2 * QEMU Bluetooth HCI logic.
4 * Copyright (C) 2007 OpenMoko, Inc.
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation; either version 2 of
10 * the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
22 #include "qapi/error.h"
23 #include "qemu-common.h"
24 #include "qemu/timer.h"
26 #include "sysemu/bt.h"
28 #include "qapi/qmp/qerror.h"
29 #include "sysemu/replay.h"
32 uint8_t *(*evt_packet)(void *opaque);
33 void (*evt_submit)(void *opaque, int len);
37 uint8_t acl_buf[4096];
43 int last_cmd; /* Note: Always little-endian */
45 struct bt_device_s *conn_req_host;
52 QEMUTimer *inquiry_done;
53 QEMUTimer *inquiry_next;
58 #define HCI_HANDLE_OFFSET 0x20
59 #define HCI_HANDLES_MAX 0x10
60 struct bt_hci_master_link_s {
61 struct bt_link_s *link;
62 void (*lmp_acl_data)(struct bt_link_s *link,
63 const uint8_t *data, int start, int len);
64 QEMUTimer *acl_mode_timer;
65 } handle[HCI_HANDLES_MAX];
69 bdaddr_t awaiting_bdaddr[HCI_HANDLES_MAX];
72 uint8_t event_mask[8];
73 uint16_t voice_setting; /* Notw: Always little-endian */
74 uint16_t conn_accept_tout;
75 QEMUTimer *conn_accept_timer;
78 struct bt_device_s device;
80 Error *replay_blocker;
83 #define DEFAULT_RSSI_DBM 20
85 #define hci_from_info(ptr) container_of((ptr), struct bt_hci_s, info)
86 #define hci_from_device(ptr) container_of((ptr), struct bt_hci_s, device)
88 struct bt_hci_link_s {
89 struct bt_link_s btlink;
90 uint16_t handle; /* Local */
93 /* LMP layer emulation */
95 static void bt_submit_lmp(struct bt_device_s *bt, int length, uint8_t *data)
97 int resp, resplen, error, op, tr;
104 op = *(data ++) >> 1;
111 if (op >= 0x7c) { /* Extended opcode */
112 op |= *(data ++) << 8;
113 resp = LMP_ACCEPTED_EXT;
115 respdata[0] = op >> 8;
116 respdata[1] = op & 0xff;
125 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
131 case LMP_ACCEPTED_EXT:
132 /* data[0] Escape op code
133 * data[1] Extended op code
136 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
142 case LMP_NOT_ACCEPTED:
147 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
153 case LMP_NOT_ACCEPTED_EXT:
155 * data[1] Extended op code
159 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
165 case LMP_HOST_CONNECTION_REQ:
168 case LMP_SETUP_COMPLETE:
169 resp = LMP_SETUP_COMPLETE;
175 /* data[0] Error code
178 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
185 case LMP_SUPERVISION_TIMEOUT:
186 /* data[0,1] Supervision timeout
189 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
195 case LMP_QUALITY_OF_SERVICE:
199 /* data[0,1] Poll interval
203 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
211 case LMP_MAX_SLOT_REQ:
215 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
223 /* data[0-15] Random number
226 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
229 if (op == LMP_AU_RAND) {
230 if (bt->key_present) {
233 /* XXX: [Part H] Section 6.1 on page 801 */
235 error = HCI_PIN_OR_KEY_MISSING;
238 } else if (op == LMP_IN_RAND) {
239 error = HCI_PAIRING_NOT_ALLOWED;
242 /* XXX: [Part H] Section 3.2 on page 779 */
245 memcpy(respdata + 1, bt->key, 16);
247 error = HCI_UNIT_LINK_KEY_USED;
256 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
259 memcpy(bt->key, data, 16);
264 /* data[0-3] Authentication response
267 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
272 case LMP_CLKOFFSET_REQ:
273 resp = LMP_CLKOFFSET_RES;
279 case LMP_CLKOFFSET_RES:
280 /* data[0,1] Clock offset
281 * (Slave to master only)
284 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
289 case LMP_VERSION_REQ:
290 case LMP_VERSION_RES:
293 * data[3,4] SubVersNr
296 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
299 if (op == LMP_VERSION_REQ) {
300 resp = LMP_VERSION_RES;
311 case LMP_FEATURES_REQ:
312 case LMP_FEATURES_RES:
313 /* data[0-7] Features
316 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
319 if (op == LMP_FEATURES_REQ) {
320 resp = LMP_FEATURES_RES;
322 respdata[1] = (bt->lmp_caps >> 0) & 0xff;
323 respdata[2] = (bt->lmp_caps >> 8) & 0xff;
324 respdata[3] = (bt->lmp_caps >> 16) & 0xff;
325 respdata[4] = (bt->lmp_caps >> 24) & 0xff;
326 respdata[5] = (bt->lmp_caps >> 32) & 0xff;
327 respdata[6] = (bt->lmp_caps >> 40) & 0xff;
328 respdata[7] = (bt->lmp_caps >> 48) & 0xff;
329 respdata[8] = (bt->lmp_caps >> 56) & 0xff;
335 /* data[0] Name offset
338 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
343 respdata[1] = data[0];
344 respdata[2] = strlen(bt->lmp_name);
345 memset(respdata + 3, 0x00, 14);
346 if (respdata[2] > respdata[1])
347 memcpy(respdata + 3, bt->lmp_name + respdata[1],
348 respdata[2] - respdata[1]);
352 /* data[0] Name offset
353 * data[1] Name length
354 * data[2-15] Name fragment
357 error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
364 error = HCI_UNKNOWN_LMP_PDU;
368 resp = LMP_NOT_ACCEPTED_EXT;
370 respdata[0] = op >> 8;
371 respdata[1] = op & 0xff;
374 resp = LMP_NOT_ACCEPTED;
376 respdata[0] = op & 0xff;
385 respdata[0] = resp >> 8;
386 respdata[1] = resp & 0xff;
388 respdata[0] = resp & 0xff;
394 static void bt_submit_raw_acl(struct bt_piconet_s *net, int length, uint8_t *data)
396 struct bt_device_s *slave;
405 switch (data[0] & 3) {
407 bt_submit_lmp(slave, length - 1, data + 1);
409 case LLID_ACLU_START:
411 bt_sumbit_l2cap(slave, length - 1, data + 1, (data[0] >> 2) & 1);
421 /* HCI layer emulation */
423 /* Note: we could ignore endiannes because unswapped handles will still
424 * be valid as connection identifiers for the guest - they don't have to
425 * be continuously allocated. We do it though, to preserve similar
426 * behaviour between hosts. Some things, like the BD_ADDR cannot be
427 * preserved though (for example if a real hci is used). */
428 #ifdef HOST_WORDS_BIGENDIAN
429 # define HNDL(raw) bswap16(raw)
431 # define HNDL(raw) (raw)
434 static const uint8_t bt_event_reserved_mask[8] = {
435 0xff, 0x9f, 0xfb, 0xff, 0x07, 0x18, 0x00, 0x00,
439 static void null_hci_send(struct HCIInfo *hci, const uint8_t *data, int len)
443 static int null_hci_addr_set(struct HCIInfo *hci, const uint8_t *bd_addr)
448 struct HCIInfo null_hci = {
449 .cmd_send = null_hci_send,
450 .sco_send = null_hci_send,
451 .acl_send = null_hci_send,
452 .bdaddr_set = null_hci_addr_set,
456 static inline uint8_t *bt_hci_event_start(struct bt_hci_s *hci,
459 uint8_t *packet, mask;
463 fprintf(stderr, "%s: HCI event params too long (%ib)\n",
468 mask_byte = (evt - 1) >> 3;
469 mask = 1 << ((evt - 1) & 3);
470 if (mask & bt_event_reserved_mask[mask_byte] & ~hci->event_mask[mask_byte])
473 packet = hci->evt_packet(hci->opaque);
480 static inline void bt_hci_event(struct bt_hci_s *hci, int evt,
481 void *params, int len)
483 uint8_t *packet = bt_hci_event_start(hci, evt, len);
489 memcpy(packet, params, len);
491 hci->evt_submit(hci->opaque, len + 2);
494 static inline void bt_hci_event_status(struct bt_hci_s *hci, int status)
496 evt_cmd_status params = {
499 .opcode = hci->last_cmd,
502 bt_hci_event(hci, EVT_CMD_STATUS, ¶ms, EVT_CMD_STATUS_SIZE);
505 static inline void bt_hci_event_complete(struct bt_hci_s *hci,
