFFSET_REQ
:
272 resp
= LMP_CLKOFFSET_RES
;
278 case LMP_CLKOFFSET_RES
:
279 /* data[0,1] Clock offset
280 * (Slave to master only)
283 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
288 case LMP_VERSION_REQ
:
289 case LMP_VERSION_RES
:
292 * data[3,4] SubVersNr
295 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
298 if (op
== LMP_VERSION_REQ
) {
299 resp
= LMP_VERSION_RES
;
310 case LMP_FEATURES_REQ
:
311 case LMP_FEATURES_RES
:
312 /* data[0-7] Features
315 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
318 if (op
== LMP_FEATURES_REQ
) {
319 resp
= LMP_FEATURES_RES
;
321 respdata
[1] = (bt
->lmp_caps
>> 0) & 0xff;
322 respdata
[2] = (bt
->lmp_caps
>> 8) & 0xff;
323 respdata
[3] = (bt
->lmp_caps
>> 16) & 0xff;
324 respdata
[4] = (bt
->lmp_caps
>> 24) & 0xff;
325 respdata
[5] = (bt
->lmp_caps
>> 32) & 0xff;
326 respdata
[6] = (bt
->lmp_caps
>> 40) & 0xff;
327 respdata
[7] = (bt
->lmp_caps
>> 48) & 0xff;
328 respdata
[8] = (bt
->lmp_caps
>> 56) & 0xff;
334 /* data[0] Name offset
337 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
342 respdata
[1] = data
[0];
343 respdata
[2] = strlen(bt
->lmp_name
);
344 memset(respdata
+ 3, 0x00, 14);
345 if (respdata
[2] > respdata
[1])
346 memcpy(respdata
+ 3, bt
->lmp_name
+ respdata
[1],
347 respdata
[2] - respdata
[1]);
351 /* data[0] Name offset
352 * data[1] Name length
353 * data[2-15] Name fragment
356 error
= HCI_UNSUPPORTED_LMP_PARAMETER_VALUE
;
363 error
= HCI_UNKNOWN_LMP_PDU
;
367 resp
= LMP_NOT_ACCEPTED_EXT
;
369 respdata
[0] = op
>> 8;
370 respdata
[1] = op
& 0xff;
373 resp
= LMP_NOT_ACCEPTED
;
375 respdata
[0] = op
& 0xff;
384 respdata
[0] = resp
>> 8;
385 respdata
[1] = resp
& 0xff;
387 respdata
[0] = resp
& 0xff;
393 static void bt_submit_raw_acl(struct bt_piconet_s
*net
, int length
, uint8_t *data
)
395 struct bt_device_s
*slave
;
404 switch (data
[0] & 3) {
406 bt_submit_lmp(slave
, length
- 1, data
+ 1);
408 case LLID_ACLU_START
:
410 bt_sumbit_l2cap(slave
, length
- 1, data
+ 1, (data
[0] >> 2) & 1);
420 /* HCI layer emulation */
422 /* Note: we could ignore endiannes because unswapped handles will still
423 * be valid as connection identifiers for the guest - they don't have to
424 * be continuously allocated. We do it though, to preserve similar
425 * behaviour between hosts. Some things, like the BD_ADDR cannot be
426 * preserved though (for example if a real hci is used). */
427 #ifdef HOST_WORDS_BIGENDIAN
428 # define HNDL(raw) bswap16(raw)
430 # define HNDL(raw) (raw)
433 static const uint8_t bt_event_reserved_mask
[8] = {
434 0xff, 0x9f, 0xfb, 0xff, 0x07, 0x18, 0x00, 0x00,
438 static void null_hci_send(struct HCIInfo
*hci
, const uint8_t *data
, int len
)
442 static int null_hci_addr_set(struct HCIInfo
*hci
, const uint8_t *bd_addr
)
447 struct HCIInfo null_hci
= {
448 .cmd_send
= null_hci_send
,
449 .sco_send
= null_hci_send
,
450 .acl_send
= null_hci_send
,
451 .bdaddr_set
= null_hci_addr_set
,
455 static inline uint8_t *bt_hci_event_start(struct bt_hci_s
*hci
,
458 uint8_t *packet
, mask
;
462 fprintf(stderr
, "%s: HCI event params too long (%ib)\n",
467 mask_byte
= (evt
- 1) >> 3;
468 mask
= 1 << ((evt
- 1) & 3);
469 if (mask
& bt_event_reserved_mask
[mask_byte
] & ~hci
->event_mask
[mask_byte
])
472 packet
= hci
->evt_packet(hci
->opaque
);
479 static inline void bt_hci_event(struct bt_hci_s
*hci
, int evt
,
480 void *params
, int len
)
482 uint8_t *packet
= bt_hci_event_start(hci
, evt
, len
);
488 memcpy(packet
, params
, len
);
490 hci
->evt_submit(hci
->opaque
, len
+ 2);
493 static inline void bt_hci_event_status(struct bt_hci_s
*hci
, int status
)
495 evt_cmd_status params
= {
498 .opcode
= hci
->last_cmd
,
501 bt_hci_event(hci
, EVT_CMD_STATUS
, ¶ms
, EVT_CMD_STATUS_SIZE
);
504 static inline void bt_hci_event_complete(struct bt_hci_s
*hci
,
507 uint8_t *packet
= bt_hci_event_start(hci
, EVT_CMD_COMPLETE
,
508 len
+ EVT_CMD_COMPLETE_SIZE
);
509 evt_cmd_complete
*params
= (evt_cmd_complete
*) packet
;
515 params
->opcode
= hci
->last_cmd
;
517 memcpy(&packet
[EVT_CMD_COMPLETE_SIZE
], ret
, len
);
519 hci
->evt_submit(hci
->opaque
, len
+ EVT_CMD_COMPLETE_SIZE
+ 2);
522 static void bt_hci_inquiry_done(void *opaque
)
524 struct bt_hci_s
*hci
= (struct bt_hci_s
*) opaque
;
525 uint8_t status
= HCI_SUCCESS
;
527 if (!hci
->lm
.periodic
)
530 /* The specification is inconsistent about this one. Page 565 reads
531 * "The event parameters of Inquiry Complete event will have a summary
532 * of the result from the Inquiry process, which reports the number of
533 * nearby Bluetooth devices that responded [so hci->responses].", but
534 * Event Parameters (see page 729) has only Status. */
535 bt_hci_event(hci
, EVT_INQUIRY_COMPLETE
, &status
, 1);
538 static void bt_hci_inquiry_result_standard(struct bt_hci_s
*hci
,
539 struct bt_device_s
*slave
)
541 inquiry_info params
= {
543 .bdaddr
= BAINIT(&slave
->bd_addr
),
544 .pscan_rep_mode
= 0x00, /* R0 */
545 .pscan_period_mode
= 0x00, /* P0 - deprecated */
546 .pscan_mode
= 0x00, /* Standard scan - deprecated */
547 .dev_class
[0] = slave
->class[0],
548 .dev_class
[1] = slave
->class[1],
549 .dev_class
[2] = slave
->class[2],
550 /* TODO: return the clkoff *differenece* */
551 .clock_offset
= slave
->clkoff
, /* Note: no swapping */
554 bt_hci_event(hci
, EVT_INQUIRY_RESULT
, ¶ms
, INQUIRY_INFO_SIZE
);
557 static void bt_hci_inquiry_result_with_rssi(struct bt_hci_s
*hci
,
558 struct bt_device_s
*slave
)
560 inquiry_info_with_rssi params
= {
562 .bdaddr
= BAINIT(&slave
->bd_addr
),
563 .pscan_rep_mode
= 0x00, /* R0 */
564 .pscan_period_mode
= 0x00, /* P0 - deprecated */
565 .dev_class
[0] = slave
->class[0],
566 .dev_class
[1] = slave
->class[1],
567 .dev_class
[2] = slave
->class[2],
568 /* TODO: return the clkoff *differenece* */
569 .clock_offset
= slave
->clkoff
, /* Note: no swapping */
570 .rssi
= DEFAULT_RSSI_DBM
,
573 bt_hci_event(hci
, EVT_INQUIRY_RESULT_WITH_RSSI
,
574 ¶ms
, INQUIRY_INFO_WITH_RSSI_SIZE
);
577 static void bt_hci_inquiry_result(struct bt_hci_s
*hci
,
578 struct bt_device_s
*slave
)
580 if (!slave
->inquiry_scan
|| !hci
->lm
.responses_left
)
583 hci
->lm
.responses_left
--;
584 hci
->lm
.responses
++;
586 switch (hci
->lm
.inquiry_mode
) {
588 bt_hci_inquiry_result_standard(hci
, slave
);
591 bt_hci_inquiry_result_with_rssi(hci
, slave
);
594 fprintf(stderr
, "%s: bad inquiry mode %02x\n", __FUNCTION__
,
595 hci
->lm
.inquiry_mode
);
600 static void bt_hci_mod_timer_1280ms(QEMUTimer
*timer
, int period
)
602 timer_mod(timer
, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL
) +
603 (uint64_t)(period
<< 7) * 10000000);
606 static void bt_hci_inquiry_start(struct bt_hci_s
*hci
, int length
)
608 struct bt_device_s
*slave
;
610 hci
->lm
.inquiry_length
= length
;
611 for (slave
= hci
->device
.net
->slave
; slave
; slave
= slave
->next
)
612 /* Don't uncover ourselves. */
613 if (slave
!= &hci
->device
)
614 bt_hci_inquiry_result(hci
, slave
);
616 /* TODO: register for a callback on a new device's addition to the
617 * scatternet so that if it's added before inquiry_length expires,
618 * an Inquiry Result is generated immediately. Alternatively re-loop
