/hw/bt-hci.c - Annotate - qemu - Greek Research and Technology Network's projects

balrog

/*

2

4e38eb54

balrog

 * QEMU Bluetooth HCI logic.

3

4e38eb54

balrog

4

4e38eb54

balrog

 * Copyright (C) 2007 OpenMoko, Inc.

5

4e38eb54

balrog

 * Copyright (C) 2008 Andrzej Zaborowski  <balrog@zabor.org>

6

4e38eb54

balrog

7

4e38eb54

balrog

 * This program is free software; you can redistribute it and/or

8

4e38eb54

balrog

 * modify it under the terms of the GNU General Public License as

9

4e38eb54

balrog

 * published by the Free Software Foundation; either version 2 of

10

4e38eb54

balrog

 * the License, or (at your option) any later version.

11

4e38eb54

balrog

12

4e38eb54

balrog

 * This program is distributed in the hope that it will be useful,

13

4e38eb54

balrog

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

14

4e38eb54

balrog

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

15

4e38eb54

balrog

 * GNU General Public License for more details.

16

4e38eb54

balrog

17

4e38eb54

balrog

 * You should have received a copy of the GNU General Public License

18

4e38eb54

balrog

 * along with this program; if not, write to the Free Software

19

4e38eb54

balrog

 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,

20

4e38eb54

balrog

 * MA  02110-1301  USA

21

4e38eb54

balrog

*/

22

4e38eb54

balrog

23

4e38eb54

balrog

#include "qemu-common.h"

24

4e38eb54

balrog

#include "qemu-timer.h"

25

4e38eb54

balrog

#include "usb.h"

26

4e38eb54

balrog

#include "net.h"

27

4e38eb54

balrog

#include "bt.h"

28

4e38eb54

balrog

29

4e38eb54

balrog

struct bt_hci_s {

30

4e38eb54

balrog

    uint8_t *(*evt_packet)(void *opaque);

31

4e38eb54

balrog

    void (*evt_submit)(void *opaque, int len);

32

4e38eb54

balrog

    void *opaque;

33

4e38eb54

balrog

    uint8_t evt_buf[256];

34

4e38eb54

balrog

35

4e38eb54

balrog

    uint8_t acl_buf[4096];

36

4e38eb54

balrog

    int acl_len;

37

4e38eb54

balrog

38

4e38eb54

balrog

    uint16_t asb_handle;

39

4e38eb54

balrog

    uint16_t psb_handle;

40

4e38eb54

balrog

41

4e38eb54

balrog

    int last_cmd;        /* Note: Always little-endian */

42

4e38eb54

balrog

43

4e38eb54

balrog

    struct bt_device_s *conn_req_host;

44

4e38eb54

balrog

45

4e38eb54

balrog

    struct {

46

4e38eb54

balrog

        int inquire;

47

4e38eb54

balrog

        int periodic;

48

4e38eb54

balrog

        int responses_left;

49

4e38eb54

balrog

        int responses;

50

4e38eb54

balrog

        QEMUTimer *inquiry_done;

51

4e38eb54

balrog

        QEMUTimer *inquiry_next;

52

4e38eb54

balrog

        int inquiry_length;

53

4e38eb54

balrog

        int inquiry_period;

54

4e38eb54

balrog

        int inquiry_mode;

55

4e38eb54

balrog

56

4e38eb54

balrog

#define HCI_HANDLE_OFFSET        0x20

57

4e38eb54

balrog

#define HCI_HANDLES_MAX                0x10

58

4e38eb54

balrog

        struct bt_hci_master_link_s {

59

4e38eb54

balrog

            struct bt_link_s *link;

60

4e38eb54

balrog

            void (*lmp_acl_data)(struct bt_link_s *link,

61

4e38eb54

balrog

                            const uint8_t *data, int start, int len);

62

4e38eb54

balrog

            QEMUTimer *acl_mode_timer;

63

4e38eb54

balrog

        } handle[HCI_HANDLES_MAX];

64

4e38eb54

balrog

        uint32_t role_bmp;

65

4e38eb54

balrog

        int last_handle;

66

4e38eb54

balrog

        int connecting;

67

4e38eb54

balrog

        bdaddr_t awaiting_bdaddr[HCI_HANDLES_MAX];

68

4e38eb54

balrog

    } lm;

69

4e38eb54

balrog

70

4e38eb54

balrog

    uint8_t event_mask[8];

71

4e38eb54

balrog

    uint16_t voice_setting;        /* Notw: Always little-endian */

72

4e38eb54

balrog

    uint16_t conn_accept_tout;

73

4e38eb54

balrog

    QEMUTimer *conn_accept_timer;

74

4e38eb54

balrog

75

4e38eb54

balrog

    struct HCIInfo info;

76

4e38eb54

balrog

    struct bt_device_s device;

77

4e38eb54

balrog

};

78

4e38eb54

balrog

79

4e38eb54

balrog

#define DEFAULT_RSSI_DBM        20

80

4e38eb54

balrog

81

4e38eb54

balrog

#define hci_from_info(ptr)        container_of((ptr), struct bt_hci_s, info)

82

4e38eb54

balrog

#define hci_from_device(ptr)        container_of((ptr), struct bt_hci_s, device)

83

4e38eb54

balrog

84

4e38eb54

balrog

struct bt_hci_link_s {

85

4e38eb54

balrog

    struct bt_link_s btlink;

86

4e38eb54

balrog

    uint16_t handle;        /* Local */

87

4e38eb54

balrog

};

88

4e38eb54

balrog

89

4e38eb54

balrog

/* LMP layer emulation */

92

4e38eb54

balrog

93

4e38eb54

balrog

    int resp, resplen, error, op, tr;

94

4e38eb54

balrog

    uint8_t respdata[17];

95

4e38eb54

balrog

96

4e38eb54

balrog

    if (length < 1)

97

4e38eb54

balrog

        return;

98

4e38eb54

balrog

99

4e38eb54

balrog

    tr = *data & 1;

100

4e38eb54

balrog

    op = *(data ++) >> 1;

101

4e38eb54

balrog

    resp = LMP_ACCEPTED;

102

4e38eb54

balrog

    resplen = 2;

103

4e38eb54

balrog

    respdata[1] = op;

104

4e38eb54

balrog

    error = 0;

105

4e38eb54

balrog

    length --;

106

4e38eb54

balrog

107

4e38eb54

balrog

    if (op >= 0x7c) {        /* Extended opcode */

108

4e38eb54

balrog

        op |= *(data ++) << 8;

109

4e38eb54

balrog

        resp = LMP_ACCEPTED_EXT;

110

4e38eb54

balrog

        resplen = 4;

111

4e38eb54

balrog

        respdata[0] = op >> 8;

112

4e38eb54

balrog

        respdata[1] = op & 0xff;

113

4e38eb54

balrog

        length --;

114

4e38eb54

balrog

115

4e38eb54

balrog

116

4e38eb54

balrog

    switch (op) {

117

4e38eb54

balrog

    case LMP_ACCEPTED:

118

4e38eb54

balrog

        /* data[0]        Op code

119

4e38eb54

balrog

*/

120

4e38eb54

balrog

        if (length < 1) {

121

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

122

4e38eb54

balrog

            goto not_accepted;

123

4e38eb54

balrog

124

4e38eb54

balrog

        resp = 0;

125

4e38eb54

balrog

        break;

126

4e38eb54

balrog

127

4e38eb54

balrog

    case LMP_ACCEPTED_EXT:

128

4e38eb54

balrog

        /* data[0]        Escape op code

129

4e38eb54

balrog

         * data[1]        Extended op code

130

4e38eb54

balrog

*/

131

4e38eb54

balrog

        if (length < 2) {

132

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

133

4e38eb54

balrog

            goto not_accepted;

134

4e38eb54

balrog

135

4e38eb54

balrog

        resp = 0;

136

4e38eb54

balrog

        break;

137

4e38eb54

balrog

138

4e38eb54

balrog

    case LMP_NOT_ACCEPTED:

139

4e38eb54

balrog

        /* data[0]        Op code

140

4e38eb54

balrog

         * data[1]        Error code

141

4e38eb54

balrog

*/

142

4e38eb54

balrog

        if (length < 2) {

143

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

144

4e38eb54

balrog

            goto not_accepted;

145

4e38eb54

balrog

146

4e38eb54

balrog

        resp = 0;

147

4e38eb54

balrog

        break;

148

4e38eb54

balrog

149

4e38eb54

balrog

    case LMP_NOT_ACCEPTED_EXT:

150

4e38eb54

balrog

        /* data[0]        Op code

151

4e38eb54

balrog

         * data[1]        Extended op code

152

4e38eb54

balrog

         * data[2]        Error code

153

4e38eb54

balrog

*/

154

4e38eb54

balrog

        if (length < 3) {

155

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

156

4e38eb54

balrog

            goto not_accepted;

157

4e38eb54

balrog

158

4e38eb54

balrog

        resp = 0;

159

4e38eb54

balrog

        break;

160

4e38eb54

balrog

161

4e38eb54

balrog

    case LMP_HOST_CONNECTION_REQ:

162

4e38eb54

balrog

        break;

163

4e38eb54

balrog

164

4e38eb54

balrog

    case LMP_SETUP_COMPLETE:

165

4e38eb54

balrog

        resp = LMP_SETUP_COMPLETE;

166

4e38eb54

balrog

        resplen = 1;

167

4e38eb54

balrog

        bt->setup = 1;

168

4e38eb54

balrog

        break;

169

4e38eb54

balrog

170

4e38eb54

balrog

    case LMP_DETACH:

171

4e38eb54

balrog

        /* data[0]        Error code

172

4e38eb54

balrog

*/

173

4e38eb54

balrog

        if (length < 1) {

174

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

175

4e38eb54

balrog

            goto not_accepted;

176

4e38eb54

balrog

177

4e38eb54

balrog

        bt->setup = 0;

178

4e38eb54

balrog

        resp = 0;

179

4e38eb54

balrog

        break;

180

4e38eb54

balrog

181

4e38eb54

balrog

    case LMP_SUPERVISION_TIMEOUT:

182

4e38eb54

balrog

        /* data[0,1]        Supervision timeout

183

4e38eb54

balrog

*/

184

4e38eb54

balrog

        if (length < 2) {

185

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

186

4e38eb54

balrog

            goto not_accepted;

187

4e38eb54

balrog

188

4e38eb54

balrog

        resp = 0;

189

4e38eb54

balrog

        break;

190

4e38eb54

balrog

191

4e38eb54

balrog

    case LMP_QUALITY_OF_SERVICE:

192

4e38eb54

balrog

        resp = 0;

193

4e38eb54

balrog

        /* Fall through */

194

4e38eb54

balrog

    case LMP_QOS_REQ:

195

4e38eb54

balrog

        /* data[0,1]        Poll interval

196

4e38eb54

balrog

         * data[2]        N(BC)

197

4e38eb54

balrog

*/

198

4e38eb54

balrog

        if (length < 3) {

199

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

200

4e38eb54

balrog

            goto not_accepted;

201

4e38eb54

balrog

202

4e38eb54

balrog

        break;

203

4e38eb54

balrog

204

4e38eb54

balrog

    case LMP_MAX_SLOT:

205

4e38eb54

balrog

        resp = 0;

206

4e38eb54

balrog

        /* Fall through */

207

4e38eb54

balrog

    case LMP_MAX_SLOT_REQ:

208

4e38eb54

balrog

        /* data[0]        Max slots

209

4e38eb54

balrog

*/

210

4e38eb54

balrog

        if (length < 1) {

211

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

212

4e38eb54

balrog

            goto not_accepted;

213

4e38eb54

balrog

214

4e38eb54

balrog

        break;

215

4e38eb54

balrog

216

4e38eb54

balrog

    case LMP_AU_RAND:

217

4e38eb54

balrog

    case LMP_IN_RAND:

218

4e38eb54

balrog

    case LMP_COMB_KEY:

219

4e38eb54

balrog

        /* data[0-15]        Random number

220

4e38eb54

balrog

*/

221

4e38eb54

balrog

        if (length < 16) {

222

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

223

4e38eb54

balrog

            goto not_accepted;

224

4e38eb54

balrog

225

4e38eb54

balrog

        if (op == LMP_AU_RAND) {

226

4e38eb54

balrog

            if (bt->key_present) {

227

4e38eb54

balrog

                resp = LMP_SRES;

228

4e38eb54

balrog

                resplen = 5;

229

4e38eb54

balrog

                /* XXX: [Part H] Section 6.1 on page 801 */

230

4e38eb54

balrog

            } else {

231

4e38eb54

balrog

                error = HCI_PIN_OR_KEY_MISSING;

232

4e38eb54

balrog

                goto not_accepted;

233

4e38eb54

balrog

234

4e38eb54

balrog

        } else if (op == LMP_IN_RAND) {

235

4e38eb54

balrog

            error = HCI_PAIRING_NOT_ALLOWED;

236

4e38eb54

balrog

            goto not_accepted;

237

4e38eb54

balrog

        } else {

238

4e38eb54

balrog

            /* XXX: [Part H] Section 3.2 on page 779 */

239

4e38eb54

balrog

            resp = LMP_UNIT_KEY;

240

4e38eb54

balrog

            resplen = 17;

241

4e38eb54

balrog

            memcpy(respdata + 1, bt->key, 16);

242

4e38eb54

balrog

243

4e38eb54

balrog

            error = HCI_UNIT_LINK_KEY_USED;

244

4e38eb54

balrog

            goto not_accepted;

245

4e38eb54

balrog

246

4e38eb54

balrog

        break;

247

4e38eb54

balrog

248

4e38eb54

balrog

    case LMP_UNIT_KEY:

249

4e38eb54

balrog

        /* data[0-15]        Key

250

4e38eb54

balrog

*/

251

4e38eb54

balrog

        if (length < 16) {

252

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

253

4e38eb54

balrog

            goto not_accepted;

254

4e38eb54

balrog

255

4e38eb54

balrog

        memcpy(bt->key, data, 16);

256

4e38eb54

balrog

        bt->key_present = 1;

257

4e38eb54

balrog

        break;

258

4e38eb54

balrog

259

4e38eb54

balrog

    case LMP_SRES:

260

4e38eb54

balrog

        /* data[0-3]        Authentication response

261

4e38eb54

balrog

*/

262

4e38eb54

balrog

        if (length < 4) {

263

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

264

4e38eb54

balrog

            goto not_accepted;

265

4e38eb54

balrog

266

4e38eb54

balrog

        break;

267

4e38eb54

balrog

268

4e38eb54

balrog

    case LMP_CLKOFFSET_REQ:

269

4e38eb54

balrog

        resp = LMP_CLKOFFSET_RES;

270

4e38eb54

balrog

        resplen = 3;

271

4e38eb54

balrog

        respdata[1] = 0x33;

272

4e38eb54

balrog

        respdata[2] = 0x33;

273

4e38eb54

balrog

        break;

274

4e38eb54

balrog

275

4e38eb54

balrog

    case LMP_CLKOFFSET_RES:

276

4e38eb54

balrog

        /* data[0,1]        Clock offset

277

4e38eb54

balrog

         * (Slave to master only)

278

4e38eb54

balrog

*/

279

4e38eb54

balrog

        if (length < 2) {

280

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

281

4e38eb54

balrog

            goto not_accepted;

282

4e38eb54

balrog

283

4e38eb54

balrog

        break;

284

4e38eb54

balrog

285

4e38eb54

balrog

    case LMP_VERSION_REQ:

286

4e38eb54

balrog

    case LMP_VERSION_RES:

287

4e38eb54

balrog

        /* data[0]        VersNr

288

4e38eb54

balrog

         * data[1,2]        CompId

289

4e38eb54

balrog

         * data[3,4]        SubVersNr

290

4e38eb54

balrog

*/

291

4e38eb54

balrog

        if (length < 5) {

292

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

293

4e38eb54

balrog

            goto not_accepted;

294

4e38eb54

balrog

295

4e38eb54

balrog

        if (op == LMP_VERSION_REQ) {

296

4e38eb54

balrog

            resp = LMP_VERSION_RES;

297

4e38eb54

balrog

            resplen = 6;

298

4e38eb54

balrog

            respdata[1] = 0x20;

299

4e38eb54

balrog

            respdata[2] = 0xff;

300

4e38eb54

balrog

            respdata[3] = 0xff;

301

4e38eb54

balrog

            respdata[4] = 0xff;

302

4e38eb54

balrog

            respdata[5] = 0xff;

303

4e38eb54

balrog

        } else

304

4e38eb54

balrog

            resp = 0;

305

4e38eb54

balrog

        break;

306

4e38eb54

balrog

307

4e38eb54

balrog

    case LMP_FEATURES_REQ:

308

4e38eb54

balrog

    case LMP_FEATURES_RES:

309

4e38eb54

balrog

        /* data[0-7]        Features

310

4e38eb54

balrog

*/

311

4e38eb54

balrog

        if (length < 8) {

312

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

313

4e38eb54

balrog

            goto not_accepted;

314

4e38eb54

balrog

315

4e38eb54

balrog

        if (op == LMP_FEATURES_REQ) {

316

4e38eb54

balrog

            resp = LMP_FEATURES_RES;

317

4e38eb54

balrog

            resplen = 9;

318

4e38eb54

balrog

            respdata[1] = (bt->lmp_caps >> 0) & 0xff;

319

4e38eb54

balrog

            respdata[2] = (bt->lmp_caps >> 8) & 0xff;

320

4e38eb54

balrog

            respdata[3] = (bt->lmp_caps >> 16) & 0xff;

321

4e38eb54

balrog

            respdata[4] = (bt->lmp_caps >> 24) & 0xff;

322

4e38eb54

balrog

            respdata[5] = (bt->lmp_caps >> 32) & 0xff;

323

4e38eb54

balrog

            respdata[6] = (bt->lmp_caps >> 40) & 0xff;

324

4e38eb54

balrog

            respdata[7] = (bt->lmp_caps >> 48) & 0xff;