508 uint8_t *packet = bt_hci_event_start(hci, EVT_CMD_COMPLETE,
509 len + EVT_CMD_COMPLETE_SIZE);
510 evt_cmd_complete *params = (evt_cmd_complete *) packet;
516 params->opcode = hci->last_cmd;
518 memcpy(&packet[EVT_CMD_COMPLETE_SIZE], ret, len);
520 hci->evt_submit(hci->opaque, len + EVT_CMD_COMPLETE_SIZE + 2);
523 static void bt_hci_inquiry_done(void *opaque)
525 struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
526 uint8_t status = HCI_SUCCESS;
528 if (!hci->lm.periodic)
531 /* The specification is inconsistent about this one. Page 565 reads
532 * "The event parameters of Inquiry Complete event will have a summary
533 * of the result from the Inquiry process, which reports the number of
534 * nearby Bluetooth devices that responded [so hci->responses].", but
535 * Event Parameters (see page 729) has only Status. */
536 bt_hci_event(hci, EVT_INQUIRY_COMPLETE, &status, 1);
539 static void bt_hci_inquiry_result_standard(struct bt_hci_s *hci,
540 struct bt_device_s *slave)
542 inquiry_info params = {
544 .bdaddr = BAINIT(&slave->bd_addr),
545 .pscan_rep_mode = 0x00, /* R0 */
546 .pscan_period_mode = 0x00, /* P0 - deprecated */
547 .pscan_mode = 0x00, /* Standard scan - deprecated */
548 .dev_class[0] = slave->class[0],
549 .dev_class[1] = slave->class[1],
550 .dev_class[2] = slave->class[2],
551 /* TODO: return the clkoff *differenece* */
552 .clock_offset = slave->clkoff, /* Note: no swapping */
555 bt_hci_event(hci, EVT_INQUIRY_RESULT, ¶ms, INQUIRY_INFO_SIZE);
558 static void bt_hci_inquiry_result_with_rssi(struct bt_hci_s *hci,
559 struct bt_device_s *slave)
561 inquiry_info_with_rssi params = {
563 .bdaddr = BAINIT(&slave->bd_addr),
564 .pscan_rep_mode = 0x00, /* R0 */
565 .pscan_period_mode = 0x00, /* P0 - deprecated */
566 .dev_class[0] = slave->class[0],
567 .dev_class[1] = slave->class[1],
568 .dev_class[2] = slave->class[2],
569 /* TODO: return the clkoff *differenece* */
570 .clock_offset = slave->clkoff, /* Note: no swapping */
571 .rssi = DEFAULT_RSSI_DBM,
574 bt_hci_event(hci, EVT_INQUIRY_RESULT_WITH_RSSI,
575 ¶ms, INQUIRY_INFO_WITH_RSSI_SIZE);
578 static void bt_hci_inquiry_result(struct bt_hci_s *hci,
579 struct bt_device_s *slave)
581 if (!slave->inquiry_scan || !hci->lm.responses_left)
584 hci->lm.responses_left --;
585 hci->lm.responses ++;
587 switch (hci->lm.inquiry_mode) {
589 bt_hci_inquiry_result_standard(hci, slave);
592 bt_hci_inquiry_result_with_rssi(hci, slave);
595 fprintf(stderr, "%s: bad inquiry mode %02x\n", __FUNCTION__,
596 hci->lm.inquiry_mode);
601 static void bt_hci_mod_timer_1280ms(QEMUTimer *timer, int period)
603 timer_mod(timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
604 (uint64_t)(period << 7) * 10000000);
607 static void bt_hci_inquiry_start(struct bt_hci_s *hci, int length)
609 struct bt_device_s *slave;
611 hci->lm.inquiry_length = length;
612 for (slave = hci->device.net->slave; slave; slave = slave->next)
613 /* Don't uncover ourselves. */
614 if (slave != &hci->device)
615 bt_hci_inquiry_result(hci, slave);
617 /* TODO: register for a callback on a new device's addition to the
618 * scatternet so that if it's added before inquiry_length expires,
619 * an Inquiry Result is generated immediately. Alternatively re-loop
620 * through the devices on the inquiry_length expiration and report
621 * devices not seen before. */
622 if (hci->lm.responses_left)
623 bt_hci_mod_timer_1280ms(hci->lm.inquiry_done, hci->lm.inquiry_length);
625 bt_hci_inquiry_done(hci);
627 if (hci->lm.periodic)
628 bt_hci_mod_timer_1280ms(hci->lm.inquiry_next, hci->lm.inquiry_period);
631 static void bt_hci_inquiry_next(void *opaque)
633 struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
635 hci->lm.responses_left += hci->lm.responses;
636 hci->lm.responses = 0;
637 bt_hci_inquiry_start(hci, hci->lm.inquiry_length);
640 static inline int bt_hci_handle_bad(struct bt_hci_s *hci, uint16_t handle)
642 return !(handle & HCI_HANDLE_OFFSET) ||
643 handle >= (HCI_HANDLE_OFFSET | HCI_HANDLES_MAX) ||
644 !hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
647 static inline int bt_hci_role_master(struct bt_hci_s *hci, uint16_t handle)
649 return !!(hci->lm.role_bmp & (1 << (handle & ~HCI_HANDLE_OFFSET)));
652 static inline struct bt_device_s *bt_hci_remote_dev(struct bt_hci_s *hci,
655 struct bt_link_s *link = hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
657 return bt_hci_role_master(hci, handle) ? link->slave : link->host;
660 static void bt_hci_mode_tick(void *opaque);
661 static void bt_hci_lmp_link_establish(struct bt_hci_s *hci,
662 struct bt_link_s *link, int master)
664 hci->lm.handle[hci->lm.last_handle].link = link;
667 /* We are the master side of an ACL link */
668 hci->lm.role_bmp |= 1 << hci->lm.last_handle;
670 hci->lm.handle[hci->lm.last_handle].lmp_acl_data =
671 link->slave->lmp_acl_data;
673 /* We are the slave side of an ACL link */
674 hci->lm.role_bmp &= ~(1 << hci->lm.last_handle);
676 hci->lm.handle[hci->lm.last_handle].lmp_acl_data =
677 link->host->lmp_acl_resp;
682 link->acl_mode = acl_active;
683 hci->lm.handle[hci->lm.last_handle].acl_mode_timer =
684 timer_new_ns(QEMU_CLOCK_VIRTUAL, bt_hci_mode_tick, link);
688 static void bt_hci_lmp_link_teardown(struct bt_hci_s *hci, uint16_t handle)
690 handle &= ~HCI_HANDLE_OFFSET;
691 hci->lm.handle[handle].link = NULL;
693 if (bt_hci_role_master(hci, handle)) {
694 timer_del(hci->lm.handle[handle].acl_mode_timer);
695 timer_free(hci->lm.handle[handle].acl_mode_timer);
699 static int bt_hci_connect(struct bt_hci_s *hci, bdaddr_t *bdaddr)
701 struct bt_device_s *slave;
702 struct bt_link_s link;
704 for (slave = hci->device.net->slave; slave; slave = slave->next)
705 if (slave->page_scan && !bacmp(&slave->bd_addr, bdaddr))
707 if (!slave || slave == &hci->device)
710 bacpy(&hci->lm.awaiting_bdaddr[hci->lm.connecting ++], &slave->bd_addr);
713 link.host = &hci->device;
714 link.slave->lmp_connection_request(&link); /* Always last */
719 static void bt_hci_connection_reject(struct bt_hci_s *hci,
720 struct bt_device_s *host, uint8_t because)
722 struct bt_link_s link = {
723 .slave = &hci->device,
725 /* Rest uninitialised */
728 host->reject_reason = because;
729 host->lmp_connection_complete(&link);
732 static void bt_hci_connection_reject_event(struct bt_hci_s *hci,
735 evt_conn_complete params;
737 params.status = HCI_NO_CONNECTION;
739 bacpy(¶ms.bdaddr, bdaddr);
740 params.link_type = ACL_LINK;
741 params.encr_mode = 0x00; /* Encryption not required */
742 bt_hci_event(hci, EVT_CONN_COMPLETE, ¶ms, EVT_CONN_COMPLETE_SIZE);
745 static void bt_hci_connection_accept(struct bt_hci_s *hci,
746 struct bt_device_s *host)
748 struct bt_hci_link_s *link = g_malloc0(sizeof(struct bt_hci_link_s));
749 evt_conn_complete params;
751 uint8_t status = HCI_SUCCESS;
752 int tries = HCI_HANDLES_MAX;
754 /* Make a connection handle */
756 while (hci->lm.handle[++ hci->lm.last_handle].link && -- tries)
757 hci->lm.last_handle &= HCI_HANDLES_MAX - 1;
758 handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;
