2 * QEMU Bluetooth HCI logic.
4 * Copyright (C) 2007 OpenMoko, Inc.
5 * Copyright (C) 2008 Andrzej Zaborowski <balrog@zabor.org>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation; either version 2 of
10 * the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu-common.h"
22 #include "qemu/timer.h"
24 #include "sysemu/bt.h"
28 uint8_t *(*evt_packet)(void *opaque);
29 void (*evt_submit)(void *opaque, int len);
33 uint8_t acl_buf[4096];
39 int last_cmd; /* Note: Always little-endian */
41 struct bt_device_s *conn_req_host;
48 QEMUTimer *inquiry_done;
49 QEMUTimer *inquiry_next;
54 #define HCI_HANDLE_OFFSET 0x20
55 #define HCI_HANDLES_MAX 0x10
56 struct bt_hci_master_link_s {
57 struct bt_link_s *link;
58 void (*lmp_acl_data)(struct bt_link_s *link,
59 const uint8_t *data, int start, int len);
60 QEMUTimer *acl_mode_timer;
61 } handle[HCI_HANDLES_MAX];
65 bdaddr_t awaiting_bdaddr[HCI_HANDLES_MAX];
68 uint8_t event_mask[8];
69 uint16_t voice_setting; /* Notw: Always little-endian */
70 uint16_t conn_accept_tout;
71 QEMUTimer *conn_accept_timer;
74 struct bt_device_s device;
77 #define DEFAULT_RSSI_DBM 20
79 #define hci_from_info(ptr) container_of((ptr), struct bt_hci_s, info)
80 #define hci_from_device(ptr) container_of((ptr), struct bt_hci_s, device)
82 struct bt_hci_link_s {
83 struct bt_link_s btlink;
84 uint16_t handle; /* Local */
87 /* LMP layer emulation */
89 static void bt_submit_lmp(struct bt_device_s *bt, int length, uint8_t *data)
91 int resp, resplen, error, op, tr;
105 if (op >= 0x7c) { /* Extended opcode */
106 op |= *(data ++) << 8;
107 resp = LMP_ACCEPTED_EXT;
109 respdata[0] = op >> 8;
110 respdata[1] = op & 0xff;
119 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
125 case LMP_ACCEPTED_EXT:
126 /* data[0] Escape op code
127 * data[1] Extended op code
130 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
136 case LMP_NOT_ACCEPTED:
141 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
147 case LMP_NOT_ACCEPTED_EXT:
149 * data[1] Extended op code
153 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
159 case LMP_HOST_CONNECTION_REQ:
162 case LMP_SETUP_COMPLETE:
163 resp = LMP_SETUP_COMPLETE;
169 /* data[0] Error code
172 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
179 case LMP_SUPERVISION_TIMEOUT:
180 /* data[0,1] Supervision timeout
183 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
189 case LMP_QUALITY_OF_SERVICE:
193 /* data[0,1] Poll interval
197 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
205 case LMP_MAX_SLOT_REQ:
209 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
217 /* data[0-15] Random number
220 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
223 if (op == LMP_AU_RAND) {
224 if (bt->key_present) {
227 /* XXX: [Part H] Section 6.1 on page 801 */
229 error = HCI_PIN_OR_KEY_MISSING;
232 } else if (op == LMP_IN_RAND) {
233 error = HCI_PAIRING_NOT_ALLOWED;
236 /* XXX: [Part H] Section 3.2 on page 779 */
239 memcpy(respdata + 1, bt->key, 16);
241 error = HCI_UNIT_LINK_KEY_USED;
250 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
253 memcpy(bt->key, data, 16);
258 /* data[0-3] Authentication response
261 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
266 case LMP_CLKOFFSET_REQ:
267 resp = LMP_CLKOFFSET_RES;
273 case LMP_CLKOFFSET_RES:
274 /* data[0,1] Clock offset
275 * (Slave to master only)
278 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
283 case LMP_VERSION_REQ:
284 case LMP_VERSION_RES:
287 * data[3,4] SubVersNr
290 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
293 if (op == LMP_VERSION_REQ) {
294 resp = LMP_VERSION_RES;
305 case LMP_FEATURES_REQ:
306 case LMP_FEATURES_RES:
307 /* data[0-7] Features
310 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
313 if (op == LMP_FEATURES_REQ) {
314 resp = LMP_FEATURES_RES;
316 respdata[1] = (bt->lmp_caps >> 0) & 0xff;
317 respdata[2] = (bt->lmp_caps >> 8) & 0xff;
318 respdata[3] = (bt->lmp_caps >> 16) & 0xff;
319 respdata[4] = (bt->lmp_caps >> 24) & 0xff;
320 respdata[5] = (bt->lmp_caps >> 32) & 0xff;
321 respdata[6] = (bt->lmp_caps >> 40) & 0xff;
322 respdata[7] = (bt->lmp_caps >> 48) & 0xff;
323 respdata[8] = (bt->lmp_caps >> 56) & 0xff;
329 /* data[0] Name offset
332 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
337 respdata[1] = data[0];
338 respdata[2] = strlen(bt->lmp_name);
339 memset(respdata + 3, 0x00, 14);
340 if (respdata[2] > respdata[1])
341 memcpy(respdata + 3, bt->lmp_name + respdata[1],
342 respdata[2] - respdata[1]);
346 /* data[0] Name offset
347 * data[1] Name length
348 * data[2-15] Name fragment
351 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
358 error = HCI_UNKNOWN_LMP_PDU;
362 resp = LMP_NOT_ACCEPTED_EXT;
364 respdata[0] = op >> 8;
365 respdata[1] = op & 0xff;
368 resp = LMP_NOT_ACCEPTED;
370 respdata[0] = op & 0xff;
379 respdata[0] = resp >> 8;
380 respdata[1] = resp & 0xff;
382 respdata[0] = resp & 0xff;
388 static void bt_submit_raw_acl(struct bt_piconet_s *net, int length, uint8_t *data)
390 struct bt_device_s *slave;
399 switch (data[0] & 3) {
401 bt_submit_lmp(slave, length - 1, data + 1);
403 case LLID_ACLU_START:
405 bt_sumbit_l2cap(slave, length - 1, data + 1, (data[0] >> 2) & 1);
415 /* HCI layer emulation */
417 /* Note: we could ignore endiannes because unswapped handles will still
418 * be valid as connection identifiers for the guest - they don't have to
419 * be continuously allocated. We do it though, to preserve similar
420 * behaviour between hosts. Some things, like the BD_ADDR cannot be
421 * preserved though (for example if a real hci is used). */
422 #ifdef HOST_WORDS_BIGENDIAN
423 # define HNDL(raw) bswap16(raw)
425 # define HNDL(raw) (raw)
428 static const uint8_t bt_event_reserved_mask[8] = {
429 0xff, 0x9f, 0xfb, 0xff, 0x07, 0x18, 0x00, 0x00,
433 static void null_hci_send(struct HCIInfo *hci, const uint8_t *data, int len)
437 static int null_hci_addr_set(struct HCIInfo *hci, const uint8_t *bd_addr)
442 struct HCIInfo null_hci = {
443 .cmd_send = null_hci_send,
444 .sco_send = null_hci_send,
445 .acl_send = null_hci_send,
446 .bdaddr_set = null_hci_addr_set,
450 static inline uint8_t *bt_hci_event_start(struct bt_hci_s *hci,
453 uint8_t *packet, mask;
457 fprintf(stderr, "%s: HCI event params too long (%ib)\n",
462 mask_byte = (evt - 1) >> 3;
463 mask = 1 << ((evt - 1) & 3);
464 if (mask & bt_event_reserved_mask[mask_byte] & ~hci->event_mask[mask_byte])
467 packet = hci->evt_packet(hci->opaque);
474 static inline void bt_hci_event(struct bt_hci_s *hci, int evt,
475 void *params, int len)
477 uint8_t *packet = bt_hci_event_start(hci, evt, len);
483 memcpy(packet, params, len);
485 hci->evt_submit(hci->opaque, len + 2);
488 static inline void bt_hci_event_status(struct bt_hci_s *hci, int status)
490 evt_cmd_status params = {
493 .opcode = hci->last_cmd,
496 bt_hci_event(hci, EVT_CMD_STATUS, ¶ms, EVT_CMD_STATUS_SIZE);
499 static inline void bt_hci_event_complete(struct bt_hci_s *hci,
502 uint8_t *packet = bt_hci_event_start(hci, EVT_CMD_COMPLETE,
503 len + EVT_CMD_COMPLETE_SIZE);