325

4e38eb54

balrog

            respdata[8] = (bt->lmp_caps >> 56) & 0xff;

326

4e38eb54

balrog

        } else

327

4e38eb54

balrog

            resp = 0;

328

4e38eb54

balrog

        break;

329

4e38eb54

balrog

330

4e38eb54

balrog

    case LMP_NAME_REQ:

331

4e38eb54

balrog

        /* data[0]        Name offset

332

4e38eb54

balrog

*/

333

4e38eb54

balrog

        if (length < 1) {

334

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

335

4e38eb54

balrog

            goto not_accepted;

336

4e38eb54

balrog

337

4e38eb54

balrog

        resp = LMP_NAME_RES;

338

4e38eb54

balrog

        resplen = 17;

339

4e38eb54

balrog

        respdata[1] = data[0];

340

4e38eb54

balrog

        respdata[2] = strlen(bt->lmp_name);

341

4e38eb54

balrog

        memset(respdata + 3, 0x00, 14);

342

4e38eb54

balrog

        if (respdata[2] > respdata[1])

343

4e38eb54

balrog

            memcpy(respdata + 3, bt->lmp_name + respdata[1],

344

4e38eb54

balrog

                            respdata[2] - respdata[1]);

345

4e38eb54

balrog

        break;

346

4e38eb54

balrog

347

4e38eb54

balrog

    case LMP_NAME_RES:

348

4e38eb54

balrog

        /* data[0]        Name offset

349

4e38eb54

balrog

         * data[1]        Name length

350

4e38eb54

balrog

         * data[2-15]        Name fragment

351

4e38eb54

balrog

*/

352

4e38eb54

balrog

        if (length < 16) {

353

4e38eb54

balrog

            error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;

354

4e38eb54

balrog

            goto not_accepted;

355

4e38eb54

balrog

356

4e38eb54

balrog

        resp = 0;

357

4e38eb54

balrog

        break;

358

4e38eb54

balrog

359

4e38eb54

balrog

    default:

360

4e38eb54

balrog

        error = HCI_UNKNOWN_LMP_PDU;

361

4e38eb54

balrog

        /* Fall through */

362

4e38eb54

balrog

    not_accepted:

363

4e38eb54

balrog

        if (op >> 8) {

364

4e38eb54

balrog

            resp = LMP_NOT_ACCEPTED_EXT;

365

4e38eb54

balrog

            resplen = 5;

366

4e38eb54

balrog

            respdata[0] = op >> 8;

367

4e38eb54

balrog

            respdata[1] = op & 0xff;

368

4e38eb54

balrog

            respdata[2] = error;

369

4e38eb54

balrog

        } else {

370

4e38eb54

balrog

            resp = LMP_NOT_ACCEPTED;

371

4e38eb54

balrog

            resplen = 3;

372

4e38eb54

balrog

            respdata[0] = op & 0xff;

373

4e38eb54

balrog

            respdata[1] = error;

374

4e38eb54

balrog

375

4e38eb54

balrog

376

4e38eb54

balrog

377

4e38eb54

balrog

    if (resp == 0)

378

4e38eb54

balrog

        return;

379

4e38eb54

balrog

380

4e38eb54

balrog

    if (resp >> 8) {

381

4e38eb54

balrog

        respdata[0] = resp >> 8;

382

4e38eb54

balrog

        respdata[1] = resp & 0xff;

383

4e38eb54

balrog

    } else

384

4e38eb54

balrog

        respdata[0] = resp & 0xff;

385

4e38eb54

balrog

386

4e38eb54

balrog

    respdata[0] <<= 1;

387

4e38eb54

balrog

    respdata[0] |= tr;

388

4e38eb54

balrog

389

4e38eb54

balrog

391

4e38eb54

balrog

392

4e38eb54

balrog

    struct bt_device_s *slave;

393

4e38eb54

balrog

    if (length < 1)

394

4e38eb54

balrog

        return;

395

4e38eb54

balrog

396

4e38eb54

balrog

    slave = 0;

397

4e38eb54

balrog

#if 0

398

4e38eb54

balrog

    slave = net->slave;

399

4e38eb54

balrog

#endif

400

4e38eb54

balrog

401

4e38eb54

balrog

    switch (data[0] & 3) {

402

4e38eb54

balrog

    case LLID_ACLC:

403

4e38eb54

balrog

        bt_submit_lmp(slave, length - 1, data + 1);

404

4e38eb54

balrog

        break;

405

4e38eb54

balrog

    case LLID_ACLU_START:

406

4e38eb54

balrog

#if 0

407

4e38eb54

balrog

        bt_sumbit_l2cap(slave, length - 1, data + 1, (data[0] >> 2) & 1);

408

4e38eb54

balrog

        breka;

409

4e38eb54

balrog

#endif

410

4e38eb54

balrog

    default:

411

4e38eb54

balrog

    case LLID_ACLU_CONT:

412

4e38eb54

balrog

        break;

413

4e38eb54

balrog

414

4e38eb54

balrog

416

4e38eb54

balrog

417

4e38eb54

balrog

/* HCI layer emulation */

418

4e38eb54

balrog

419

4e38eb54

balrog

/* Note: we could ignore endiannes because unswapped handles will still

420

4e38eb54

balrog

 * be valid as connection identifiers for the guest - they don't have to

421

4e38eb54

balrog

 * be continuously allocated.  We do it though, to preserve similar

422

4e38eb54

balrog

 * behaviour between hosts.  Some things, like the BD_ADDR cannot be

423

4e38eb54

balrog

 * preserved though (for example if a real hci is used).  */

424

4e38eb54

balrog

#ifdef WORDS_BIGENDIAN

425

4e38eb54

balrog

# define HNDL(raw)        bswap16(raw)

426

4e38eb54

balrog

#else

427

4e38eb54

balrog

# define HNDL(raw)        (raw)

428

4e38eb54

balrog

#endif

429

4e38eb54

balrog

430

4e38eb54

balrog

static const uint8_t bt_event_reserved_mask[8] = {

431

4e38eb54

balrog

    0xff, 0x9f, 0xfb, 0xff, 0x07, 0x18, 0x00, 0x00,

432

4e38eb54

balrog

};

433

4e38eb54

balrog

434

4e38eb54

balrog

static inline uint8_t *bt_hci_event_start(struct bt_hci_s *hci,

435

4e38eb54

balrog

                int evt, int len)

436

4e38eb54

balrog

437

4e38eb54

balrog

    uint8_t *packet, mask;

438

4e38eb54

balrog

    int mask_byte;

439

4e38eb54

balrog

440

4e38eb54

balrog

    if (len > 255) {

441

4e38eb54

balrog

        fprintf(stderr, "%s: HCI event params too long (%ib)\n",

442

4e38eb54

balrog

                        __FUNCTION__, len);

443

4e38eb54

balrog

        exit(-1);

444

4e38eb54

balrog

445

4e38eb54

balrog

446

4e38eb54

balrog

    mask_byte = (evt - 1) >> 3;

447

4e38eb54

balrog

    mask = 1 << ((evt - 1) & 3);

448

4e38eb54

balrog

    if (mask & bt_event_reserved_mask[mask_byte] & ~hci->event_mask[mask_byte])

449

4e38eb54

balrog

        return 0;

450

4e38eb54

balrog

451

4e38eb54

balrog

    packet = hci->evt_packet(hci->opaque);

452

4e38eb54

balrog

    packet[0] = evt;

453

4e38eb54

balrog

    packet[1] = len;

454

4e38eb54

balrog

455

4e38eb54

balrog

    return &packet[2];

456

4e38eb54

balrog

457

4e38eb54

balrog

458

4e38eb54

balrog

static inline void bt_hci_event(struct bt_hci_s *hci, int evt,

459

4e38eb54

balrog

                void *params, int len)

460

4e38eb54

balrog

461

4e38eb54

balrog

    uint8_t *packet = bt_hci_event_start(hci, evt, len);

462

4e38eb54

balrog

463

4e38eb54

balrog

    if (!packet)

464

4e38eb54

balrog

        return;

465

4e38eb54

balrog

466

4e38eb54

balrog

    if (len)

467

4e38eb54

balrog

        memcpy(packet, params, len);

468

4e38eb54

balrog

469

4e38eb54

balrog

    hci->evt_submit(hci->opaque, len + 2);

470

4e38eb54

balrog

471

4e38eb54

balrog

472

4e38eb54

balrog

static inline void bt_hci_event_status(struct bt_hci_s *hci, int status)

473

4e38eb54

balrog

474

4e38eb54

balrog

    evt_cmd_status params = {

475

4e38eb54

balrog

        .status        = status,

476

4e38eb54

balrog

        .ncmd        = 1,

477

4e38eb54

balrog

        .opcode        = hci->last_cmd,

478

4e38eb54

balrog

};

479

4e38eb54

balrog

480

4e38eb54

balrog

    bt_hci_event(hci, EVT_CMD_STATUS, &params, EVT_CMD_STATUS_SIZE);

481

4e38eb54

balrog

482

4e38eb54

balrog

483

4e38eb54

balrog

static inline void bt_hci_event_complete(struct bt_hci_s *hci,

484

4e38eb54

balrog

                void *ret, int len)

485

4e38eb54

balrog

486

4e38eb54

balrog

    uint8_t *packet = bt_hci_event_start(hci, EVT_CMD_COMPLETE,

487

4e38eb54

balrog

                    len + EVT_CMD_COMPLETE_SIZE);

488

4e38eb54

balrog

    evt_cmd_complete *params = (evt_cmd_complete *) packet;

489

4e38eb54

balrog

490

4e38eb54

balrog

    if (!packet)

491

4e38eb54

balrog

        return;

492

4e38eb54

balrog

493

4e38eb54

balrog

    params->ncmd        = 1;

494

4e38eb54

balrog

    params->opcode        = hci->last_cmd;

495

4e38eb54

balrog

    if (len)

496

4e38eb54

balrog

        memcpy(&packet[EVT_CMD_COMPLETE_SIZE], ret, len);

497

4e38eb54

balrog

498

4e38eb54

balrog

    hci->evt_submit(hci->opaque, len + EVT_CMD_COMPLETE_SIZE + 2);

499

4e38eb54

balrog

500

4e38eb54

balrog

501

4e38eb54

balrog

static void bt_hci_inquiry_done(void *opaque)

502

4e38eb54

balrog

503

4e38eb54

balrog

    struct bt_hci_s *hci = (struct bt_hci_s *) opaque;

504

4e38eb54

balrog

    uint8_t status = HCI_SUCCESS;

505

4e38eb54

balrog

506

4e38eb54

balrog

    if (!hci->lm.periodic)

507

4e38eb54

balrog

        hci->lm.inquire = 0;

508

4e38eb54

balrog

509

4e38eb54

balrog

    /* The specification is inconsistent about this one.  Page 565 reads

510

4e38eb54

balrog

     * "The event parameters of Inquiry Complete event will have a summary

511

4e38eb54

balrog

     * of the result from the Inquiry process, which reports the number of

512

4e38eb54

balrog

     * nearby Bluetooth devices that responded [so hci->responses].", but

513

4e38eb54

balrog

     * Event Parameters (see page 729) has only Status.  */

514

4e38eb54

balrog

    bt_hci_event(hci, EVT_INQUIRY_COMPLETE, &status, 1);

515

4e38eb54

balrog

516

4e38eb54

balrog

517

4e38eb54

balrog

static void bt_hci_inquiry_result_standard(struct bt_hci_s *hci,

518

4e38eb54

balrog

                struct bt_device_s *slave)

519

4e38eb54

balrog

520

4e38eb54

balrog

    inquiry_info params = {

521

4e38eb54

balrog

        .num_responses                = 1,

522

4e38eb54

balrog

        .bdaddr                        = BAINIT(&slave->bd_addr),

523

4e38eb54

balrog

        .pscan_rep_mode                = 0x00,        /* R0 */

524

4e38eb54

balrog

        .pscan_period_mode        = 0x00,        /* P0 - deprecated */

525

4e38eb54

balrog

        .pscan_mode                = 0x00,        /* Standard scan - deprecated */

526

4e38eb54

balrog

        .dev_class[0]                = slave->class[0],

527

4e38eb54

balrog

        .dev_class[1]                = slave->class[1],

528

4e38eb54

balrog

        .dev_class[2]                = slave->class[2],

529

4e38eb54

balrog

        /* TODO: return the clkoff *differenece* */

530

4e38eb54

balrog

        .clock_offset                = slave->clkoff,        /* Note: no swapping */

531

4e38eb54

balrog

};

532

4e38eb54

balrog

533

4e38eb54

balrog

    bt_hci_event(hci, EVT_INQUIRY_RESULT, &params, INQUIRY_INFO_SIZE);

534

4e38eb54

balrog

535

4e38eb54

balrog

536

4e38eb54

balrog

static void bt_hci_inquiry_result_with_rssi(struct bt_hci_s *hci,

537

4e38eb54

balrog

                struct bt_device_s *slave)

538

4e38eb54

balrog

539

4e38eb54

balrog

    inquiry_info_with_rssi params = {

540

4e38eb54

balrog

        .num_responses                = 1,

541

4e38eb54

balrog

        .bdaddr                        = BAINIT(&slave->bd_addr),

542

4e38eb54

balrog

        .pscan_rep_mode                = 0x00,        /* R0 */

543

4e38eb54

balrog

        .pscan_period_mode        = 0x00,        /* P0 - deprecated */

544

4e38eb54

balrog

        .dev_class[0]                = slave->class[0],

545

4e38eb54

balrog

        .dev_class[1]                = slave->class[1],

546

4e38eb54

balrog

        .dev_class[2]                = slave->class[2],

547

4e38eb54

balrog

        /* TODO: return the clkoff *differenece* */

548

4e38eb54

balrog

        .clock_offset                = slave->clkoff,        /* Note: no swapping */

549

4e38eb54

balrog

        .rssi                        = DEFAULT_RSSI_DBM,

550

4e38eb54

balrog

};

551

4e38eb54

balrog

552

4e38eb54

balrog

    bt_hci_event(hci, EVT_INQUIRY_RESULT_WITH_RSSI,

553

4e38eb54

balrog

                    &params, INQUIRY_INFO_WITH_RSSI_SIZE);

554

4e38eb54

balrog

555

4e38eb54

balrog

556

4e38eb54

balrog

static void bt_hci_inquiry_result(struct bt_hci_s *hci,

557

4e38eb54

balrog

                struct bt_device_s *slave)

558

4e38eb54

balrog

559

4e38eb54

balrog

    if (!slave->inquiry_scan || !hci->lm.responses_left)

560

4e38eb54

balrog

        return;

561

4e38eb54

balrog

562

4e38eb54

balrog

    hci->lm.responses_left --;

563

4e38eb54

balrog

    hci->lm.responses ++;

564

4e38eb54

balrog

565

4e38eb54

balrog

    switch (hci->lm.inquiry_mode) {

566

4e38eb54

balrog

    case 0x00:

567

4e38eb54

balrog

        return bt_hci_inquiry_result_standard(hci, slave);

568

4e38eb54

balrog

    case 0x01:

569

4e38eb54

balrog

        return bt_hci_inquiry_result_with_rssi(hci, slave);

570

4e38eb54

balrog

    default:

571

4e38eb54

balrog

        fprintf(stderr, "%s: bad inquiry mode %02x\n", __FUNCTION__,

572

4e38eb54

balrog

                        hci->lm.inquiry_mode);

573

4e38eb54

balrog

        exit(-1);

574

4e38eb54

balrog

575

4e38eb54

balrog

576

4e38eb54

balrog

577

4e38eb54

balrog

static void bt_hci_mod_timer_1280ms(QEMUTimer *timer, int period)

578

4e38eb54

balrog

579

4e38eb54

balrog

    qemu_mod_timer(timer, qemu_get_clock(vm_clock) +

580

4e38eb54

balrog

                    muldiv64(period << 7, ticks_per_sec, 100));

581

4e38eb54

balrog

582

4e38eb54

balrog

583

4e38eb54

balrog

static void bt_hci_inquiry_start(struct bt_hci_s *hci, int length)

584

4e38eb54

balrog

585

4e38eb54

balrog

    struct bt_device_s *slave;

586

4e38eb54

balrog

587

4e38eb54

balrog

    hci->lm.inquiry_length = length;

588

4e38eb54

balrog

    for (slave = hci->device.net->slave; slave; slave = slave->next)

589

4e38eb54

balrog

        /* Don't uncover ourselves.  */

590

4e38eb54

balrog

        if (slave != &hci->device)

591

4e38eb54

balrog

            bt_hci_inquiry_result(hci, slave);

592

4e38eb54

balrog

593

4e38eb54

balrog

    /* TODO: register for a callback on a new device's addition to the

594

4e38eb54

balrog

     * scatternet so that if it's added before inquiry_length expires,

595

4e38eb54

balrog

     * an Inquiry Result is generated immediately.  Alternatively re-loop

596

4e38eb54

balrog

     * through the devices on the inquiry_length expiration and report

597

4e38eb54

balrog

     * devices not seen before.  */

598

4e38eb54

balrog

    if (hci->lm.responses_left)

599

4e38eb54

balrog

        bt_hci_mod_timer_1280ms(hci->lm.inquiry_done, hci->lm.inquiry_length);

600

4e38eb54

balrog

    else

601

4e38eb54

balrog

        bt_hci_inquiry_done(hci);

602

4e38eb54

balrog

603

4e38eb54

balrog

    if (hci->lm.periodic)

604

4e38eb54

balrog

        bt_hci_mod_timer_1280ms(hci->lm.inquiry_next, hci->lm.inquiry_period);

605

4e38eb54

balrog

606

4e38eb54

balrog

607

4e38eb54

balrog

static void bt_hci_inquiry_next(void *opaque)

608

4e38eb54

balrog

609

4e38eb54

balrog

    struct bt_hci_s *hci = (struct bt_hci_s *) opaque;