619 * through the devices on the inquiry_length expiration and report
620 * devices not seen before. */
621 if (hci
->lm
.responses_left
)
622 bt_hci_mod_timer_1280ms(hci
->lm
.inquiry_done
, hci
->lm
.inquiry_length
);
624 bt_hci_inquiry_done(hci
);
626 if (hci
->lm
.periodic
)
627 bt_hci_mod_timer_1280ms(hci
->lm
.inquiry_next
, hci
->lm
.inquiry_period
);
630 static void bt_hci_inquiry_next(void *opaque
)
632 struct bt_hci_s
*hci
= (struct bt_hci_s
*) opaque
;
634 hci
->lm
.responses_left
+= hci
->lm
.responses
;
635 hci
->lm
.responses
= 0;
636 bt_hci_inquiry_start(hci
, hci
->lm
.inquiry_length
);
639 static inline int bt_hci_handle_bad(struct bt_hci_s
*hci
, uint16_t handle
)
641 return !(handle
& HCI_HANDLE_OFFSET
) ||
642 handle
>= (HCI_HANDLE_OFFSET
| HCI_HANDLES_MAX
) ||
643 !hci
->lm
.handle
[handle
& ~HCI_HANDLE_OFFSET
].link
;
646 static inline int bt_hci_role_master(struct bt_hci_s
*hci
, uint16_t handle
)
648 return !!(hci
->lm
.role_bmp
& (1 << (handle
& ~HCI_HANDLE_OFFSET
)));
651 static inline struct bt_device_s
*bt_hci_remote_dev(struct bt_hci_s
*hci
,
654 struct bt_link_s
*link
= hci
->lm
.handle
[handle
& ~HCI_HANDLE_OFFSET
].link
;
656 return bt_hci_role_master(hci
, handle
) ? link
->slave
: link
->host
;
659 static void bt_hci_mode_tick(void *opaque
);
660 static void bt_hci_lmp_link_establish(struct bt_hci_s
*hci
,
661 struct bt_link_s
*link
, int master
)
663 hci
->lm
.handle
[hci
->lm
.last_handle
].link
= link
;
666 /* We are the master side of an ACL link */
667 hci
->lm
.role_bmp
|= 1 << hci
->lm
.last_handle
;
669 hci
->lm
.handle
[hci
->lm
.last_handle
].lmp_acl_data
=
670 link
->slave
->lmp_acl_data
;
672 /* We are the slave side of an ACL link */
673 hci
->lm
.role_bmp
&= ~(1 << hci
->lm
.last_handle
);
675 hci
->lm
.handle
[hci
->lm
.last_handle
].lmp_acl_data
=
676 link
->host
->lmp_acl_resp
;
681 link
->acl_mode
= acl_active
;
682 hci
->lm
.handle
[hci
->lm
.last_handle
].acl_mode_timer
=
683 timer_new_ns(QEMU_CLOCK_VIRTUAL
, bt_hci_mode_tick
, link
);
687 static void bt_hci_lmp_link_teardown(struct bt_hci_s
*hci
, uint16_t handle
)
689 handle
&= ~HCI_HANDLE_OFFSET
;
690 hci
->lm
.handle
[handle
].link
= NULL
;
692 if (bt_hci_role_master(hci
, handle
)) {
693 timer_del(hci
->lm
.handle
[handle
].acl_mode_timer
);
694 timer_free(hci
->lm
.handle
[handle
].acl_mode_timer
);
698 static int bt_hci_connect(struct bt_hci_s
*hci
, bdaddr_t
*bdaddr
)
700 struct bt_device_s
*slave
;
701 struct bt_link_s link
;
703 for (slave
= hci
->device
.net
->slave
; slave
; slave
= slave
->next
)
704 if (slave
->page_scan
&& !bacmp(&slave
->bd_addr
, bdaddr
))
706 if (!slave
|| slave
== &hci
->device
)
709 bacpy(&hci
->lm
.awaiting_bdaddr
[hci
->lm
.connecting
++], &slave
->bd_addr
);
712 link
.host
= &hci
->device
;
713 link
.slave
->lmp_connection_request(&link
); /* Always last */
718 static void bt_hci_connection_reject(struct bt_hci_s
*hci
,
719 struct bt_device_s
*host
, uint8_t because
)
721 struct bt_link_s link
= {
722 .slave
= &hci
->device
,
724 /* Rest uninitialised */
727 host
->reject_reason
= because
;
728 host
->lmp_connection_complete(&link
);
731 static void bt_hci_connection_reject_event(struct bt_hci_s
*hci
,
734 evt_conn_complete params
;
736 params
.status
= HCI_NO_CONNECTION
;
738 bacpy(¶ms
.bdaddr
, bdaddr
);
739 params
.link_type
= ACL_LINK
;
740 params
.encr_mode
= 0x00; /* Encryption not required */
741 bt_hci_event(hci
, EVT_CONN_COMPLETE
, ¶ms
, EVT_CONN_COMPLETE_SIZE
);
744 static void bt_hci_connection_accept(struct bt_hci_s
*hci
,
745 struct bt_device_s
*host
)
747 struct bt_hci_link_s
*link
= g_malloc0(sizeof(struct bt_hci_link_s
));
748 evt_conn_complete params
;
750 uint8_t status
= HCI_SUCCESS
;
751 int tries
= HCI_HANDLES_MAX
;
753 /* Make a connection handle */
755 while (hci
->lm
.handle
[++ hci
->lm
.last_handle
].link
&& -- tries
)
756 hci
->lm
.last_handle
&= HCI_HANDLES_MAX
- 1;
757 handle
= hci
->lm
.last_handle
| HCI_HANDLE_OFFSET
;
758 } while ((handle
== hci
->asb_handle
|| handle
== hci
->psb_handle
) &&
763 bt_hci_connection_reject(hci
, host
, HCI_REJECTED_LIMITED_RESOURCES
);
764 status
= HCI_NO_CONNECTION
;
768 link
->btlink
.slave
= &hci
->device
;
769 link
->btlink
.host
= host
;
770 link
->handle
= handle
;
772 /* Link established */
773 bt_hci_lmp_link_establish(hci
, &link
->btlink
, 0);
776 params
.status
= status
;
777 params
.handle
= HNDL(handle
);
778 bacpy(¶ms
.bdaddr
, &host
->bd_addr
);
779 params
.link_type
= ACL_LINK
;
780 params
.encr_mode
= 0x00; /* Encryption not required */
781 bt_hci_event(hci
, EVT_CONN_COMPLETE
, ¶ms
, EVT_CONN_COMPLETE_SIZE
);
783 /* Neets to be done at the very end because it can trigger a (nested)
784 * disconnected, in case the other and had cancelled the request
786 if (status
== HCI_SUCCESS
) {
787 host
->reject_reason
= 0;
788 host
->lmp_connection_complete(&link
->btlink
);
792 static void bt_hci_lmp_connection_request(struct bt_link_s
*link
)
794 struct bt_hci_s
*hci
= hci_from_device(link
->slave
);
795 evt_conn_request params
;
797 if (hci
->conn_req_host
) {
798 bt_hci_connection_reject(hci
, link
->host
,
799 HCI_REJECTED_LIMITED_RESOURCES
);
802 hci
->conn_req_host
= link
->host
;
803 /* TODO: if masked and auto-accept, then auto-accept,
804 * if masked and not auto-accept, then auto-reject */
805 /* TODO: kick the hci->conn_accept_timer, timeout after
806 * hci->conn_accept_tout * 0.625 msec */
808 bacpy(¶ms
.bdaddr
, &link
->host
->bd_addr
);
809 memcpy(¶ms
.dev_class
, &link
->host
->class, sizeof(params
.dev_class
));
810 params
.link_type
= ACL_LINK
;
811 bt_hci_event(hci
, EVT_CONN_REQUEST
, ¶ms
, EVT_CONN_REQUEST_SIZE
);
814 static void bt_hci_conn_accept_timeout(void *opaque
)
816 struct bt_hci_s
*hci
= (struct bt_hci_s
*) opaque
;
818 if (!hci
->conn_req_host
)
819 /* Already accepted or rejected. If the other end cancelled the
820 * connection request then we still have to reject or accept it
821 * and then we'll get a disconnect. */
827 /* Remove from the list of devices which we wanted to connect to and
828 * are awaiting a response from. If the callback sees a response from
829 * a device which is not on the list it will assume it's a connection
830 * that's been cancelled by the host in the meantime and immediately
831 * try to detach the link and send a Connection Complete. */
832 static int bt_hci_lmp_connection_ready(struct bt_hci_s
*hci
,
837 for (i
= 0; i
< hci
->lm
.connecting
; i
++)
838 if (!bacmp(&hci
->lm
.awaiting_bdaddr
[i
], bdaddr
)) {
839 if (i
< -- hci
->lm
.connecting
)
840 bacpy(&hci
->lm
.awaiting_bdaddr
[i
],
841 &hci
->lm
.awaiting_bdaddr
[hci
->lm
.connecting
]);
848 static void bt_hci_lmp_connection_complete(struct bt_link_s
*link
)
850 struct bt_hci_s
*hci
= hci_from_device(link
->host
);
851 evt_conn_complete params
;
853 uint8_t status
= HCI_SUCCESS
;
854 int tries
= HCI_HANDLES_MAX
;
856 if (bt_hci_lmp_connection_ready(hci
, &link
->slave
->bd_addr
)) {
857 if (!hci
->device
.reject_reason
)
858 link
->slave
->lmp_disconnect_slave(link
);
860 status
= HCI_NO_CONNECTION
;
864 if (hci
->device
.reject_reason
) {
866 status
= hci
->device
.reject_reason