504 evt_cmd_complete *params = (evt_cmd_complete *) packet;
510 params->opcode = hci->last_cmd;
512 memcpy(&packet[EVT_CMD_COMPLETE_SIZE], ret, len);
514 hci->evt_submit(hci->opaque, len + EVT_CMD_COMPLETE_SIZE + 2);
517 static void bt_hci_inquiry_done(void *opaque)
519 struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
520 uint8_t status = HCI_SUCCESS;
522 if (!hci->lm.periodic)
525 /* The specification is inconsistent about this one. Page 565 reads
526 * "The event parameters of Inquiry Complete event will have a summary
527 * of the result from the Inquiry process, which reports the number of
528 * nearby Bluetooth devices that responded [so hci->responses].", but
529 * Event Parameters (see page 729) has only Status. */
530 bt_hci_event(hci, EVT_INQUIRY_COMPLETE, &status, 1);
533 static void bt_hci_inquiry_result_standard(struct bt_hci_s *hci,
534 struct bt_device_s *slave)
536 inquiry_info params = {
538 .bdaddr = BAINIT(&slave->bd_addr),
539 .pscan_rep_mode = 0x00, /* R0 */
540 .pscan_period_mode = 0x00, /* P0 - deprecated */
541 .pscan_mode = 0x00, /* Standard scan - deprecated */
542 .dev_class[0] = slave->class[0],
543 .dev_class[1] = slave->class[1],
544 .dev_class[2] = slave->class[2],
545 /* TODO: return the clkoff *differenece* */
546 .clock_offset = slave->clkoff, /* Note: no swapping */
549 bt_hci_event(hci, EVT_INQUIRY_RESULT, ¶ms, INQUIRY_INFO_SIZE);
552 static void bt_hci_inquiry_result_with_rssi(struct bt_hci_s *hci,
553 struct bt_device_s *slave)
555 inquiry_info_with_rssi params = {
557 .bdaddr = BAINIT(&slave->bd_addr),
558 .pscan_rep_mode = 0x00, /* R0 */
559 .pscan_period_mode = 0x00, /* P0 - deprecated */
560 .dev_class[0] = slave->class[0],
561 .dev_class[1] = slave->class[1],
562 .dev_class[2] = slave->class[2],
563 /* TODO: return the clkoff *differenece* */
564 .clock_offset = slave->clkoff, /* Note: no swapping */
565 .rssi = DEFAULT_RSSI_DBM,
568 bt_hci_event(hci, EVT_INQUIRY_RESULT_WITH_RSSI,
569 ¶ms, INQUIRY_INFO_WITH_RSSI_SIZE);
572 static void bt_hci_inquiry_result(struct bt_hci_s *hci,
573 struct bt_device_s *slave)
575 if (!slave->inquiry_scan || !hci->lm.responses_left)
578 hci->lm.responses_left --;
579 hci->lm.responses ++;
581 switch (hci->lm.inquiry_mode) {
583 bt_hci_inquiry_result_standard(hci, slave);
586 bt_hci_inquiry_result_with_rssi(hci, slave);
589 fprintf(stderr, "%s: bad inquiry mode %02x\n", __FUNCTION__,
590 hci->lm.inquiry_mode);
595 static void bt_hci_mod_timer_1280ms(QEMUTimer *timer, int period)
597 timer_mod(timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
598 muldiv64(period << 7, get_ticks_per_sec(), 100));
601 static void bt_hci_inquiry_start(struct bt_hci_s *hci, int length)
603 struct bt_device_s *slave;
605 hci->lm.inquiry_length = length;
606 for (slave = hci->device.net->slave; slave; slave = slave->next)
607 /* Don't uncover ourselves. */
608 if (slave != &hci->device)
609 bt_hci_inquiry_result(hci, slave);
611 /* TODO: register for a callback on a new device's addition to the
612 * scatternet so that if it's added before inquiry_length expires,
613 * an Inquiry Result is generated immediately. Alternatively re-loop
614 * through the devices on the inquiry_length expiration and report
615 * devices not seen before. */
616 if (hci->lm.responses_left)
617 bt_hci_mod_timer_1280ms(hci->lm.inquiry_done, hci->lm.inquiry_length);
619 bt_hci_inquiry_done(hci);
621 if (hci->lm.periodic)
622 bt_hci_mod_timer_1280ms(hci->lm.inquiry_next, hci->lm.inquiry_period);
625 static void bt_hci_inquiry_next(void *opaque)
627 struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
629 hci->lm.responses_left += hci->lm.responses;
630 hci->lm.responses = 0;
631 bt_hci_inquiry_start(hci, hci->lm.inquiry_length);
634 static inline int bt_hci_handle_bad(struct bt_hci_s *hci, uint16_t handle)
636 return !(handle & HCI_HANDLE_OFFSET) ||
637 handle >= (HCI_HANDLE_OFFSET | HCI_HANDLES_MAX) ||
638 !hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
641 static inline int bt_hci_role_master(struct bt_hci_s *hci, uint16_t handle)
643 return !!(hci->lm.role_bmp & (1 << (handle & ~HCI_HANDLE_OFFSET)));
646 static inline struct bt_device_s *bt_hci_remote_dev(struct bt_hci_s *hci,
649 struct bt_link_s *link = hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
651 return bt_hci_role_master(hci, handle) ? link->slave : link->host;
654 static void bt_hci_mode_tick(void *opaque);
655 static void bt_hci_lmp_link_establish(struct bt_hci_s *hci,
656 struct bt_link_s *link, int master)
658 hci->lm.handle[hci->lm.last_handle].link = link;
661 /* We are the master side of an ACL link */
662 hci->lm.role_bmp |= 1 << hci->lm.last_handle;
664 hci->lm.handle[hci->lm.last_handle].lmp_acl_data =
665 link->slave->lmp_acl_data;
667 /* We are the slave side of an ACL link */
668 hci->lm.role_bmp &= ~(1 << hci->lm.last_handle);
670 hci->lm.handle[hci->lm.last_handle].lmp_acl_data =
671 link->host->lmp_acl_resp;
676 link->acl_mode = acl_active;
677 hci->lm.handle[hci->lm.last_handle].acl_mode_timer =
678 timer_new_ns(QEMU_CLOCK_VIRTUAL, bt_hci_mode_tick, link);
682 static void bt_hci_lmp_link_teardown(struct bt_hci_s *hci, uint16_t handle)
684 handle &= ~HCI_HANDLE_OFFSET;
685 hci->lm.handle[handle].link = NULL;
687 if (bt_hci_role_master(hci, handle)) {
688 timer_del(hci->lm.handle[handle].acl_mode_timer);
689 timer_free(hci->lm.handle[handle].acl_mode_timer);
693 static int bt_hci_connect(struct bt_hci_s *hci, bdaddr_t *bdaddr)
695 struct bt_device_s *slave;
696 struct bt_link_s link;
698 for (slave = hci->device.net->slave; slave; slave = slave->next)
699 if (slave->page_scan && !bacmp(&slave->bd_addr, bdaddr))
701 if (!slave || slave == &hci->device)
704 bacpy(&hci->lm.awaiting_bdaddr[hci->lm.connecting ++], &slave->bd_addr);
707 link.host = &hci->device;
708 link.slave->lmp_connection_request(&link); /* Always last */
713 static void bt_hci_connection_reject(struct bt_hci_s *hci,
714 struct bt_device_s *host, uint8_t because)
716 struct bt_link_s link = {
717 .slave = &hci->device,
719 /* Rest uninitialised */
722 host->reject_reason = because;
723 host->lmp_connection_complete(&link);
726 static void bt_hci_connection_reject_event(struct bt_hci_s *hci,
729 evt_conn_complete params;
731 params.status = HCI_NO_CONNECTION;
733 bacpy(¶ms.bdaddr, bdaddr);
734 params.link_type = ACL_LINK;
735 params.encr_mode = 0x00; /* Encryption not required */
736 bt_hci_event(hci, EVT_CONN_COMPLETE, ¶ms, EVT_CONN_COMPLETE_SIZE);
739 static void bt_hci_connection_accept(struct bt_hci_s *hci,
740 struct bt_device_s *host)
742 struct bt_hci_link_s *link = g_malloc0(sizeof(struct bt_hci_link_s));
743 evt_conn_complete params;
745 uint8_t status = HCI_SUCCESS;
746 int tries = HCI_HANDLES_MAX;
748 /* Make a connection handle */
750 while (hci->lm.handle[++ hci->lm.last_handle].link && -- tries)
751 hci->lm.last_handle &= HCI_HANDLES_MAX - 1;
752 handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;
753 } while ((handle == hci->asb_handle || handle == hci->psb_handle) &&