759 } while ((handle == hci->asb_handle || handle == hci->psb_handle) &&
764 bt_hci_connection_reject(hci, host, HCI_REJECTED_LIMITED_RESOURCES);
765 status = HCI_NO_CONNECTION;
769 link->btlink.slave = &hci->device;
770 link->btlink.host = host;
771 link->handle = handle;
773 /* Link established */
774 bt_hci_lmp_link_establish(hci, &link->btlink, 0);
777 params.status = status;
778 params.handle = HNDL(handle);
779 bacpy(¶ms.bdaddr, &host->bd_addr);
780 params.link_type = ACL_LINK;
781 params.encr_mode = 0x00; /* Encryption not required */
782 bt_hci_event(hci, EVT_CONN_COMPLETE, ¶ms, EVT_CONN_COMPLETE_SIZE);
784 /* Neets to be done at the very end because it can trigger a (nested)
785 * disconnected, in case the other and had cancelled the request
787 if (status == HCI_SUCCESS) {
788 host->reject_reason = 0;
789 host->lmp_connection_complete(&link->btlink);
793 static void bt_hci_lmp_connection_request(struct bt_link_s *link)
795 struct bt_hci_s *hci = hci_from_device(link->slave);
796 evt_conn_request params;
798 if (hci->conn_req_host) {
799 bt_hci_connection_reject(hci, link->host,
800 HCI_REJECTED_LIMITED_RESOURCES);
803 hci->conn_req_host = link->host;
804 /* TODO: if masked and auto-accept, then auto-accept,
805 * if masked and not auto-accept, then auto-reject */
806 /* TODO: kick the hci->conn_accept_timer, timeout after
807 * hci->conn_accept_tout * 0.625 msec */
809 bacpy(¶ms.bdaddr, &link->host->bd_addr);
810 memcpy(¶ms.dev_class, &link->host->class, sizeof(params.dev_class));
811 params.link_type = ACL_LINK;
812 bt_hci_event(hci, EVT_CONN_REQUEST, ¶ms, EVT_CONN_REQUEST_SIZE);
815 static void bt_hci_conn_accept_timeout(void *opaque)
817 struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
819 if (!hci->conn_req_host)
820 /* Already accepted or rejected. If the other end cancelled the
821 * connection request then we still have to reject or accept it
822 * and then we'll get a disconnect. */
828 /* Remove from the list of devices which we wanted to connect to and
829 * are awaiting a response from. If the callback sees a response from
830 * a device which is not on the list it will assume it's a connection
831 * that's been cancelled by the host in the meantime and immediately
832 * try to detach the link and send a Connection Complete. */
833 static int bt_hci_lmp_connection_ready(struct bt_hci_s *hci,
838 for (i = 0; i < hci->lm.connecting; i ++)
839 if (!bacmp(&hci->lm.awaiting_bdaddr[i], bdaddr)) {
840 if (i < -- hci->lm.connecting)
841 bacpy(&hci->lm.awaiting_bdaddr[i],
842 &hci->lm.awaiting_bdaddr[hci->lm.connecting]);
849 static void bt_hci_lmp_connection_complete(struct bt_link_s *link)
851 struct bt_hci_s *hci = hci_from_device(link->host);
852 evt_conn_complete params;
854 uint8_t status = HCI_SUCCESS;
855 int tries = HCI_HANDLES_MAX;
857 if (bt_hci_lmp_connection_ready(hci, &link->slave->bd_addr)) {
858 if (!hci->device.reject_reason)
859 link->slave->lmp_disconnect_slave(link);
861 status = HCI_NO_CONNECTION;
865 if (hci->device.reject_reason) {
867 status = hci->device.reject_reason;
871 /* Make a connection handle */
873 while (hci->lm.handle[++ hci->lm.last_handle].link && -- tries)
874 hci->lm.last_handle &= HCI_HANDLES_MAX - 1;
875 handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;
876 } while ((handle == hci->asb_handle || handle == hci->psb_handle) &&
880 link->slave->lmp_disconnect_slave(link);
881 status = HCI_NO_CONNECTION;
885 /* Link established */
886 link->handle = handle;
887 bt_hci_lmp_link_establish(hci, link, 1);
890 params.status = status;
891 params.handle = HNDL(handle);
892 params.link_type = ACL_LINK;
893 bacpy(¶ms.bdaddr, &link->slave->bd_addr);
894 params.encr_mode = 0x00; /* Encryption not required */
895 bt_hci_event(hci, EVT_CONN_COMPLETE, ¶ms, EVT_CONN_COMPLETE_SIZE);
898 static void bt_hci_disconnect(struct bt_hci_s *hci,
899 uint16_t handle, int reason)
901 struct bt_link_s *btlink =
902 hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
903 struct bt_hci_link_s *link;
904 evt_disconn_complete params;
906 if (bt_hci_role_master(hci, handle)) {
907 btlink->slave->reject_reason = reason;
908 btlink->slave->lmp_disconnect_slave(btlink);
909 /* The link pointer is invalid from now on */
914 btlink->host->reject_reason = reason;
915 btlink->host->lmp_disconnect_master(btlink);
917 /* We are the slave, we get to clean this burden */
918 link = (struct bt_hci_link_s *) btlink;
922 bt_hci_lmp_link_teardown(hci, handle);
924 params.status = HCI_SUCCESS;
925 params.handle = HNDL(handle);
926 params.reason = HCI_CONNECTION_TERMINATED;
927 bt_hci_event(hci, EVT_DISCONN_COMPLETE,
928 ¶ms, EVT_DISCONN_COMPLETE_SIZE);
931 /* TODO: use only one function */
932 static void bt_hci_lmp_disconnect_host(struct bt_link_s *link)
934 struct bt_hci_s *hci = hci_from_device(link->host);
935 uint16_t handle = link->handle;
936 evt_disconn_complete params;
938 bt_hci_lmp_link_teardown(hci, handle);
940 params.status = HCI_SUCCESS;
941 params.handle = HNDL(handle);
942 params.reason = hci->device.reject_reason;
943 bt_hci_event(hci, EVT_DISCONN_COMPLETE,
944 ¶ms, EVT_DISCONN_COMPLETE_SIZE);
947 static void bt_hci_lmp_disconnect_slave(struct bt_link_s *btlink)
949 struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;
950 struct bt_hci_s *hci = hci_from_device(btlink->slave);
951 uint16_t handle = link->handle;
952 evt_disconn_complete params;
956 bt_hci_lmp_link_teardown(hci, handle);
958 params.status = HCI_SUCCESS;
959 params.handle = HNDL(handle);
960 params.reason = hci->device.reject_reason;
961 bt_hci_event(hci, EVT_DISCONN_COMPLETE,
962 ¶ms, EVT_DISCONN_COMPLETE_SIZE);
965 static int bt_hci_name_req(struct bt_hci_s *hci, bdaddr_t *bdaddr)
967 struct bt_device_s *slave;
968 evt_remote_name_req_complete params;
970 for (slave = hci->device.net->slave; slave; slave = slave->next)
971 if (slave->page_scan && !bacmp(&slave->bd_addr, bdaddr))
976 bt_hci_event_status(hci, HCI_SUCCESS);
978 params.status = HCI_SUCCESS;
979 bacpy(¶ms.bdaddr, &slave->bd_addr);
980 pstrcpy(params.name, sizeof(params.name), slave->lmp_name ?: "");
981 bt_hci_event(hci, EVT_REMOTE_NAME_REQ_COMPLETE,
982 ¶ms, EVT_REMOTE_NAME_REQ_COMPLETE_SIZE);
987 static int bt_hci_features_req(struct bt_hci_s *hci, uint16_t handle)
989 struct bt_device_s *slave;
990 evt_read_remote_features_complete params;
992 if (bt_hci_handle_bad(hci, handle))
995 slave = bt_hci_remote_dev(hci, handle);
997 bt_hci_event_status(hci, HCI_SUCCESS);
999 params.status = HCI_SUCCESS;
1000 params.handle = HNDL(handle);
1001 params.features[0] = (slave->lmp_caps >> 0) & 0xff;
1002 params.features[1] = (slave->lmp_caps >> 8) & 0xff;
1003 params.features[2] = (slave->lmp_caps >> 16) & 0xff;
1004 params.features[3] = (slave->lmp_caps >> 24) & 0xff;
1005 params.features[4] = (slave->lmp_caps >> 32) & 0xff;
1006 params.features[5] = (slave->lmp_caps >> 40) & 0xff;
1007 params.features[6] = (slave->lmp_caps >> 48) & 0xff;
1008 params.features[7] = (slave->lmp_caps >> 56) & 0xff;
1009 bt_hci_event(hci, EVT_READ_REMOTE_FEATURES_COMPLETE,