;
870 /* Make a connection handle */
872 while (hci
->lm
.handle
[++ hci
->lm
.last_handle
].link
&& -- tries
)
873 hci
->lm
.last_handle
&= HCI_HANDLES_MAX
- 1;
874 handle
= hci
->lm
.last_handle
| HCI_HANDLE_OFFSET
;
875 } while ((handle
== hci
->asb_handle
|| handle
== hci
->psb_handle
) &&
879 link
->slave
->lmp_disconnect_slave(link
);
880 status
= HCI_NO_CONNECTION
;
884 /* Link established */
885 link
->handle
= handle
;
886 bt_hci_lmp_link_establish(hci
, link
, 1);
889 params
.status
= status
;
890 params
.handle
= HNDL(handle
);
891 params
.link_type
= ACL_LINK
;
892 bacpy(¶ms
.bdaddr
, &link
->slave
->bd_addr
);
893 params
.encr_mode
= 0x00; /* Encryption not required */
894 bt_hci_event(hci
, EVT_CONN_COMPLETE
, ¶ms
, EVT_CONN_COMPLETE_SIZE
);
897 static void bt_hci_disconnect(struct bt_hci_s
*hci
,
898 uint16_t handle
, int reason
)
900 struct bt_link_s
*btlink
=
901 hci
->lm
.handle
[handle
& ~HCI_HANDLE_OFFSET
].link
;
902 struct bt_hci_link_s
*link
;
903 evt_disconn_complete params
;
905 if (bt_hci_role_master(hci
, handle
)) {
906 btlink
->slave
->reject_reason
= reason
;
907 btlink
->slave
->lmp_disconnect_slave(btlink
);
908 /* The link pointer is invalid from now on */
913 btlink
->host
->reject_reason
= reason
;
914 btlink
->host
->lmp_disconnect_master(btlink
);
916 /* We are the slave, we get to clean this burden */
917 link
= (struct bt_hci_link_s
*) btlink
;
921 bt_hci_lmp_link_teardown(hci
, handle
);
923 params
.status
= HCI_SUCCESS
;
924 params
.handle
= HNDL(handle
);
925 params
.reason
= HCI_CONNECTION_TERMINATED
;
926 bt_hci_event(hci
, EVT_DISCONN_COMPLETE
,
927 ¶ms
, EVT_DISCONN_COMPLETE_SIZE
);
930 /* TODO: use only one function */
931 static void bt_hci_lmp_disconnect_host(struct bt_link_s
*link
)
933 struct bt_hci_s
*hci
= hci_from_device(link
->host
);
934 uint16_t handle
= link
->handle
;
935 evt_disconn_complete params
;
937 bt_hci_lmp_link_teardown(hci
, handle
);
939 params
.status
= HCI_SUCCESS
;
940 params
.handle
= HNDL(handle
);
941 params
.reason
= hci
->device
.reject_reason
;
942 bt_hci_event(hci
, EVT_DISCONN_COMPLETE
,
943 ¶ms
, EVT_DISCONN_COMPLETE_SIZE
);
946 static void bt_hci_lmp_disconnect_slave(struct bt_link_s
*btlink
)
948 struct bt_hci_link_s
*link
= (struct bt_hci_link_s
*) btlink
;
949 struct bt_hci_s
*hci
= hci_from_device(btlink
->slave
);
950 uint16_t handle
= link
->handle
;
951 evt_disconn_complete params
;
955 bt_hci_lmp_link_teardown(hci
, handle
);
957 params
.status
= HCI_SUCCESS
;
958 params
.handle
= HNDL(handle
);
959 params
.reason
= hci
->device
.reject_reason
;
960 bt_hci_event(hci
, EVT_DISCONN_COMPLETE
,
961 ¶ms
, EVT_DISCONN_COMPLETE_SIZE
);
964 static int bt_hci_name_req(struct bt_hci_s
*hci
, bdaddr_t
*bdaddr
)
966 struct bt_device_s
*slave
;
967 evt_remote_name_req_complete params
;
969 for (slave
= hci
->device
.net
->slave
; slave
; slave
= slave
->next
)
970 if (slave
->page_scan
&& !bacmp(&slave
->bd_addr
, bdaddr
))
975 bt_hci_event_status(hci
, HCI_SUCCESS
);
977 params
.status
= HCI_SUCCESS
;
978 bacpy(¶ms
.bdaddr
, &slave
->bd_addr
);
979 pstrcpy(params
.name
, sizeof(params
.name
), slave
->lmp_name
?: "");
980 bt_hci_event(hci
, EVT_REMOTE_NAME_REQ_COMPLETE
,
981 ¶ms
, EVT_REMOTE_NAME_REQ_COMPLETE_SIZE
);
986 static int bt_hci_features_req(struct bt_hci_s
*hci
, uint16_t handle
)
988 struct bt_device_s
*slave
;
989 evt_read_remote_features_complete params
;
991 if (bt_hci_handle_bad(hci
, handle
))
994 slave
= bt_hci_remote_dev(hci
, handle
);
996 bt_hci_event_status(hci
, HCI_SUCCESS
);
998 params
.status
= HCI_SUCCESS
;
999 params
.handle
= HNDL(handle
);
1000 params
.features
[0] = (slave
->lmp_caps
>> 0) & 0xff;
1001 params
.features
[1] = (slave
->lmp_caps
>> 8) & 0xff;
1002 params
.features
[2] = (slave
->lmp_caps
>> 16) & 0xff;
1003 params
.features
[3] = (slave
->lmp_caps
>> 24) & 0xff;
1004 params
.features
[4] = (slave
->lmp_caps
>> 32) & 0xff;
1005 params
.features
[5] = (slave
->lmp_caps
>> 40) & 0xff;
1006 params
.features
[6] = (slave
->lmp_caps
>> 48) & 0xff;
1007 params
.features
[7] = (slave
->lmp_caps
>> 56) & 0xff;
1008 bt_hci_event(hci
, EVT_READ_REMOTE_FEATURES_COMPLETE
,
1009 ¶ms
, EVT_READ_REMOTE_FEATURES_COMPLETE_SIZE
);
1014 static int bt_hci_version_req(struct bt_hci_s
*hci
, uint16_t handle
)
1016 evt_read_remote_version_complete params
;
1018 if (bt_hci_handle_bad(hci
, handle
))
1021 bt_hci_remote_dev(hci
, handle
);
1023 bt_hci_event_status(hci
, HCI_SUCCESS
);
1025 params
.status
= HCI_SUCCESS
;
1026 params
.handle
= HNDL(handle
);
1027 params
.lmp_ver
= 0x03;
1028 params
.manufacturer
= cpu_to_le16(0xa000);
1029 params
.lmp_subver
= cpu_to_le16(0xa607);
1030 bt_hci_event(hci
, EVT_READ_REMOTE_VERSION_COMPLETE
,
1031 ¶ms
, EVT_READ_REMOTE_VERSION_COMPLETE_SIZE
);
1036 static int bt_hci_clkoffset_req(struct bt_hci_s
*hci
, uint16_t handle
)
1038 struct bt_device_s
*slave
;
1039 evt_read_clock_offset_complete params
;
1041 if (bt_hci_handle_bad(hci
, handle
))
1044 slave
= bt_hci_remote_dev(hci
, handle
);
1046 bt_hci_event_status(hci
, HCI_SUCCESS
);
1048 params
.status
= HCI_SUCCESS
;
1049 params
.handle
= HNDL(handle
);
1050 /* TODO: return the clkoff *differenece* */
1051 params
.clock_offset
= slave
->clkoff
; /* Note: no swapping */
1052 bt_hci_event(hci
, EVT_READ_CLOCK_OFFSET_COMPLETE
,
1053 ¶ms
, EVT_READ_CLOCK_OFFSET_COMPLETE_SIZE
);
1058 static void bt_hci_event_mode(struct bt_hci_s
*hci
, struct bt_link_s
*link
,
1061 evt_mode_change params
= {
1062 .status
= HCI_SUCCESS
,
1063 .handle
= HNDL(handle
),
1064 .mode
= link
->acl_mode
,
1065 .interval
= cpu_to_le16(link
->acl_interval
),
1068 bt_hci_event(hci
, EVT_MODE_CHANGE
, ¶ms
, EVT_MODE_CHANGE_SIZE
);
1071 static void bt_hci_lmp_mode_change_master(struct bt_hci_s
*hci
,
1072 struct bt_link_s
*link
, int mode
, uint16_t interval
)
1074 link
->acl_mode
= mode
;
1075 link
->acl_interval
= interval
;
1077 bt_hci_event_mode(hci
, link
, link
->handle
);
1079 link
->slave
->lmp_mode_change(link
);
1082 static void bt_hci_lmp_mode_change_slave(struct bt_link_s
*btlink
)
1084 struct bt_hci_link_s
*link
= (struct bt_hci_link_s
*) btlink
;
1085 struct bt_hci_s
*hci
= hci_from_device(btlink
->slave
);
1087 bt_hci_event_mode(hci
, btlink
, link
->handle
);
1090 static int bt_hci_mode_change(struct bt_hci_s
*hci
, uint16_t handle
,
1091 int interval
, int mode
)
1093 struct bt_hci_master_link_s
*link
;
1095 if (bt_hci_handle_bad(hci
, handle
) || !bt_hci_role_master(hci
, handle
))
1098 link
= &hci
->lm
.handle
[handle
& ~HCI_HANDLE_OFFSET
];
1099 if (link
->link
->acl_mode
!= acl_active
) {
1100 bt_hci_event_status(hci
, HCI_COMMAND_DISALLOWED
);
1104 bt_hci_event_status(hci
, HCI_SUCCESS
);
1106 timer_mod(link
->acl_mode_timer
, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL
) +
1107 ((uint64_t)interval
* 625) * 1000);
1108 bt_hci_lmp_mode_change_master(hci
, link
->link
, mode
, interval
);
1113 static int bt_hci_mode_cancel(struct bt_hci_s
*hci
, uint16_t handle
, int mode
)
1115 struct bt_hci_master_link_s
*link
;
1117 if (bt_hci_handle_bad(hci
, handle
) || !bt_hci_role_master(hci
, handle
))
1120 link
= &hci
->lm