758 bt_hci_connection_reject(hci, host, HCI_REJECTED_LIMITED_RESOURCES);
759 status = HCI_NO_CONNECTION;
763 link->btlink.slave = &hci->device;
764 link->btlink.host = host;
765 link->handle = handle;
767 /* Link established */
768 bt_hci_lmp_link_establish(hci, &link->btlink, 0);
771 params.status = status;
772 params.handle = HNDL(handle);
773 bacpy(¶ms.bdaddr, &host->bd_addr);
774 params.link_type = ACL_LINK;
775 params.encr_mode = 0x00; /* Encryption not required */
776 bt_hci_event(hci, EVT_CONN_COMPLETE, ¶ms, EVT_CONN_COMPLETE_SIZE);
778 /* Neets to be done at the very end because it can trigger a (nested)
779 * disconnected, in case the other and had cancelled the request
781 if (status == HCI_SUCCESS) {
782 host->reject_reason = 0;
783 host->lmp_connection_complete(&link->btlink);
787 static void bt_hci_lmp_connection_request(struct bt_link_s *link)
789 struct bt_hci_s *hci = hci_from_device(link->slave);
790 evt_conn_request params;
792 if (hci->conn_req_host) {
793 bt_hci_connection_reject(hci, link->host,
794 HCI_REJECTED_LIMITED_RESOURCES);
797 hci->conn_req_host = link->host;
798 /* TODO: if masked and auto-accept, then auto-accept,
799 * if masked and not auto-accept, then auto-reject */
800 /* TODO: kick the hci->conn_accept_timer, timeout after
801 * hci->conn_accept_tout * 0.625 msec */
803 bacpy(¶ms.bdaddr, &link->host->bd_addr);
804 memcpy(¶ms.dev_class, &link->host->class, sizeof(params.dev_class));
805 params.link_type = ACL_LINK;
806 bt_hci_event(hci, EVT_CONN_REQUEST, ¶ms, EVT_CONN_REQUEST_SIZE);
809 static void bt_hci_conn_accept_timeout(void *opaque)
811 struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
813 if (!hci->conn_req_host)
814 /* Already accepted or rejected. If the other end cancelled the
815 * connection request then we still have to reject or accept it
816 * and then we'll get a disconnect. */
822 /* Remove from the list of devices which we wanted to connect to and
823 * are awaiting a response from. If the callback sees a response from
824 * a device which is not on the list it will assume it's a connection
825 * that's been cancelled by the host in the meantime and immediately
826 * try to detach the link and send a Connection Complete. */
827 static int bt_hci_lmp_connection_ready(struct bt_hci_s *hci,
832 for (i = 0; i < hci->lm.connecting; i ++)
833 if (!bacmp(&hci->lm.awaiting_bdaddr[i], bdaddr)) {
834 if (i < -- hci->lm.connecting)
835 bacpy(&hci->lm.awaiting_bdaddr[i],
836 &hci->lm.awaiting_bdaddr[hci->lm.connecting]);
843 static void bt_hci_lmp_connection_complete(struct bt_link_s *link)
845 struct bt_hci_s *hci = hci_from_device(link->host);
846 evt_conn_complete params;
848 uint8_t status = HCI_SUCCESS;
849 int tries = HCI_HANDLES_MAX;
851 if (bt_hci_lmp_connection_ready(hci, &link->slave->bd_addr)) {
852 if (!hci->device.reject_reason)
853 link->slave->lmp_disconnect_slave(link);
855 status = HCI_NO_CONNECTION;
859 if (hci->device.reject_reason) {
861 status = hci->device.reject_reason;
865 /* Make a connection handle */
867 while (hci->lm.handle[++ hci->lm.last_handle].link && -- tries)
868 hci->lm.last_handle &= HCI_HANDLES_MAX - 1;
869 handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;
870 } while ((handle == hci->asb_handle || handle == hci->psb_handle) &&
874 link->slave->lmp_disconnect_slave(link);
875 status = HCI_NO_CONNECTION;
879 /* Link established */
880 link->handle = handle;
881 bt_hci_lmp_link_establish(hci, link, 1);
884 params.status = status;
885 params.handle = HNDL(handle);
886 params.link_type = ACL_LINK;
887 bacpy(¶ms.bdaddr, &link->slave->bd_addr);
888 params.encr_mode = 0x00; /* Encryption not required */
889 bt_hci_event(hci, EVT_CONN_COMPLETE, ¶ms, EVT_CONN_COMPLETE_SIZE);
892 static void bt_hci_disconnect(struct bt_hci_s *hci,
893 uint16_t handle, int reason)
895 struct bt_link_s *btlink =
896 hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
897 struct bt_hci_link_s *link;
898 evt_disconn_complete params;
900 if (bt_hci_role_master(hci, handle)) {
901 btlink->slave->reject_reason = reason;
902 btlink->slave->lmp_disconnect_slave(btlink);
903 /* The link pointer is invalid from now on */
908 btlink->host->reject_reason = reason;
909 btlink->host->lmp_disconnect_master(btlink);
911 /* We are the slave, we get to clean this burden */
912 link = (struct bt_hci_link_s *) btlink;
916 bt_hci_lmp_link_teardown(hci, handle);
918 params.status = HCI_SUCCESS;
919 params.handle = HNDL(handle);
920 params.reason = HCI_CONNECTION_TERMINATED;
921 bt_hci_event(hci, EVT_DISCONN_COMPLETE,
922 ¶ms, EVT_DISCONN_COMPLETE_SIZE);
925 /* TODO: use only one function */
926 static void bt_hci_lmp_disconnect_host(struct bt_link_s *link)
928 struct bt_hci_s *hci = hci_from_device(link->host);
929 uint16_t handle = link->handle;
930 evt_disconn_complete params;
932 bt_hci_lmp_link_teardown(hci, handle);
934 params.status = HCI_SUCCESS;
935 params.handle = HNDL(handle);
936 params.reason = hci->device.reject_reason;
937 bt_hci_event(hci, EVT_DISCONN_COMPLETE,
938 ¶ms, EVT_DISCONN_COMPLETE_SIZE);
941 static void bt_hci_lmp_disconnect_slave(struct bt_link_s *btlink)
943 struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;
944 struct bt_hci_s *hci = hci_from_device(btlink->slave);
945 uint16_t handle = link->handle;
946 evt_disconn_complete params;
950 bt_hci_lmp_link_teardown(hci, handle);
952 params.status = HCI_SUCCESS;
953 params.handle = HNDL(handle);
954 params.reason = hci->device.reject_reason;
955 bt_hci_event(hci, EVT_DISCONN_COMPLETE,
956 ¶ms, EVT_DISCONN_COMPLETE_SIZE);
959 static int bt_hci_name_req(struct bt_hci_s *hci, bdaddr_t *bdaddr)
961 struct bt_device_s *slave;
962 evt_remote_name_req_complete params;
964 for (slave = hci->device.net->slave; slave; slave = slave->next)
965 if (slave->page_scan && !bacmp(&slave->bd_addr, bdaddr))
970 bt_hci_event_status(hci, HCI_SUCCESS);
972 params.status = HCI_SUCCESS;
973 bacpy(¶ms.bdaddr, &slave->bd_addr);
974 pstrcpy(params.name, sizeof(params.name), slave->lmp_name ?: "");
975 bt_hci_event(hci, EVT_REMOTE_NAME_REQ_COMPLETE,
976 ¶ms, EVT_REMOTE_NAME_REQ_COMPLETE_SIZE);
981 static int bt_hci_features_req(struct bt_hci_s *hci, uint16_t handle)
983 struct bt_device_s *slave;
984 evt_read_remote_features_complete params;
986 if (bt_hci_handle_bad(hci, handle))
989 slave = bt_hci_remote_dev(hci, handle);
991 bt_hci_event_status(hci, HCI_SUCCESS);
993 params.status = HCI_SUCCESS;
994 params.handle = HNDL(handle);
995 params.features[0] = (slave->lmp_caps >> 0) & 0xff;
996 params.features[1] = (slave->lmp_caps >> 8) & 0xff;
997 params.features[2] = (slave->lmp_caps >> 16) & 0xff;
998 params.features[3] = (slave->lmp_caps >> 24) & 0xff;
999 params.features[4] = (slave->lmp_caps >> 32) & 0xff;
1000 params.features[5] = (slave->lmp_caps >> 40) & 0xff;
1001 params.features[6] = (slave->lmp_caps >> 48) & 0xff;
1002 params.features[7] = (slave->lmp_caps >> 56) & 0xff;
1003 bt_hci_event(hci, EVT_READ_REMOTE_FEATURES_COMPLETE,
1004 ¶ms, EVT_READ_REMOTE_FEATURES_COMPLETE_SIZE);