610

4e38eb54

balrog

611

4e38eb54

balrog

    hci->lm.responses_left += hci->lm.responses;

612

4e38eb54

balrog

    hci->lm.responses = 0;

613

4e38eb54

balrog

    bt_hci_inquiry_start(hci,  hci->lm.inquiry_length);

614

4e38eb54

balrog

615

4e38eb54

balrog

616

4e38eb54

balrog

static inline int bt_hci_handle_bad(struct bt_hci_s *hci, uint16_t handle)

617

4e38eb54

balrog

618

4e38eb54

balrog

    return !(handle & HCI_HANDLE_OFFSET) ||

619

4e38eb54

balrog

            handle >= (HCI_HANDLE_OFFSET | HCI_HANDLES_MAX) ||

620

4e38eb54

balrog

            !hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;

621

4e38eb54

balrog

622

4e38eb54

balrog

623

4e38eb54

balrog

static inline int bt_hci_role_master(struct bt_hci_s *hci, uint16_t handle)

624

4e38eb54

balrog

625

4e38eb54

balrog

    return !!(hci->lm.role_bmp & (1 << (handle & ~HCI_HANDLE_OFFSET)));

626

4e38eb54

balrog

627

4e38eb54

balrog

628

4e38eb54

balrog

static inline struct bt_device_s *bt_hci_remote_dev(struct bt_hci_s *hci,

629

4e38eb54

balrog

                uint16_t handle)

630

4e38eb54

balrog

631

4e38eb54

balrog

    struct bt_link_s *link = hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;

632

4e38eb54

balrog

633

4e38eb54

balrog

    return bt_hci_role_master(hci, handle) ? link->slave : link->host;

634

4e38eb54

balrog

635

4e38eb54

balrog

636

4e38eb54

balrog

static void bt_hci_mode_tick(void *opaque);

637

4e38eb54

balrog

static void bt_hci_lmp_link_establish(struct bt_hci_s *hci,

638

4e38eb54

balrog

                struct bt_link_s *link, int master)

639

4e38eb54

balrog

640

4e38eb54

balrog

    hci->lm.handle[hci->lm.last_handle].link = link;

641

4e38eb54

balrog

642

4e38eb54

balrog

    if (master) {

643

4e38eb54

balrog

        /* We are the master side of an ACL link */

644

4e38eb54

balrog

        hci->lm.role_bmp |= 1 << hci->lm.last_handle;

645

4e38eb54

balrog

646

4e38eb54

balrog

        hci->lm.handle[hci->lm.last_handle].lmp_acl_data =

647

4e38eb54

balrog

                link->slave->lmp_acl_data;

648

4e38eb54

balrog

    } else {

649

4e38eb54

balrog

        /* We are the slave side of an ACL link */

650

4e38eb54

balrog

        hci->lm.role_bmp &= ~(1 << hci->lm.last_handle);

651

4e38eb54

balrog

652

4e38eb54

balrog

        hci->lm.handle[hci->lm.last_handle].lmp_acl_data =

653

4e38eb54

balrog

                link->host->lmp_acl_resp;

654

4e38eb54

balrog

655

4e38eb54

balrog

656

4e38eb54

balrog

    /* Mode */

657

4e38eb54

balrog

    if (master) {

658

4e38eb54

balrog

        link->acl_mode = acl_active;

659

4e38eb54

balrog

        hci->lm.handle[hci->lm.last_handle].acl_mode_timer =

660

4e38eb54

balrog

                qemu_new_timer(vm_clock, bt_hci_mode_tick, link);

661

4e38eb54

balrog

662

4e38eb54

balrog

663

4e38eb54

balrog

664

4e38eb54

balrog

static void bt_hci_lmp_link_teardown(struct bt_hci_s *hci, uint16_t handle)

665

4e38eb54

balrog

666

4e38eb54

balrog

    handle &= ~HCI_HANDLE_OFFSET;

667

4e38eb54

balrog

    hci->lm.handle[handle].link = 0;

668

4e38eb54

balrog

669

4e38eb54

balrog

    if (bt_hci_role_master(hci, handle)) {

670

4e38eb54

balrog

        qemu_del_timer(hci->lm.handle[handle].acl_mode_timer);

671

4e38eb54

balrog

        qemu_free_timer(hci->lm.handle[handle].acl_mode_timer);

672

4e38eb54

balrog

673

4e38eb54

balrog

674

4e38eb54

balrog

675

4e38eb54

balrog

static int bt_hci_connect(struct bt_hci_s *hci, bdaddr_t *bdaddr)

676

4e38eb54

balrog

677

4e38eb54

balrog

    struct bt_device_s *slave;

678

4e38eb54

balrog

    struct bt_link_s link;

679

4e38eb54

balrog

680

4e38eb54

balrog

    for (slave = hci->device.net->slave; slave; slave = slave->next)

681

4e38eb54

balrog

        if (slave->page_scan && !bacmp(&slave->bd_addr, bdaddr))

682

4e38eb54

balrog

            break;

683

4e38eb54

balrog

    if (!slave || slave == &hci->device)

684

4e38eb54

balrog

        return -ENODEV;

685

4e38eb54

balrog

686

4e38eb54

balrog

    bacpy(&hci->lm.awaiting_bdaddr[hci->lm.connecting ++], &slave->bd_addr);

687

4e38eb54

balrog

688

4e38eb54

balrog

    link.slave = slave;

689

4e38eb54

balrog

    link.host = &hci->device;

690

4e38eb54

balrog

    link.slave->lmp_connection_request(&link);        /* Always last */

691

4e38eb54

balrog

692

4e38eb54

balrog

    return 0;

693

4e38eb54

balrog

694

4e38eb54

balrog

695

4e38eb54

balrog

static void bt_hci_connection_reject(struct bt_hci_s *hci,

696

4e38eb54

balrog

                struct bt_device_s *host, uint8_t because)

697

4e38eb54

balrog

698

4e38eb54

balrog

    struct bt_link_s link = {

699

4e38eb54

balrog

        .slave        = &hci->device,

700

4e38eb54

balrog

        .host        = host,

701

4e38eb54

balrog

        /* Rest uninitialised */

702

4e38eb54

balrog

};

703

4e38eb54

balrog

704

4e38eb54

balrog

    host->reject_reason = because;

705

4e38eb54

balrog

    host->lmp_connection_complete(&link);

706

4e38eb54

balrog

707

4e38eb54

balrog

708

4e38eb54

balrog

static void bt_hci_connection_reject_event(struct bt_hci_s *hci,

709

4e38eb54

balrog

                bdaddr_t *bdaddr)

710

4e38eb54

balrog

711

4e38eb54

balrog

    evt_conn_complete params;

712

4e38eb54

balrog

713

4e38eb54

balrog

    params.status        = HCI_NO_CONNECTION;

714

4e38eb54

balrog

    params.handle        = 0;

715

4e38eb54

balrog

    bacpy(&params.bdaddr, bdaddr);

716

4e38eb54

balrog

    params.link_type        = ACL_LINK;

717

4e38eb54

balrog

    params.encr_mode        = 0x00;                /* Encryption not required */

718

4e38eb54

balrog

    bt_hci_event(hci, EVT_CONN_COMPLETE, &params, EVT_CONN_COMPLETE_SIZE);

719

4e38eb54

balrog

720

4e38eb54

balrog

721

4e38eb54

balrog

static void bt_hci_connection_accept(struct bt_hci_s *hci,

722

4e38eb54

balrog

                struct bt_device_s *host)

723

4e38eb54

balrog

724

4e38eb54

balrog

    struct bt_hci_link_s *link = qemu_mallocz(sizeof(struct bt_hci_link_s));

725

4e38eb54

balrog

    evt_conn_complete params;

726

4e38eb54

balrog

    uint16_t handle;

727

4e38eb54

balrog

    uint8_t status = HCI_SUCCESS;

728

4e38eb54

balrog

    int tries = HCI_HANDLES_MAX;

729

4e38eb54

balrog

730

4e38eb54

balrog

    /* Make a connection handle */

731

4e38eb54

balrog

    do {

732

4e38eb54

balrog

        while (hci->lm.handle[++ hci->lm.last_handle].link && -- tries)

733

4e38eb54

balrog

            hci->lm.last_handle &= HCI_HANDLES_MAX - 1;

734

4e38eb54

balrog

        handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;

735

4e38eb54

balrog

    } while ((handle == hci->asb_handle || handle == hci->psb_handle) &&

736

4e38eb54

balrog

            tries);

737

4e38eb54

balrog

738

4e38eb54

balrog

    if (!tries) {

739

4e38eb54

balrog

        qemu_free(link);

740

4e38eb54

balrog

        bt_hci_connection_reject(hci, host, HCI_REJECTED_LIMITED_RESOURCES);

741

4e38eb54

balrog

        status = HCI_NO_CONNECTION;

742

4e38eb54

balrog

        goto complete;

743

4e38eb54

balrog

744

4e38eb54

balrog

745

4e38eb54

balrog

    link->btlink.slave        = &hci->device;

746

4e38eb54

balrog

    link->btlink.host        = host;

747

4e38eb54

balrog

    link->handle = handle;

748

4e38eb54

balrog

749

4e38eb54

balrog

    /* Link established */

750

4e38eb54

balrog

    bt_hci_lmp_link_establish(hci, &link->btlink, 0);

751

4e38eb54

balrog

752

4e38eb54

balrog

complete:

753

4e38eb54

balrog

    params.status        = status;

754

4e38eb54

balrog

    params.handle        = HNDL(handle);

755

4e38eb54

balrog

    bacpy(&params.bdaddr, &host->bd_addr);

756

4e38eb54

balrog

    params.link_type        = ACL_LINK;

757

4e38eb54

balrog

    params.encr_mode        = 0x00;                /* Encryption not required */

758

4e38eb54

balrog

    bt_hci_event(hci, EVT_CONN_COMPLETE, &params, EVT_CONN_COMPLETE_SIZE);

759

4e38eb54

balrog

760

4e38eb54

balrog

    /* Neets to be done at the very end because it can trigger a (nested)

761

4e38eb54

balrog

     * disconnected, in case the other and had cancelled the request

762

4e38eb54

balrog

     * locally.  */

763

4e38eb54

balrog

    if (status == HCI_SUCCESS) {

764

4e38eb54

balrog

        host->reject_reason = 0;

765

4e38eb54

balrog

        host->lmp_connection_complete(&link->btlink);

766

4e38eb54

balrog

767

4e38eb54

balrog

768

4e38eb54

balrog

769

4e38eb54

balrog

static void bt_hci_lmp_connection_request(struct bt_link_s *link)

770

4e38eb54

balrog

771

4e38eb54

balrog

    struct bt_hci_s *hci = hci_from_device(link->slave);

772

4e38eb54

balrog

    evt_conn_request params;

773

4e38eb54

balrog

774

4e38eb54

balrog

    if (hci->conn_req_host)

775

4e38eb54

balrog

        return bt_hci_connection_reject(hci, link->host,

776

4e38eb54

balrog

                        HCI_REJECTED_LIMITED_RESOURCES);

777

4e38eb54

balrog

    hci->conn_req_host = link->host;

778

4e38eb54

balrog

    /* TODO: if masked and auto-accept, then auto-accept,

779

4e38eb54

balrog

     * if masked and not auto-accept, then auto-reject */

780

4e38eb54

balrog

    /* TODO: kick the hci->conn_accept_timer, timeout after

781

4e38eb54

balrog

     * hci->conn_accept_tout * 0.625 msec */

782

4e38eb54

balrog

783

4e38eb54

balrog

    bacpy(&params.bdaddr, &link->host->bd_addr);

784

4e38eb54

balrog

    memcpy(&params.dev_class, &link->host->class, sizeof(params.dev_class));

785

4e38eb54

balrog

    params.link_type        = ACL_LINK;

786

4e38eb54

balrog

    bt_hci_event(hci, EVT_CONN_REQUEST, &params, EVT_CONN_REQUEST_SIZE);

787

4e38eb54

balrog

    return;

788

4e38eb54

balrog

789

4e38eb54

balrog

790

4e38eb54

balrog

static void bt_hci_conn_accept_timeout(void *opaque)

791

4e38eb54

balrog

792

4e38eb54

balrog

    struct bt_hci_s *hci = (struct bt_hci_s *) opaque;

793

4e38eb54

balrog

794

4e38eb54

balrog

    if (!hci->conn_req_host)

795

4e38eb54

balrog

        /* Already accepted or rejected.  If the other end cancelled the

796

4e38eb54

balrog

         * connection request then we still have to reject or accept it

797

4e38eb54

balrog

         * and then we'll get a disconnect.  */

798

4e38eb54

balrog

        return;

799

4e38eb54

balrog

800

4e38eb54

balrog

    /* TODO */

801

4e38eb54

balrog

802

4e38eb54

balrog

803

4e38eb54

balrog

/* Remove from the list of devices which we wanted to connect to and

804

4e38eb54

balrog

 * are awaiting a response from.  If the callback sees a response from

805

4e38eb54

balrog

 * a device which is not on the list it will assume it's a connection

806

4e38eb54

balrog

 * that's been cancelled by the host in the meantime and immediately

807

4e38eb54

balrog

 * try to detach the link and send a Connection Complete.  */

808

4e38eb54

balrog

static int bt_hci_lmp_connection_ready(struct bt_hci_s *hci,

809

4e38eb54

balrog

                bdaddr_t *bdaddr)

810

4e38eb54

balrog

811

4e38eb54

balrog

    int i;

812

4e38eb54

balrog

813

4e38eb54

balrog

    for (i = 0; i < hci->lm.connecting; i ++)

814

4e38eb54

balrog

        if (!bacmp(&hci->lm.awaiting_bdaddr[i], bdaddr)) {

815

4e38eb54

balrog

            if (i < -- hci->lm.connecting)

816

4e38eb54

balrog

                bacpy(&hci->lm.awaiting_bdaddr[i],

817

4e38eb54

balrog

                                &hci->lm.awaiting_bdaddr[hci->lm.connecting]);

818

4e38eb54

balrog

            return 0;

819

4e38eb54

balrog

820

4e38eb54

balrog

821

4e38eb54

balrog

    return 1;

822

4e38eb54

balrog

823

4e38eb54

balrog

824

4e38eb54

balrog

static void bt_hci_lmp_connection_complete(struct bt_link_s *link)

825

4e38eb54

balrog

826

4e38eb54

balrog

    struct bt_hci_s *hci = hci_from_device(link->host);

827

4e38eb54

balrog

    evt_conn_complete params;

828

4e38eb54

balrog

    uint16_t handle;

829

4e38eb54

balrog

    uint8_t status = HCI_SUCCESS;

830

4e38eb54

balrog

    int tries = HCI_HANDLES_MAX;

831

4e38eb54

balrog

832

4e38eb54

balrog

    if (bt_hci_lmp_connection_ready(hci, &link->slave->bd_addr)) {

833

4e38eb54

balrog

        if (!hci->device.reject_reason)

834

4e38eb54

balrog

            link->slave->lmp_disconnect_slave(link);

835

4e38eb54

balrog

        handle = 0;

836

4e38eb54

balrog

        status = HCI_NO_CONNECTION;

837

4e38eb54

balrog

        goto complete;

838

4e38eb54

balrog

839

4e38eb54

balrog

840

4e38eb54

balrog

    if (hci->device.reject_reason) {

841

4e38eb54

balrog

        handle = 0;

842

4e38eb54

balrog

        status = hci->device.reject_reason;

843

4e38eb54

balrog

        goto complete;

844

4e38eb54

balrog

845

4e38eb54

balrog

846

4e38eb54

balrog

    /* Make a connection handle */

847

4e38eb54

balrog

    do {

848

4e38eb54

balrog

        while (hci->lm.handle[++ hci->lm.last_handle].link && -- tries)

849

4e38eb54

balrog

            hci->lm.last_handle &= HCI_HANDLES_MAX - 1;

850

4e38eb54

balrog

        handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;

851

4e38eb54

balrog

    } while ((handle == hci->asb_handle || handle == hci->psb_handle) &&

852

4e38eb54

balrog

            tries);

853

4e38eb54

balrog

854

4e38eb54

balrog

    if (!tries) {

855

4e38eb54

balrog

        link->slave->lmp_disconnect_slave(link);

856

4e38eb54

balrog

        status = HCI_NO_CONNECTION;

857

4e38eb54

balrog

        goto complete;

858

4e38eb54

balrog

859

4e38eb54

balrog

860

4e38eb54

balrog

    /* Link established */

861

4e38eb54

balrog

    link->handle = handle;

862

4e38eb54

balrog

    bt_hci_lmp_link_establish(hci, link, 1);

863

4e38eb54

balrog

864

4e38eb54

balrog

complete:

865

4e38eb54

balrog

    params.status        = status;

866

4e38eb54

balrog

    params.handle        = HNDL(handle);

867

4e38eb54

balrog

    params.link_type        = ACL_LINK;

868

4e38eb54

balrog

    bacpy(&params.bdaddr, &link->slave->bd_addr);

869

4e38eb54

balrog

    params.encr_mode        = 0x00;                /* Encryption not required */

870

4e38eb54

balrog

    bt_hci_event(hci, EVT_CONN_COMPLETE, &params, EVT_CONN_COMPLETE_SIZE);

871

4e38eb54

balrog

872

4e38eb54

balrog

873

4e38eb54

balrog

static void bt_hci_disconnect(struct bt_hci_s *hci,

874

4e38eb54

balrog

                uint16_t handle, int reason)

875

4e38eb54

balrog

876

4e38eb54

balrog

    struct bt_link_s *btlink =

877

4e38eb54

balrog

            hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;

878

4e38eb54

balrog

    struct bt_hci_link_s *link;

879

4e38eb54

balrog

    evt_disconn_complete params;

880

4e38eb54

balrog

881

4e38eb54

balrog

    if (bt_hci_role_master(hci, handle)) {

882

4e38eb54

balrog

        btlink->slave->reject_reason = reason;

883

4e38eb54

balrog

        btlink->slave->lmp_disconnect_slave(btlink);