.handle
[handle
& ~HCI_HANDLE_OFFSET
];
1121 if (link
->link
->acl_mode
!= mode
) {
1122 bt_hci_event_status(hci
, HCI_COMMAND_DISALLOWED
);
1127 bt_hci_event_status(hci
, HCI_SUCCESS
);
1129 timer_del(link
->acl_mode_timer
);
1130 bt_hci_lmp_mode_change_master(hci
, link
->link
, acl_active
, 0);
1135 static void bt_hci_mode_tick(void *opaque
)
1137 struct bt_link_s
*link
= opaque
;
1138 struct bt_hci_s
*hci
= hci_from_device(link
->host
);
1140 bt_hci_lmp_mode_change_master(hci
, link
, acl_active
, 0);
1143 static void bt_hci_reset(struct bt_hci_s
*hci
)
1147 hci
->lm
.connecting
= 0;
1149 hci
->event_mask
[0] = 0xff;
1150 hci
->event_mask
[1] = 0xff;
1151 hci
->event_mask
[2] = 0xff;
1152 hci
->event_mask
[3] = 0xff;
1153 hci
->event_mask
[4] = 0xff;
1154 hci
->event_mask
[5] = 0x1f;
1155 hci
->event_mask
[6] = 0x00;
1156 hci
->event_mask
[7] = 0x00;
1157 hci
->device
.inquiry_scan
= 0;
1158 hci
->device
.page_scan
= 0;
1159 g_free((void *) hci
->device
.lmp_name
);
1160 hci
->device
.lmp_name
= NULL
;
1161 hci
->device
.class[0] = 0x00;
1162 hci
->device
.class[1] = 0x00;
1163 hci
->device
.class[2] = 0x00;
1164 hci
->voice_setting
= 0x0000;
1165 hci
->conn_accept_tout
= 0x1f40;
1166 hci
->lm
.inquiry_mode
= 0x00;
1168 hci
->psb_handle
= 0x000;
1169 hci
->asb_handle
= 0x000;
1171 /* XXX: timer_del(sl->acl_mode_timer); for all links */
1172 timer_del(hci
->lm
.inquiry_done
);
1173 timer_del(hci
->lm
.inquiry_next
);
1174 timer_del(hci
->conn_accept_timer
);
1177 static void bt_hci_read_local_version_rp(struct bt_hci_s
*hci
)
1179 read_local_version_rp lv
= {
1180 .status
= HCI_SUCCESS
,
1182 .hci_rev
= cpu_to_le16(0xa607),
1184 .manufacturer
= cpu_to_le16(0xa000),
1185 .lmp_subver
= cpu_to_le16(0xa607),
1188 bt_hci_event_complete(hci
, &lv
, READ_LOCAL_VERSION_RP_SIZE
);
1191 static void bt_hci_read_local_commands_rp(struct bt_hci_s
*hci
)
1193 read_local_commands_rp lc
= {
1194 .status
= HCI_SUCCESS
,
1197 /* Also, keep in sync with hci->device.lmp_caps in bt_new_hci */
1198 0xbf, 0x80, 0xf9, 0x03, 0xb2, 0xc0, 0x03, 0xc3,
1199 0x00, 0x0f, 0x80, 0x00, 0xc0, 0x00, 0xe8, 0x13,
1200 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1201 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1202 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1203 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1204 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1205 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1209 bt_hci_event_complete(hci
, &lc
, READ_LOCAL_COMMANDS_RP_SIZE
);
1212 static void bt_hci_read_local_features_rp(struct bt_hci_s
*hci
)
1214 read_local_features_rp lf
= {
1215 .status
= HCI_SUCCESS
,
1217 (hci
->device
.lmp_caps
>> 0) & 0xff,
1218 (hci
->device
.lmp_caps
>> 8) & 0xff,
1219 (hci
->device
.lmp_caps
>> 16) & 0xff,
1220 (hci
->device
.lmp_caps
>> 24) & 0xff,
1221 (hci
->device
.lmp_caps
>> 32) & 0xff,
1222 (hci
->device
.lmp_caps
>> 40) & 0xff,
1223 (hci
->device
.lmp_caps
>> 48) & 0xff,
1224 (hci
->device
.lmp_caps
>> 56) & 0xff,
1228 bt_hci_event_complete(hci
, &lf
, READ_LOCAL_FEATURES_RP_SIZE
);
1231 static void bt_hci_read_local_ext_features_rp(struct bt_hci_s
*hci
, int page
)
1233 read_local_ext_features_rp lef
= {
1234 .status
= HCI_SUCCESS
,
1236 .max_page_num
= 0x00,
1239 0x5f, 0x35, 0x85, 0x7e, 0x9b, 0x19, 0x00, 0x80,
1243 memset(lef
.features
, 0, sizeof(lef
.features
));
1245 bt_hci_event_complete(hci
, &lef
, READ_LOCAL_EXT_FEATURES_RP_SIZE
);
1248 static void bt_hci_read_buffer_size_rp(struct bt_hci_s
*hci
)
1250 read_buffer_size_rp bs
= {
1251 /* This can be made configurable, for one standard USB dongle HCI
1252 * the four values are cpu_to_le16(0x0180), 0x40,
1253 * cpu_to_le16(0x0008), cpu_to_le16(0x0008). */
1254 .status
= HCI_SUCCESS
,
1255 .acl_mtu
= cpu_to_le16(0x0200),
1257 .acl_max_pkt
= cpu_to_le16(0x0001),
1258 .sco_max_pkt
= cpu_to_le16(0x0000),
1261 bt_hci_event_complete(hci
, &bs
, READ_BUFFER_SIZE_RP_SIZE
);
1264 /* Deprecated in V2.0 (page 661) */
1265 static void bt_hci_read_country_code_rp(struct bt_hci_s
*hci
)
1267 read_country_code_rp cc
={
1268 .status
= HCI_SUCCESS
,
1269 .country_code
= 0x00, /* North America & Europe^1 and Japan */
1272 bt_hci_event_complete(hci
, &cc
, READ_COUNTRY_CODE_RP_SIZE
);
1274 /* ^1. Except France, sorry */
1277 static void bt_hci_read_bd_addr_rp(struct bt_hci_s
*hci
)
1279 read_bd_addr_rp ba
= {
1280 .status
= HCI_SUCCESS
,
1281 .bdaddr
= BAINIT(&hci
->device
.bd_addr
),
1284 bt_hci_event_complete(hci
, &ba
, READ_BD_ADDR_RP_SIZE
);
1287 static int bt_hci_link_quality_rp(struct bt_hci_s
*hci
, uint16_t handle
)
1289 read_link_quality_rp lq
= {
1290 .status
= HCI_SUCCESS
,
1291 .handle
= HNDL(handle
),
1292 .link_quality
= 0xff,
1295 if (bt_hci_handle_bad(hci
, handle
))
1296 lq
.status
= HCI_NO_CONNECTION
;
1298 bt_hci_event_complete(hci
, &lq
, READ_LINK_QUALITY_RP_SIZE
);
1302 /* Generate a Command Complete event with only the Status parameter */
1303 static inline void bt_hci_event_complete_status(struct bt_hci_s
*hci
,
1306 bt_hci_event_complete(hci
, &status
, 1);
1309 static inline void bt_hci_event_complete_conn_cancel(struct bt_hci_s
*hci
,
1310 uint8_t status
, bdaddr_t
*bd_addr
)
1312 create_conn_cancel_rp params
= {
1314 .bdaddr
= BAINIT(bd_addr
),
1317 bt_hci_event_complete(hci
, ¶ms
, CREATE_CONN_CANCEL_RP_SIZE
);
1320 static inline void bt_hci_event_auth_complete(struct bt_hci_s
*hci
,
1323 evt_auth_complete params
= {
1324 .status
= HCI_SUCCESS
,
1325 .handle
= HNDL(handle
),
1328 bt_hci_event(hci
, EVT_AUTH_COMPLETE
, ¶ms
, EVT_AUTH_COMPLETE_SIZE
);
1331 static inline void bt_hci_event_encrypt_change(struct bt_hci_s
*hci
,
1332 uint16_t handle
, uint8_t mode
)
1334 evt_encrypt_change params
= {
1335 .status
= HCI_SUCCESS
,
1336 .handle
= HNDL(handle
),
1340 bt_hci_event(hci
, EVT_ENCRYPT_CHANGE
, ¶ms
, EVT_ENCRYPT_CHANGE_SIZE
);
1343 static inline void bt_hci_event_complete_name_cancel(struct bt_hci_s
*hci
,
1346 remote_name_req_cancel_rp params
= {
1347 .status
= HCI_INVALID_PARAMETERS
,
1348 .bdaddr
= BAINIT(bd_addr
),
1351 bt_hci_event_complete(hci
, ¶ms
, REMOTE_NAME_REQ_CANCEL_RP_SIZE
);
1354 static inline void bt_hci_event_read_remote_ext_features(struct bt_hci_s
*hci
,
1357 evt_read_remote_ext_features_complete params
= {
1358 .status
= HCI_UNSUPPORTED_FEATURE
,
1359 .handle
= HNDL(handle
),
1360 /* Rest uninitialised */
1363 bt_hci_event(hci
, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE
,
1364 ¶ms
, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE_SIZE
);
1367 static inline void bt_hci_event_complete_lmp_handle(struct bt_hci_s
*hci
,
1370 read_lmp_handle_rp params
= {
1371 .status
= HCI_NO_CONNECTION
,
1372 .handle
= HNDL(handle
),
1374 /* Rest uninitialised */
1377 bt_hci_event_complete(hci
, ¶ms
, READ_LMP_HANDLE_RP_SIZE
);
1380 static inline void bt_hci_event_complete_role_discovery(struct bt_hci_s
*hci
,
1381 int status
, uint16_t handle
, int master
)
1383 role_discovery_rp params
= {
1385 .handle
= HNDL(handle
),
1386 .role
= master
? 0x00 : 0x01,
1389 bt_hci_event_complete(hci
, ¶ms
, ROLE_DISCOVERY_RP_SIZE
);
1392 static inline void bt_hci_event_complete_flush(struct bt_hci_s