1009 static int bt_hci_version_req(struct bt_hci_s *hci, uint16_t handle)
1011 evt_read_remote_version_complete params;
1013 if (bt_hci_handle_bad(hci, handle))
1016 bt_hci_remote_dev(hci, handle);
1018 bt_hci_event_status(hci, HCI_SUCCESS);
1020 params.status = HCI_SUCCESS;
1021 params.handle = HNDL(handle);
1022 params.lmp_ver = 0x03;
1023 params.manufacturer = cpu_to_le16(0xa000);
1024 params.lmp_subver = cpu_to_le16(0xa607);
1025 bt_hci_event(hci, EVT_READ_REMOTE_VERSION_COMPLETE,
1026 ¶ms, EVT_READ_REMOTE_VERSION_COMPLETE_SIZE);
1031 static int bt_hci_clkoffset_req(struct bt_hci_s *hci, uint16_t handle)
1033 struct bt_device_s *slave;
1034 evt_read_clock_offset_complete params;
1036 if (bt_hci_handle_bad(hci, handle))
1039 slave = bt_hci_remote_dev(hci, handle);
1041 bt_hci_event_status(hci, HCI_SUCCESS);
1043 params.status = HCI_SUCCESS;
1044 params.handle = HNDL(handle);
1045 /* TODO: return the clkoff *differenece* */
1046 params.clock_offset = slave->clkoff; /* Note: no swapping */
1047 bt_hci_event(hci, EVT_READ_CLOCK_OFFSET_COMPLETE,
1048 ¶ms, EVT_READ_CLOCK_OFFSET_COMPLETE_SIZE);
1053 static void bt_hci_event_mode(struct bt_hci_s *hci, struct bt_link_s *link,
1056 evt_mode_change params = {
1057 .status = HCI_SUCCESS,
1058 .handle = HNDL(handle),
1059 .mode = link->acl_mode,
1060 .interval = cpu_to_le16(link->acl_interval),
1063 bt_hci_event(hci, EVT_MODE_CHANGE, ¶ms, EVT_MODE_CHANGE_SIZE);
1066 static void bt_hci_lmp_mode_change_master(struct bt_hci_s *hci,
1067 struct bt_link_s *link, int mode, uint16_t interval)
1069 link->acl_mode = mode;
1070 link->acl_interval = interval;
1072 bt_hci_event_mode(hci, link, link->handle);
1074 link->slave->lmp_mode_change(link);
1077 static void bt_hci_lmp_mode_change_slave(struct bt_link_s *btlink)
1079 struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;
1080 struct bt_hci_s *hci = hci_from_device(btlink->slave);
1082 bt_hci_event_mode(hci, btlink, link->handle);
1085 static int bt_hci_mode_change(struct bt_hci_s *hci, uint16_t handle,
1086 int interval, int mode)
1088 struct bt_hci_master_link_s *link;
1090 if (bt_hci_handle_bad(hci, handle) || !bt_hci_role_master(hci, handle))
1093 link = &hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
1094 if (link->link->acl_mode != acl_active) {
1095 bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);
1099 bt_hci_event_status(hci, HCI_SUCCESS);
1101 timer_mod(link->acl_mode_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
1102 muldiv64(interval * 625, get_ticks_per_sec(), 1000000));
1103 bt_hci_lmp_mode_change_master(hci, link->link, mode, interval);
1108 static int bt_hci_mode_cancel(struct bt_hci_s *hci, uint16_t handle, int mode)
1110 struct bt_hci_master_link_s *link;
1112 if (bt_hci_handle_bad(hci, handle) || !bt_hci_role_master(hci, handle))
1115 link = &hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
1116 if (link->link->acl_mode != mode) {
1117 bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);
1122 bt_hci_event_status(hci, HCI_SUCCESS);
1124 timer_del(link->acl_mode_timer);
1125 bt_hci_lmp_mode_change_master(hci, link->link, acl_active, 0);
1130 static void bt_hci_mode_tick(void *opaque)
1132 struct bt_link_s *link = opaque;
1133 struct bt_hci_s *hci = hci_from_device(link->host);
1135 bt_hci_lmp_mode_change_master(hci, link, acl_active, 0);
1138 static void bt_hci_reset(struct bt_hci_s *hci)
1142 hci->lm.connecting = 0;
1144 hci->event_mask[0] = 0xff;
1145 hci->event_mask[1] = 0xff;
1146 hci->event_mask[2] = 0xff;
1147 hci->event_mask[3] = 0xff;
1148 hci->event_mask[4] = 0xff;
1149 hci->event_mask[5] = 0x1f;
1150 hci->event_mask[6] = 0x00;
1151 hci->event_mask[7] = 0x00;
1152 hci->device.inquiry_scan = 0;
1153 hci->device.page_scan = 0;
1154 if (hci->device.lmp_name)
1155 g_free((void *) hci->device.lmp_name);
1156 hci->device.lmp_name = NULL;
1157 hci->device.class[0] = 0x00;
1158 hci->device.class[1] = 0x00;
1159 hci->device.class[2] = 0x00;
1160 hci->voice_setting = 0x0000;
1161 hci->conn_accept_tout = 0x1f40;
1162 hci->lm.inquiry_mode = 0x00;
1164 hci->psb_handle = 0x000;
1165 hci->asb_handle = 0x000;
1167 /* XXX: timer_del(sl->acl_mode_timer); for all links */
1168 timer_del(hci->lm.inquiry_done);
1169 timer_del(hci->lm.inquiry_next);
1170 timer_del(hci->conn_accept_timer);
1173 static void bt_hci_read_local_version_rp(struct bt_hci_s *hci)
1175 read_local_version_rp lv = {
1176 .status = HCI_SUCCESS,
1178 .hci_rev = cpu_to_le16(0xa607),
1180 .manufacturer = cpu_to_le16(0xa000),
1181 .lmp_subver = cpu_to_le16(0xa607),
1184 bt_hci_event_complete(hci, &lv, READ_LOCAL_VERSION_RP_SIZE);
1187 static void bt_hci_read_local_commands_rp(struct bt_hci_s *hci)
1189 read_local_commands_rp lc = {
1190 .status = HCI_SUCCESS,
1193 /* Also, keep in sync with hci->device.lmp_caps in bt_new_hci */
1194 0xbf, 0x80, 0xf9, 0x03, 0xb2, 0xc0, 0x03, 0xc3,
1195 0x00, 0x0f, 0x80, 0x00, 0xc0, 0x00, 0xe8, 0x13,
1196 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1197 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1198 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1199 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1200 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1201 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1205 bt_hci_event_complete(hci, &lc, READ_LOCAL_COMMANDS_RP_SIZE);
1208 static void bt_hci_read_local_features_rp(struct bt_hci_s *hci)
1210 read_local_features_rp lf = {
1211 .status = HCI_SUCCESS,
1213 (hci->device.lmp_caps >> 0) & 0xff,
1214 (hci->device.lmp_caps >> 8) & 0xff,
1215 (hci->device.lmp_caps >> 16) & 0xff,
1216 (hci->device.lmp_caps >> 24) & 0xff,
1217 (hci->device.lmp_caps >> 32) & 0xff,
1218 (hci->device.lmp_caps >> 40) & 0xff,
1219 (hci->device.lmp_caps >> 48) & 0xff,
1220 (hci->device.lmp_caps >> 56) & 0xff,
1224 bt_hci_event_complete(hci, &lf, READ_LOCAL_FEATURES_RP_SIZE);
1227 static void bt_hci_read_local_ext_features_rp(struct bt_hci_s *hci, int page)
1229 read_local_ext_features_rp lef = {
1230 .status = HCI_SUCCESS,
1232 .max_page_num = 0x00,
1235 0x5f, 0x35, 0x85, 0x7e, 0x9b, 0x19, 0x00, 0x80,
1239 memset(lef.features, 0, sizeof(lef.features));
1241 bt_hci_event_complete(hci, &lef, READ_LOCAL_EXT_FEATURES_RP_SIZE);
1244 static void bt_hci_read_buffer_size_rp(struct bt_hci_s *hci)
1246 read_buffer_size_rp bs = {
1247 /* This can be made configurable, for one standard USB dongle HCI
1248 * the four values are cpu_to_le16(0x0180), 0x40,
1249 * cpu_to_le16(0x0008), cpu_to_le16(0x0008). */
1250 .status = HCI_SUCCESS,
1251 .acl_mtu = cpu_to_le16(0x0200),
1253 .acl_max_pkt = cpu_to_le16(0x0001),
1254 .sco_max_pkt = cpu_to_le16(0x0000),
1257 bt_hci_event_complete(hci, &bs, READ_BUFFER_SIZE_RP_SIZE);
1260 /* Deprecated in V2.0 (page 661) */
1261 static void bt_hci_read_country_code_rp(struct bt_hci_s *hci)
1263 read_country_code_rp cc ={
1264 .status = HCI_SUCCESS,
1265 .country_code = 0x00, /* North America & Europe^1 and Japan */
1268 bt_hci_event_complete(hci, &cc, READ_COUNTRY_CODE_RP_SIZE);
1270 /* ^1. Except France, sorry */