884

4e38eb54

balrog

        /* The link pointer is invalid from now on */

885

4e38eb54

balrog

886

4e38eb54

balrog

        goto complete;

887

4e38eb54

balrog

888

4e38eb54

balrog

889

4e38eb54

balrog

    btlink->host->reject_reason = reason;

890

4e38eb54

balrog

    btlink->host->lmp_disconnect_master(btlink);

891

4e38eb54

balrog

892

4e38eb54

balrog

    /* We are the slave, we get to clean this burden */

893

4e38eb54

balrog

    link = (struct bt_hci_link_s *) btlink;

894

4e38eb54

balrog

    qemu_free(link);

895

4e38eb54

balrog

896

4e38eb54

balrog

complete:

897

4e38eb54

balrog

    bt_hci_lmp_link_teardown(hci, handle);

898

4e38eb54

balrog

899

4e38eb54

balrog

    params.status        = HCI_SUCCESS;

900

4e38eb54

balrog

    params.handle        = HNDL(handle);

901

4e38eb54

balrog

    params.reason        = HCI_CONNECTION_TERMINATED;

902

4e38eb54

balrog

    bt_hci_event(hci, EVT_DISCONN_COMPLETE,

903

4e38eb54

balrog

                    &params, EVT_DISCONN_COMPLETE_SIZE);

904

4e38eb54

balrog

905

4e38eb54

balrog

906

4e38eb54

balrog

/* TODO: use only one function */

907

4e38eb54

balrog

static void bt_hci_lmp_disconnect_host(struct bt_link_s *link)

908

4e38eb54

balrog

909

4e38eb54

balrog

    struct bt_hci_s *hci = hci_from_device(link->host);

910

4e38eb54

balrog

    uint16_t handle = link->handle;

911

4e38eb54

balrog

    evt_disconn_complete params;

912

4e38eb54

balrog

913

4e38eb54

balrog

    bt_hci_lmp_link_teardown(hci, handle);

914

4e38eb54

balrog

915

4e38eb54

balrog

    params.status        = HCI_SUCCESS;

916

4e38eb54

balrog

    params.handle        = HNDL(handle);

917

4e38eb54

balrog

    params.reason        = hci->device.reject_reason;

918

4e38eb54

balrog

    bt_hci_event(hci, EVT_DISCONN_COMPLETE,

919

4e38eb54

balrog

                    &params, EVT_DISCONN_COMPLETE_SIZE);

920

4e38eb54

balrog

921

4e38eb54

balrog

922

4e38eb54

balrog

static void bt_hci_lmp_disconnect_slave(struct bt_link_s *btlink)

923

4e38eb54

balrog

924

4e38eb54

balrog

    struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;

925

4e38eb54

balrog

    struct bt_hci_s *hci = hci_from_device(btlink->slave);

926

4e38eb54

balrog

    uint16_t handle = link->handle;

927

4e38eb54

balrog

    evt_disconn_complete params;

928

4e38eb54

balrog

929

4e38eb54

balrog

    qemu_free(link);

930

4e38eb54

balrog

931

4e38eb54

balrog

    bt_hci_lmp_link_teardown(hci, handle);

932

4e38eb54

balrog

933

4e38eb54

balrog

    params.status        = HCI_SUCCESS;

934

4e38eb54

balrog

    params.handle        = HNDL(handle);

935

4e38eb54

balrog

    params.reason        = hci->device.reject_reason;

936

4e38eb54

balrog

    bt_hci_event(hci, EVT_DISCONN_COMPLETE,

937

4e38eb54

balrog

                    &params, EVT_DISCONN_COMPLETE_SIZE);

938

4e38eb54

balrog

939

4e38eb54

balrog

940

4e38eb54

balrog

static int bt_hci_name_req(struct bt_hci_s *hci, bdaddr_t *bdaddr)

941

4e38eb54

balrog

942

4e38eb54

balrog

    struct bt_device_s *slave;

943

4e38eb54

balrog

    evt_remote_name_req_complete params;

944

4e38eb54

balrog

    int len;

945

4e38eb54

balrog

946

4e38eb54

balrog

    for (slave = hci->device.net->slave; slave; slave = slave->next)

947

4e38eb54

balrog

        if (slave->page_scan && !bacmp(&slave->bd_addr, bdaddr))

948

4e38eb54

balrog

            break;

949

4e38eb54

balrog

    if (!slave)

950

4e38eb54

balrog

        return -ENODEV;

951

4e38eb54

balrog

952

4e38eb54

balrog

    bt_hci_event_status(hci, HCI_SUCCESS);

953

4e38eb54

balrog

954

4e38eb54

balrog

    params.status       = HCI_SUCCESS;

955

4e38eb54

balrog

    bacpy(&params.bdaddr, &slave->bd_addr);

956

4e38eb54

balrog

    len = snprintf(params.name, sizeof(params.name),

957

4e38eb54

balrog

                    "%s", slave->lmp_name ?: "");

958

4e38eb54

balrog

    memset(params.name + len, 0, sizeof(params.name) - len);

959

4e38eb54

balrog

    bt_hci_event(hci, EVT_REMOTE_NAME_REQ_COMPLETE,

960

4e38eb54

balrog

                    &params, EVT_REMOTE_NAME_REQ_COMPLETE_SIZE);

961

4e38eb54

balrog

962

4e38eb54

balrog

    return 0;

963

4e38eb54

balrog

964

4e38eb54

balrog

965

4e38eb54

balrog

static int bt_hci_features_req(struct bt_hci_s *hci, uint16_t handle)

966

4e38eb54

balrog

967

4e38eb54

balrog

    struct bt_device_s *slave;

968

4e38eb54

balrog

    evt_read_remote_features_complete params;

969

4e38eb54

balrog

970

4e38eb54

balrog

    if (bt_hci_handle_bad(hci, handle))

971

4e38eb54

balrog

        return -ENODEV;

972

4e38eb54

balrog

973

4e38eb54

balrog

    slave = bt_hci_remote_dev(hci, handle);

974

4e38eb54

balrog

975

4e38eb54

balrog

    bt_hci_event_status(hci, HCI_SUCCESS);

976

4e38eb54

balrog

977

4e38eb54

balrog

    params.status        = HCI_SUCCESS;

978

4e38eb54

balrog

    params.handle        = HNDL(handle);

979

4e38eb54

balrog

    params.features[0]        = (slave->lmp_caps >>  0) & 0xff;

980

4e38eb54

balrog

    params.features[1]        = (slave->lmp_caps >>  8) & 0xff;

981

4e38eb54

balrog

    params.features[2]        = (slave->lmp_caps >> 16) & 0xff;

982

4e38eb54

balrog

    params.features[3]        = (slave->lmp_caps >> 24) & 0xff;

983

4e38eb54

balrog

    params.features[4]        = (slave->lmp_caps >> 32) & 0xff;

984

4e38eb54

balrog

    params.features[5]        = (slave->lmp_caps >> 40) & 0xff;

985

4e38eb54

balrog

    params.features[6]        = (slave->lmp_caps >> 48) & 0xff;

986

4e38eb54

balrog

    params.features[7]        = (slave->lmp_caps >> 56) & 0xff;

987

4e38eb54

balrog

    bt_hci_event(hci, EVT_READ_REMOTE_FEATURES_COMPLETE,

988

4e38eb54

balrog

                    &params, EVT_READ_REMOTE_FEATURES_COMPLETE_SIZE);

989

4e38eb54

balrog

990

4e38eb54

balrog

    return 0;

991

4e38eb54

balrog

992

4e38eb54

balrog

993

4e38eb54

balrog

static int bt_hci_version_req(struct bt_hci_s *hci, uint16_t handle)

994

4e38eb54

balrog

995

4e38eb54

balrog

    struct bt_device_s *slave;

996

4e38eb54

balrog

    evt_read_remote_version_complete params;

997

4e38eb54

balrog

998

4e38eb54

balrog

    if (bt_hci_handle_bad(hci, handle))

999

4e38eb54

balrog

        return -ENODEV;

1000

4e38eb54

balrog

1001

4e38eb54

balrog

    slave = bt_hci_remote_dev(hci, handle);

1002

4e38eb54

balrog

1003

4e38eb54

balrog

    bt_hci_event_status(hci, HCI_SUCCESS);

1004

4e38eb54

balrog

1005

4e38eb54

balrog

    params.status        = HCI_SUCCESS;

1006

4e38eb54

balrog

    params.handle        = HNDL(handle);

1007

4e38eb54

balrog

    params.lmp_ver        = 0x03;

1008

4e38eb54

balrog

    params.manufacturer        = cpu_to_le16(0xa000);

1009

4e38eb54

balrog

    params.lmp_subver        = cpu_to_le16(0xa607);

1010

4e38eb54

balrog

    bt_hci_event(hci, EVT_READ_REMOTE_VERSION_COMPLETE,

1011

4e38eb54

balrog

                    &params, EVT_READ_REMOTE_VERSION_COMPLETE_SIZE);

1012

4e38eb54

balrog

1013

4e38eb54

balrog

    return 0;

1014

4e38eb54

balrog

1015

4e38eb54

balrog

1016

4e38eb54

balrog

static int bt_hci_clkoffset_req(struct bt_hci_s *hci, uint16_t handle)

1017

4e38eb54

balrog

1018

4e38eb54

balrog

    struct bt_device_s *slave;

1019

4e38eb54

balrog

    evt_read_clock_offset_complete params;

1020

4e38eb54

balrog

1021

4e38eb54

balrog

    if (bt_hci_handle_bad(hci, handle))

1022

4e38eb54

balrog

        return -ENODEV;

1023

4e38eb54

balrog

1024

4e38eb54

balrog

    slave = bt_hci_remote_dev(hci, handle);

1025

4e38eb54

balrog

1026

4e38eb54

balrog

    bt_hci_event_status(hci, HCI_SUCCESS);

1027

4e38eb54

balrog

1028

4e38eb54

balrog

    params.status        = HCI_SUCCESS;

1029

4e38eb54

balrog

    params.handle        = HNDL(handle);

1030

4e38eb54

balrog

    /* TODO: return the clkoff *differenece* */

1031

4e38eb54

balrog

    params.clock_offset        = slave->clkoff;        /* Note: no swapping */

1032

4e38eb54

balrog

    bt_hci_event(hci, EVT_READ_CLOCK_OFFSET_COMPLETE,

1033

4e38eb54

balrog

                    &params, EVT_READ_CLOCK_OFFSET_COMPLETE_SIZE);

1034

4e38eb54

balrog

1035

4e38eb54

balrog

    return 0;

1036

4e38eb54

balrog

1037

4e38eb54

balrog

1038

4e38eb54

balrog

static void bt_hci_event_mode(struct bt_hci_s *hci, struct bt_link_s *link,

1039

4e38eb54

balrog

                uint16_t handle)

1040

4e38eb54

balrog

1041

4e38eb54

balrog

    evt_mode_change params = {

1042

4e38eb54

balrog

        .status                = HCI_SUCCESS,

1043

4e38eb54

balrog

        .handle                = HNDL(handle),

1044

4e38eb54

balrog

        .mode                = link->acl_mode,

1045

4e38eb54

balrog

        .interval        = cpu_to_le16(link->acl_interval),

1046

4e38eb54

balrog

};

1047

4e38eb54

balrog

1048

4e38eb54

balrog

    bt_hci_event(hci, EVT_MODE_CHANGE, &params, EVT_MODE_CHANGE_SIZE);

1049

4e38eb54

balrog

1050

4e38eb54

balrog

1051

4e38eb54

balrog

static void bt_hci_lmp_mode_change_master(struct bt_hci_s *hci,

1052

4e38eb54

balrog

                struct bt_link_s *link, int mode, uint16_t interval)

1053

4e38eb54

balrog

1054

4e38eb54

balrog

    link->acl_mode = mode;

1055

4e38eb54

balrog

    link->acl_interval = interval;

1056

4e38eb54

balrog

1057

4e38eb54

balrog

    bt_hci_event_mode(hci, link, link->handle);

1058

4e38eb54

balrog

1059

4e38eb54

balrog

    link->slave->lmp_mode_change(link);

1060

4e38eb54

balrog

1061

4e38eb54

balrog

1062

4e38eb54

balrog

static void bt_hci_lmp_mode_change_slave(struct bt_link_s *btlink)

1063

4e38eb54

balrog

1064

4e38eb54

balrog

    struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;

1065

4e38eb54

balrog

    struct bt_hci_s *hci = hci_from_device(btlink->slave);

1066

4e38eb54

balrog

1067

4e38eb54

balrog

    bt_hci_event_mode(hci, btlink, link->handle);

1068

4e38eb54

balrog

1069

4e38eb54

balrog

1070

4e38eb54

balrog

static int bt_hci_mode_change(struct bt_hci_s *hci, uint16_t handle,

1071

4e38eb54

balrog

                int interval, int mode)

1072

4e38eb54

balrog

1073

4e38eb54

balrog

    struct bt_hci_master_link_s *link;

1074

4e38eb54

balrog

1075

4e38eb54

balrog

    if (bt_hci_handle_bad(hci, handle) || !bt_hci_role_master(hci, handle))

1076

4e38eb54

balrog

        return -ENODEV;

1077

4e38eb54

balrog

1078

4e38eb54

balrog

    link = &hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];

1079

4e38eb54

balrog

    if (link->link->acl_mode != acl_active) {

1080

4e38eb54

balrog

        bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);

1081

4e38eb54

balrog

        return 0;

1082

4e38eb54

balrog

1083

4e38eb54

balrog

1084

4e38eb54

balrog

    bt_hci_event_status(hci, HCI_SUCCESS);

1085

4e38eb54

balrog

1086

4e38eb54

balrog

    qemu_mod_timer(link->acl_mode_timer, qemu_get_clock(vm_clock) +

1087

4e38eb54

balrog

                            muldiv64(interval * 625, ticks_per_sec, 1000000));

1088

4e38eb54

balrog

    bt_hci_lmp_mode_change_master(hci, link->link, mode, interval);

1089

4e38eb54

balrog

1090

4e38eb54

balrog

    return 0;

1091

4e38eb54

balrog

1092

4e38eb54

balrog

1093

4e38eb54

balrog

static int bt_hci_mode_cancel(struct bt_hci_s *hci, uint16_t handle, int mode)

1094

4e38eb54

balrog

1095

4e38eb54

balrog

    struct bt_hci_master_link_s *link;

1096

4e38eb54

balrog

1097

4e38eb54

balrog

    if (bt_hci_handle_bad(hci, handle) || !bt_hci_role_master(hci, handle))

1098

4e38eb54

balrog

        return -ENODEV;

1099

4e38eb54

balrog

1100

4e38eb54

balrog

    link = &hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];

1101

4e38eb54

balrog

    if (link->link->acl_mode != mode) {

1102

4e38eb54

balrog

        bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);

1103

4e38eb54

balrog

1104

4e38eb54

balrog

        return 0;

1105

4e38eb54

balrog

1106

4e38eb54

balrog

1107

4e38eb54

balrog

    bt_hci_event_status(hci, HCI_SUCCESS);

1108

4e38eb54

balrog

1109

4e38eb54

balrog

    qemu_del_timer(link->acl_mode_timer);

1110

4e38eb54

balrog

    bt_hci_lmp_mode_change_master(hci, link->link, acl_active, 0);

1111

4e38eb54

balrog

1112

4e38eb54

balrog

    return 0;

1113

4e38eb54

balrog

1114

4e38eb54

balrog

1115

4e38eb54

balrog

static void bt_hci_mode_tick(void *opaque)

1116

4e38eb54

balrog

1117

4e38eb54

balrog

    struct bt_link_s *link = opaque;

1118

4e38eb54

balrog

    struct bt_hci_s *hci = hci_from_device(link->host);

1119

4e38eb54

balrog

1120

4e38eb54

balrog

    bt_hci_lmp_mode_change_master(hci, link, acl_active, 0);

1121

4e38eb54

balrog

1122

4e38eb54

balrog

1124

4e38eb54

balrog

1125

4e38eb54

balrog

    hci->acl_len = 0;

1126

4e38eb54

balrog

    hci->last_cmd = 0;

1127

4e38eb54

balrog

    hci->lm.connecting = 0;

1128

4e38eb54

balrog

1129

4e38eb54

balrog

    hci->event_mask[0] = 0xff;

1130

4e38eb54

balrog

    hci->event_mask[1] = 0xff;

1131

4e38eb54

balrog

    hci->event_mask[2] = 0xff;

1132

4e38eb54

balrog

    hci->event_mask[3] = 0xff;

1133

4e38eb54

balrog

    hci->event_mask[4] = 0xff;

1134

4e38eb54

balrog

    hci->event_mask[5] = 0x1f;

1135

4e38eb54

balrog

    hci->event_mask[6] = 0x00;

1136

4e38eb54

balrog

    hci->event_mask[7] = 0x00;

1137

4e38eb54

balrog

    hci->device.inquiry_scan = 0;

1138

4e38eb54

balrog

    hci->device.page_scan = 0;

1139

4e38eb54

balrog

    if (hci->device.lmp_name)

1141

4e38eb54

balrog

    hci->device.lmp_name = 0;

1142

4e38eb54

balrog

    hci->device.class[0] = 0x00;

1143

4e38eb54

balrog

    hci->device.class[1] = 0x00;

1144

4e38eb54

balrog

    hci->device.class[2] = 0x00;

1145

4e38eb54

balrog

    hci->voice_setting = 0x0000;

1146

4e38eb54

balrog

    hci->conn_accept_tout = 0x1f40;

1147

4e38eb54

balrog

    hci->lm.inquiry_mode = 0x00;

1148

4e38eb54

balrog

1149

4e38eb54

balrog

    hci->psb_handle = 0x000;

1150

4e38eb54

balrog

    hci->asb_handle = 0x000;