1010 ¶ms, EVT_READ_REMOTE_FEATURES_COMPLETE_SIZE);
1015 static int bt_hci_version_req(struct bt_hci_s *hci, uint16_t handle)
1017 evt_read_remote_version_complete params;
1019 if (bt_hci_handle_bad(hci, handle))
1022 bt_hci_remote_dev(hci, handle);
1024 bt_hci_event_status(hci, HCI_SUCCESS);
1026 params.status = HCI_SUCCESS;
1027 params.handle = HNDL(handle);
1028 params.lmp_ver = 0x03;
1029 params.manufacturer = cpu_to_le16(0xa000);
1030 params.lmp_subver = cpu_to_le16(0xa607);
1031 bt_hci_event(hci, EVT_READ_REMOTE_VERSION_COMPLETE,
1032 ¶ms, EVT_READ_REMOTE_VERSION_COMPLETE_SIZE);
1037 static int bt_hci_clkoffset_req(struct bt_hci_s *hci, uint16_t handle)
1039 struct bt_device_s *slave;
1040 evt_read_clock_offset_complete params;
1042 if (bt_hci_handle_bad(hci, handle))
1045 slave = bt_hci_remote_dev(hci, handle);
1047 bt_hci_event_status(hci, HCI_SUCCESS);
1049 params.status = HCI_SUCCESS;
1050 params.handle = HNDL(handle);
1051 /* TODO: return the clkoff *differenece* */
1052 params.clock_offset = slave->clkoff; /* Note: no swapping */
1053 bt_hci_event(hci, EVT_READ_CLOCK_OFFSET_COMPLETE,
1054 ¶ms, EVT_READ_CLOCK_OFFSET_COMPLETE_SIZE);
1059 static void bt_hci_event_mode(struct bt_hci_s *hci, struct bt_link_s *link,
1062 evt_mode_change params = {
1063 .status = HCI_SUCCESS,
1064 .handle = HNDL(handle),
1065 .mode = link->acl_mode,
1066 .interval = cpu_to_le16(link->acl_interval),
1069 bt_hci_event(hci, EVT_MODE_CHANGE, ¶ms, EVT_MODE_CHANGE_SIZE);
1072 static void bt_hci_lmp_mode_change_master(struct bt_hci_s *hci,
1073 struct bt_link_s *link, int mode, uint16_t interval)
1075 link->acl_mode = mode;
1076 link->acl_interval = interval;
1078 bt_hci_event_mode(hci, link, link->handle);
1080 link->slave->lmp_mode_change(link);
1083 static void bt_hci_lmp_mode_change_slave(struct bt_link_s *btlink)
1085 struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;
1086 struct bt_hci_s *hci = hci_from_device(btlink->slave);
1088 bt_hci_event_mode(hci, btlink, link->handle);
1091 static int bt_hci_mode_change(struct bt_hci_s *hci, uint16_t handle,
1092 int interval, int mode)
1094 struct bt_hci_master_link_s *link;
1096 if (bt_hci_handle_bad(hci, handle) || !bt_hci_role_master(hci, handle))
1099 link = &hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
1100 if (link->link->acl_mode != acl_active) {
1101 bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);
1105 bt_hci_event_status(hci, HCI_SUCCESS);
1107 timer_mod(link->acl_mode_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
1108 ((uint64_t)interval * 625) * 1000);
1109 bt_hci_lmp_mode_change_master(hci, link->link, mode, interval);
1114 static int bt_hci_mode_cancel(struct bt_hci_s *hci, uint16_t handle, int mode)
1116 struct bt_hci_master_link_s *link;
1118 if (bt_hci_handle_bad(hci, handle) || !bt_hci_role_master(hci, handle))
1121 link = &hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
1122 if (link->link->acl_mode != mode) {
1123 bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);
1128 bt_hci_event_status(hci, HCI_SUCCESS);
1130 timer_del(link->acl_mode_timer);
1131 bt_hci_lmp_mode_change_master(hci, link->link, acl_active, 0);
1136 static void bt_hci_mode_tick(void *opaque)
1138 struct bt_link_s *link = opaque;
1139 struct bt_hci_s *hci = hci_from_device(link->host);
1141 bt_hci_lmp_mode_change_master(hci, link, acl_active, 0);
1144 static void bt_hci_reset(struct bt_hci_s *hci)
1148 hci->lm.connecting = 0;
1150 hci->event_mask[0] = 0xff;
1151 hci->event_mask[1] = 0xff;
1152 hci->event_mask[2] = 0xff;
1153 hci->event_mask[3] = 0xff;
1154 hci->event_mask[4] = 0xff;
1155 hci->event_mask[5] = 0x1f;
1156 hci->event_mask[6] = 0x00;
1157 hci->event_mask[7] = 0x00;
1158 hci->device.inquiry_scan = 0;
1159 hci->device.page_scan = 0;
1160 g_free((void *) hci->device.lmp_name);
1161 hci->device.lmp_name = NULL;
1162 hci->device.class[0] = 0x00;
1163 hci->device.class[1] = 0x00;
1164 hci->device.class[2] = 0x00;
1165 hci->voice_setting = 0x0000;
1166 hci->conn_accept_tout = 0x1f40;
1167 hci->lm.inquiry_mode = 0x00;
1169 hci->psb_handle = 0x000;
1170 hci->asb_handle = 0x000;
1172 /* XXX: timer_del(sl->acl_mode_timer); for all links */
1173 timer_del(hci->lm.inquiry_done);
1174 timer_del(hci->lm.inquiry_next);
1175 timer_del(hci->conn_accept_timer);
1178 static void bt_hci_read_local_version_rp(struct bt_hci_s *hci)
1180 read_local_version_rp lv = {
1181 .status = HCI_SUCCESS,
1183 .hci_rev = cpu_to_le16(0xa607),
1185 .manufacturer = cpu_to_le16(0xa000),
1186 .lmp_subver = cpu_to_le16(0xa607),
1189 bt_hci_event_complete(hci, &lv, READ_LOCAL_VERSION_RP_SIZE);
1192 static void bt_hci_read_local_commands_rp(struct bt_hci_s *hci)
1194 read_local_commands_rp lc = {
1195 .status = HCI_SUCCESS,
1198 /* Also, keep in sync with hci->device.lmp_caps in bt_new_hci */
1199 0xbf, 0x80, 0xf9, 0x03, 0xb2, 0xc0, 0x03, 0xc3,
1200 0x00, 0x0f, 0x80, 0x00, 0xc0, 0x00, 0xe8, 0x13,
1201 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1202 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1203 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1204 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1205 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1206 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1210 bt_hci_event_complete(hci, &lc, READ_LOCAL_COMMANDS_RP_SIZE);
1213 static void bt_hci_read_local_features_rp(struct bt_hci_s *hci)
1215 read_local_features_rp lf = {
1216 .status = HCI_SUCCESS,
1218 (hci->device.lmp_caps >> 0) & 0xff,
1219 (hci->device.lmp_caps >> 8) & 0xff,
1220 (hci->device.lmp_caps >> 16) & 0xff,
1221 (hci->device.lmp_caps >> 24) & 0xff,
1222 (hci->device.lmp_caps >> 32) & 0xff,
1223 (hci->device.lmp_caps >> 40) & 0xff,
1224 (hci->device.lmp_caps >> 48) & 0xff,
1225 (hci->device.lmp_caps >> 56) & 0xff,
1229 bt_hci_event_complete(hci, &lf, READ_LOCAL_FEATURES_RP_SIZE);
1232 static void bt_hci_read_local_ext_features_rp(struct bt_hci_s *hci, int page)
1234 read_local_ext_features_rp lef = {
1235 .status = HCI_SUCCESS,
1237 .max_page_num = 0x00,
1240 0x5f, 0x35, 0x85, 0x7e, 0x9b, 0x19, 0x00, 0x80,
1244 memset(lef.features, 0, sizeof(lef.features));
1246 bt_hci_event_complete(hci, &lef, READ_LOCAL_EXT_FEATURES_RP_SIZE);
1249 static void bt_hci_read_buffer_size_rp(struct bt_hci_s *hci)
1251 read_buffer_size_rp bs = {
1252 /* This can be made configurable, for one standard USB dongle HCI
1253 * the four values are cpu_to_le16(0x0180), 0x40,
1254 * cpu_to_le16(0x0008), cpu_to_le16(0x0008). */
1255 .status = HCI_SUCCESS,
1256 .acl_mtu = cpu_to_le16(0x0200),
1258 .acl_max_pkt = cpu_to_le16(0x0001),
1259 .sco_max_pkt = cpu_to_le16(0x0000),
1262 bt_hci_event_complete(hci, &bs, READ_BUFFER_SIZE_RP_SIZE);
1265 /* Deprecated in V2.0 (page 661) */
1266 static void bt_hci_read_country_code_rp(struct bt_hci_s *hci)
1268 read_country_code_rp cc ={
1269 .status = HCI_SUCCESS,
1270 .country_code = 0x00, /* North America & Europe^1 and Japan */
1273 bt_hci_event_complete(hci, &cc, READ_COUNTRY_CODE_RP_SIZE);
1275 /* ^1. Except France, sorry */