1273 static void bt_hci_read_bd_addr_rp(struct bt_hci_s *hci)
1275 read_bd_addr_rp ba = {
1276 .status = HCI_SUCCESS,
1277 .bdaddr = BAINIT(&hci->device.bd_addr),
1280 bt_hci_event_complete(hci, &ba, READ_BD_ADDR_RP_SIZE);
1283 static int bt_hci_link_quality_rp(struct bt_hci_s *hci, uint16_t handle)
1285 read_link_quality_rp lq = {
1286 .status = HCI_SUCCESS,
1287 .handle = HNDL(handle),
1288 .link_quality = 0xff,
1291 if (bt_hci_handle_bad(hci, handle))
1292 lq.status = HCI_NO_CONNECTION;
1294 bt_hci_event_complete(hci, &lq, READ_LINK_QUALITY_RP_SIZE);
1298 /* Generate a Command Complete event with only the Status parameter */
1299 static inline void bt_hci_event_complete_status(struct bt_hci_s *hci,
1302 bt_hci_event_complete(hci, &status, 1);
1305 static inline void bt_hci_event_complete_conn_cancel(struct bt_hci_s *hci,
1306 uint8_t status, bdaddr_t *bd_addr)
1308 create_conn_cancel_rp params = {
1310 .bdaddr = BAINIT(bd_addr),
1313 bt_hci_event_complete(hci, ¶ms, CREATE_CONN_CANCEL_RP_SIZE);
1316 static inline void bt_hci_event_auth_complete(struct bt_hci_s *hci,
1319 evt_auth_complete params = {
1320 .status = HCI_SUCCESS,
1321 .handle = HNDL(handle),
1324 bt_hci_event(hci, EVT_AUTH_COMPLETE, ¶ms, EVT_AUTH_COMPLETE_SIZE);
1327 static inline void bt_hci_event_encrypt_change(struct bt_hci_s *hci,
1328 uint16_t handle, uint8_t mode)
1330 evt_encrypt_change params = {
1331 .status = HCI_SUCCESS,
1332 .handle = HNDL(handle),
1336 bt_hci_event(hci, EVT_ENCRYPT_CHANGE, ¶ms, EVT_ENCRYPT_CHANGE_SIZE);
1339 static inline void bt_hci_event_complete_name_cancel(struct bt_hci_s *hci,
1342 remote_name_req_cancel_rp params = {
1343 .status = HCI_INVALID_PARAMETERS,
1344 .bdaddr = BAINIT(bd_addr),
1347 bt_hci_event_complete(hci, ¶ms, REMOTE_NAME_REQ_CANCEL_RP_SIZE);
1350 static inline void bt_hci_event_read_remote_ext_features(struct bt_hci_s *hci,
1353 evt_read_remote_ext_features_complete params = {
1354 .status = HCI_UNSUPPORTED_FEATURE,
1355 .handle = HNDL(handle),
1356 /* Rest uninitialised */
1359 bt_hci_event(hci, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE,
1360 ¶ms, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE_SIZE);
1363 static inline void bt_hci_event_complete_lmp_handle(struct bt_hci_s *hci,
1366 read_lmp_handle_rp params = {
1367 .status = HCI_NO_CONNECTION,
1368 .handle = HNDL(handle),
1370 /* Rest uninitialised */
1373 bt_hci_event_complete(hci, ¶ms, READ_LMP_HANDLE_RP_SIZE);
1376 static inline void bt_hci_event_complete_role_discovery(struct bt_hci_s *hci,
1377 int status, uint16_t handle, int master)
1379 role_discovery_rp params = {
1381 .handle = HNDL(handle),
1382 .role = master ? 0x00 : 0x01,
1385 bt_hci_event_complete(hci, ¶ms, ROLE_DISCOVERY_RP_SIZE);
1388 static inline void bt_hci_event_complete_flush(struct bt_hci_s *hci,
1389 int status, uint16_t handle)
1393 .handle = HNDL(handle),
1396 bt_hci_event_complete(hci, ¶ms, FLUSH_RP_SIZE);
1399 static inline void bt_hci_event_complete_read_local_name(struct bt_hci_s *hci)
1401 read_local_name_rp params;
1402 params.status = HCI_SUCCESS;
1403 memset(params.name, 0, sizeof(params.name));
1404 if (hci->device.lmp_name)
1405 pstrcpy(params.name, sizeof(params.name), hci->device.lmp_name);
1407 bt_hci_event_complete(hci, ¶ms, READ_LOCAL_NAME_RP_SIZE);
1410 static inline void bt_hci_event_complete_read_conn_accept_timeout(
1411 struct bt_hci_s *hci)
1413 read_conn_accept_timeout_rp params = {
1414 .status = HCI_SUCCESS,
1415 .timeout = cpu_to_le16(hci->conn_accept_tout),
1418 bt_hci_event_complete(hci, ¶ms, READ_CONN_ACCEPT_TIMEOUT_RP_SIZE);
1421 static inline void bt_hci_event_complete_read_scan_enable(struct bt_hci_s *hci)
1423 read_scan_enable_rp params = {
1424 .status = HCI_SUCCESS,
1426 (hci->device.inquiry_scan ? SCAN_INQUIRY : 0) |
1427 (hci->device.page_scan ? SCAN_PAGE : 0),
1430 bt_hci_event_complete(hci, ¶ms, READ_SCAN_ENABLE_RP_SIZE);
1433 static inline void bt_hci_event_complete_read_local_class(struct bt_hci_s *hci)
1435 read_class_of_dev_rp params;
1437 params.status = HCI_SUCCESS;
1438 memcpy(params.dev_class, hci->device.class, sizeof(params.dev_class));
1440 bt_hci_event_complete(hci, ¶ms, READ_CLASS_OF_DEV_RP_SIZE);
1443 static inline void bt_hci_event_complete_voice_setting(struct bt_hci_s *hci)
1445 read_voice_setting_rp params = {
1446 .status = HCI_SUCCESS,
1447 .voice_setting = hci->voice_setting, /* Note: no swapping */
1450 bt_hci_event_complete(hci, ¶ms, READ_VOICE_SETTING_RP_SIZE);
1453 static inline void bt_hci_event_complete_read_inquiry_mode(
1454 struct bt_hci_s *hci)
1456 read_inquiry_mode_rp params = {
1457 .status = HCI_SUCCESS,
1458 .mode = hci->lm.inquiry_mode,
1461 bt_hci_event_complete(hci, ¶ms, READ_INQUIRY_MODE_RP_SIZE);
1464 static inline void bt_hci_event_num_comp_pkts(struct bt_hci_s *hci,
1465 uint16_t handle, int packets)
1467 uint16_t buf[EVT_NUM_COMP_PKTS_SIZE(1) / 2 + 1];
1468 evt_num_comp_pkts *params = (void *) ((uint8_t *) buf + 1);
1470 params->num_hndl = 1;
1471 params->connection->handle = HNDL(handle);
1472 params->connection->num_packets = cpu_to_le16(packets);
1474 bt_hci_event(hci, EVT_NUM_COMP_PKTS, params, EVT_NUM_COMP_PKTS_SIZE(1));
1477 static void bt_submit_hci(struct HCIInfo *info,
1478 const uint8_t *data, int length)
1480 struct bt_hci_s *hci = hci_from_info(info);
1484 if (length < HCI_COMMAND_HDR_SIZE)
1487 memcpy(&hci->last_cmd, data, 2);
1489 cmd = (data[1] << 8) | data[0];
1491 if (cmd_opcode_ogf(cmd) == 0 || cmd_opcode_ocf(cmd) == 0) /* NOP */
1494 data += HCI_COMMAND_HDR_SIZE;
1495 length -= HCI_COMMAND_HDR_SIZE;
1497 if (paramlen > length)
1500 #define PARAM(cmd, param) (((cmd##_cp *) data)->param)
1501 #define PARAM16(cmd, param) le16_to_cpup(&PARAM(cmd, param))
1502 #define PARAMHANDLE(cmd) HNDL(PARAM(cmd, handle))
1503 #define LENGTH_CHECK(cmd) if (length < sizeof(cmd##_cp)) goto short_hci
1504 /* Note: the supported commands bitmask in bt_hci_read_local_commands_rp
1505 * needs to be updated every time a command is implemented here! */
1507 case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY):
1508 LENGTH_CHECK(inquiry);
1510 if (PARAM(inquiry, length) < 1) {
1511 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1515 hci->lm.inquire = 1;
1516 hci->lm.periodic = 0;
1517 hci->lm.responses_left = PARAM(inquiry, num_rsp) ?: INT_MAX;
1518 hci->lm.responses = 0;
1519 bt_hci_event_status(hci, HCI_SUCCESS);
1520 bt_hci_inquiry_start(hci, PARAM(inquiry, length));
1523 case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY_CANCEL):
1524 if (!hci->lm.inquire || hci->lm.periodic) {
1525 fprintf(stderr, "%s: Inquiry Cancel should only be issued after "
1526 "the Inquiry command has been issued, a Command "
1527 "Status event has been received for the Inquiry "
1528 "command, and before the Inquiry Complete event "
1529 "occurs", __FUNCTION__);
1530 bt_hci_event_complete_status(hci, HCI_COMMAND_DISALLOWED);
1534 hci->lm.inquire = 0;
1535 timer_del(hci->lm.inquiry_done);
1536 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1539 case cmd_opcode_pack(OGF_LINK_CTL, OCF_PERIODIC_INQUIRY):