1151

4e38eb54

balrog

1152

4e38eb54

balrog

    /* XXX: qemu_del_timer(sl->acl_mode_timer); for all links */

1153

4e38eb54

balrog

    qemu_del_timer(hci->lm.inquiry_done);

1154

4e38eb54

balrog

    qemu_del_timer(hci->lm.inquiry_next);

1155

4e38eb54

balrog

    qemu_del_timer(hci->conn_accept_timer);

1156

4e38eb54

balrog

1157

4e38eb54

balrog

1158

4e38eb54

balrog

static void bt_hci_read_local_version_rp(struct bt_hci_s *hci)

1159

4e38eb54

balrog

1160

4e38eb54

balrog

    read_local_version_rp lv = {

1161

4e38eb54

balrog

        .status                = HCI_SUCCESS,

1162

4e38eb54

balrog

        .hci_ver        = 0x03,

1163

4e38eb54

balrog

        .hci_rev        = cpu_to_le16(0xa607),

1164

4e38eb54

balrog

        .lmp_ver        = 0x03,

1165

4e38eb54

balrog

        .manufacturer        = cpu_to_le16(0xa000),

1166

4e38eb54

balrog

        .lmp_subver        = cpu_to_le16(0xa607),

1167

4e38eb54

balrog

};

1168

4e38eb54

balrog

1169

4e38eb54

balrog

    bt_hci_event_complete(hci, &lv, READ_LOCAL_VERSION_RP_SIZE);

1170

4e38eb54

balrog

1171

4e38eb54

balrog

1172

4e38eb54

balrog

static void bt_hci_read_local_commands_rp(struct bt_hci_s *hci)

1173

4e38eb54

balrog

1174

4e38eb54

balrog

    read_local_commands_rp lc = {

1175

4e38eb54

balrog

        .status                = HCI_SUCCESS,

1176

4e38eb54

balrog

        .commands        = {

1177

4e38eb54

balrog

            /* Keep updated! */

1178

4e38eb54

balrog

            /* Also, keep in sync with hci->device.lmp_caps in bt_new_hci */

1179

4e38eb54

balrog

            0xbf, 0x80, 0xf9, 0x03, 0xb2, 0xc0, 0x03, 0xc3,

1180

4e38eb54

balrog

            0x00, 0x0f, 0x80, 0x00, 0xc0, 0x00, 0xe8, 0x13,

1181

4e38eb54

balrog

            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

1182

4e38eb54

balrog

            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

1183

4e38eb54

balrog

            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

1184

4e38eb54

balrog

            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

1185

4e38eb54

balrog

            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

1186

4e38eb54

balrog

            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

1187

4e38eb54

balrog

},

1188

4e38eb54

balrog

};

1189

4e38eb54

balrog

1190

4e38eb54

balrog

    bt_hci_event_complete(hci, &lc, READ_LOCAL_COMMANDS_RP_SIZE);

1191

4e38eb54

balrog

1192

4e38eb54

balrog

1193

4e38eb54

balrog

static void bt_hci_read_local_features_rp(struct bt_hci_s *hci)

1194

4e38eb54

balrog

1195

4e38eb54

balrog

    read_local_features_rp lf = {

1196

4e38eb54

balrog

        .status                = HCI_SUCCESS,

1197

4e38eb54

balrog

        .features        = {

1198

4e38eb54

balrog

            (hci->device.lmp_caps >>  0) & 0xff,

1199

4e38eb54

balrog

            (hci->device.lmp_caps >>  8) & 0xff,

1200

4e38eb54

balrog

            (hci->device.lmp_caps >> 16) & 0xff,

1201

4e38eb54

balrog

            (hci->device.lmp_caps >> 24) & 0xff,

1202

4e38eb54

balrog

            (hci->device.lmp_caps >> 32) & 0xff,

1203

4e38eb54

balrog

            (hci->device.lmp_caps >> 40) & 0xff,

1204

4e38eb54

balrog

            (hci->device.lmp_caps >> 48) & 0xff,

1205

4e38eb54

balrog

            (hci->device.lmp_caps >> 56) & 0xff,

1206

4e38eb54

balrog

},

1207

4e38eb54

balrog

};

1208

4e38eb54

balrog

1209

4e38eb54

balrog

    bt_hci_event_complete(hci, &lf, READ_LOCAL_FEATURES_RP_SIZE);

1210

4e38eb54

balrog

1211

4e38eb54

balrog

1212

4e38eb54

balrog

static void bt_hci_read_local_ext_features_rp(struct bt_hci_s *hci, int page)

1213

4e38eb54

balrog

1214

4e38eb54

balrog

    read_local_ext_features_rp lef = {

1215

4e38eb54

balrog

        .status                = HCI_SUCCESS,

1216

4e38eb54

balrog

        .page_num        = page,

1217

4e38eb54

balrog

        .max_page_num        = 0x00,

1218

4e38eb54

balrog

        .features        = {

1219

4e38eb54

balrog

            /* Keep updated! */

1220

4e38eb54

balrog

            0x5f, 0x35, 0x85, 0x7e, 0x9b, 0x19, 0x00, 0x80,

1221

4e38eb54

balrog

},

1222

4e38eb54

balrog

};

1223

4e38eb54

balrog

    if (page)

1224

4e38eb54

balrog

        memset(lef.features, 0, sizeof(lef.features));

1225

4e38eb54

balrog

1226

4e38eb54

balrog

    bt_hci_event_complete(hci, &lef, READ_LOCAL_EXT_FEATURES_RP_SIZE);

1227

4e38eb54

balrog

1228

4e38eb54

balrog

1229

4e38eb54

balrog

static void bt_hci_read_buffer_size_rp(struct bt_hci_s *hci)

1230

4e38eb54

balrog

1231

4e38eb54

balrog

    read_buffer_size_rp bs = {

1232

4e38eb54

balrog

        /* This can be made configurable, for one standard USB dongle HCI

1233

4e38eb54

balrog

         * the four values are cpu_to_le16(0x0180), 0x40,

1234

4e38eb54

balrog

         * cpu_to_le16(0x0008), cpu_to_le16(0x0008).  */

1235

4e38eb54

balrog

        .status                = HCI_SUCCESS,

1236

4e38eb54

balrog

        .acl_mtu        = cpu_to_le16(0x0200),

1237

4e38eb54

balrog

        .sco_mtu        = 0,

1238

4e38eb54

balrog

        .acl_max_pkt        = cpu_to_le16(0x0001),

1239

4e38eb54

balrog

        .sco_max_pkt        = cpu_to_le16(0x0000),

1240

4e38eb54

balrog

};

1241

4e38eb54

balrog

1242

4e38eb54

balrog

    bt_hci_event_complete(hci, &bs, READ_BUFFER_SIZE_RP_SIZE);

1243

4e38eb54

balrog

1244

4e38eb54

balrog

1245

4e38eb54

balrog

/* Deprecated in V2.0 (page 661) */

1246

4e38eb54

balrog

static void bt_hci_read_country_code_rp(struct bt_hci_s *hci)

1247

4e38eb54

balrog

1248

4e38eb54

balrog

    read_country_code_rp cc ={

1249

4e38eb54

balrog

        .status                = HCI_SUCCESS,

1250

4e38eb54

balrog

        .country_code        = 0x00,        /* North America & Europe^1 and Japan */

1251

4e38eb54

balrog

};

1252

4e38eb54

balrog

1253

4e38eb54

balrog

    bt_hci_event_complete(hci, &cc, READ_COUNTRY_CODE_RP_SIZE);

1254

4e38eb54

balrog

1255

4e38eb54

balrog

    /* ^1. Except France, sorry */

1256

4e38eb54

balrog

1257

4e38eb54

balrog

1258

4e38eb54

balrog

static void bt_hci_read_bd_addr_rp(struct bt_hci_s *hci)

1259

4e38eb54

balrog

1260

4e38eb54

balrog

    read_bd_addr_rp ba = {

1261

4e38eb54

balrog

        .status = HCI_SUCCESS,

1262

4e38eb54

balrog

        .bdaddr = BAINIT(&hci->device.bd_addr),

1263

4e38eb54

balrog

};

1264

4e38eb54

balrog

1265

4e38eb54

balrog

    bt_hci_event_complete(hci, &ba, READ_BD_ADDR_RP_SIZE);

1266

4e38eb54

balrog

1267

4e38eb54

balrog

1268

4e38eb54

balrog

static int bt_hci_link_quality_rp(struct bt_hci_s *hci, uint16_t handle)

1269

4e38eb54

balrog

1270

4e38eb54

balrog

    read_link_quality_rp lq = {

1271

4e38eb54

balrog

        .status                = HCI_SUCCESS,

1272

4e38eb54

balrog

        .handle                = HNDL(handle),

1273

4e38eb54

balrog

        .link_quality        = 0xff,

1274

4e38eb54

balrog

};

1275

4e38eb54

balrog

1276

4e38eb54

balrog

    if (bt_hci_handle_bad(hci, handle))

1277

4e38eb54

balrog

        lq.status = HCI_NO_CONNECTION;

1278

4e38eb54

balrog

1279

4e38eb54

balrog

    bt_hci_event_complete(hci, &lq, READ_LINK_QUALITY_RP_SIZE);

1280

4e38eb54

balrog

    return 0;

1281

4e38eb54

balrog

1282

4e38eb54

balrog

1283

4e38eb54

balrog

/* Generate a Command Complete event with only the Status parameter */

1284

4e38eb54

balrog

static inline void bt_hci_event_complete_status(struct bt_hci_s *hci,

1285

4e38eb54

balrog

                uint8_t status)

1286

4e38eb54

balrog

1287

4e38eb54

balrog

    bt_hci_event_complete(hci, &status, 1);

1288

4e38eb54

balrog

1289

4e38eb54

balrog

1290

4e38eb54

balrog

static inline void bt_hci_event_complete_conn_cancel(struct bt_hci_s *hci,

1291

4e38eb54

balrog

                uint8_t status, bdaddr_t *bd_addr)

1292

4e38eb54

balrog

1293

4e38eb54

balrog

    create_conn_cancel_rp params = {

1294

4e38eb54

balrog

        .status = status,

1295

4e38eb54

balrog

        .bdaddr = BAINIT(bd_addr),

1296

4e38eb54

balrog

};

1297

4e38eb54

balrog

1298

4e38eb54

balrog

    bt_hci_event_complete(hci, &params, CREATE_CONN_CANCEL_RP_SIZE);

1299

4e38eb54

balrog

1300

4e38eb54

balrog

1301

4e38eb54

balrog

static inline void bt_hci_event_auth_complete(struct bt_hci_s *hci,

1302

4e38eb54

balrog

                uint16_t handle)

1303

4e38eb54

balrog

1304

4e38eb54

balrog

    evt_auth_complete params = {

1305

4e38eb54

balrog

        .status = HCI_SUCCESS,

1306

4e38eb54

balrog

        .handle = HNDL(handle),

1307

4e38eb54

balrog

};

1308

4e38eb54

balrog

1309

4e38eb54

balrog

    bt_hci_event(hci, EVT_AUTH_COMPLETE, &params, EVT_AUTH_COMPLETE_SIZE);

1310

4e38eb54

balrog

1311

4e38eb54

balrog

1312

4e38eb54

balrog

static inline void bt_hci_event_encrypt_change(struct bt_hci_s *hci,

1313

4e38eb54

balrog

                uint16_t handle, uint8_t mode)

1314

4e38eb54

balrog

1315

4e38eb54

balrog

    evt_encrypt_change params = {

1316

4e38eb54

balrog

        .status                = HCI_SUCCESS,

1317

4e38eb54

balrog

        .handle                = HNDL(handle),

1318

4e38eb54

balrog

        .encrypt        = mode,

1319

4e38eb54

balrog

};

1320

4e38eb54

balrog

1321

4e38eb54

balrog

    bt_hci_event(hci, EVT_ENCRYPT_CHANGE, &params, EVT_ENCRYPT_CHANGE_SIZE);

1322

4e38eb54

balrog

1323

4e38eb54

balrog

1324

4e38eb54

balrog

static inline void bt_hci_event_complete_name_cancel(struct bt_hci_s *hci,

1325

4e38eb54

balrog

                bdaddr_t *bd_addr)

1326

4e38eb54

balrog

1327

4e38eb54

balrog

    remote_name_req_cancel_rp params = {

1328

4e38eb54

balrog

        .status = HCI_INVALID_PARAMETERS,

1329

4e38eb54

balrog

        .bdaddr = BAINIT(bd_addr),

1330

4e38eb54

balrog

};

1331

4e38eb54

balrog

1332

4e38eb54

balrog

    bt_hci_event_complete(hci, &params, REMOTE_NAME_REQ_CANCEL_RP_SIZE);

1333

4e38eb54

balrog

1334

4e38eb54

balrog

1335

4e38eb54

balrog

static inline void bt_hci_event_read_remote_ext_features(struct bt_hci_s *hci,

1336

4e38eb54

balrog

                uint16_t handle)

1337

4e38eb54

balrog

1338

4e38eb54

balrog

    evt_read_remote_ext_features_complete params = {

1339

4e38eb54

balrog

        .status = HCI_UNSUPPORTED_FEATURE,

1340

4e38eb54

balrog

        .handle = HNDL(handle),

1341

4e38eb54

balrog

        /* Rest uninitialised */

1342

4e38eb54

balrog

};

1343

4e38eb54

balrog

1344

4e38eb54

balrog

    bt_hci_event(hci, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE,

1345

4e38eb54

balrog

                    &params, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE_SIZE);

1346

4e38eb54

balrog

1347

4e38eb54

balrog

1348

4e38eb54

balrog

static inline void bt_hci_event_complete_lmp_handle(struct bt_hci_s *hci,

1349

4e38eb54

balrog

                uint16_t handle)

1350

4e38eb54

balrog

1351

4e38eb54

balrog

    read_lmp_handle_rp params = {

1352

4e38eb54

balrog

        .status                = HCI_NO_CONNECTION,

1353

4e38eb54

balrog

        .handle                = HNDL(handle),

1354

4e38eb54

balrog

        .reserved        = 0,

1355

4e38eb54

balrog

        /* Rest uninitialised */

1356

4e38eb54

balrog

};

1357

4e38eb54

balrog

1358

4e38eb54

balrog

    bt_hci_event_complete(hci, &params, READ_LMP_HANDLE_RP_SIZE);

1359

4e38eb54

balrog

1360

4e38eb54

balrog

1361

4e38eb54

balrog

static inline void bt_hci_event_complete_role_discovery(struct bt_hci_s *hci,

1362

4e38eb54

balrog

                int status, uint16_t handle, int master)

1363

4e38eb54

balrog

1364

4e38eb54

balrog

    role_discovery_rp params = {

1365

4e38eb54

balrog

        .status                = status,

1366

4e38eb54

balrog

        .handle                = HNDL(handle),

1367

4e38eb54

balrog

        .role                = master ? 0x00 : 0x01,

1368

4e38eb54

balrog

};

1369

4e38eb54

balrog

1370

4e38eb54

balrog

    bt_hci_event_complete(hci, &params, ROLE_DISCOVERY_RP_SIZE);

1371

4e38eb54

balrog

1372

4e38eb54

balrog

1373

4e38eb54

balrog

static inline void bt_hci_event_complete_flush(struct bt_hci_s *hci,

1374

4e38eb54

balrog

                int status, uint16_t handle)

1375

4e38eb54

balrog

1376

4e38eb54

balrog

    flush_rp params = {

1377

4e38eb54

balrog

        .status                = status,

1378

4e38eb54

balrog

        .handle                = HNDL(handle),

1379

4e38eb54

balrog

};

1380

4e38eb54

balrog

1381

4e38eb54

balrog

    bt_hci_event_complete(hci, &params, FLUSH_RP_SIZE);

1382

4e38eb54

balrog

1383

4e38eb54

balrog

1384

4e38eb54

balrog

static inline void bt_hci_event_complete_read_local_name(struct bt_hci_s *hci)

1385

4e38eb54

balrog

1386

4e38eb54

balrog

    read_local_name_rp params;

1387

4e38eb54

balrog

    params.status = HCI_SUCCESS;

1388

4e38eb54

balrog

    memset(params.name, 0, sizeof(params.name));

1389

4e38eb54

balrog

    if (hci->device.lmp_name)

1391

4e38eb54

balrog

1392

4e38eb54

balrog

    bt_hci_event_complete(hci, &params, READ_LOCAL_NAME_RP_SIZE);

1393

4e38eb54

balrog

1394

4e38eb54

balrog

1395

4e38eb54

balrog

static inline void bt_hci_event_complete_read_conn_accept_timeout(

1396

4e38eb54

balrog

                struct bt_hci_s *hci)

1397

4e38eb54

balrog

1398

4e38eb54

balrog

    read_conn_accept_timeout_rp params = {

1399

4e38eb54

balrog

        .status                = HCI_SUCCESS,

1400

4e38eb54

balrog

        .timeout        = cpu_to_le16(hci->conn_accept_tout),

1401

4e38eb54

balrog

};

1402

4e38eb54

balrog

1403

4e38eb54

balrog

    bt_hci_event_complete(hci, &params, READ_CONN_ACCEPT_TIMEOUT_RP_SIZE);

1404

4e38eb54

balrog

1405

4e38eb54

balrog

1406

4e38eb54

balrog

static inline void bt_hci_event_complete_read_scan_enable(struct bt_hci_s *hci)

1407

4e38eb54

balrog

1408

4e38eb54

balrog

    read_scan_enable_rp params = {

1409

4e38eb54

balrog

        .status = HCI_SUCCESS,

1410

4e38eb54

balrog

        .enable =

1411

4e38eb54

balrog

                (hci->device.inquiry_scan ? SCAN_INQUIRY : 0) |

1412

4e38eb54

balrog

                (hci->device.page_scan ? SCAN_PAGE : 0),

1413

4e38eb54

balrog

};

1414

4e38eb54

balrog

1415

4e38eb54

balrog

    bt_hci_event_complete(hci, &params, READ_SCAN_ENABLE_RP_SIZE);