1278 static void bt_hci_read_bd_addr_rp(struct bt_hci_s *hci)
1280 read_bd_addr_rp ba = {
1281 .status = HCI_SUCCESS,
1282 .bdaddr = BAINIT(&hci->device.bd_addr),
1285 bt_hci_event_complete(hci, &ba, READ_BD_ADDR_RP_SIZE);
1288 static int bt_hci_link_quality_rp(struct bt_hci_s *hci, uint16_t handle)
1290 read_link_quality_rp lq = {
1291 .status = HCI_SUCCESS,
1292 .handle = HNDL(handle),
1293 .link_quality = 0xff,
1296 if (bt_hci_handle_bad(hci, handle))
1297 lq.status = HCI_NO_CONNECTION;
1299 bt_hci_event_complete(hci, &lq, READ_LINK_QUALITY_RP_SIZE);
1303 /* Generate a Command Complete event with only the Status parameter */
1304 static inline void bt_hci_event_complete_status(struct bt_hci_s *hci,
1307 bt_hci_event_complete(hci, &status, 1);
1310 static inline void bt_hci_event_complete_conn_cancel(struct bt_hci_s *hci,
1311 uint8_t status, bdaddr_t *bd_addr)
1313 create_conn_cancel_rp params = {
1315 .bdaddr = BAINIT(bd_addr),
1318 bt_hci_event_complete(hci, ¶ms, CREATE_CONN_CANCEL_RP_SIZE);
1321 static inline void bt_hci_event_auth_complete(struct bt_hci_s *hci,
1324 evt_auth_complete params = {
1325 .status = HCI_SUCCESS,
1326 .handle = HNDL(handle),
1329 bt_hci_event(hci, EVT_AUTH_COMPLETE, ¶ms, EVT_AUTH_COMPLETE_SIZE);
1332 static inline void bt_hci_event_encrypt_change(struct bt_hci_s *hci,
1333 uint16_t handle, uint8_t mode)
1335 evt_encrypt_change params = {
1336 .status = HCI_SUCCESS,
1337 .handle = HNDL(handle),
1341 bt_hci_event(hci, EVT_ENCRYPT_CHANGE, ¶ms, EVT_ENCRYPT_CHANGE_SIZE);
1344 static inline void bt_hci_event_complete_name_cancel(struct bt_hci_s *hci,
1347 remote_name_req_cancel_rp params = {
1348 .status = HCI_INVALID_PARAMETERS,
1349 .bdaddr = BAINIT(bd_addr),
1352 bt_hci_event_complete(hci, ¶ms, REMOTE_NAME_REQ_CANCEL_RP_SIZE);
1355 static inline void bt_hci_event_read_remote_ext_features(struct bt_hci_s *hci,
1358 evt_read_remote_ext_features_complete params = {
1359 .status = HCI_UNSUPPORTED_FEATURE,
1360 .handle = HNDL(handle),
1361 /* Rest uninitialised */
1364 bt_hci_event(hci, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE,
1365 ¶ms, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE_SIZE);
1368 static inline void bt_hci_event_complete_lmp_handle(struct bt_hci_s *hci,
1371 read_lmp_handle_rp params = {
1372 .status = HCI_NO_CONNECTION,
1373 .handle = HNDL(handle),
1375 /* Rest uninitialised */
1378 bt_hci_event_complete(hci, ¶ms, READ_LMP_HANDLE_RP_SIZE);
1381 static inline void bt_hci_event_complete_role_discovery(struct bt_hci_s *hci,
1382 int status, uint16_t handle, int master)
1384 role_discovery_rp params = {
1386 .handle = HNDL(handle),
1387 .role = master ? 0x00 : 0x01,
1390 bt_hci_event_complete(hci, ¶ms, ROLE_DISCOVERY_RP_SIZE);
1393 static inline void bt_hci_event_complete_flush(struct bt_hci_s *hci,
1394 int status, uint16_t handle)
1398 .handle = HNDL(handle),
1401 bt_hci_event_complete(hci, ¶ms, FLUSH_RP_SIZE);
1404 static inline void bt_hci_event_complete_read_local_name(struct bt_hci_s *hci)
1406 read_local_name_rp params;
1407 params.status = HCI_SUCCESS;
1408 memset(params.name, 0, sizeof(params.name));
1409 if (hci->device.lmp_name)
1410 pstrcpy(params.name, sizeof(params.name), hci->device.lmp_name);
1412 bt_hci_event_complete(hci, ¶ms, READ_LOCAL_NAME_RP_SIZE);
1415 static inline void bt_hci_event_complete_read_conn_accept_timeout(
1416 struct bt_hci_s *hci)
1418 read_conn_accept_timeout_rp params = {
1419 .status = HCI_SUCCESS,
1420 .timeout = cpu_to_le16(hci->conn_accept_tout),
1423 bt_hci_event_complete(hci, ¶ms, READ_CONN_ACCEPT_TIMEOUT_RP_SIZE);
1426 static inline void bt_hci_event_complete_read_scan_enable(struct bt_hci_s *hci)
1428 read_scan_enable_rp params = {
1429 .status = HCI_SUCCESS,
1431 (hci->device.inquiry_scan ? SCAN_INQUIRY : 0) |
1432 (hci->device.page_scan ? SCAN_PAGE : 0),
1435 bt_hci_event_complete(hci, ¶ms, READ_SCAN_ENABLE_RP_SIZE);
1438 static inline void bt_hci_event_complete_read_local_class(struct bt_hci_s *hci)
1440 read_class_of_dev_rp params;
1442 params.status = HCI_SUCCESS;
1443 memcpy(params.dev_class, hci->device.class, sizeof(params.dev_class));
1445 bt_hci_event_complete(hci, ¶ms, READ_CLASS_OF_DEV_RP_SIZE);
1448 static inline void bt_hci_event_complete_voice_setting(struct bt_hci_s *hci)
1450 read_voice_setting_rp params = {
1451 .status = HCI_SUCCESS,
1452 .voice_setting = hci->voice_setting, /* Note: no swapping */
1455 bt_hci_event_complete(hci, ¶ms, READ_VOICE_SETTING_RP_SIZE);
1458 static inline void bt_hci_event_complete_read_inquiry_mode(
1459 struct bt_hci_s *hci)
1461 read_inquiry_mode_rp params = {
1462 .status = HCI_SUCCESS,
1463 .mode = hci->lm.inquiry_mode,
1466 bt_hci_event_complete(hci, ¶ms, READ_INQUIRY_MODE_RP_SIZE);
1469 static inline void bt_hci_event_num_comp_pkts(struct bt_hci_s *hci,
1470 uint16_t handle, int packets)
1472 uint16_t buf[EVT_NUM_COMP_PKTS_SIZE(1) / 2 + 1];
1473 evt_num_comp_pkts *params = (void *) ((uint8_t *) buf + 1);
1475 params->num_hndl = 1;
1476 params->connection->handle = HNDL(handle);
1477 params->connection->num_packets = cpu_to_le16(packets);
1479 bt_hci_event(hci, EVT_NUM_COMP_PKTS, params, EVT_NUM_COMP_PKTS_SIZE(1));
1482 static void bt_submit_hci(struct HCIInfo *info,
1483 const uint8_t *data, int length)
1485 struct bt_hci_s *hci = hci_from_info(info);
1489 if (length < HCI_COMMAND_HDR_SIZE)
1492 memcpy(&hci->last_cmd, data, 2);
1494 cmd = (data[1] << 8) | data[0];
1496 if (cmd_opcode_ogf(cmd) == 0 || cmd_opcode_ocf(cmd) == 0) /* NOP */
1499 data += HCI_COMMAND_HDR_SIZE;
1500 length -= HCI_COMMAND_HDR_SIZE;
1502 if (paramlen > length)
1505 #define PARAM(cmd, param) (((cmd##_cp *) data)->param)
1506 #define PARAM16(cmd, param) le16_to_cpup(&PARAM(cmd, param))
1507 #define PARAMHANDLE(cmd) HNDL(PARAM(cmd, handle))
1508 #define LENGTH_CHECK(cmd) if (length < sizeof(cmd##_cp)) goto short_hci
1509 /* Note: the supported commands bitmask in bt_hci_read_local_commands_rp
1510 * needs to be updated every time a command is implemented here! */
1512 case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY):
1513 LENGTH_CHECK(inquiry);
1515 if (PARAM(inquiry, length) < 1) {
1516 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1520 hci->lm.inquire = 1;
1521 hci->lm.periodic = 0;
1522 hci->lm.responses_left = PARAM(inquiry, num_rsp) ?: INT_MAX;
1523 hci->lm.responses = 0;
1524 bt_hci_event_status(hci, HCI_SUCCESS);
1525 bt_hci_inquiry_start(hci, PARAM(inquiry, length));
1528 case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY_CANCEL):
1529 if (!hci->lm.inquire || hci->lm.periodic) {
1530 fprintf(stderr, "%s: Inquiry Cancel should only be issued after "
1531 "the Inquiry command has been issued, a Command "
1532 "Status event has been received for the Inquiry "
1533 "command, and before the Inquiry Complete event "
1534 "occurs", __FUNCTION__);
1535 bt_hci_event_complete_status(hci, HCI_COMMAND_DISALLOWED);
1539 hci->lm.inquire = 0;
1540 timer_del(hci->lm.inquiry_done);
1541 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1544 case cmd_opcode_pack(OGF_LINK_CTL, OCF_PERIODIC_INQUIRY):