1540 LENGTH_CHECK(periodic_inquiry);
1542 if (!(PARAM(periodic_inquiry, length) <
1543 PARAM16(periodic_inquiry, min_period) &&
1544 PARAM16(periodic_inquiry, min_period) <
1545 PARAM16(periodic_inquiry, max_period)) ||
1546 PARAM(periodic_inquiry, length) < 1 ||
1547 PARAM16(periodic_inquiry, min_period) < 2 ||
1548 PARAM16(periodic_inquiry, max_period) < 3) {
1549 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1553 hci->lm.inquire = 1;
1554 hci->lm.periodic = 1;
1555 hci->lm.responses_left = PARAM(periodic_inquiry, num_rsp);
1556 hci->lm.responses = 0;
1557 hci->lm.inquiry_period = PARAM16(periodic_inquiry, max_period);
1558 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1559 bt_hci_inquiry_start(hci, PARAM(periodic_inquiry, length));
1562 case cmd_opcode_pack(OGF_LINK_CTL, OCF_EXIT_PERIODIC_INQUIRY):
1563 if (!hci->lm.inquire || !hci->lm.periodic) {
1564 fprintf(stderr, "%s: Inquiry Cancel should only be issued after "
1565 "the Inquiry command has been issued, a Command "
1566 "Status event has been received for the Inquiry "
1567 "command, and before the Inquiry Complete event "
1568 "occurs", __FUNCTION__);
1569 bt_hci_event_complete_status(hci, HCI_COMMAND_DISALLOWED);
1572 hci->lm.inquire = 0;
1573 timer_del(hci->lm.inquiry_done);
1574 timer_del(hci->lm.inquiry_next);
1575 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1578 case cmd_opcode_pack(OGF_LINK_CTL, OCF_CREATE_CONN):
1579 LENGTH_CHECK(create_conn);
1581 if (hci->lm.connecting >= HCI_HANDLES_MAX) {
1582 bt_hci_event_status(hci, HCI_REJECTED_LIMITED_RESOURCES);
1585 bt_hci_event_status(hci, HCI_SUCCESS);
1587 if (bt_hci_connect(hci, &PARAM(create_conn, bdaddr)))
1588 bt_hci_connection_reject_event(hci, &PARAM(create_conn, bdaddr));
1591 case cmd_opcode_pack(OGF_LINK_CTL, OCF_DISCONNECT):
1592 LENGTH_CHECK(disconnect);
1594 if (bt_hci_handle_bad(hci, PARAMHANDLE(disconnect))) {
1595 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1599 bt_hci_event_status(hci, HCI_SUCCESS);
1600 bt_hci_disconnect(hci, PARAMHANDLE(disconnect),
1601 PARAM(disconnect, reason));
1604 case cmd_opcode_pack(OGF_LINK_CTL, OCF_CREATE_CONN_CANCEL):
1605 LENGTH_CHECK(create_conn_cancel);
1607 if (bt_hci_lmp_connection_ready(hci,
1608 &PARAM(create_conn_cancel, bdaddr))) {
1609 for (i = 0; i < HCI_HANDLES_MAX; i ++)
1610 if (bt_hci_role_master(hci, i) && hci->lm.handle[i].link &&
1611 !bacmp(&hci->lm.handle[i].link->slave->bd_addr,
1612 &PARAM(create_conn_cancel, bdaddr)))
1615 bt_hci_event_complete_conn_cancel(hci, i < HCI_HANDLES_MAX ?
1616 HCI_ACL_CONNECTION_EXISTS : HCI_NO_CONNECTION,
1617 &PARAM(create_conn_cancel, bdaddr));
1619 bt_hci_event_complete_conn_cancel(hci, HCI_SUCCESS,
1620 &PARAM(create_conn_cancel, bdaddr));
1623 case cmd_opcode_pack(OGF_LINK_CTL, OCF_ACCEPT_CONN_REQ):
1624 LENGTH_CHECK(accept_conn_req);
1626 if (!hci->conn_req_host ||
1627 bacmp(&PARAM(accept_conn_req, bdaddr),
1628 &hci->conn_req_host->bd_addr)) {
1629 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1633 bt_hci_event_status(hci, HCI_SUCCESS);
1634 bt_hci_connection_accept(hci, hci->conn_req_host);
1635 hci->conn_req_host = NULL;
1638 case cmd_opcode_pack(OGF_LINK_CTL, OCF_REJECT_CONN_REQ):
1639 LENGTH_CHECK(reject_conn_req);
1641 if (!hci->conn_req_host ||
1642 bacmp(&PARAM(reject_conn_req, bdaddr),
1643 &hci->conn_req_host->bd_addr)) {
1644 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1648 bt_hci_event_status(hci, HCI_SUCCESS);
1649 bt_hci_connection_reject(hci, hci->conn_req_host,
1650 PARAM(reject_conn_req, reason));
1651 bt_hci_connection_reject_event(hci, &hci->conn_req_host->bd_addr);
1652 hci->conn_req_host = NULL;
1655 case cmd_opcode_pack(OGF_LINK_CTL, OCF_AUTH_REQUESTED):
1656 LENGTH_CHECK(auth_requested);
1658 if (bt_hci_handle_bad(hci, PARAMHANDLE(auth_requested)))
1659 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1661 bt_hci_event_status(hci, HCI_SUCCESS);
1662 bt_hci_event_auth_complete(hci, PARAMHANDLE(auth_requested));
1666 case cmd_opcode_pack(OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT):
1667 LENGTH_CHECK(set_conn_encrypt);
1669 if (bt_hci_handle_bad(hci, PARAMHANDLE(set_conn_encrypt)))
1670 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1672 bt_hci_event_status(hci, HCI_SUCCESS);
1673 bt_hci_event_encrypt_change(hci,
1674 PARAMHANDLE(set_conn_encrypt),
1675 PARAM(set_conn_encrypt, encrypt));
1679 case cmd_opcode_pack(OGF_LINK_CTL, OCF_REMOTE_NAME_REQ):
1680 LENGTH_CHECK(remote_name_req);
1682 if (bt_hci_name_req(hci, &PARAM(remote_name_req, bdaddr)))
1683 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1686 case cmd_opcode_pack(OGF_LINK_CTL, OCF_REMOTE_NAME_REQ_CANCEL):
1687 LENGTH_CHECK(remote_name_req_cancel);
1689 bt_hci_event_complete_name_cancel(hci,
1690 &PARAM(remote_name_req_cancel, bdaddr));
1693 case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_FEATURES):
1694 LENGTH_CHECK(read_remote_features);
1696 if (bt_hci_features_req(hci, PARAMHANDLE(read_remote_features)))
1697 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1700 case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_EXT_FEATURES):
1701 LENGTH_CHECK(read_remote_ext_features);
1703 if (bt_hci_handle_bad(hci, PARAMHANDLE(read_remote_ext_features)))
1704 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1706 bt_hci_event_status(hci, HCI_SUCCESS);
1707 bt_hci_event_read_remote_ext_features(hci,
1708 PARAMHANDLE(read_remote_ext_features));
1712 case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_VERSION):
1713 LENGTH_CHECK(read_remote_version);
1715 if (bt_hci_version_req(hci, PARAMHANDLE(read_remote_version)))
1716 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1719 case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_CLOCK_OFFSET):
1720 LENGTH_CHECK(read_clock_offset);
1722 if (bt_hci_clkoffset_req(hci, PARAMHANDLE(read_clock_offset)))
1723 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1726 case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_LMP_HANDLE):
1727 LENGTH_CHECK(read_lmp_handle);
1730 bt_hci_event_complete_lmp_handle(hci, PARAMHANDLE(read_lmp_handle));
1733 case cmd_opcode_pack(OGF_LINK_POLICY, OCF_HOLD_MODE):
1734 LENGTH_CHECK(hold_mode);
1736 if (PARAM16(hold_mode, min_interval) >
1737 PARAM16(hold_mode, max_interval) ||
1738 PARAM16(hold_mode, min_interval) < 0x0002 ||
1739 PARAM16(hold_mode, max_interval) > 0xff00 ||
1740 (PARAM16(hold_mode, min_interval) & 1) ||
1741 (PARAM16(hold_mode, max_interval) & 1)) {
1742 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1746 if (bt_hci_mode_change(hci, PARAMHANDLE(hold_mode),
1747 PARAM16(hold_mode, max_interval),
1749 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1752 case cmd_opcode_pack(OGF_LINK_POLICY, OCF_PARK_MODE):
1753 LENGTH_CHECK(park_mode);
1755 if (PARAM16(park_mode, min_interval) >
1756 PARAM16(park_mode, max_interval) ||
1757 PARAM16(park_mode, min_interval) < 0x000e ||
1758 (PARAM16(park_mode, min_interval) & 1) ||
1759 (PARAM16(park_mode, max_interval) & 1)) {