1416

4e38eb54

balrog

1417

4e38eb54

balrog

1418

4e38eb54

balrog

static inline void bt_hci_event_complete_read_local_class(struct bt_hci_s *hci)

1419

4e38eb54

balrog

1420

4e38eb54

balrog

    read_class_of_dev_rp params;

1421

4e38eb54

balrog

1422

4e38eb54

balrog

    params.status = HCI_SUCCESS;

1423

4e38eb54

balrog

    memcpy(params.dev_class, hci->device.class, sizeof(params.dev_class));

1424

4e38eb54

balrog

1425

4e38eb54

balrog

    bt_hci_event_complete(hci, &params, READ_CLASS_OF_DEV_RP_SIZE);

1426

4e38eb54

balrog

1427

4e38eb54

balrog

1428

4e38eb54

balrog

static inline void bt_hci_event_complete_voice_setting(struct bt_hci_s *hci)

1429

4e38eb54

balrog

1430

4e38eb54

balrog

    read_voice_setting_rp params = {

1431

4e38eb54

balrog

        .status                = HCI_SUCCESS,

1432

4e38eb54

balrog

        .voice_setting        = hci->voice_setting,        /* Note: no swapping */

1433

4e38eb54

balrog

};

1434

4e38eb54

balrog

1435

4e38eb54

balrog

    bt_hci_event_complete(hci, &params, READ_VOICE_SETTING_RP_SIZE);

1436

4e38eb54

balrog

1437

4e38eb54

balrog

1438

4e38eb54

balrog

static inline void bt_hci_event_complete_read_inquiry_mode(

1439

4e38eb54

balrog

                struct bt_hci_s *hci)

1440

4e38eb54

balrog

1441

4e38eb54

balrog

    read_inquiry_mode_rp params = {

1442

4e38eb54

balrog

        .status                = HCI_SUCCESS,

1443

4e38eb54

balrog

        .mode                = hci->lm.inquiry_mode,

1444

4e38eb54

balrog

};

1445

4e38eb54

balrog

1446

4e38eb54

balrog

    bt_hci_event_complete(hci, &params, READ_INQUIRY_MODE_RP_SIZE);

1447

4e38eb54

balrog

1448

4e38eb54

balrog

1449

4e38eb54

balrog

static inline void bt_hci_event_num_comp_pkts(struct bt_hci_s *hci,

1450

4e38eb54

balrog

                uint16_t handle, int packets)

1451

4e38eb54

balrog

1452

4e38eb54

balrog

    uint16_t buf[EVT_NUM_COMP_PKTS_SIZE(1) / 2 + 1];

1453

4e38eb54

balrog

    evt_num_comp_pkts *params = (void *) ((uint8_t *) buf + 1);

1454

4e38eb54

balrog

1455

4e38eb54

balrog

    params->num_hndl                        = 1;

1456

4e38eb54

balrog

    params->connection->handle                = HNDL(handle);

1457

4e38eb54

balrog

    params->connection->num_packets        = cpu_to_le16(packets);

1458

4e38eb54

balrog

1459

4e38eb54

balrog

    bt_hci_event(hci, EVT_NUM_COMP_PKTS, params, EVT_NUM_COMP_PKTS_SIZE(1));

1460

4e38eb54

balrog

1461

4e38eb54

balrog

1462

4e38eb54

balrog

static void bt_submit_hci(struct HCIInfo *info,

1463

4e38eb54

balrog

                const uint8_t *data, int length)

1464

4e38eb54

balrog

1465

4e38eb54

balrog

    struct bt_hci_s *hci = hci_from_info(info);

1466

4e38eb54

balrog

    uint16_t cmd;

1467

4e38eb54

balrog

    int paramlen, i;

1468

4e38eb54

balrog

1469

4e38eb54

balrog

    if (length < HCI_COMMAND_HDR_SIZE)

1470

4e38eb54

balrog

        goto short_hci;

1471

4e38eb54

balrog

1472

4e38eb54

balrog

    memcpy(&hci->last_cmd, data, 2);

1473

4e38eb54

balrog

1474

4e38eb54

balrog

    cmd = (data[1] << 8) | data[0];

1475

4e38eb54

balrog

    paramlen = data[2];

1476

4e38eb54

balrog

    if (cmd_opcode_ogf(cmd) == 0 || cmd_opcode_ocf(cmd) == 0)        /* NOP */

1477

4e38eb54

balrog

        return;

1478

4e38eb54

balrog

1479

4e38eb54

balrog

    data += HCI_COMMAND_HDR_SIZE;

1480

4e38eb54

balrog

    length -= HCI_COMMAND_HDR_SIZE;

1481

4e38eb54

balrog

1482

4e38eb54

balrog

    if (paramlen > length)

1483

4e38eb54

balrog

        return;

1484

4e38eb54

balrog

1485

4e38eb54

balrog

#define PARAM(cmd, param)        (((cmd##_cp *) data)->param)

1486

4e38eb54

balrog

#define PARAM16(cmd, param)        le16_to_cpup(&PARAM(cmd, param))

1487

4e38eb54

balrog

#define PARAMHANDLE(cmd)        HNDL(PARAM(cmd, handle))

1488

4e38eb54

balrog

#define LENGTH_CHECK(cmd)        if (length < sizeof(cmd##_cp)) goto short_hci

1489

4e38eb54

balrog

    /* Note: the supported commands bitmask in bt_hci_read_local_commands_rp

1490

4e38eb54

balrog

     * needs to be updated every time a command is implemented here!  */

1491

4e38eb54

balrog

    switch (cmd) {

1492

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY):

1493

4e38eb54

balrog

        LENGTH_CHECK(inquiry);

1494

4e38eb54

balrog

1495

4e38eb54

balrog

        if (PARAM(inquiry, length) < 1) {

1496

4e38eb54

balrog

            bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);

1497

4e38eb54

balrog

            break;

1498

4e38eb54

balrog

1499

4e38eb54

balrog

1500

4e38eb54

balrog

        hci->lm.inquire = 1;

1501

4e38eb54

balrog

        hci->lm.periodic = 0;

1502

4e38eb54

balrog

        hci->lm.responses_left = PARAM(inquiry, num_rsp) ?: INT_MAX;

1503

4e38eb54

balrog

        hci->lm.responses = 0;

1504

4e38eb54

balrog

        bt_hci_event_status(hci, HCI_SUCCESS);

1505

4e38eb54

balrog

        bt_hci_inquiry_start(hci, PARAM(inquiry, length));

1506

4e38eb54

balrog

        break;

1507

4e38eb54

balrog

1508

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY_CANCEL):

1509

4e38eb54

balrog

        if (!hci->lm.inquire || hci->lm.periodic) {

1510

4e38eb54

balrog

            fprintf(stderr, "%s: Inquiry Cancel should only be issued after "

1511

4e38eb54

balrog

                            "the Inquiry command has been issued, a Command "

1512

4e38eb54

balrog

                            "Status event has been received for the Inquiry "

1513

4e38eb54

balrog

                            "command, and before the Inquiry Complete event "

1514

4e38eb54

balrog

                            "occurs", __FUNCTION__);

1515

4e38eb54

balrog

            bt_hci_event_complete_status(hci, HCI_COMMAND_DISALLOWED);

1516

4e38eb54

balrog

            break;

1517

4e38eb54

balrog

1518

4e38eb54

balrog

1519

4e38eb54

balrog

        hci->lm.inquire = 0;

1520

4e38eb54

balrog

        qemu_del_timer(hci->lm.inquiry_done);

1521

4e38eb54

balrog

        bt_hci_event_complete_status(hci, HCI_SUCCESS);

1522

4e38eb54

balrog

        break;

1523

4e38eb54

balrog

1524

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_PERIODIC_INQUIRY):

1525

4e38eb54

balrog

        LENGTH_CHECK(periodic_inquiry);

1526

4e38eb54

balrog

1527

4e38eb54

balrog

        if (!(PARAM(periodic_inquiry, length) <

1528

4e38eb54

balrog

                                PARAM16(periodic_inquiry, min_period) &&

1529

4e38eb54

balrog

                                PARAM16(periodic_inquiry, min_period) <

1530

4e38eb54

balrog

                                PARAM16(periodic_inquiry, max_period)) ||

1531

4e38eb54

balrog

                        PARAM(periodic_inquiry, length) < 1 ||

1532

4e38eb54

balrog

                        PARAM16(periodic_inquiry, min_period) < 2 ||

1533

4e38eb54

balrog

                        PARAM16(periodic_inquiry, max_period) < 3) {

1534

4e38eb54

balrog

            bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);

1535

4e38eb54

balrog

            break;

1536

4e38eb54

balrog

1537

4e38eb54

balrog

1538

4e38eb54

balrog

        hci->lm.inquire = 1;

1539

4e38eb54

balrog

        hci->lm.periodic = 1;

1540

4e38eb54

balrog

        hci->lm.responses_left = PARAM(periodic_inquiry, num_rsp);

1541

4e38eb54

balrog

        hci->lm.responses = 0;

1542

4e38eb54

balrog

        hci->lm.inquiry_period = PARAM16(periodic_inquiry, max_period);

1543

4e38eb54

balrog

        bt_hci_event_complete_status(hci, HCI_SUCCESS);

1544

4e38eb54

balrog

        bt_hci_inquiry_start(hci, PARAM(periodic_inquiry, length));

1545

4e38eb54

balrog

        break;

1546

4e38eb54

balrog

1547

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_EXIT_PERIODIC_INQUIRY):

1548

4e38eb54

balrog

        if (!hci->lm.inquire || !hci->lm.periodic) {

1549

4e38eb54

balrog

            fprintf(stderr, "%s: Inquiry Cancel should only be issued after "

1550

4e38eb54

balrog

                            "the Inquiry command has been issued, a Command "

1551

4e38eb54

balrog

                            "Status event has been received for the Inquiry "

1552

4e38eb54

balrog

                            "command, and before the Inquiry Complete event "

1553

4e38eb54

balrog

                            "occurs", __FUNCTION__);

1554

4e38eb54

balrog

            bt_hci_event_complete_status(hci, HCI_COMMAND_DISALLOWED);

1555

4e38eb54

balrog

            break;

1556

4e38eb54

balrog

1557

4e38eb54

balrog

        hci->lm.inquire = 0;

1558

4e38eb54

balrog

        qemu_del_timer(hci->lm.inquiry_done);

1559

4e38eb54

balrog

        qemu_del_timer(hci->lm.inquiry_next);

1560

4e38eb54

balrog

        bt_hci_event_complete_status(hci, HCI_SUCCESS);

1561

4e38eb54

balrog

        break;

1562

4e38eb54

balrog

1563

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_CREATE_CONN):

1564

4e38eb54

balrog

        LENGTH_CHECK(create_conn);

1565

4e38eb54

balrog

1566

4e38eb54

balrog

        if (hci->lm.connecting >= HCI_HANDLES_MAX) {

1567

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_REJECTED_LIMITED_RESOURCES);

1568

4e38eb54

balrog

            break;

1569

4e38eb54

balrog

1570

4e38eb54

balrog

        bt_hci_event_status(hci, HCI_SUCCESS);

1571

4e38eb54

balrog

1572

4e38eb54

balrog

        if (bt_hci_connect(hci, &PARAM(create_conn, bdaddr)))

1573

4e38eb54

balrog

            bt_hci_connection_reject_event(hci, &PARAM(create_conn, bdaddr));

1574

4e38eb54

balrog

        break;

1575

4e38eb54

balrog

1576

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_DISCONNECT):

1577

4e38eb54

balrog

        LENGTH_CHECK(disconnect);

1578

4e38eb54

balrog

1579

4e38eb54

balrog

        if (bt_hci_handle_bad(hci, PARAMHANDLE(disconnect))) {

1580

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_NO_CONNECTION);

1581

4e38eb54

balrog

            break;

1582

4e38eb54

balrog

1583

4e38eb54

balrog

1584

4e38eb54

balrog

        bt_hci_event_status(hci, HCI_SUCCESS);

1585

4e38eb54

balrog

        bt_hci_disconnect(hci, PARAMHANDLE(disconnect),

1586

4e38eb54

balrog

                        PARAM(disconnect, reason));

1587

4e38eb54

balrog

        break;

1588

4e38eb54

balrog

1589

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_CREATE_CONN_CANCEL):

1590

4e38eb54

balrog

        LENGTH_CHECK(create_conn_cancel);

1591

4e38eb54

balrog

1592

4e38eb54

balrog

        if (bt_hci_lmp_connection_ready(hci,

1593

4e38eb54

balrog

                                &PARAM(create_conn_cancel, bdaddr))) {

1594

4e38eb54

balrog

            for (i = 0; i < HCI_HANDLES_MAX; i ++)

1595

4e38eb54

balrog

                if (bt_hci_role_master(hci, i) && hci->lm.handle[i].link &&

1596

4e38eb54

balrog

                                !bacmp(&hci->lm.handle[i].link->slave->bd_addr,

1597

4e38eb54

balrog

                                        &PARAM(create_conn_cancel, bdaddr)))

1598

4e38eb54

balrog

                   break;

1599

4e38eb54

balrog

1600

4e38eb54

balrog

            bt_hci_event_complete_conn_cancel(hci, i < HCI_HANDLES_MAX ?

1601

4e38eb54

balrog

                            HCI_ACL_CONNECTION_EXISTS : HCI_NO_CONNECTION,

1602

4e38eb54

balrog

                            &PARAM(create_conn_cancel, bdaddr));

1603

4e38eb54

balrog

        } else

1604

4e38eb54

balrog

            bt_hci_event_complete_conn_cancel(hci, HCI_SUCCESS,

1605

4e38eb54

balrog

                            &PARAM(create_conn_cancel, bdaddr));

1606

4e38eb54

balrog

        break;

1607

4e38eb54

balrog

1608

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_ACCEPT_CONN_REQ):

1609

4e38eb54

balrog

        LENGTH_CHECK(accept_conn_req);

1610

4e38eb54

balrog

1611

4e38eb54

balrog

        if (!hci->conn_req_host ||

1612

4e38eb54

balrog

                        bacmp(&PARAM(accept_conn_req, bdaddr),

1613

4e38eb54

balrog

                                &hci->conn_req_host->bd_addr)) {

1614

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);

1615

4e38eb54

balrog

            break;

1616

4e38eb54

balrog

1617

4e38eb54

balrog

1618

4e38eb54

balrog

        bt_hci_event_status(hci, HCI_SUCCESS);

1619

4e38eb54

balrog

        bt_hci_connection_accept(hci, hci->conn_req_host);

1620

4e38eb54

balrog

        hci->conn_req_host = 0;

1621

4e38eb54

balrog

        break;

1622

4e38eb54

balrog

1623

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_REJECT_CONN_REQ):

1624

4e38eb54

balrog

        LENGTH_CHECK(reject_conn_req);

1625

4e38eb54

balrog

1626

4e38eb54

balrog

        if (!hci->conn_req_host ||

1627

4e38eb54

balrog

                        bacmp(&PARAM(reject_conn_req, bdaddr),

1628

4e38eb54

balrog

                                &hci->conn_req_host->bd_addr)) {

1629

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);

1630

4e38eb54

balrog

            break;

1631

4e38eb54

balrog

1632

4e38eb54

balrog

1633

4e38eb54

balrog

        bt_hci_event_status(hci, HCI_SUCCESS);

1634

4e38eb54

balrog

        bt_hci_connection_reject(hci, hci->conn_req_host,

1635

4e38eb54

balrog

                        PARAM(reject_conn_req, reason));

1636

4e38eb54

balrog

        bt_hci_connection_reject_event(hci, &hci->conn_req_host->bd_addr);

1637

4e38eb54

balrog

        hci->conn_req_host = 0;

1638

4e38eb54

balrog

        break;

1639

4e38eb54

balrog

1640

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_AUTH_REQUESTED):

1641

4e38eb54

balrog

        LENGTH_CHECK(auth_requested);

1642

4e38eb54

balrog

1643

4e38eb54

balrog

        if (bt_hci_handle_bad(hci, PARAMHANDLE(auth_requested)))

1644

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_NO_CONNECTION);

1645

4e38eb54

balrog

        else {

1646

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_SUCCESS);

1647

4e38eb54

balrog

            bt_hci_event_auth_complete(hci, PARAMHANDLE(auth_requested));

1648

4e38eb54

balrog

1649

4e38eb54

balrog

        break;

1650

4e38eb54

balrog

1651

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT):

1652

4e38eb54

balrog

        LENGTH_CHECK(set_conn_encrypt);

1653

4e38eb54

balrog

1654

4e38eb54

balrog

        if (bt_hci_handle_bad(hci, PARAMHANDLE(set_conn_encrypt)))

1655

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_NO_CONNECTION);

1656

4e38eb54

balrog

        else {

1657

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_SUCCESS);

1658

4e38eb54

balrog

            bt_hci_event_encrypt_change(hci,

1659

4e38eb54

balrog

                            PARAMHANDLE(set_conn_encrypt),

1660

4e38eb54

balrog

                            PARAM(set_conn_encrypt, encrypt));

1661

4e38eb54

balrog

1662

4e38eb54

balrog

        break;

1663

4e38eb54

balrog

1664

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_REMOTE_NAME_REQ):

1665

4e38eb54

balrog

        LENGTH_CHECK(remote_name_req);

1666

4e38eb54

balrog

1667

4e38eb54

balrog

        if (bt_hci_name_req(hci, &PARAM(remote_name_req, bdaddr)))

1668

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_NO_CONNECTION);

1669

4e38eb54

balrog

        break;

1670

4e38eb54

balrog

1671

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_REMOTE_NAME_REQ_CANCEL):

1672

4e38eb54

balrog

        LENGTH_CHECK(remote_name_req_cancel);

1673

4e38eb54

balrog

1674

4e38eb54

balrog

        bt_hci_event_complete_name_cancel(hci,

1675

4e38eb54

balrog

                        &PARAM(remote_name_req_cancel, bdaddr));