1545 LENGTH_CHECK(periodic_inquiry);
1547 if (!(PARAM(periodic_inquiry, length) <
1548 PARAM16(periodic_inquiry, min_period) &&
1549 PARAM16(periodic_inquiry, min_period) <
1550 PARAM16(periodic_inquiry, max_period)) ||
1551 PARAM(periodic_inquiry, length) < 1 ||
1552 PARAM16(periodic_inquiry, min_period) < 2 ||
1553 PARAM16(periodic_inquiry, max_period) < 3) {
1554 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1558 hci->lm.inquire = 1;
1559 hci->lm.periodic = 1;
1560 hci->lm.responses_left = PARAM(periodic_inquiry, num_rsp);
1561 hci->lm.responses = 0;
1562 hci->lm.inquiry_period = PARAM16(periodic_inquiry, max_period);
1563 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1564 bt_hci_inquiry_start(hci, PARAM(periodic_inquiry, length));
1567 case cmd_opcode_pack(OGF_LINK_CTL, OCF_EXIT_PERIODIC_INQUIRY):
1568 if (!hci->lm.inquire || !hci->lm.periodic) {
1569 fprintf(stderr, "%s: Inquiry Cancel should only be issued after "
1570 "the Inquiry command has been issued, a Command "
1571 "Status event has been received for the Inquiry "
1572 "command, and before the Inquiry Complete event "
1573 "occurs", __FUNCTION__);
1574 bt_hci_event_complete_status(hci, HCI_COMMAND_DISALLOWED);
1577 hci->lm.inquire = 0;
1578 timer_del(hci->lm.inquiry_done);
1579 timer_del(hci->lm.inquiry_next);
1580 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1583 case cmd_opcode_pack(OGF_LINK_CTL, OCF_CREATE_CONN):
1584 LENGTH_CHECK(create_conn);
1586 if (hci->lm.connecting >= HCI_HANDLES_MAX) {
1587 bt_hci_event_status(hci, HCI_REJECTED_LIMITED_RESOURCES);
1590 bt_hci_event_status(hci, HCI_SUCCESS);
1592 if (bt_hci_connect(hci, &PARAM(create_conn, bdaddr)))
1593 bt_hci_connection_reject_event(hci, &PARAM(create_conn, bdaddr));
1596 case cmd_opcode_pack(OGF_LINK_CTL, OCF_DISCONNECT):
1597 LENGTH_CHECK(disconnect);
1599 if (bt_hci_handle_bad(hci, PARAMHANDLE(disconnect))) {
1600 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1604 bt_hci_event_status(hci, HCI_SUCCESS);
1605 bt_hci_disconnect(hci, PARAMHANDLE(disconnect),
1606 PARAM(disconnect, reason));
1609 case cmd_opcode_pack(OGF_LINK_CTL, OCF_CREATE_CONN_CANCEL):
1610 LENGTH_CHECK(create_conn_cancel);
1612 if (bt_hci_lmp_connection_ready(hci,
1613 &PARAM(create_conn_cancel, bdaddr))) {
1614 for (i = 0; i < HCI_HANDLES_MAX; i ++)
1615 if (bt_hci_role_master(hci, i) && hci->lm.handle[i].link &&
1616 !bacmp(&hci->lm.handle[i].link->slave->bd_addr,
1617 &PARAM(create_conn_cancel, bdaddr)))
1620 bt_hci_event_complete_conn_cancel(hci, i < HCI_HANDLES_MAX ?
1621 HCI_ACL_CONNECTION_EXISTS : HCI_NO_CONNECTION,
1622 &PARAM(create_conn_cancel, bdaddr));
1624 bt_hci_event_complete_conn_cancel(hci, HCI_SUCCESS,
1625 &PARAM(create_conn_cancel, bdaddr));
1628 case cmd_opcode_pack(OGF_LINK_CTL, OCF_ACCEPT_CONN_REQ):
1629 LENGTH_CHECK(accept_conn_req);
1631 if (!hci->conn_req_host ||
1632 bacmp(&PARAM(accept_conn_req, bdaddr),
1633 &hci->conn_req_host->bd_addr)) {
1634 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1638 bt_hci_event_status(hci, HCI_SUCCESS);
1639 bt_hci_connection_accept(hci, hci->conn_req_host);
1640 hci->conn_req_host = NULL;
1643 case cmd_opcode_pack(OGF_LINK_CTL, OCF_REJECT_CONN_REQ):
1644 LENGTH_CHECK(reject_conn_req);
1646 if (!hci->conn_req_host ||
1647 bacmp(&PARAM(reject_conn_req, bdaddr),
1648 &hci->conn_req_host->bd_addr)) {
1649 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1653 bt_hci_event_status(hci, HCI_SUCCESS);
1654 bt_hci_connection_reject(hci, hci->conn_req_host,
1655 PARAM(reject_conn_req, reason));
1656 bt_hci_connection_reject_event(hci, &hci->conn_req_host->bd_addr);
1657 hci->conn_req_host = NULL;
1660 case cmd_opcode_pack(OGF_LINK_CTL, OCF_AUTH_REQUESTED):
1661 LENGTH_CHECK(auth_requested);
1663 if (bt_hci_handle_bad(hci, PARAMHANDLE(auth_requested)))
1664 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1666 bt_hci_event_status(hci, HCI_SUCCESS);
1667 bt_hci_event_auth_complete(hci, PARAMHANDLE(auth_requested));
1671 case cmd_opcode_pack(OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT):
1672 LENGTH_CHECK(set_conn_encrypt);
1674 if (bt_hci_handle_bad(hci, PARAMHANDLE(set_conn_encrypt)))
1675 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1677 bt_hci_event_status(hci, HCI_SUCCESS);
1678 bt_hci_event_encrypt_change(hci,
1679 PARAMHANDLE(set_conn_encrypt),
1680 PARAM(set_conn_encrypt, encrypt));
1684 case cmd_opcode_pack(OGF_LINK_CTL, OCF_REMOTE_NAME_REQ):
1685 LENGTH_CHECK(remote_name_req);
1687 if (bt_hci_name_req(hci, &PARAM(remote_name_req, bdaddr)))
1688 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1691 case cmd_opcode_pack(OGF_LINK_CTL, OCF_REMOTE_NAME_REQ_CANCEL):
1692 LENGTH_CHECK(remote_name_req_cancel);
1694 bt_hci_event_complete_name_cancel(hci,
1695 &PARAM(remote_name_req_cancel, bdaddr));
1698 case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_FEATURES):
1699 LENGTH_CHECK(read_remote_features);
1701 if (bt_hci_features_req(hci, PARAMHANDLE(read_remote_features)))
1702 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1705 case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_EXT_FEATURES):
1706 LENGTH_CHECK(read_remote_ext_features);
1708 if (bt_hci_handle_bad(hci, PARAMHANDLE(read_remote_ext_features)))
1709 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1711 bt_hci_event_status(hci, HCI_SUCCESS);
1712 bt_hci_event_read_remote_ext_features(hci,
1713 PARAMHANDLE(read_remote_ext_features));
1717 case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_VERSION):
1718 LENGTH_CHECK(read_remote_version);
1720 if (bt_hci_version_req(hci, PARAMHANDLE(read_remote_version)))
1721 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1724 case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_CLOCK_OFFSET):
1725 LENGTH_CHECK(read_clock_offset);
1727 if (bt_hci_clkoffset_req(hci, PARAMHANDLE(read_clock_offset)))
1728 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1731 case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_LMP_HANDLE):
1732 LENGTH_CHECK(read_lmp_handle);
1735 bt_hci_event_complete_lmp_handle(hci, PARAMHANDLE(read_lmp_handle));
1738 case cmd_opcode_pack(OGF_LINK_POLICY, OCF_HOLD_MODE):
1739 LENGTH_CHECK(hold_mode);
1741 if (PARAM16(hold_mode, min_interval) >
1742 PARAM16(hold_mode, max_interval) ||
1743 PARAM16(hold_mode, min_interval) < 0x0002 ||
1744 PARAM16(hold_mode, max_interval) > 0xff00 ||
1745 (PARAM16(hold_mode, min_interval) & 1) ||
1746 (PARAM16(hold_mode, max_interval) & 1)) {
1747 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1751 if (bt_hci_mode_change(hci, PARAMHANDLE(hold_mode),
1752 PARAM16(hold_mode, max_interval),
1754 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1757 case cmd_opcode_pack(OGF_LINK_POLICY, OCF_PARK_MODE):
1758 LENGTH_CHECK(park_mode);
1760 if (PARAM16(park_mode, min_interval) >
1761 PARAM16(park_mode, max_interval) ||
1762 PARAM16(park_mode, min_interval) < 0x000e ||
1763 (PARAM16(park_mode, min_interval) & 1) ||
1764 (PARAM16(park_mode, max_interval) & 1)) {