1760 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1764 if (bt_hci_mode_change(hci, PARAMHANDLE(park_mode),
1765 PARAM16(park_mode, max_interval),
1767 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1770 case cmd_opcode_pack(OGF_LINK_POLICY, OCF_EXIT_PARK_MODE):
1771 LENGTH_CHECK(exit_park_mode);
1773 if (bt_hci_mode_cancel(hci, PARAMHANDLE(exit_park_mode),
1775 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1778 case cmd_opcode_pack(OGF_LINK_POLICY, OCF_ROLE_DISCOVERY):
1779 LENGTH_CHECK(role_discovery);
1781 if (bt_hci_handle_bad(hci, PARAMHANDLE(role_discovery)))
1782 bt_hci_event_complete_role_discovery(hci,
1783 HCI_NO_CONNECTION, PARAMHANDLE(role_discovery), 0);
1785 bt_hci_event_complete_role_discovery(hci,
1786 HCI_SUCCESS, PARAMHANDLE(role_discovery),
1787 bt_hci_role_master(hci,
1788 PARAMHANDLE(role_discovery)));
1791 case cmd_opcode_pack(OGF_HOST_CTL, OCF_SET_EVENT_MASK):
1792 LENGTH_CHECK(set_event_mask);
1794 memcpy(hci->event_mask, PARAM(set_event_mask, mask), 8);
1795 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1798 case cmd_opcode_pack(OGF_HOST_CTL, OCF_RESET):
1800 bt_hci_event_status(hci, HCI_SUCCESS);
1803 case cmd_opcode_pack(OGF_HOST_CTL, OCF_SET_EVENT_FLT):
1804 if (length >= 1 && PARAM(set_event_flt, flt_type) == FLT_CLEAR_ALL)
1805 /* No length check */;
1807 LENGTH_CHECK(set_event_flt);
1809 /* Filters are not implemented */
1810 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1813 case cmd_opcode_pack(OGF_HOST_CTL, OCF_FLUSH):
1814 LENGTH_CHECK(flush);
1816 if (bt_hci_handle_bad(hci, PARAMHANDLE(flush)))
1817 bt_hci_event_complete_flush(hci,
1818 HCI_NO_CONNECTION, PARAMHANDLE(flush));
1820 /* TODO: ordering? */
1821 bt_hci_event(hci, EVT_FLUSH_OCCURRED,
1822 &PARAM(flush, handle),
1823 EVT_FLUSH_OCCURRED_SIZE);
1824 bt_hci_event_complete_flush(hci,
1825 HCI_SUCCESS, PARAMHANDLE(flush));
1829 case cmd_opcode_pack(OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME):
1830 LENGTH_CHECK(change_local_name);
1832 if (hci->device.lmp_name)
1833 g_free((void *) hci->device.lmp_name);
1834 hci->device.lmp_name = g_strndup(PARAM(change_local_name, name),
1835 sizeof(PARAM(change_local_name, name)));
1836 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1839 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_NAME):
1840 bt_hci_event_complete_read_local_name(hci);
1843 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_CONN_ACCEPT_TIMEOUT):
1844 bt_hci_event_complete_read_conn_accept_timeout(hci);
1847 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CONN_ACCEPT_TIMEOUT):
1849 LENGTH_CHECK(write_conn_accept_timeout);
1851 if (PARAM16(write_conn_accept_timeout, timeout) < 0x0001 ||
1852 PARAM16(write_conn_accept_timeout, timeout) > 0xb540) {
1853 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1857 hci->conn_accept_tout = PARAM16(write_conn_accept_timeout, timeout);
1858 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1861 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_SCAN_ENABLE):
1862 bt_hci_event_complete_read_scan_enable(hci);
1865 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE):
1866 LENGTH_CHECK(write_scan_enable);
1868 /* TODO: check that the remaining bits are all 0 */
1869 hci->device.inquiry_scan =
1870 !!(PARAM(write_scan_enable, scan_enable) & SCAN_INQUIRY);
1871 hci->device.page_scan =
1872 !!(PARAM(write_scan_enable, scan_enable) & SCAN_PAGE);
1873 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1876 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_CLASS_OF_DEV):
1877 bt_hci_event_complete_read_local_class(hci);
1880 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV):
1881 LENGTH_CHECK(write_class_of_dev);
1883 memcpy(hci->device.class, PARAM(write_class_of_dev, dev_class),
1884 sizeof(PARAM(write_class_of_dev, dev_class)));
1885 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1888 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_VOICE_SETTING):
1889 bt_hci_event_complete_voice_setting(hci);
1892 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_VOICE_SETTING):
1893 LENGTH_CHECK(write_voice_setting);
1895 hci->voice_setting = PARAM(write_voice_setting, voice_setting);
1896 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1899 case cmd_opcode_pack(OGF_HOST_CTL, OCF_HOST_NUMBER_OF_COMPLETED_PACKETS):
1900 if (length < data[0] * 2 + 1)
1903 for (i = 0; i < data[0]; i ++)
1904 if (bt_hci_handle_bad(hci,
1905 data[i * 2 + 1] | (data[i * 2 + 2] << 8)))
1906 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1909 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_INQUIRY_MODE):
1910 /* Only if (local_features[3] & 0x40) && (local_commands[12] & 0x40)
1912 * goto unknown_command */
1913 bt_hci_event_complete_read_inquiry_mode(hci);
1916 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_INQUIRY_MODE):
1917 /* Only if (local_features[3] & 0x40) && (local_commands[12] & 0x80)
1919 * goto unknown_command */
1920 LENGTH_CHECK(write_inquiry_mode);
1922 if (PARAM(write_inquiry_mode, mode) > 0x01) {
1923 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1927 hci->lm.inquiry_mode = PARAM(write_inquiry_mode, mode);
1928 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1931 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_VERSION):
1932 bt_hci_read_local_version_rp(hci);
1935 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_COMMANDS):
1936 bt_hci_read_local_commands_rp(hci);
1939 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_FEATURES):
1940 bt_hci_read_local_features_rp(hci);
1943 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_EXT_FEATURES):
1944 LENGTH_CHECK(read_local_ext_features);
1946 bt_hci_read_local_ext_features_rp(hci,
1947 PARAM(read_local_ext_features, page_num));
1950 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BUFFER_SIZE):
1951 bt_hci_read_buffer_size_rp(hci);
1954 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_COUNTRY_CODE):
1955 bt_hci_read_country_code_rp(hci);
1958 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BD_ADDR):
1959 bt_hci_read_bd_addr_rp(hci);
1962 case cmd_opcode_pack(OGF_STATUS_PARAM, OCF_READ_LINK_QUALITY):
1963 LENGTH_CHECK(read_link_quality);
1965 bt_hci_link_quality_rp(hci, PARAMHANDLE(read_link_quality));
1969 bt_hci_event_status(hci, HCI_UNKNOWN_COMMAND);
1973 fprintf(stderr, "%s: HCI packet too short (%iB)\n",
1974 __FUNCTION__, length);
1975 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1980 /* We could perform fragmentation here, we can't do "recombination" because
1981 * at this layer the length of the payload is not know ahead, so we only
1982 * know that a packet contained the last fragment of the SDU when the next
1984 static inline void bt_hci_lmp_acl_data(struct bt_hci_s *hci, uint16_t handle,
1985 const uint8_t *data, int start, int len)
1987 struct hci_acl_hdr *pkt = (void *) hci->acl_buf;
1989 /* TODO: packet flags */
1990 /* TODO: avoid memcpy'ing */
1992 if (len + HCI_ACL_HDR_SIZE > sizeof(hci->acl_buf)) {
1993 fprintf(stderr, "%s: can't take ACL packets %i bytes long\n",