1676

4e38eb54

balrog

        break;

1677

4e38eb54

balrog

1678

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_FEATURES):

1679

4e38eb54

balrog

        LENGTH_CHECK(read_remote_features);

1680

4e38eb54

balrog

1681

4e38eb54

balrog

        if (bt_hci_features_req(hci, PARAMHANDLE(read_remote_features)))

1682

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_NO_CONNECTION);

1683

4e38eb54

balrog

        break;

1684

4e38eb54

balrog

1685

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_EXT_FEATURES):

1686

4e38eb54

balrog

        LENGTH_CHECK(read_remote_ext_features);

1687

4e38eb54

balrog

1688

4e38eb54

balrog

        if (bt_hci_handle_bad(hci, PARAMHANDLE(read_remote_ext_features)))

1689

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_NO_CONNECTION);

1690

4e38eb54

balrog

        else {

1691

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_SUCCESS);

1692

4e38eb54

balrog

            bt_hci_event_read_remote_ext_features(hci,

1693

4e38eb54

balrog

                            PARAMHANDLE(read_remote_ext_features));

1694

4e38eb54

balrog

1695

4e38eb54

balrog

        break;

1696

4e38eb54

balrog

1697

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_VERSION):

1698

4e38eb54

balrog

        LENGTH_CHECK(read_remote_version);

1699

4e38eb54

balrog

1700

4e38eb54

balrog

        if (bt_hci_version_req(hci, PARAMHANDLE(read_remote_version)))

1701

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_NO_CONNECTION);

1702

4e38eb54

balrog

        break;

1703

4e38eb54

balrog

1704

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_CLOCK_OFFSET):

1705

4e38eb54

balrog

        LENGTH_CHECK(read_clock_offset);

1706

4e38eb54

balrog

1707

4e38eb54

balrog

        if (bt_hci_clkoffset_req(hci, PARAMHANDLE(read_clock_offset)))

1708

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_NO_CONNECTION);

1709

4e38eb54

balrog

        break;

1710

4e38eb54

balrog

1711

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_LMP_HANDLE):

1712

4e38eb54

balrog

        LENGTH_CHECK(read_lmp_handle);

1713

4e38eb54

balrog

1714

4e38eb54

balrog

        /* TODO: */

1715

4e38eb54

balrog

        bt_hci_event_complete_lmp_handle(hci, PARAMHANDLE(read_lmp_handle));

1716

4e38eb54

balrog

        break;

1717

4e38eb54

balrog

1718

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_POLICY, OCF_HOLD_MODE):

1719

4e38eb54

balrog

        LENGTH_CHECK(hold_mode);

1720

4e38eb54

balrog

1721

4e38eb54

balrog

        if (PARAM16(hold_mode, min_interval) >

1722

4e38eb54

balrog

                        PARAM16(hold_mode, max_interval) ||

1723

4e38eb54

balrog

                        PARAM16(hold_mode, min_interval) < 0x0002 ||

1724

4e38eb54

balrog

                        PARAM16(hold_mode, max_interval) > 0xff00 ||

1725

4e38eb54

balrog

                        (PARAM16(hold_mode, min_interval) & 1) ||

1726

4e38eb54

balrog

                        (PARAM16(hold_mode, max_interval) & 1)) {

1727

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);

1728

4e38eb54

balrog

            break;

1729

4e38eb54

balrog

1730

4e38eb54

balrog

1731

4e38eb54

balrog

        if (bt_hci_mode_change(hci, PARAMHANDLE(hold_mode),

1732

4e38eb54

balrog

                                PARAM16(hold_mode, max_interval),

1733

4e38eb54

balrog

                                acl_hold))

1734

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_NO_CONNECTION);

1735

4e38eb54

balrog

        break;

1736

4e38eb54

balrog

1737

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_POLICY, OCF_PARK_MODE):

1738

4e38eb54

balrog

        LENGTH_CHECK(park_mode);

1739

4e38eb54

balrog

1740

4e38eb54

balrog

        if (PARAM16(park_mode, min_interval) >

1741

4e38eb54

balrog

                        PARAM16(park_mode, max_interval) ||

1742

4e38eb54

balrog

                        PARAM16(park_mode, min_interval) < 0x000e ||

1743

4e38eb54

balrog

                        (PARAM16(park_mode, min_interval) & 1) ||

1744

4e38eb54

balrog

                        (PARAM16(park_mode, max_interval) & 1)) {

1745

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);

1746

4e38eb54

balrog

            break;

1747

4e38eb54

balrog

1748

4e38eb54

balrog

1749

4e38eb54

balrog

        if (bt_hci_mode_change(hci, PARAMHANDLE(park_mode),

1750

4e38eb54

balrog

                                PARAM16(park_mode, max_interval),

1751

4e38eb54

balrog

                                acl_parked))

1752

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_NO_CONNECTION);

1753

4e38eb54

balrog

        break;

1754

4e38eb54

balrog

1755

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_POLICY, OCF_EXIT_PARK_MODE):

1756

4e38eb54

balrog

        LENGTH_CHECK(exit_park_mode);

1757

4e38eb54

balrog

1758

4e38eb54

balrog

        if (bt_hci_mode_cancel(hci, PARAMHANDLE(exit_park_mode),

1759

4e38eb54

balrog

                                acl_parked))

1760

4e38eb54

balrog

            bt_hci_event_status(hci, HCI_NO_CONNECTION);

1761

4e38eb54

balrog

        break;

1762

4e38eb54

balrog

1763

4e38eb54

balrog

    case cmd_opcode_pack(OGF_LINK_POLICY, OCF_ROLE_DISCOVERY):

1764

4e38eb54

balrog

        LENGTH_CHECK(role_discovery);

1765

4e38eb54

balrog

1766

4e38eb54

balrog

        if (bt_hci_handle_bad(hci, PARAMHANDLE(role_discovery)))

1767

4e38eb54

balrog

            bt_hci_event_complete_role_discovery(hci,

1768

4e38eb54

balrog

                            HCI_NO_CONNECTION, PARAMHANDLE(role_discovery), 0);

1769

4e38eb54

balrog

        else

1770

4e38eb54

balrog

            bt_hci_event_complete_role_discovery(hci,

1771

4e38eb54

balrog

                            HCI_SUCCESS, PARAMHANDLE(role_discovery),

1772

4e38eb54

balrog

                            bt_hci_role_master(hci,

1773

4e38eb54

balrog

                                    PARAMHANDLE(role_discovery)));

1774

4e38eb54

balrog

        break;

1775

4e38eb54

balrog

1776

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_SET_EVENT_MASK):

1777

4e38eb54

balrog

        LENGTH_CHECK(set_event_mask);

1778

4e38eb54

balrog

1779

4e38eb54

balrog

        memcpy(hci->event_mask, PARAM(set_event_mask, mask), 8);

1780

4e38eb54

balrog

        bt_hci_event_complete_status(hci, HCI_SUCCESS);

1781

4e38eb54

balrog

        break;

1782

4e38eb54

balrog

1783

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_RESET):

1784

4e38eb54

balrog

        bt_hci_reset(hci);

1785

4e38eb54

balrog

        bt_hci_event_status(hci, HCI_SUCCESS);

1786

4e38eb54

balrog

        break;

1787

4e38eb54

balrog

1788

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_SET_EVENT_FLT):

1789

4e38eb54

balrog

        if (length >= 1 && PARAM(set_event_flt, flt_type) == FLT_CLEAR_ALL)

1790

4e38eb54

balrog

            /* No length check */;

1791

4e38eb54

balrog

        else

1792

4e38eb54

balrog

            LENGTH_CHECK(set_event_flt);

1793

4e38eb54

balrog

1794

4e38eb54

balrog

        /* Filters are not implemented */

1795

4e38eb54

balrog

        bt_hci_event_complete_status(hci, HCI_SUCCESS);

1796

4e38eb54

balrog

        break;

1797

4e38eb54

balrog

1798

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_FLUSH):

1799

4e38eb54

balrog

        LENGTH_CHECK(flush);

1800

4e38eb54

balrog

1801

4e38eb54

balrog

        if (bt_hci_handle_bad(hci, PARAMHANDLE(flush)))

1802

4e38eb54

balrog

            bt_hci_event_complete_flush(hci,

1803

4e38eb54

balrog

                            HCI_NO_CONNECTION, PARAMHANDLE(flush));

1804

4e38eb54

balrog

        else {

1805

4e38eb54

balrog

            /* TODO: ordering? */

1806

4e38eb54

balrog

            bt_hci_event(hci, EVT_FLUSH_OCCURRED,

1807

4e38eb54

balrog

                            &PARAM(flush, handle),

1808

4e38eb54

balrog

                            EVT_FLUSH_OCCURRED_SIZE);

1809

4e38eb54

balrog

            bt_hci_event_complete_flush(hci,

1810

4e38eb54

balrog

                            HCI_SUCCESS, PARAMHANDLE(flush));

1811

4e38eb54

balrog

1812

4e38eb54

balrog

        break;

1813

4e38eb54

balrog

1814

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME):

1815

4e38eb54

balrog

        LENGTH_CHECK(change_local_name);

1816

4e38eb54

balrog

1817

4e38eb54

balrog

        if (hci->device.lmp_name)

1820

4e38eb54

balrog

                        sizeof(PARAM(change_local_name, name)));

1821

4e38eb54

balrog

        bt_hci_event_complete_status(hci, HCI_SUCCESS);

1822

4e38eb54

balrog

        break;

1823

4e38eb54

balrog

1824

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_NAME):

1825

4e38eb54

balrog

        bt_hci_event_complete_read_local_name(hci);

1826

4e38eb54

balrog

        break;

1827

4e38eb54

balrog

1828

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_CONN_ACCEPT_TIMEOUT):

1829

4e38eb54

balrog

        bt_hci_event_complete_read_conn_accept_timeout(hci);

1830

4e38eb54

balrog

        break;

1831

4e38eb54

balrog

1832

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CONN_ACCEPT_TIMEOUT):

1833

4e38eb54

balrog

        /* TODO */

1834

4e38eb54

balrog

        LENGTH_CHECK(write_conn_accept_timeout);

1835

4e38eb54

balrog

1836

4e38eb54

balrog

        if (PARAM16(write_conn_accept_timeout, timeout) < 0x0001 ||

1837

4e38eb54

balrog

                        PARAM16(write_conn_accept_timeout, timeout) > 0xb540) {

1838

4e38eb54

balrog

            bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);

1839

4e38eb54

balrog

            break;

1840

4e38eb54

balrog

1841

4e38eb54

balrog

1842

4e38eb54

balrog

        hci->conn_accept_tout = PARAM16(write_conn_accept_timeout, timeout);

1843

4e38eb54

balrog

        bt_hci_event_complete_status(hci, HCI_SUCCESS);

1844

4e38eb54

balrog

        break;

1845

4e38eb54

balrog

1846

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_SCAN_ENABLE):

1847

4e38eb54

balrog

        bt_hci_event_complete_read_scan_enable(hci);

1848

4e38eb54

balrog

        break;

1849

4e38eb54

balrog

1850

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE):

1851

4e38eb54

balrog

        LENGTH_CHECK(write_scan_enable);

1852

4e38eb54

balrog

1853

4e38eb54

balrog

        /* TODO: check that the remaining bits are all 0 */

1854

4e38eb54

balrog

        hci->device.inquiry_scan =

1855

4e38eb54

balrog

                !!(PARAM(write_scan_enable, scan_enable) & SCAN_INQUIRY);

1856

4e38eb54

balrog

        hci->device.page_scan =

1857

4e38eb54

balrog

                !!(PARAM(write_scan_enable, scan_enable) & SCAN_PAGE);

1858

4e38eb54

balrog

        bt_hci_event_complete_status(hci, HCI_SUCCESS);

1859

4e38eb54

balrog

        break;

1860

4e38eb54

balrog

1861

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_CLASS_OF_DEV):

1862

4e38eb54

balrog

        bt_hci_event_complete_read_local_class(hci);

1863

4e38eb54

balrog

        break;

1864

4e38eb54

balrog

1865

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV):

1866

4e38eb54

balrog

        LENGTH_CHECK(write_class_of_dev);

1867

4e38eb54

balrog

1868

4e38eb54

balrog

        memcpy(hci->device.class, PARAM(write_class_of_dev, dev_class),

1869

4e38eb54

balrog

                        sizeof(PARAM(write_class_of_dev, dev_class)));

1870

4e38eb54

balrog

        bt_hci_event_complete_status(hci, HCI_SUCCESS);

1871

4e38eb54

balrog

        break;

1872

4e38eb54

balrog

1873

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_VOICE_SETTING):

1874

4e38eb54

balrog

        bt_hci_event_complete_voice_setting(hci);

1875

4e38eb54

balrog

        break;

1876

4e38eb54

balrog

1877

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_VOICE_SETTING):

1878

4e38eb54

balrog

        LENGTH_CHECK(write_voice_setting);

1879

4e38eb54

balrog

1880

4e38eb54

balrog

        hci->voice_setting = PARAM(write_voice_setting, voice_setting);

1881

4e38eb54

balrog

        bt_hci_event_complete_status(hci, HCI_SUCCESS);

1882

4e38eb54

balrog

        break;

1883

4e38eb54

balrog

1884

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_HOST_NUMBER_OF_COMPLETED_PACKETS):

1885

4e38eb54

balrog

        if (length < data[0] * 2 + 1)

1886

4e38eb54

balrog

            goto short_hci;

1887

4e38eb54

balrog

1888

4e38eb54

balrog

        for (i = 0; i < data[0]; i ++)

1889

4e38eb54

balrog

            if (bt_hci_handle_bad(hci,

1890

4e38eb54

balrog

                                    data[i * 2 + 1] | (data[i * 2 + 2] << 8)))

1891

4e38eb54

balrog

                bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);

1892

4e38eb54

balrog

        break;

1893

4e38eb54

balrog

1894

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_INQUIRY_MODE):

1895

4e38eb54

balrog

        /* Only if (local_features[3] & 0x40) && (local_commands[12] & 0x40)

1896

4e38eb54

balrog

         * else

1897

4e38eb54

balrog

         *     goto unknown_command */

1898

4e38eb54

balrog

        bt_hci_event_complete_read_inquiry_mode(hci);

1899

4e38eb54

balrog

        break;

1900

4e38eb54

balrog

1901

4e38eb54

balrog

    case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_INQUIRY_MODE):

1902

4e38eb54

balrog

        /* Only if (local_features[3] & 0x40) && (local_commands[12] & 0x80)

1903

4e38eb54

balrog

         * else

1904

4e38eb54

balrog

         *     goto unknown_command */

1905

4e38eb54

balrog

        LENGTH_CHECK(write_inquiry_mode);

1906

4e38eb54

balrog

1907

4e38eb54

balrog

        if (PARAM(write_inquiry_mode, mode) > 0x01) {

1908

4e38eb54

balrog

            bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);

1909

4e38eb54

balrog

            break;

1910

4e38eb54

balrog

1911

4e38eb54

balrog

1912

4e38eb54

balrog

        hci->lm.inquiry_mode = PARAM(write_inquiry_mode, mode);

1913

4e38eb54

balrog

        bt_hci_event_complete_status(hci, HCI_SUCCESS);

1914

4e38eb54

balrog

        break;

1915

4e38eb54

balrog

1916

4e38eb54

balrog

    case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_VERSION):

1917

4e38eb54

balrog

        bt_hci_read_local_version_rp(hci);

1918

4e38eb54

balrog

        break;

1919

4e38eb54

balrog

1920

4e38eb54

balrog

    case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_COMMANDS):

1921

4e38eb54

balrog

        bt_hci_read_local_commands_rp(hci);

1922

4e38eb54

balrog

        break;

1923

4e38eb54

balrog

1924

4e38eb54

balrog

    case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_FEATURES):

1925

4e38eb54

balrog

        bt_hci_read_local_features_rp(hci);

1926

4e38eb54

balrog

        break;

1927

4e38eb54

balrog

1928

4e38eb54

balrog

    case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_EXT_FEATURES):

1929

4e38eb54

balrog

        LENGTH_CHECK(read_local_ext_features);

1930

4e38eb54

balrog

1931

4e38eb54

balrog

        bt_hci_read_local_ext_features_rp(hci,

1932

4e38eb54

balrog

                        PARAM(read_local_ext_features, page_num));

1933

4e38eb54

balrog

        break;

1934

4e38eb54

balrog

1935

4e38eb54

balrog

    case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BUFFER_SIZE):

1936

4e38eb54

balrog

        bt_hci_read_buffer_size_rp(hci);

1937

4e38eb54

balrog

        break;

1938

4e38eb54

balrog

1939

4e38eb54

balrog

    case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_COUNTRY_CODE):

1940

4e38eb54

balrog

        bt_hci_read_country_code_rp(hci);

1941

4e38eb54

balrog

        break;

1942

4e38eb54

balrog

1943

4e38eb54

balrog

    case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BD_ADDR):

1944

4e38eb54

balrog

        bt_hci_read_bd_addr_rp(hci);

1945

4e38eb54

balrog

        break;

1946

4e38eb54

balrog

1947

4e38eb54

balrog

    case cmd_opcode_pack(OGF_STATUS_PARAM, OCF_READ_LINK_QUALITY):

1948

4e38eb54

balrog

        LENGTH_CHECK(read_link_quality);

1949

4e38eb54

balrog

1950

4e38eb54

balrog

        bt_hci_link_quality_rp(hci, PARAMHANDLE(read_link_quality));

1951

4e38eb54

balrog

        break;

1952

4e38eb54

balrog

1953

4e38eb54

balrog

    default:

1954

4e38eb54

balrog

        bt_hci_event_status(hci, HCI_UNKNOWN_COMMAND);

1955

4e38eb54

balrog

        break;

1956

4e38eb54

balrog

1957

4e38eb54

balrog

    short_hci:

1958

4e38eb54

balrog

        fprintf(stderr, "%s: HCI packet too short (%iB)\n",

1959

4e38eb54

balrog

                        __FUNCTION__, length);

1960

4e38eb54

balrog

        bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);