1765 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1769 if (bt_hci_mode_change(hci, PARAMHANDLE(park_mode),
1770 PARAM16(park_mode, max_interval),
1772 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1775 case cmd_opcode_pack(OGF_LINK_POLICY, OCF_EXIT_PARK_MODE):
1776 LENGTH_CHECK(exit_park_mode);
1778 if (bt_hci_mode_cancel(hci, PARAMHANDLE(exit_park_mode),
1780 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1783 case cmd_opcode_pack(OGF_LINK_POLICY, OCF_ROLE_DISCOVERY):
1784 LENGTH_CHECK(role_discovery);
1786 if (bt_hci_handle_bad(hci, PARAMHANDLE(role_discovery)))
1787 bt_hci_event_complete_role_discovery(hci,
1788 HCI_NO_CONNECTION, PARAMHANDLE(role_discovery), 0);
1790 bt_hci_event_complete_role_discovery(hci,
1791 HCI_SUCCESS, PARAMHANDLE(role_discovery),
1792 bt_hci_role_master(hci,
1793 PARAMHANDLE(role_discovery)));
1796 case cmd_opcode_pack(OGF_HOST_CTL, OCF_SET_EVENT_MASK):
1797 LENGTH_CHECK(set_event_mask);
1799 memcpy(hci->event_mask, PARAM(set_event_mask, mask), 8);
1800 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1803 case cmd_opcode_pack(OGF_HOST_CTL, OCF_RESET):
1805 bt_hci_event_status(hci, HCI_SUCCESS);
1808 case cmd_opcode_pack(OGF_HOST_CTL, OCF_SET_EVENT_FLT):
1809 if (length >= 1 && PARAM(set_event_flt, flt_type) == FLT_CLEAR_ALL)
1810 /* No length check */;
1812 LENGTH_CHECK(set_event_flt);
1814 /* Filters are not implemented */
1815 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1818 case cmd_opcode_pack(OGF_HOST_CTL, OCF_FLUSH):
1819 LENGTH_CHECK(flush);
1821 if (bt_hci_handle_bad(hci, PARAMHANDLE(flush)))
1822 bt_hci_event_complete_flush(hci,
1823 HCI_NO_CONNECTION, PARAMHANDLE(flush));
1825 /* TODO: ordering? */
1826 bt_hci_event(hci, EVT_FLUSH_OCCURRED,
1827 &PARAM(flush, handle),
1828 EVT_FLUSH_OCCURRED_SIZE);
1829 bt_hci_event_complete_flush(hci,
1830 HCI_SUCCESS, PARAMHANDLE(flush));
1834 case cmd_opcode_pack(OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME):
1835 LENGTH_CHECK(change_local_name);
1837 g_free((void *) hci->device.lmp_name);
1838 hci->device.lmp_name = g_strndup(PARAM(change_local_name, name),
1839 sizeof(PARAM(change_local_name, name)));
1840 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1843 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_NAME):
1844 bt_hci_event_complete_read_local_name(hci);
1847 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_CONN_ACCEPT_TIMEOUT):
1848 bt_hci_event_complete_read_conn_accept_timeout(hci);
1851 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CONN_ACCEPT_TIMEOUT):
1853 LENGTH_CHECK(write_conn_accept_timeout);
1855 if (PARAM16(write_conn_accept_timeout, timeout) < 0x0001 ||
1856 PARAM16(write_conn_accept_timeout, timeout) > 0xb540) {
1857 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1861 hci->conn_accept_tout = PARAM16(write_conn_accept_timeout, timeout);
1862 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1865 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_SCAN_ENABLE):
1866 bt_hci_event_complete_read_scan_enable(hci);
1869 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE):
1870 LENGTH_CHECK(write_scan_enable);
1872 /* TODO: check that the remaining bits are all 0 */
1873 hci->device.inquiry_scan =
1874 !!(PARAM(write_scan_enable, scan_enable) & SCAN_INQUIRY);
1875 hci->device.page_scan =
1876 !!(PARAM(write_scan_enable, scan_enable) & SCAN_PAGE);
1877 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1880 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_CLASS_OF_DEV):
1881 bt_hci_event_complete_read_local_class(hci);
1884 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV):
1885 LENGTH_CHECK(write_class_of_dev);
1887 memcpy(hci->device.class, PARAM(write_class_of_dev, dev_class),
1888 sizeof(PARAM(write_class_of_dev, dev_class)));
1889 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1892 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_VOICE_SETTING):
1893 bt_hci_event_complete_voice_setting(hci);
1896 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_VOICE_SETTING):
1897 LENGTH_CHECK(write_voice_setting);
1899 hci->voice_setting = PARAM(write_voice_setting, voice_setting);
1900 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1903 case cmd_opcode_pack(OGF_HOST_CTL, OCF_HOST_NUMBER_OF_COMPLETED_PACKETS):
1904 if (length < data[0] * 2 + 1)
1907 for (i = 0; i < data[0]; i ++)
1908 if (bt_hci_handle_bad(hci,
1909 data[i * 2 + 1] | (data[i * 2 + 2] << 8)))
1910 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1913 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_INQUIRY_MODE):
1914 /* Only if (local_features[3] & 0x40) && (local_commands[12] & 0x40)
1916 * goto unknown_command */
1917 bt_hci_event_complete_read_inquiry_mode(hci);
1920 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_INQUIRY_MODE):
1921 /* Only if (local_features[3] & 0x40) && (local_commands[12] & 0x80)
1923 * goto unknown_command */
1924 LENGTH_CHECK(write_inquiry_mode);
1926 if (PARAM(write_inquiry_mode, mode) > 0x01) {
1927 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1931 hci->lm.inquiry_mode = PARAM(write_inquiry_mode, mode);
1932 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1935 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_VERSION):
1936 bt_hci_read_local_version_rp(hci);
1939 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_COMMANDS):
1940 bt_hci_read_local_commands_rp(hci);
1943 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_FEATURES):
1944 bt_hci_read_local_features_rp(hci);
1947 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_EXT_FEATURES):
1948 LENGTH_CHECK(read_local_ext_features);
1950 bt_hci_read_local_ext_features_rp(hci,
1951 PARAM(read_local_ext_features, page_num));
1954 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BUFFER_SIZE):
1955 bt_hci_read_buffer_size_rp(hci);
1958 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_COUNTRY_CODE):
1959 bt_hci_read_country_code_rp(hci);
1962 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BD_ADDR):
1963 bt_hci_read_bd_addr_rp(hci);
1966 case cmd_opcode_pack(OGF_STATUS_PARAM, OCF_READ_LINK_QUALITY):
1967 LENGTH_CHECK(read_link_quality);
1969 bt_hci_link_quality_rp(hci, PARAMHANDLE(read_link_quality));
1973 bt_hci_event_status(hci, HCI_UNKNOWN_COMMAND);
1977 fprintf(stderr, "%s: HCI packet too short (%iB)\n",
1978 __FUNCTION__, length);
1979 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1984 /* We could perform fragmentation here, we can't do "recombination" because
1985 * at this layer the length of the payload is not know ahead, so we only
1986 * know that a packet contained the last fragment of the SDU when the next
1988 static inline void bt_hci_lmp_acl_data(struct bt_hci_s *hci, uint16_t handle,
1989 const uint8_t *data, int start, int len)
1991 struct hci_acl_hdr *pkt = (void *) hci->acl_buf;
1993 /* TODO: packet flags */
1994 /* TODO: avoid memcpy'ing */
1996 if (len + HCI_ACL_HDR_SIZE > sizeof(hci->acl_buf)) {
1997 fprintf(stderr, "%s: can't take ACL packets %i bytes long\n",
2001 memcpy(hci->acl_buf + HCI_ACL_HDR_SIZE, data, len);