*hci
,
1393 int status
, uint16_t handle
)
1397 .handle
= HNDL(handle
),
1400 bt_hci_event_complete(hci
, ¶ms
, FLUSH_RP_SIZE
);
1403 static inline void bt_hci_event_complete_read_local_name(struct bt_hci_s
*hci
)
1405 read_local_name_rp params
;
1406 params
.status
= HCI_SUCCESS
;
1407 memset(params
.name
, 0, sizeof(params
.name
));
1408 if (hci
->device
.lmp_name
)
1409 pstrcpy(params
.name
, sizeof(params
.name
), hci
->device
.lmp_name
);
1411 bt_hci_event_complete(hci
, ¶ms
, READ_LOCAL_NAME_RP_SIZE
);
1414 static inline void bt_hci_event_complete_read_conn_accept_timeout(
1415 struct bt_hci_s
*hci
)
1417 read_conn_accept_timeout_rp params
= {
1418 .status
= HCI_SUCCESS
,
1419 .timeout
= cpu_to_le16(hci
->conn_accept_tout
),
1422 bt_hci_event_complete(hci
, ¶ms
, READ_CONN_ACCEPT_TIMEOUT_RP_SIZE
);
1425 static inline void bt_hci_event_complete_read_scan_enable(struct bt_hci_s
*hci
)
1427 read_scan_enable_rp params
= {
1428 .status
= HCI_SUCCESS
,
1430 (hci
->device
.inquiry_scan
? SCAN_INQUIRY
: 0) |
1431 (hci
->device
.page_scan
? SCAN_PAGE
: 0),
1434 bt_hci_event_complete(hci
, ¶ms
, READ_SCAN_ENABLE_RP_SIZE
);
1437 static inline void bt_hci_event_complete_read_local_class(struct bt_hci_s
*hci
)
1439 read_class_of_dev_rp params
;
1441 params
.status
= HCI_SUCCESS
;
1442 memcpy(params
.dev_class
, hci
->device
.class, sizeof(params
.dev_class
));
1444 bt_hci_event_complete(hci
, ¶ms
, READ_CLASS_OF_DEV_RP_SIZE
);
1447 static inline void bt_hci_event_complete_voice_setting(struct bt_hci_s
*hci
)
1449 read_voice_setting_rp params
= {
1450 .status
= HCI_SUCCESS
,
1451 .voice_setting
= hci
->voice_setting
, /* Note: no swapping */
1454 bt_hci_event_complete(hci
, ¶ms
, READ_VOICE_SETTING_RP_SIZE
);
1457 static inline void bt_hci_event_complete_read_inquiry_mode(
1458 struct bt_hci_s
*hci
)
1460 read_inquiry_mode_rp params
= {
1461 .status
= HCI_SUCCESS
,
1462 .mode
= hci
->lm
.inquiry_mode
,
1465 bt_hci_event_complete(hci
, ¶ms
, READ_INQUIRY_MODE_RP_SIZE
);
1468 static inline void bt_hci_event_num_comp_pkts(struct bt_hci_s
*hci
,
1469 uint16_t handle
, int packets
)
1471 uint16_t buf
[EVT_NUM_COMP_PKTS_SIZE(1) / 2 + 1];
1472 evt_num_comp_pkts
*params
= (void *) ((uint8_t *) buf
+ 1);
1474 params
->num_hndl
= 1;
1475 params
->connection
->handle
= HNDL(handle
);
1476 params
->connection
->num_packets
= cpu_to_le16(packets
);
1478 bt_hci_event(hci
, EVT_NUM_COMP_PKTS
, params
, EVT_NUM_COMP_PKTS_SIZE(1));
1481 static void bt_submit_hci(struct HCIInfo
*info
,
1482 const uint8_t *data
, int length
)
1484 struct bt_hci_s
*hci
= hci_from_info(info
);
1488 if (length
< HCI_COMMAND_HDR_SIZE
)
1491 memcpy(&hci
->last_cmd
, data
, 2);
1493 cmd
= (data
[1] << 8) | data
[0];
1495 if (cmd_opcode_ogf(cmd
) == 0 || cmd_opcode_ocf(cmd
) == 0) /* NOP */
1498 data
+= HCI_COMMAND_HDR_SIZE
;
1499 length
-= HCI_COMMAND_HDR_SIZE
;
1501 if (paramlen
> length
)
1504 #define PARAM(cmd, param) (((cmd##_cp *) data)->param)
1505 #define PARAM16(cmd, param) le16_to_cpup(&PARAM(cmd, param))
1506 #define PARAMHANDLE(cmd) HNDL(PARAM(cmd, handle))
1507 #define LENGTH_CHECK(cmd) if (length < sizeof(cmd##_cp)) goto short_hci
1508 /* Note: the supported commands bitmask in bt_hci_read_local_commands_rp
1509 * needs to be updated every time a command is implemented here! */
1511 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_INQUIRY
):
1512 LENGTH_CHECK(inquiry
);
1514 if (PARAM(inquiry
, length
) < 1) {
1515 bt_hci_event_complete_status(hci
, HCI_INVALID_PARAMETERS
);
1519 hci
->lm
.inquire
= 1;
1520 hci
->lm
.periodic
= 0;
1521 hci
->lm
.responses_left
= PARAM(inquiry
, num_rsp
) ?: INT_MAX
;
1522 hci
->lm
.responses
= 0;
1523 bt_hci_event_status(hci
, HCI_SUCCESS
);
1524 bt_hci_inquiry_start(hci
, PARAM(inquiry
, length
));
1527 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_INQUIRY_CANCEL
):
1528 if (!hci
->lm
.inquire
|| hci
->lm
.periodic
) {
1529 fprintf(stderr
, "%s: Inquiry Cancel should only be issued after "
1530 "the Inquiry command has been issued, a Command "
1531 "Status event has been received for the Inquiry "
1532 "command, and before the Inquiry Complete event "
1533 "occurs", __FUNCTION__
);
1534 bt_hci_event_complete_status(hci
, HCI_COMMAND_DISALLOWED
);
1538 hci
->lm
.inquire
= 0;
1539 timer_del(hci
->lm
.inquiry_done
);
1540 bt_hci_event_complete_status(hci
, HCI_SUCCESS
);
1543 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_PERIODIC_INQUIRY
):
1544 LENGTH_CHECK(periodic_inquiry
);
1546 if (!(PARAM(periodic_inquiry
, length
) <
1547 PARAM16(periodic_inquiry
, min_period
) &&
1548 PARAM16(periodic_inquiry
, min_period
) <
1549 PARAM16(periodic_inquiry
, max_period
)) ||
1550 PARAM(periodic_inquiry
, length
) < 1 ||
1551 PARAM16(periodic_inquiry
, min_period
) < 2 ||
1552 PARAM16(periodic_inquiry
, max_period
) < 3) {
1553 bt_hci_event_complete_status(hci
, HCI_INVALID_PARAMETERS
);
1557 hci
->lm
.inquire
= 1;
1558 hci
->lm
.periodic
= 1;
1559 hci
->lm
.responses_left
= PARAM(periodic_inquiry
, num_rsp
);
1560 hci
->lm
.responses
= 0;
1561 hci
->lm
.inquiry_period
= PARAM16(periodic_inquiry
, max_period
);
1562 bt_hci_event_complete_status(hci
, HCI_SUCCESS
);
1563 bt_hci_inquiry_start(hci
, PARAM(periodic_inquiry
, length
));
1566 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_EXIT_PERIODIC_INQUIRY
):
1567 if (!hci
->lm
.inquire
|| !hci
->lm
.periodic
) {
1568 fprintf(stderr
, "%s: Inquiry Cancel should only be issued after "
1569 "the Inquiry command has been issued, a Command "
1570 "Status event has been received for the Inquiry "
1571 "command, and before the Inquiry Complete event "
1572 "occurs", __FUNCTION__
);
1573 bt_hci_event_complete_status(hci
, HCI_COMMAND_DISALLOWED
);
1576 hci
->lm
.inquire
= 0;
1577 timer_del(hci
->lm
.inquiry_done
);
1578 timer_del(hci
->lm
.inquiry_next
);
1579 bt_hci_event_complete_status(hci
, HCI_SUCCESS
);
1582 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_CREATE_CONN
):
1583 LENGTH_CHECK(create_conn
);
1585 if (hci
->lm
.connecting
>= HCI_HANDLES_MAX
) {
1586 bt_hci_event_status(hci
, HCI_REJECTED_LIMITED_RESOURCES
);
1589 bt_hci_event_status(hci
, HCI_SUCCESS
);
1591 if (bt_hci_connect(hci
, &PARAM(create_conn
, bdaddr
)))
1592 bt_hci_connection_reject_event(hci
, &PARAM(create_conn
, bdaddr
));
1595 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_DISCONNECT
):
1596 LENGTH_CHECK(disconnect
);
1598 if (bt_hci_handle_bad(hci
, PARAMHANDLE(disconnect
))) {
1599 bt_hci_event_status(hci
, HCI_NO_CONNECTION
);
1603 bt_hci_event_status(hci
, HCI_SUCCESS
);
1604 bt_hci_disconnect(hci
, PARAMHANDLE(disconnect
),
1605 PARAM(disconnect
, reason
));
1608 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_CREATE_CONN_CANCEL
):
1609 LENGTH_CHECK(create_conn_cancel
);
1611 if (bt_hci_lmp_connection_ready(hci
,
1612 &PARAM(create_conn_cancel
, bdaddr
))) {
1613 for (i
= 0; i
< HCI_HANDLES_MAX
; i
++)
1614 if (bt_hci_role_master(hci
, i
) && hci
->lm
.handle
[i
].link
&&
1615 !bacmp(&hci
->lm
.handle
[i
].link
->slave
->bd_addr
,
1616 &PARAM(create_conn_cancel
, bdaddr
)))
1619 bt_hci_event_complete_conn_cancel(hci
, i
< HCI_HANDLES_MAX
?