1997 memcpy(hci->acl_buf + HCI_ACL_HDR_SIZE, data, len);
1999 pkt->handle = cpu_to_le16(
2000 acl_handle_pack(handle, start ? ACL_START : ACL_CONT));
2001 pkt->dlen = cpu_to_le16(len);
2002 hci->info.acl_recv(hci->info.opaque,
2003 hci->acl_buf, len + HCI_ACL_HDR_SIZE);
2006 static void bt_hci_lmp_acl_data_slave(struct bt_link_s *btlink,
2007 const uint8_t *data, int start, int len)
2009 struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;
2011 bt_hci_lmp_acl_data(hci_from_device(btlink->slave),
2012 link->handle, data, start, len);
2015 static void bt_hci_lmp_acl_data_host(struct bt_link_s *link,
2016 const uint8_t *data, int start, int len)
2018 bt_hci_lmp_acl_data(hci_from_device(link->host),
2019 link->handle, data, start, len);
2022 static void bt_submit_acl(struct HCIInfo *info,
2023 const uint8_t *data, int length)
2025 struct bt_hci_s *hci = hci_from_info(info);
2028 struct bt_link_s *link;
2030 if (length < HCI_ACL_HDR_SIZE) {
2031 fprintf(stderr, "%s: ACL packet too short (%iB)\n",
2032 __FUNCTION__, length);
2036 handle = acl_handle((data[1] << 8) | data[0]);
2037 flags = acl_flags((data[1] << 8) | data[0]);
2038 datalen = (data[3] << 8) | data[2];
2039 data += HCI_ACL_HDR_SIZE;
2040 length -= HCI_ACL_HDR_SIZE;
2042 if (bt_hci_handle_bad(hci, handle)) {
2043 fprintf(stderr, "%s: invalid ACL handle %03x\n",
2044 __FUNCTION__, handle);
2045 /* TODO: signal an error */
2048 handle &= ~HCI_HANDLE_OFFSET;
2050 if (datalen > length) {
2051 fprintf(stderr, "%s: ACL packet too short (%iB < %iB)\n",
2052 __FUNCTION__, length, datalen);
2056 link = hci->lm.handle[handle].link;
2058 if ((flags & ~3) == ACL_ACTIVE_BCAST) {
2059 if (!hci->asb_handle)
2060 hci->asb_handle = handle;
2061 else if (handle != hci->asb_handle) {
2062 fprintf(stderr, "%s: Bad handle %03x in Active Slave Broadcast\n",
2063 __FUNCTION__, handle);
2064 /* TODO: signal an error */
2071 if ((flags & ~3) == ACL_PICO_BCAST) {
2072 if (!hci->psb_handle)
2073 hci->psb_handle = handle;
2074 else if (handle != hci->psb_handle) {
2075 fprintf(stderr, "%s: Bad handle %03x in Parked Slave Broadcast\n",
2076 __FUNCTION__, handle);
2077 /* TODO: signal an error */
2084 /* TODO: increase counter and send EVT_NUM_COMP_PKTS */
2085 bt_hci_event_num_comp_pkts(hci, handle | HCI_HANDLE_OFFSET, 1);
2087 /* Do this last as it can trigger further events even in this HCI */
2088 hci->lm.handle[handle].lmp_acl_data(link, data,
2089 (flags & 3) == ACL_START, length);
2092 static void bt_submit_sco(struct HCIInfo *info,
2093 const uint8_t *data, int length)
2095 struct bt_hci_s *hci = hci_from_info(info);
2102 handle = acl_handle((data[1] << 8) | data[0]);
2106 if (bt_hci_handle_bad(hci, handle)) {
2107 fprintf(stderr, "%s: invalid SCO handle %03x\n",
2108 __FUNCTION__, handle);
2112 if (datalen > length) {
2113 fprintf(stderr, "%s: SCO packet too short (%iB < %iB)\n",
2114 __FUNCTION__, length, datalen);
2120 /* TODO: increase counter and send EVT_NUM_COMP_PKTS if synchronous
2121 * Flow Control is enabled.
2122 * (See Read/Write_Synchronous_Flow_Control_Enable on page 513 and
2126 static uint8_t *bt_hci_evt_packet(void *opaque)
2128 /* TODO: allocate a packet from upper layer */
2129 struct bt_hci_s *s = opaque;
2134 static void bt_hci_evt_submit(void *opaque, int len)
2136 /* TODO: notify upper layer */
2137 struct bt_hci_s *s = opaque;
2139 s->info.evt_recv(s->info.opaque, s->evt_buf, len);
2142 static int bt_hci_bdaddr_set(struct HCIInfo *info, const uint8_t *bd_addr)
2144 struct bt_hci_s *hci = hci_from_info(info);
2146 bacpy(&hci->device.bd_addr, (const bdaddr_t *) bd_addr);
2150 static void bt_hci_done(struct HCIInfo *info);
2151 static void bt_hci_destroy(struct bt_device_s *dev)
2153 struct bt_hci_s *hci = hci_from_device(dev);
2155 bt_hci_done(&hci->info);
2158 struct HCIInfo *bt_new_hci(struct bt_scatternet_s *net)
2160 struct bt_hci_s *s = g_malloc0(sizeof(struct bt_hci_s));
2162 s->lm.inquiry_done = timer_new_ns(QEMU_CLOCK_VIRTUAL, bt_hci_inquiry_done, s);
2163 s->lm.inquiry_next = timer_new_ns(QEMU_CLOCK_VIRTUAL, bt_hci_inquiry_next, s);
2164 s->conn_accept_timer =
2165 timer_new_ns(QEMU_CLOCK_VIRTUAL, bt_hci_conn_accept_timeout, s);
2167 s->evt_packet = bt_hci_evt_packet;
2168 s->evt_submit = bt_hci_evt_submit;
2171 bt_device_init(&s->device, net);
2172 s->device.lmp_connection_request = bt_hci_lmp_connection_request;
2173 s->device.lmp_connection_complete = bt_hci_lmp_connection_complete;
2174 s->device.lmp_disconnect_master = bt_hci_lmp_disconnect_host;
2175 s->device.lmp_disconnect_slave = bt_hci_lmp_disconnect_slave;
2176 s->device.lmp_acl_data = bt_hci_lmp_acl_data_slave;
2177 s->device.lmp_acl_resp = bt_hci_lmp_acl_data_host;
2178 s->device.lmp_mode_change = bt_hci_lmp_mode_change_slave;
2181 /* Also keep in sync with supported commands bitmask in
2182 * bt_hci_read_local_commands_rp */
2183 s->device.lmp_caps = 0x8000199b7e85355fll;
2187 s->info.cmd_send = bt_submit_hci;
2188 s->info.sco_send = bt_submit_sco;
2189 s->info.acl_send = bt_submit_acl;
2190 s->info.bdaddr_set = bt_hci_bdaddr_set;
2192 s->device.handle_destroy = bt_hci_destroy;
2197 struct HCIInfo *hci_init(const char *str)
2200 struct bt_scatternet_s *vlan = 0;
2202 if (!strcmp(str, "null"))
2205 else if (!strncmp(str, "host", 4) && (str[4] == '\0' || str[4] == ':'))
2207 return bt_host_hci(str[4] ? str + 5 : "hci0");
2208 else if (!strncmp(str, "hci", 3)) {
2211 if (!strncmp(str + 3, ",vlan=", 6)) {
2212 vlan = qemu_find_bt_vlan(strtol(str + 9, &endp, 0));
2217 vlan = qemu_find_bt_vlan(0);
2219 return bt_new_hci(vlan);
2222 fprintf(stderr, "qemu: Unknown bluetooth HCI `%s'.\n", str);
2227 static void bt_hci_done(struct HCIInfo *info)
2229 struct bt_hci_s *hci = hci_from_info(info);
2232 bt_device_done(&hci->device);
2234 if (hci->device.lmp_name)
2235 g_free((void *) hci->device.lmp_name);
2237 /* Be gentle and send DISCONNECT to all connected peers and those
2238 * currently waiting for us to accept or reject a connection request.
2239 * This frees the links. */
2240 if (hci->conn_req_host) {
2241 bt_hci_connection_reject(hci,
2242 hci->conn_req_host, HCI_OE_POWER_OFF);
2246 for (handle = HCI_HANDLE_OFFSET;
2247 handle < (HCI_HANDLE_OFFSET | HCI_HANDLES_MAX); handle ++)
2248 if (!bt_hci_handle_bad(hci, handle))
2249 bt_hci_disconnect(hci, handle, HCI_OE_POWER_OFF);
2251 /* TODO: this is not enough actually, there may be slaves from whom
2252 * we have requested a connection who will soon (or not) respond with
2253 * an accept or a reject, so we should also check if hci->lm.connecting
2254 * is non-zero and if so, avoid freeing the hci but otherwise disappear
2255 * from all qemu social life (e.g. stop scanning and request to be
2256 * removed from s->device.net) and arrange for
2257 * s->device.lmp_connection_complete to free the remaining bits once
2258 * hci->lm.awaiting_bdaddr[] is empty. */
2260 timer_free(hci->lm.inquiry_done);
2261 timer_free(hci->lm.inquiry_next);
2262 timer_free(hci->conn_accept_timer);
Code Review / kvmfornfv.git / blob