2003 pkt->handle = cpu_to_le16(
2004 acl_handle_pack(handle, start ? ACL_START : ACL_CONT));
2005 pkt->dlen = cpu_to_le16(len);
2006 hci->info.acl_recv(hci->info.opaque,
2007 hci->acl_buf, len + HCI_ACL_HDR_SIZE);
2010 static void bt_hci_lmp_acl_data_slave(struct bt_link_s *btlink,
2011 const uint8_t *data, int start, int len)
2013 struct bt_hci_link_s *link = (struct bt_hci_link_s *) btlink;
2015 bt_hci_lmp_acl_data(hci_from_device(btlink->slave),
2016 link->handle, data, start, len);
2019 static void bt_hci_lmp_acl_data_host(struct bt_link_s *link,
2020 const uint8_t *data, int start, int len)
2022 bt_hci_lmp_acl_data(hci_from_device(link->host),
2023 link->handle, data, start, len);
2026 static void bt_submit_acl(struct HCIInfo *info,
2027 const uint8_t *data, int length)
2029 struct bt_hci_s *hci = hci_from_info(info);
2032 struct bt_link_s *link;
2034 if (length < HCI_ACL_HDR_SIZE) {
2035 fprintf(stderr, "%s: ACL packet too short (%iB)\n",
2036 __FUNCTION__, length);
2040 handle = acl_handle((data[1] << 8) | data[0]);
2041 flags = acl_flags((data[1] << 8) | data[0]);
2042 datalen = (data[3] << 8) | data[2];
2043 data += HCI_ACL_HDR_SIZE;
2044 length -= HCI_ACL_HDR_SIZE;
2046 if (bt_hci_handle_bad(hci, handle)) {
2047 fprintf(stderr, "%s: invalid ACL handle %03x\n",
2048 __FUNCTION__, handle);
2049 /* TODO: signal an error */
2052 handle &= ~HCI_HANDLE_OFFSET;
2054 if (datalen > length) {
2055 fprintf(stderr, "%s: ACL packet too short (%iB < %iB)\n",
2056 __FUNCTION__, length, datalen);
2060 link = hci->lm.handle[handle].link;
2062 if ((flags & ~3) == ACL_ACTIVE_BCAST) {
2063 if (!hci->asb_handle)
2064 hci->asb_handle = handle;
2065 else if (handle != hci->asb_handle) {
2066 fprintf(stderr, "%s: Bad handle %03x in Active Slave Broadcast\n",
2067 __FUNCTION__, handle);
2068 /* TODO: signal an error */
2075 if ((flags & ~3) == ACL_PICO_BCAST) {
2076 if (!hci->psb_handle)
2077 hci->psb_handle = handle;
2078 else if (handle != hci->psb_handle) {
2079 fprintf(stderr, "%s: Bad handle %03x in Parked Slave Broadcast\n",
2080 __FUNCTION__, handle);
2081 /* TODO: signal an error */
2088 /* TODO: increase counter and send EVT_NUM_COMP_PKTS */
2089 bt_hci_event_num_comp_pkts(hci, handle | HCI_HANDLE_OFFSET, 1);
2091 /* Do this last as it can trigger further events even in this HCI */
2092 hci->lm.handle[handle].lmp_acl_data(link, data,
2093 (flags & 3) == ACL_START, length);
2096 static void bt_submit_sco(struct HCIInfo *info,
2097 const uint8_t *data, int length)
2099 struct bt_hci_s *hci = hci_from_info(info);
2106 handle = acl_handle((data[1] << 8) | data[0]);
2110 if (bt_hci_handle_bad(hci, handle)) {
2111 fprintf(stderr, "%s: invalid SCO handle %03x\n",
2112 __FUNCTION__, handle);
2116 if (datalen > length) {
2117 fprintf(stderr, "%s: SCO packet too short (%iB < %iB)\n",
2118 __FUNCTION__, length, datalen);
2124 /* TODO: increase counter and send EVT_NUM_COMP_PKTS if synchronous
2125 * Flow Control is enabled.
2126 * (See Read/Write_Synchronous_Flow_Control_Enable on page 513 and
2130 static uint8_t *bt_hci_evt_packet(void *opaque)
2132 /* TODO: allocate a packet from upper layer */
2133 struct bt_hci_s *s = opaque;
2138 static void bt_hci_evt_submit(void *opaque, int len)
2140 /* TODO: notify upper layer */
2141 struct bt_hci_s *s = opaque;
2143 s->info.evt_recv(s->info.opaque, s->evt_buf, len);
2146 static int bt_hci_bdaddr_set(struct HCIInfo *info, const uint8_t *bd_addr)
2148 struct bt_hci_s *hci = hci_from_info(info);
2150 bacpy(&hci->device.bd_addr, (const bdaddr_t *) bd_addr);
2154 static void bt_hci_done(struct HCIInfo *info);
2155 static void bt_hci_destroy(struct bt_device_s *dev)
2157 struct bt_hci_s *hci = hci_from_device(dev);
2159 bt_hci_done(&hci->info);
2162 struct HCIInfo *bt_new_hci(struct bt_scatternet_s *net)
2164 struct bt_hci_s *s = g_malloc0(sizeof(struct bt_hci_s));
2166 s->lm.inquiry_done = timer_new_ns(QEMU_CLOCK_VIRTUAL, bt_hci_inquiry_done, s);
2167 s->lm.inquiry_next = timer_new_ns(QEMU_CLOCK_VIRTUAL, bt_hci_inquiry_next, s);
2168 s->conn_accept_timer =
2169 timer_new_ns(QEMU_CLOCK_VIRTUAL, bt_hci_conn_accept_timeout, s);
2171 s->evt_packet = bt_hci_evt_packet;
2172 s->evt_submit = bt_hci_evt_submit;
2175 bt_device_init(&s->device, net);
2176 s->device.lmp_connection_request = bt_hci_lmp_connection_request;
2177 s->device.lmp_connection_complete = bt_hci_lmp_connection_complete;
2178 s->device.lmp_disconnect_master = bt_hci_lmp_disconnect_host;
2179 s->device.lmp_disconnect_slave = bt_hci_lmp_disconnect_slave;
2180 s->device.lmp_acl_data = bt_hci_lmp_acl_data_slave;
2181 s->device.lmp_acl_resp = bt_hci_lmp_acl_data_host;
2182 s->device.lmp_mode_change = bt_hci_lmp_mode_change_slave;
2185 /* Also keep in sync with supported commands bitmask in
2186 * bt_hci_read_local_commands_rp */
2187 s->device.lmp_caps = 0x8000199b7e85355fll;
2191 s->info.cmd_send = bt_submit_hci;
2192 s->info.sco_send = bt_submit_sco;
2193 s->info.acl_send = bt_submit_acl;
2194 s->info.bdaddr_set = bt_hci_bdaddr_set;
2196 s->device.handle_destroy = bt_hci_destroy;
2198 error_setg(&s->replay_blocker, QERR_REPLAY_NOT_SUPPORTED, "-bt hci");
2199 replay_add_blocker(s->replay_blocker);
2204 struct HCIInfo *hci_init(const char *str)
2207 struct bt_scatternet_s *vlan = 0;
2209 if (!strcmp(str, "null"))
2212 else if (!strncmp(str, "host", 4) && (str[4] == '\0' || str[4] == ':'))
2214 return bt_host_hci(str[4] ? str + 5 : "hci0");
2215 else if (!strncmp(str, "hci", 3)) {
2218 if (!strncmp(str + 3, ",vlan=", 6)) {
2219 vlan = qemu_find_bt_vlan(strtol(str + 9, &endp, 0));
2224 vlan = qemu_find_bt_vlan(0);
2226 return bt_new_hci(vlan);
2229 fprintf(stderr, "qemu: Unknown bluetooth HCI `%s'.\n", str);
2234 static void bt_hci_done(struct HCIInfo *info)
2236 struct bt_hci_s *hci = hci_from_info(info);
2239 bt_device_done(&hci->device);
2241 g_free((void *) hci->device.lmp_name);
2243 /* Be gentle and send DISCONNECT to all connected peers and those
2244 * currently waiting for us to accept or reject a connection request.
2245 * This frees the links. */
2246 if (hci->conn_req_host) {
2247 bt_hci_connection_reject(hci,
2248 hci->conn_req_host, HCI_OE_POWER_OFF);
2252 for (handle = HCI_HANDLE_OFFSET;
2253 handle < (HCI_HANDLE_OFFSET | HCI_HANDLES_MAX); handle ++)
2254 if (!bt_hci_handle_bad(hci, handle))
2255 bt_hci_disconnect(hci, handle, HCI_OE_POWER_OFF);
2257 /* TODO: this is not enough actually, there may be slaves from whom
2258 * we have requested a connection who will soon (or not) respond with
2259 * an accept or a reject, so we should also check if hci->lm.connecting
2260 * is non-zero and if so, avoid freeing the hci but otherwise disappear
2261 * from all qemu social life (e.g. stop scanning and request to be
2262 * removed from s->device.net) and arrange for
2263 * s->device.lmp_connection_complete to free the remaining bits once
2264 * hci->lm.awaiting_bdaddr[] is empty. */
2266 timer_free(hci->lm.inquiry_done);
2267 timer_free(hci->lm.inquiry_next);
2268 timer_free(hci->conn_accept_timer);
projects / qemu.git / blob