1620 HCI_ACL_CONNECTION_EXISTS
: HCI_NO_CONNECTION
,
1621 &PARAM(create_conn_cancel
, bdaddr
));
1623 bt_hci_event_complete_conn_cancel(hci
, HCI_SUCCESS
,
1624 &PARAM(create_conn_cancel
, bdaddr
));
1627 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_ACCEPT_CONN_REQ
):
1628 LENGTH_CHECK(accept_conn_req
);
1630 if (!hci
->conn_req_host
||
1631 bacmp(&PARAM(accept_conn_req
, bdaddr
),
1632 &hci
->conn_req_host
->bd_addr
)) {
1633 bt_hci_event_status(hci
, HCI_INVALID_PARAMETERS
);
1637 bt_hci_event_status(hci
, HCI_SUCCESS
);
1638 bt_hci_connection_accept(hci
, hci
->conn_req_host
);
1639 hci
->conn_req_host
= NULL
;
1642 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_REJECT_CONN_REQ
):
1643 LENGTH_CHECK(reject_conn_req
);
1645 if (!hci
->conn_req_host
||
1646 bacmp(&PARAM(reject_conn_req
, bdaddr
),
1647 &hci
->conn_req_host
->bd_addr
)) {
1648 bt_hci_event_status(hci
, HCI_INVALID_PARAMETERS
);
1652 bt_hci_event_status(hci
, HCI_SUCCESS
);
1653 bt_hci_connection_reject(hci
, hci
->conn_req_host
,
1654 PARAM(reject_conn_req
, reason
));
1655 bt_hci_connection_reject_event(hci
, &hci
->conn_req_host
->bd_addr
);
1656 hci
->conn_req_host
= NULL
;
1659 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_AUTH_REQUESTED
):
1660 LENGTH_CHECK(auth_requested
);
1662 if (bt_hci_handle_bad(hci
, PARAMHANDLE(auth_requested
)))
1663 bt_hci_event_status(hci
, HCI_NO_CONNECTION
);
1665 bt_hci_event_status(hci
, HCI_SUCCESS
);
1666 bt_hci_event_auth_complete(hci
, PARAMHANDLE(auth_requested
));
1670 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_SET_CONN_ENCRYPT
):
1671 LENGTH_CHECK(set_conn_encrypt
);
1673 if (bt_hci_handle_bad(hci
, PARAMHANDLE(set_conn_encrypt
)))
1674 bt_hci_event_status(hci
, HCI_NO_CONNECTION
);
1676 bt_hci_event_status(hci
, HCI_SUCCESS
);
1677 bt_hci_event_encrypt_change(hci
,
1678 PARAMHANDLE(set_conn_encrypt
),
1679 PARAM(set_conn_encrypt
, encrypt
));
1683 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_REMOTE_NAME_REQ
):
1684 LENGTH_CHECK(remote_name_req
);
1686 if (bt_hci_name_req(hci
, &PARAM(remote_name_req
, bdaddr
)))
1687 bt_hci_event_status(hci
, HCI_NO_CONNECTION
);
1690 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_REMOTE_NAME_REQ_CANCEL
):
1691 LENGTH_CHECK(remote_name_req_cancel
);
1693 bt_hci_event_complete_name_cancel(hci
,
1694 &PARAM(remote_name_req_cancel
, bdaddr
));
1697 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_READ_REMOTE_FEATURES
):
1698 LENGTH_CHECK(read_remote_features
);
1700 if (bt_hci_features_req(hci
, PARAMHANDLE(read_remote_features
)))
1701 bt_hci_event_status(hci
, HCI_NO_CONNECTION
);
1704 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_READ_REMOTE_EXT_FEATURES
):
1705 LENGTH_CHECK(read_remote_ext_features
);
1707 if (bt_hci_handle_bad(hci
, PARAMHANDLE(read_remote_ext_features
)))
1708 bt_hci_event_status(hci
, HCI_NO_CONNECTION
);
1710 bt_hci_event_status(hci
, HCI_SUCCESS
);
1711 bt_hci_event_read_remote_ext_features(hci
,
1712 PARAMHANDLE(read_remote_ext_features
));
1716 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_READ_REMOTE_VERSION
):
1717 LENGTH_CHECK(read_remote_version
);
1719 if (bt_hci_version_req(hci
, PARAMHANDLE(read_remote_version
)))
1720 bt_hci_event_status(hci
, HCI_NO_CONNECTION
);
1723 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_READ_CLOCK_OFFSET
):
1724 LENGTH_CHECK(read_clock_offset
);
1726 if (bt_hci_clkoffset_req(hci
, PARAMHANDLE(read_clock_offset
)))
1727 bt_hci_event_status(hci
, HCI_NO_CONNECTION
);
1730 case cmd_opcode_pack(OGF_LINK_CTL
, OCF_READ_LMP_HANDLE
):
1731 LENGTH_CHECK(read_lmp_handle
);
1734 bt_hci_event_complete_lmp_handle(hci
, PARAMHANDLE(read_lmp_handle
));
1737 case cmd_opcode_pack(OGF_LINK_POLICY
, OCF_HOLD_MODE
):
1738 LENGTH_CHECK(hold_mode
);
1740 if (PARAM16(hold_mode
, min_interval
) >
1741 PARAM16(hold_mode
, max_interval
) ||
1742 PARAM16(hold_mode
, min_interval
) < 0x0002 ||
1743 PARAM16(hold_mode
, max_interval
) > 0xff00 ||
1744 (PARAM16(hold_mode
, min_interval
) & 1) ||
1745 (PARAM16(hold_mode
, max_interval
) & 1)) {
1746 bt_hci_event_status(hci
, HCI_INVALID_PARAMETERS
);
1750 if (bt_hci_mode_change(hci
, PARAMHANDLE(hold_mode
),
1751 PARAM16(hold_mode
, max_interval
),
1753 bt_hci_event_status(hci
, HCI_NO_CONNECTION
);
1756 case cmd_opcode_pack(OGF_LINK_POLICY
, OCF_PARK_MODE
):
1757 LENGTH_CHECK(park_mode
);
1759 if (PARAM16(park_mode
, min_interval
) >
1760 PARAM16(park_mode
, max_interval
) ||
1761 PARAM16(park_mode
, min_interval
) < 0x000e ||
1762 (PARAM16(park_mode
, min_interval
) & 1) ||
1763 (PARAM16(park_mode
, max_interval
) & 1)) {
1764 bt_hci_event_status(hci
, HCI_INVALID_PARAMETERS
);
1768 if (bt_hci_mode_change(hci
, PARAMHANDLE(park_mode
),
1769 PARAM16(park_mode
, max_interval
),
1771 bt_hci_event_status(hci
, HCI_NO_CONNECTION
);
1774 case cmd_opcode_pack(OGF_LINK_POLICY
, OCF_EXIT_PARK_MODE
):
1775 LENGTH_CHECK(exit_park_mode
);
1777 if (bt_hci_mode_cancel(hci
, PARAMHANDLE(exit_park_mode
),
1779 bt_hci_event_status(hci
, HCI_NO_CONNECTION
);
1782 case cmd_opcode_pack(OGF_LINK_POLICY
, OCF_ROLE_DISCOVERY
):
1783 LENGTH_CHECK(role_discovery
);
1785 if (bt_hci_handle_bad(hci
, PARAMHANDLE(role_discovery
)))
1786 bt_hci_event_complete_role_discovery(hci
,
1787 HCI_NO_CONNECTION
, PARAMHANDLE(role_discovery
), 0);
1789 bt_hci_event_complete_role_discovery(hci
,
1790 HCI_SUCCESS
, PARAMHANDLE(role_discovery
),
1791 bt_hci_role_master(hci
,
1792 PARAMHANDLE(role_discovery
)));
1795 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_SET_EVENT_MASK
):
1796 LENGTH_CHECK(set_event_mask
);
1798 memcpy(hci
->event_mask
, PARAM(set_event_mask
, mask
), 8);
1799 bt_hci_event_complete_status(hci
, HCI_SUCCESS
);
1802 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_RESET
):
1804 bt_hci_event_status(hci
, HCI_SUCCESS
);
1807 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_SET_EVENT_FLT
):
1808 if (length
>= 1 && PARAM(set_event_flt
, flt_type
) == FLT_CLEAR_ALL
)
1809 /* No length check */;
1811 LENGTH_CHECK(set_event_flt
);
1813 /* Filters are not implemented */
1814 bt_hci_event_complete_status(hci
, HCI_SUCCESS
);
1817 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_FLUSH
):
1818 LENGTH_CHECK(flush
);
1820 if (bt_hci_handle_bad(hci
, PARAMHANDLE(flush
)))
1821 bt_hci_event_complete_flush(hci
,
1822 HCI_NO_CONNECTION
, PARAMHANDLE(flush
));
1824 /* TODO: ordering? */