1961

4e38eb54

balrog

        break;

1962

4e38eb54

balrog

1963

4e38eb54

balrog

1964

4e38eb54

balrog

1965

4e38eb54

balrog

/* We could perform fragmentation here, we can't do "recombination" because

1966

4e38eb54

balrog

 * at this layer the length of the payload is not know ahead, so we only

1967

4e38eb54

balrog

 * know that a packet contained the last fragment of the SDU when the next

1968

4e38eb54

balrog

 * SDU starts.  */

1969

4e38eb54

balrog

static inline void bt_hci_lmp_acl_data(struct bt_hci_s *hci, uint16_t handle,

1970

4e38eb54

balrog

                const uint8_t *data, int start, int len)

1971

4e38eb54

balrog

1972

4e38eb54

balrog

    struct hci_acl_hdr *pkt = (void *) hci->acl_buf;

1973

4e38eb54

balrog

1974

4e38eb54

balrog

    /* TODO: packet flags */

1975

4e38eb54

balrog

    /* TODO: avoid memcpy'ing */

1976

4e38eb54

balrog

1977

4e38eb54

balrog

    if (len + HCI_ACL_HDR_SIZE > sizeof(hci->acl_buf)) {

1978

4e38eb54

balrog

        fprintf(stderr, "%s: can't take ACL packets %i bytes long\n",

1979

4e38eb54

balrog

                        __FUNCTION__, len);

1980

4e38eb54

balrog

        return;

1981

4e38eb54

balrog

1982

4e38eb54

balrog

    memcpy(hci->acl_buf + HCI_ACL_HDR_SIZE, data, len);

1983

4e38eb54

balrog

1984

4e38eb54

balrog

    pkt->handle = cpu_to_le16(

1985

4e38eb54

balrog

                    acl_handle_pack(handle, start ? ACL_START : ACL_CONT));

1986

4e38eb54

balrog

    pkt->dlen = cpu_to_le16(len);

1987

4e38eb54

balrog

    hci->info.acl_recv(hci->info.opaque,

1988

4e38eb54

balrog

                    hci->acl_buf, len + HCI_ACL_HDR_SIZE);

1989

4e38eb54

balrog

1990

4e38eb54

balrog

1991

4e38eb54

balrog

static void bt_hci_lmp_acl_data_slave(struct bt_link_s *btlink,

1992

4e38eb54

balrog

                const uint8_t *data, int start, int len)

1993

4e38eb54

balrog

1994

4e38eb54

balrog

    struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;

1995

4e38eb54

balrog

1996

4e38eb54

balrog

    bt_hci_lmp_acl_data(hci_from_device(btlink->slave),

1997

4e38eb54

balrog

                    link->handle, data, start, len);

1998

4e38eb54

balrog

1999

4e38eb54

balrog

2000

4e38eb54

balrog

static void bt_hci_lmp_acl_data_host(struct bt_link_s *link,

2001

4e38eb54

balrog

                const uint8_t *data, int start, int len)

2002

4e38eb54

balrog

2003

4e38eb54

balrog

    bt_hci_lmp_acl_data(hci_from_device(link->host),

2004

4e38eb54

balrog

                    link->handle, data, start, len);

2005

4e38eb54

balrog

2006

4e38eb54

balrog

2007

4e38eb54

balrog

static void bt_submit_acl(struct HCIInfo *info,

2008

4e38eb54

balrog

                const uint8_t *data, int length)

2009

4e38eb54

balrog

2010

4e38eb54

balrog

    struct bt_hci_s *hci = hci_from_info(info);

2011

4e38eb54

balrog

    uint16_t handle;

2012

4e38eb54

balrog

    int datalen, flags;

2013

4e38eb54

balrog

    struct bt_link_s *link;

2014

4e38eb54

balrog

2015

4e38eb54

balrog

    if (length < HCI_ACL_HDR_SIZE) {

2016

4e38eb54

balrog

        fprintf(stderr, "%s: ACL packet too short (%iB)\n",

2017

4e38eb54

balrog

                        __FUNCTION__, length);

2018

4e38eb54

balrog

        return;

2019

4e38eb54

balrog

2020

4e38eb54

balrog

2021

4e38eb54

balrog

    handle = acl_handle((data[1] << 8) | data[0]);

2022

4e38eb54

balrog

    flags = acl_flags((data[1] << 8) | data[0]);

2023

4e38eb54

balrog

    datalen = (data[3] << 8) | data[2];

2024

4e38eb54

balrog

    data += HCI_ACL_HDR_SIZE;

2025

4e38eb54

balrog

    length -= HCI_ACL_HDR_SIZE;

2026

4e38eb54

balrog

2027

4e38eb54

balrog

    if (bt_hci_handle_bad(hci, handle)) {

2028

4e38eb54

balrog

        fprintf(stderr, "%s: invalid ACL handle %03x\n",

2029

4e38eb54

balrog

                        __FUNCTION__, handle);

2030

4e38eb54

balrog

        /* TODO: signal an error */

2031

4e38eb54

balrog

        return;

2032

4e38eb54

balrog

2033

4e38eb54

balrog

    handle &= ~HCI_HANDLE_OFFSET;

2034

4e38eb54

balrog

2035

4e38eb54

balrog

    if (datalen > length) {

2036

4e38eb54

balrog

        fprintf(stderr, "%s: ACL packet too short (%iB < %iB)\n",

2037

4e38eb54

balrog

                        __FUNCTION__, length, datalen);

2038

4e38eb54

balrog

        return;

2039

4e38eb54

balrog

2040

4e38eb54

balrog

2041

4e38eb54

balrog

    link = hci->lm.handle[handle].link;

2042

4e38eb54

balrog

2043

4e38eb54

balrog

    if ((flags & ~3) == ACL_ACTIVE_BCAST) {

2044

4e38eb54

balrog

        if (!hci->asb_handle)

2045

4e38eb54

balrog

            hci->asb_handle = handle;

2046

4e38eb54

balrog

        else if (handle != hci->asb_handle) {

2047

4e38eb54

balrog

            fprintf(stderr, "%s: Bad handle %03x in Active Slave Broadcast\n",

2048

4e38eb54

balrog

                            __FUNCTION__, handle);

2049

4e38eb54

balrog

            /* TODO: signal an error */

2050

4e38eb54

balrog

            return;

2051

4e38eb54

balrog

2052

4e38eb54

balrog

2053

4e38eb54

balrog

        /* TODO */

2054

4e38eb54

balrog

2055

4e38eb54

balrog

2056

4e38eb54

balrog

    if ((flags & ~3) == ACL_PICO_BCAST) {

2057

4e38eb54

balrog

        if (!hci->psb_handle)

2058

4e38eb54

balrog

            hci->psb_handle = handle;

2059

4e38eb54

balrog

        else if (handle != hci->psb_handle) {

2060

4e38eb54

balrog

            fprintf(stderr, "%s: Bad handle %03x in Parked Slave Broadcast\n",

2061

4e38eb54

balrog

                            __FUNCTION__, handle);

2062

4e38eb54

balrog

            /* TODO: signal an error */

2063

4e38eb54

balrog

            return;

2064

4e38eb54

balrog

2065

4e38eb54

balrog

2066

4e38eb54

balrog

        /* TODO */

2067

4e38eb54

balrog

2068

4e38eb54

balrog

2069

4e38eb54

balrog

    /* TODO: increase counter and send EVT_NUM_COMP_PKTS */

2070

4e38eb54

balrog

    bt_hci_event_num_comp_pkts(hci, handle | HCI_HANDLE_OFFSET, 1);

2071

4e38eb54

balrog

2072

4e38eb54

balrog

    /* Do this last as it can trigger further events even in this HCI */

2073

4e38eb54

balrog

    hci->lm.handle[handle].lmp_acl_data(link, data,

2074

4e38eb54

balrog

                    (flags & 3) == ACL_START, length);

2075

4e38eb54

balrog

2076

4e38eb54

balrog

2077

4e38eb54

balrog

static void bt_submit_sco(struct HCIInfo *info,

2078

4e38eb54

balrog

                const uint8_t *data, int length)

2079

4e38eb54

balrog

2080

4e38eb54

balrog

    struct bt_hci_s *hci = hci_from_info(info);

2081

4e38eb54

balrog

    struct bt_link_s *link;

2082

4e38eb54

balrog

    uint16_t handle;

2083

4e38eb54

balrog

    int datalen;

2084

4e38eb54

balrog

2085

4e38eb54

balrog

    if (length < 3)

2086

4e38eb54

balrog

        return;

2087

4e38eb54

balrog

2088

4e38eb54

balrog

    handle = acl_handle((data[1] << 8) | data[0]);

2089

4e38eb54

balrog

    datalen = data[2];

2090

4e38eb54

balrog

    data += 3;

2091

4e38eb54

balrog

    length -= 3;

2092

4e38eb54

balrog

2093

4e38eb54

balrog

    if (bt_hci_handle_bad(hci, handle)) {

2094

4e38eb54

balrog

        fprintf(stderr, "%s: invalid SCO handle %03x\n",

2095

4e38eb54

balrog

                        __FUNCTION__, handle);

2096

4e38eb54

balrog

        return;

2097

4e38eb54

balrog

2098

4e38eb54

balrog

    handle &= ~HCI_HANDLE_OFFSET;

2099

4e38eb54

balrog

2100

4e38eb54

balrog

    if (datalen > length) {

2101

4e38eb54

balrog

        fprintf(stderr, "%s: SCO packet too short (%iB < %iB)\n",

2102

4e38eb54

balrog

                        __FUNCTION__, length, datalen);

2103

4e38eb54

balrog

        return;

2104

4e38eb54

balrog

2105

4e38eb54

balrog

2106

4e38eb54

balrog

    link = hci->lm.handle[handle].link;

2107

4e38eb54

balrog

    /* TODO */

2108

4e38eb54

balrog

2109

4e38eb54

balrog

    /* TODO: increase counter and send EVT_NUM_COMP_PKTS if synchronous

2110

4e38eb54

balrog

     * Flow Control is enabled.

2111

4e38eb54

balrog

     * (See Read/Write_Synchronous_Flow_Control_Enable on page 513 and

2112

4e38eb54

balrog

     * page 514.)  */

2113

4e38eb54

balrog

2114

4e38eb54

balrog

2115

4e38eb54

balrog

static uint8_t *bt_hci_evt_packet(void *opaque)

2116

4e38eb54

balrog

2117

4e38eb54

balrog

    /* TODO: allocate a packet from upper layer */

2118

4e38eb54

balrog

    struct bt_hci_s *s = opaque;

2119

4e38eb54

balrog

2120

4e38eb54

balrog

    return s->evt_buf;

2121

4e38eb54

balrog

2122

4e38eb54

balrog

2123

4e38eb54

balrog

static void bt_hci_evt_submit(void *opaque, int len)

2124

4e38eb54

balrog

2125

4e38eb54

balrog

    /* TODO: notify upper layer */

2126

4e38eb54

balrog

    struct bt_hci_s *s = opaque;

2127

4e38eb54

balrog

2128

4e38eb54

balrog

    return s->info.evt_recv(s->info.opaque, s->evt_buf, len);

2129

4e38eb54

balrog

2130

4e38eb54

balrog

2131

4e38eb54

balrog

static int bt_hci_bdaddr_set(struct HCIInfo *info, const uint8_t *bd_addr)

2132

4e38eb54

balrog

2133

4e38eb54

balrog

    struct bt_hci_s *hci = hci_from_info(info);

2134

4e38eb54

balrog

2135

4e38eb54

balrog

    bacpy(&hci->device.bd_addr, (const bdaddr_t *) bd_addr);

2136

4e38eb54

balrog

    return 0;

2137

4e38eb54

balrog

2138

4e38eb54

balrog

2140

4e38eb54

balrog

static void bt_hci_destroy(struct bt_device_s *dev)

2141

4e38eb54

balrog

2142

4e38eb54

balrog

    struct bt_hci_s *hci = hci_from_device(dev);

2143

4e38eb54

balrog

2144

4e38eb54

balrog

    return bt_hci_done(&hci->info);

2145

4e38eb54

balrog

2146

4e38eb54

balrog

2147

4e38eb54

balrog

struct HCIInfo *bt_new_hci(struct bt_scatternet_s *net)

2148

4e38eb54

balrog

2149

4e38eb54

balrog

    struct bt_hci_s *s = qemu_mallocz(sizeof(struct bt_hci_s));

2150

4e38eb54

balrog

2151

4e38eb54

balrog

    s->lm.inquiry_done = qemu_new_timer(vm_clock, bt_hci_inquiry_done, s);

2152

4e38eb54

balrog

    s->lm.inquiry_next = qemu_new_timer(vm_clock, bt_hci_inquiry_next, s);

2153

4e38eb54

balrog

    s->conn_accept_timer =

2154

4e38eb54

balrog

            qemu_new_timer(vm_clock, bt_hci_conn_accept_timeout, s);

2155

4e38eb54

balrog

2156

4e38eb54

balrog

    s->evt_packet = bt_hci_evt_packet;

2157

4e38eb54

balrog

    s->evt_submit = bt_hci_evt_submit;

2158

4e38eb54

balrog

    s->opaque = s;

2159

4e38eb54

balrog

2160

4e38eb54

balrog

    bt_device_init(&s->device, net);

2161

4e38eb54

balrog

    s->device.lmp_connection_request = bt_hci_lmp_connection_request;

2162

4e38eb54

balrog

    s->device.lmp_connection_complete = bt_hci_lmp_connection_complete;

2163

4e38eb54

balrog

    s->device.lmp_disconnect_master = bt_hci_lmp_disconnect_host;

2164

4e38eb54

balrog

    s->device.lmp_disconnect_slave = bt_hci_lmp_disconnect_slave;

2165

4e38eb54

balrog

    s->device.lmp_acl_data = bt_hci_lmp_acl_data_slave;

2166

4e38eb54

balrog

    s->device.lmp_acl_resp = bt_hci_lmp_acl_data_host;

2167

4e38eb54

balrog

    s->device.lmp_mode_change = bt_hci_lmp_mode_change_slave;

2168

4e38eb54

balrog

2169

4e38eb54

balrog

    /* Keep updated! */

2170

4e38eb54

balrog

    /* Also keep in sync with supported commands bitmask in

2171

4e38eb54

balrog

     * bt_hci_read_local_commands_rp */

2172

4e38eb54

balrog

    s->device.lmp_caps = 0x8000199b7e85355fll;

2173

4e38eb54

balrog

2174

4e38eb54

balrog

    bt_hci_reset(s);

2175

4e38eb54

balrog

2176

4e38eb54

balrog

    s->info.cmd_send = bt_submit_hci;

2177

4e38eb54

balrog

    s->info.sco_send = bt_submit_sco;

2178

4e38eb54

balrog

    s->info.acl_send = bt_submit_acl;

2179

4e38eb54

balrog

    s->info.bdaddr_set = bt_hci_bdaddr_set;

2180

4e38eb54

balrog

2181

4e38eb54

balrog

    s->device.handle_destroy = bt_hci_destroy;

2182

4e38eb54

balrog

2183

4e38eb54

balrog

    return &s->info;

2184

4e38eb54

balrog

2185

4e38eb54

balrog

2187

4e38eb54

balrog

2188

4e38eb54

balrog

    struct bt_hci_s *hci = hci_from_info(info);

2189

4e38eb54

balrog

    int handle;

2190

4e38eb54

balrog

2191

4e38eb54

balrog

    bt_device_done(&hci->device);

2192

4e38eb54

balrog

2193

4e38eb54

balrog

    if (hci->device.lmp_name)

2195

4e38eb54

balrog

2196

4e38eb54

balrog

    /* Be gentle and send DISCONNECT to all connected peers and those

2197

4e38eb54

balrog

     * currently waiting for us to accept or reject a connection request.

2198

4e38eb54

balrog

     * This frees the links.  */

2199

4e38eb54

balrog

    if (hci->conn_req_host)

2200

4e38eb54

balrog

        return bt_hci_connection_reject(hci,

2201

4e38eb54

balrog

                        hci->conn_req_host, HCI_OE_POWER_OFF);

2202

4e38eb54

balrog

2203

4e38eb54

balrog

    for (handle = HCI_HANDLE_OFFSET;

2204

4e38eb54

balrog

                    handle < (HCI_HANDLE_OFFSET | HCI_HANDLES_MAX); handle ++)

2205

4e38eb54

balrog

        if (!bt_hci_handle_bad(hci, handle))

2206

4e38eb54

balrog

            bt_hci_disconnect(hci, handle, HCI_OE_POWER_OFF);

2207

4e38eb54

balrog

2208

4e38eb54

balrog

    /* TODO: this is not enough actually, there may be slaves from whom

2209

4e38eb54

balrog

     * we have requested a connection who will soon (or not) respond with

2210

4e38eb54

balrog

     * an accept or a reject, so we should also check if hci->lm.connecting

2211

4e38eb54

balrog

     * is non-zero and if so, avoid freeing the hci but otherwise disappear

2212

4e38eb54

balrog

     * from all qemu social life (e.g. stop scanning and request to be

2213

4e38eb54

balrog

     * removed from s->device.net) and arrange for

2214

4e38eb54

balrog

     * s->device.lmp_connection_complete to free the remaining bits once

2215

4e38eb54

balrog

     * hci->lm.awaiting_bdaddr[] is empty.  */

2216

4e38eb54

balrog

2217

4e38eb54

balrog

    qemu_free_timer(hci->lm.inquiry_done);

2218

4e38eb54

balrog

    qemu_free_timer(hci->lm.inquiry_next);

2219

4e38eb54

balrog

    qemu_free_timer(hci->conn_accept_timer);

2220

4e38eb54

balrog

2221

4e38eb54

balrog

    qemu_free(hci);

2222

4e38eb54

balrog

Archipelago » qemu

root / hw / bt-hci.c @ 17605071