1825 bt_hci_event(hci
, EVT_FLUSH_OCCURRED
,
1826 &PARAM(flush
, handle
),
1827 EVT_FLUSH_OCCURRED_SIZE
);
1828 bt_hci_event_complete_flush(hci
,
1829 HCI_SUCCESS
, PARAMHANDLE(flush
));
1833 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_CHANGE_LOCAL_NAME
):
1834 LENGTH_CHECK(change_local_name
);
1836 g_free((void *) hci
->device
.lmp_name
);
1837 hci
->device
.lmp_name
= g_strndup(PARAM(change_local_name
, name
),
1838 sizeof(PARAM(change_local_name
, name
)));
1839 bt_hci_event_complete_status(hci
, HCI_SUCCESS
);
1842 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_READ_LOCAL_NAME
):
1843 bt_hci_event_complete_read_local_name(hci
);
1846 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_READ_CONN_ACCEPT_TIMEOUT
):
1847 bt_hci_event_complete_read_conn_accept_timeout(hci
);
1850 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_WRITE_CONN_ACCEPT_TIMEOUT
):
1852 LENGTH_CHECK(write_conn_accept_timeout
);
1854 if (PARAM16(write_conn_accept_timeout
, timeout
) < 0x0001 ||
1855 PARAM16(write_conn_accept_timeout
, timeout
) > 0xb540) {
1856 bt_hci_event_complete_status(hci
, HCI_INVALID_PARAMETERS
);
1860 hci
->conn_accept_tout
= PARAM16(write_conn_accept_timeout
, timeout
);
1861 bt_hci_event_complete_status(hci
, HCI_SUCCESS
);
1864 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_READ_SCAN_ENABLE
):
1865 bt_hci_event_complete_read_scan_enable(hci
);
1868 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_WRITE_SCAN_ENABLE
):
1869 LENGTH_CHECK(write_scan_enable
);
1871 /* TODO: check that the remaining bits are all 0 */
1872 hci
->device
.inquiry_scan
=
1873 !!(PARAM(write_scan_enable
, scan_enable
) & SCAN_INQUIRY
);
1874 hci
->device
.page_scan
=
1875 !!(PARAM(write_scan_enable
, scan_enable
) & SCAN_PAGE
);
1876 bt_hci_event_complete_status(hci
, HCI_SUCCESS
);
1879 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_READ_CLASS_OF_DEV
):
1880 bt_hci_event_complete_read_local_class(hci
);
1883 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_WRITE_CLASS_OF_DEV
):
1884 LENGTH_CHECK(write_class_of_dev
);
1886 memcpy(hci
->device
.class, PARAM(write_class_of_dev
, dev_class
),
1887 sizeof(PARAM(write_class_of_dev
, dev_class
)));
1888 bt_hci_event_complete_status(hci
, HCI_SUCCESS
);
1891 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_READ_VOICE_SETTING
):
1892 bt_hci_event_complete_voice_setting(hci
);
1895 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_WRITE_VOICE_SETTING
):
1896 LENGTH_CHECK(write_voice_setting
);
1898 hci
->voice_setting
= PARAM(write_voice_setting
, voice_setting
);
1899 bt_hci_event_complete_status(hci
, HCI_SUCCESS
);
1902 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_HOST_NUMBER_OF_COMPLETED_PACKETS
):
1903 if (length
< data
[0] * 2 + 1)
1906 for (i
= 0; i
< data
[0]; i
++)
1907 if (bt_hci_handle_bad(hci
,
1908 data
[i
* 2 + 1] | (data
[i
* 2 + 2] << 8)))
1909 bt_hci_event_complete_status(hci
, HCI_INVALID_PARAMETERS
);
1912 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_READ_INQUIRY_MODE
):
1913 /* Only if (local_features[3] & 0x40) && (local_commands[12] & 0x40)
1915 * goto unknown_command */
1916 bt_hci_event_complete_read_inquiry_mode(hci
);
1919 case cmd_opcode_pack(OGF_HOST_CTL
, OCF_WRITE_INQUIRY_MODE
):
1920 /* Only if (local_features[3] & 0x40) && (local_commands[12] & 0x80)
1922 * goto unknown_command */
1923 LENGTH_CHECK(write_inquiry_mode
);
1925 if (PARAM(write_inquiry_mode
, mode
) > 0x01) {
1926 bt_hci_event_complete_status(hci
, HCI_INVALID_PARAMETERS
);
1930 hci
->lm
.inquiry_mode
= PARAM(write_inquiry_mode
, mode
);
1931 bt_hci_event_complete_status(hci
, HCI_SUCCESS
);
1934 case cmd_opcode_pack(OGF_INFO_PARAM
, OCF_READ_LOCAL_VERSION
):
1935 bt_hci_read_local_version_rp(hci
);
1938 case cmd_opcode_pack(OGF_INFO_PARAM
, OCF_READ_LOCAL_COMMANDS
):
1939 bt_hci_read_local_commands_rp(hci
);
1942 case cmd_opcode_pack(OGF_INFO_PARAM
, OCF_READ_LOCAL_FEATURES
):
1943 bt_hci_read_local_features_rp(hci
);
1946 case cmd_opcode_pack(OGF_INFO_PARAM
, OCF_READ_LOCAL_EXT_FEATURES
):
1947 LENGTH_CHECK(read_local_ext_features
);
1949 bt_hci_read_local_ext_features_rp(hci
,
1950 PARAM(read_local_ext_features
, page_num
));
1953 case cmd_opcode_pack(OGF_INFO_PARAM
, OCF_READ_BUFFER_SIZE
):
1954 bt_hci_read_buffer_size_rp(hci
);
1957 case cmd_opcode_pack(OGF_INFO_PARAM
, OCF_READ_COUNTRY_CODE
):
1958 bt_hci_read_country_code_rp(hci
);
1961 case cmd_opcode_pack(OGF_INFO_PARAM
, OCF_READ_BD_ADDR
):
1962 bt_hci_read_bd_addr_rp(hci
);
1965 case cmd_opcode_pack(OGF_STATUS_PARAM
, OCF_READ_LINK_QUALITY
):
1966 LENGTH_CHECK(read_link_quality
);
1968 bt_hci_link_quality_rp(hci
, PARAMHANDLE(read_link_quality
));
1972 bt_hci_event_status(hci
, HCI_UNKNOWN_COMMAND
);
1976 fprintf(stderr
, "%s: HCI packet too short (%iB)\n",
1977 __FUNCTION__
, length
);
1978 bt_hci_event_status(hci
, HCI_INVALID_PARAMETERS
);
1983 /* We could perform fragmentation here, we can't do "recombination" because
1984 * at this layer the length of the payload is not know ahead, so we only
1985 * know that a packet contained the last fragment of the SDU when the next
1987 static inline void bt_hci_lmp_acl_data(struct bt_hci_s
*hci
, uint16_t handle
,
1988 const uint8_t *data
, int start
, int len
)
1990 struct hci_acl_hdr
*pkt
= (void *) hci
->acl_buf
;
1992 /* TODO: packet flags */
1993 /* TODO: avoid memcpy'ing */
1995 if (len
+ HCI_ACL_HDR_SIZE
> sizeof(hci
->acl_buf
)) {
1996 fprintf(stderr
, "%s: can't take ACL packets %i bytes long\n",
2000 memcpy(hci
->acl_buf
+ HCI_ACL_HDR_SIZE
, data
, len
);
2002 pkt
->handle
= cpu_to_le16(
2003 acl_handle_pack(handle
, start
? ACL_START
: ACL_CONT
));
2004 pkt
->dlen
= cpu_to_le16(len
);
2005 hci
->info
.acl_recv(hci
->info
.opaque
,
2006 hci
->acl_buf
, len
+ HCI_ACL_HDR_SIZE
);
2009 static void bt_hci_lmp_acl_data_slave(struct bt_link_s
*btlink
,
2010 const uint8_t *data
, int start
, int len
)
2012 struct bt_hci_link_s
*link
= (struct bt_hci_link_s
*) btlink
;
2014 bt_hci_lmp_acl_data(hci_from_device(btlink
->slave
),
2015 link
->handle
, data
, start
, len
);
2018 static void bt_hci_lmp_acl_data_host(struct bt_link_s
*link
,
2019 const uint8_t *data
, int start
, int len
)
2021 bt_hci_lmp_acl_data(hci_from_device(link
->host
),
2022 link
->handle
, data
, start
, len
);
2025 static void bt_submit_acl(struct HCIInfo
*info
,
2026 const uint8_t *data
, int length
)
2028 struct bt_hci_s
*hci
= hci_from_info(info
);
2031 struct bt_link_s
*link
;
2033 if (length
< HCI_ACL_HDR_SIZE
) {
2034 fprintf(stderr
, "%s: ACL packet too short (%iB)\n",
2035 __FUNCTION__
, length
);
2039 handle
= acl_handle((data
[1] << 8) | data
[0]);
2040 flags
= acl_flags((data
[1] << 8) | data
[0]);
2041 datalen
= (data
[3] << 8) | data
[2];
2042 data
+= HCI_ACL_HDR_SIZE
;
2043 length
-= HCI_ACL_HDR_SIZE
;
2045 if (bt_hci_handle_bad(hci
, handle
)) {
2046 fprintf(stderr
, "%s: invalid ACL handle %03x\n",
2047 __FUNCTION__
, handle
);
2048 /* TODO: signal an error */
2051 handle
&= ~HCI_HANDLE_OFFSET
;
2053 if (datalen
> length
) {
2054 fprintf(stderr
, "%s: ACL packet too short (%iB < %iB)\n",
2055 __FUNCTION__
, length
, datalen
);
2059 link
= hci
->lm
.handle
[handle
].link
;
2061 if ((flags
& ~3) == ACL_ACTIVE_BCAST
) {
2062 if (!hci
->asb_handle
)
2063 hci
->asb_handle
= handle
;
2064 else if (handle
!= hci
->asb_handle
) {
2065 fprintf(stderr
, "%s: Bad handle %03x in Active Slave Broadcast\n",
2066 __FUNCTION__
, handle
);
2067 /* TODO: signal an error */
2074 if ((flags
& ~3) == ACL_PICO_BCAST
) {
2075 if (!hci
->psb_handle
)
2076 hci
->psb_handle
= handle
;
2077 else if (handle
!= hci
->psb_handle
) {
2078 fprintf(stderr
, "%s: Bad handle %03x in Parked Slave Broadcast\n",
2079 __FUNCTION__
, handle
);
2080 /* TODO: signal an error */
2087 /* TODO: increase counter and send EVT_NUM_COMP_PKTS */
2088 bt_hci_event_num_comp_pkts(hci
, handle
| HCI_HANDLE_OFFSET
, 1);
2090 /* Do this last as it can trigger further events even in this HCI */
2091 hci
->lm
.handle
[handle
].lmp_acl_data(link
, data
,
2092 (flags
& 3) == ACL_START
, length
);
2095 static void bt_submit_sco(struct HCIInfo
*info
,
2096 const uint8_t *data
, int length
)
2098 struct bt_hci_s
*hci
= hci_from_info(info
);
2105 handle
= acl_handle((data
[1] << 8) | data
[0]);
2109 if (bt_hci_handle_bad(hci
, handle
)) {
2110 fprintf(stderr
, "%s: invalid SCO handle %03x\n",
2111 __FUNCTION__
, handle
);
2115 if (datalen
> length
) {
2116 fprintf(stderr
, "%s: SCO packet too short (%iB < %iB)\n",
2117 __FUNCTION__
, length
, datalen
);
2123 /* TODO: increase counter and send EVT_NUM_COMP_PKTS if synchronous
2124 * Flow Control is enabled.
2125 * (See Read/Write_Synchronous_Flow_Control_Enable on page 513 and
2129 static uint8_t *bt_hci_evt_packet(void *opaque
)
2131 /* TODO: allocate a packet from upper layer */
2132 struct bt_hci_s
*s
= opaque
;
2137 static void bt_hci_evt_submit(void *opaque
, int len
)
2139 /* TODO: notify upper layer */
2140 struct bt_hci_s
*s
= opaque
;
2142 s
->info
.evt_recv(s
->info
.opaque
, s
->evt_buf
, len
);
2145 static int bt_hci_bdaddr_set(struct HCIInfo
*info
, const uint8_t *bd_addr
)
2147 struct bt_hci_s
*hci
= hci_from_info(info
);
2149 bacpy(&hci
->device
.bd_addr
, (const bdaddr_t
*) bd_addr
);
2153 static void bt_hci_done(struct HCIInfo
*info
);
2154 static void bt_hci_destroy(struct bt_device_s
*dev
)
2156 struct bt_hci_s
*hci
= hci_from_device(dev
);
2158 bt_hci_done(&hci
->info
);
2161 struct HCIInfo
*bt_new_hci(struct bt_scatternet_s
*net
)
2163 struct bt_hci_s
*s
= g_malloc0(sizeof(struct bt_hci_s
));
2165 s
->lm
.inquiry_done
= timer_new_ns(QEMU_CLOCK_VIRTUAL
, bt_hci_inquiry_done
, s
);
2166 s
->lm
.inquiry_next
= timer_new_ns(QEMU_CLOCK_VIRTUAL
, bt_hci_inquiry_next
, s
);
2167 s
->conn_accept_timer
=
2168 timer_new_ns(QEMU_CLOCK_VIRTUAL
, bt_hci_conn_accept_timeout
, s
);
2170 s
->evt_packet
= bt_hci_evt_packet
;
2171 s
->evt_submit
= bt_hci_evt_submit
;
2174 bt_device_init(&s
->device
, net
);
2175 s
->device
.lmp_connection_request
= bt_hci_lmp_connection_request
;
2176 s
->device
.lmp_connection_complete
= bt_hci_lmp_connection_complete
;
2177 s
->device
.lmp_disconnect_master
= bt_hci_lmp_disconnect_host
;
2178 s
->device
.lmp_disconnect_slave
= bt_hci_lmp_disconnect_slave
;
2179 s
->device
.lmp_acl_data
= bt_hci_lmp_acl_data_slave
;
2180 s
->device
.lmp_acl_resp
= bt_hci_lmp_acl_data_host
;
2181 s
->device
.lmp_mode_change
= bt_hci_lmp_mode_change_slave
;
2184 /* Also keep in sync with supported commands bitmask in
2185 * bt_hci_read_local_commands_rp */
2186 s
->device
.lmp_caps
= 0x8000199b7e85355fll
;
2190 s
->info
.cmd_send
= bt_submit_hci
;
2191 s
->info
.sco_send
= bt_submit_sco
;
2192 s
->info
.acl_send
= bt_submit_acl
;
2193 s
->info
.bdaddr_set
= bt_hci_bdaddr_set
;
2195 s
->device
.handle_destroy
= bt_hci_destroy
;
2197 error_setg(&s
->replay_blocker
, QERR_REPLAY_NOT_SUPPORTED
, "-bt hci");
2198 replay_add_blocker(s
->replay_blocker
);
2203 struct HCIInfo
*hci_init(const char *str
)
2206 struct bt_scatternet_s
*vlan
= 0;
2208 if (!strcmp(str
, "null"))
2211 else if (!strncmp(str
, "host", 4) && (str
[4] == '\0' || str
[4] == ':'))
2213 return bt_host_hci(str
[4] ? str
+ 5 : "hci0");
2214 else if (!strncmp(str
, "hci", 3)) {
2217 if (!strncmp(str
+ 3, ",vlan=", 6)) {
2218 vlan
= qemu_find_bt_vlan(strtol(str
+ 9, &endp
, 0));
2223 vlan
= qemu_find_bt_vlan(0);
2225 return bt_new_hci(vlan
);
2228 fprintf(stderr
, "qemu: Unknown bluetooth HCI `%s'.\n", str
);
2233 static void bt_hci_done(struct HCIInfo
*info
)
2235 struct bt_hci_s
*hci
= hci_from_info(info
);
2238 bt_device_done(&hci
->device
);
2240 g_free((void *) hci
->device
.lmp_name
);
2242 /* Be gentle and send DISCONNECT to all connected peers and those
2243 * currently waiting for us to accept or reject a connection request.
2244 * This frees the links. */
2245 if (hci
->conn_req_host
) {
2246 bt_hci_connection_reject(hci
,
2247 hci
->conn_req_host
, HCI_OE_POWER_OFF
);
2251 for (handle
= HCI_HANDLE_OFFSET
;
2252 handle
< (HCI_HANDLE_OFFSET
| HCI_HANDLES_MAX
); handle
++)
2253 if (!bt_hci_handle_bad(hci
, handle
))
2254 bt_hci_disconnect(hci
, handle
, HCI_OE_POWER_OFF
);
2256 /* TODO: this is not enough actually, there may be slaves from whom
2257 * we have requested a connection who will soon (or not) respond with
2258 * an accept or a reject, so we should also check if hci->lm.connecting
2259 * is non-zero and if so, avoid freeing the hci but otherwise disappear
2260 * from all qemu social life (e.g. stop scanning and request to be
2261 * removed from s->device.net) and arrange for
2262 * s->device.lmp_connection_complete to free the remaining bits once
2263 * hci->lm.awaiting_bdaddr[] is empty. */
2265 timer_free(hci
->lm
.inquiry_done
);
2266 timer_free(hci
->lm
.inquiry_next
);
2267 timer_free(hci
->conn_accept_timer
);