1 /* $OpenBSD: src/sys/netbt/l2cap_signal.c,v 1.3 2008/02/24 21:34:48 uwe Exp $ */
2 /* $NetBSD: l2cap_signal.c,v 1.9 2007/11/10 23:12:23 plunky Exp $ */
5 * Copyright (c) 2005 Iain Hibbert.
6 * Copyright (c) 2006 Itronix Inc.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. The name of Itronix Inc. may not be used to endorse
18 * or promote products derived from this software without specific
19 * prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
23 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
25 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
28 * ON ANY THEORY OF LIABILITY, WHETHER IN
29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31 * POSSIBILITY OF SUCH DAMAGE.
36 #include <sys/param.h>
37 #include <sys/kernel.h>
40 #include <sys/queue.h>
41 #include <sys/systm.h>
42 #include <sys/endian.h>
44 #include <netbt/bluetooth.h>
45 #include <netbt/hci.h>
46 #include <netbt/l2cap.h>
48 /*******************************************************************************
50 * L2CAP Signal processing
53 static void l2cap_recv_command_rej(struct mbuf *, struct hci_link *);
54 static void l2cap_recv_connect_req(struct mbuf *, struct hci_link *);
55 static void l2cap_recv_connect_rsp(struct mbuf *, struct hci_link *);
56 static void l2cap_recv_config_req(struct mbuf *, struct hci_link *);
57 static void l2cap_recv_config_rsp(struct mbuf *, struct hci_link *);
58 static void l2cap_recv_disconnect_req(struct mbuf *, struct hci_link *);
59 static void l2cap_recv_disconnect_rsp(struct mbuf *, struct hci_link *);
60 static void l2cap_recv_info_req(struct mbuf *, struct hci_link *);
61 static int l2cap_send_signal(struct hci_link *, uint8_t, uint8_t, uint16_t, void *);
62 static int l2cap_send_command_rej(struct hci_link *, uint8_t, uint16_t, ...);
65 * process incoming signal packets (CID 0x0001). Can contain multiple
69 l2cap_recv_signal(struct mbuf *m, struct hci_link *link)
74 if (m->m_pkthdr.len == 0)
77 if (m->m_pkthdr.len < sizeof(cmd))
80 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
81 cmd.length = letoh16(cmd.length);
83 if (m->m_pkthdr.len < sizeof(cmd) + cmd.length)
86 DPRINTFN(2, "(%s) code %d, ident %d, len %d\n",
87 device_get_nameunit(link->hl_unit->hci_dev),
88 cmd.code, cmd.ident, cmd.length);
91 case L2CAP_COMMAND_REJ:
92 if (cmd.length > sizeof(l2cap_cmd_rej_cp))
95 l2cap_recv_command_rej(m, link);
98 case L2CAP_CONNECT_REQ:
99 if (cmd.length != sizeof(l2cap_con_req_cp))
102 l2cap_recv_connect_req(m, link);
105 case L2CAP_CONNECT_RSP:
106 if (cmd.length != sizeof(l2cap_con_rsp_cp))
109 l2cap_recv_connect_rsp(m, link);
112 case L2CAP_CONFIG_REQ:
113 l2cap_recv_config_req(m, link);
116 case L2CAP_CONFIG_RSP:
117 l2cap_recv_config_rsp(m, link);
120 case L2CAP_DISCONNECT_REQ:
121 if (cmd.length != sizeof(l2cap_discon_req_cp))
124 l2cap_recv_disconnect_req(m, link);
127 case L2CAP_DISCONNECT_RSP:
128 if (cmd.length != sizeof(l2cap_discon_rsp_cp))
131 l2cap_recv_disconnect_rsp(m, link);
135 m_adj(m, sizeof(cmd) + cmd.length);
136 l2cap_send_signal(link, L2CAP_ECHO_RSP, cmd.ident,
141 m_adj(m, sizeof(cmd) + cmd.length);
145 if (cmd.length != sizeof(l2cap_info_req_cp))
148 l2cap_recv_info_req(m, link);
152 m_adj(m, sizeof(cmd) + cmd.length);
161 panic("impossible!");
165 l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_NOT_UNDERSTOOD);
171 * Process Received Command Reject. For now we dont try to recover gracefully
172 * from this, it probably means that the link is garbled or the other end is
173 * insufficiently capable of handling normal traffic. (not *my* fault, no way!)
176 l2cap_recv_command_rej(struct mbuf *m, struct hci_link *link)
178 struct l2cap_req *req;
179 struct l2cap_channel *chan;
183 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
184 m_adj(m, sizeof(cmd));
186 cmd.length = letoh16(cmd.length);
188 m_copydata(m, 0, cmd.length, (caddr_t)&cp);
189 m_adj(m, cmd.length);
191 req = l2cap_request_lookup(link, cmd.ident);
195 switch (letoh16(cp.reason)) {
196 case L2CAP_REJ_NOT_UNDERSTOOD:
198 * I dont know what to do, just move up the timeout
200 callout_reset(&req->lr_rtx,0,l2cap_rtx,req);
203 case L2CAP_REJ_MTU_EXCEEDED:
205 * I didnt send any commands over L2CAP_MTU_MINIMUM size, but..
207 * XXX maybe we should resend this, instead?
209 link->hl_mtu = letoh16(cp.data[0]);
210 callout_reset(&req->lr_rtx,0,l2cap_rtx,req);
213 case L2CAP_REJ_INVALID_CID:
215 * Well, if they dont have such a channel then our channel is
216 * most likely closed. Make it so.
219 l2cap_request_free(req);
220 if (chan != NULL && chan->lc_state != L2CAP_CLOSED)
221 l2cap_close(chan, ECONNABORTED);
226 UNKNOWN(letoh16(cp.reason));
232 * Process Received Connect Request. Find listening channel matching
233 * psm & addr and ask upper layer for a new channel.
236 l2cap_recv_connect_req(struct mbuf *m, struct hci_link *link)
238 struct sockaddr_bt laddr, raddr;
239 struct l2cap_channel *chan, *new;
245 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
246 m_adj(m, sizeof(cmd));
248 /* extract request */
249 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
250 m_adj(m, sizeof(cp));
252 cp.scid = letoh16(cp.scid);
253 cp.psm = letoh16(cp.psm);
255 memset(&laddr, 0, sizeof(struct sockaddr_bt));
256 laddr.bt_len = sizeof(struct sockaddr_bt);
257 laddr.bt_family = AF_BLUETOOTH;
258 laddr.bt_psm = cp.psm;
259 bdaddr_copy(&laddr.bt_bdaddr, &link->hl_unit->hci_bdaddr);
261 memset(&raddr, 0, sizeof(struct sockaddr_bt));
262 raddr.bt_len = sizeof(struct sockaddr_bt);
263 raddr.bt_family = AF_BLUETOOTH;
264 raddr.bt_psm = cp.psm;
265 bdaddr_copy(&raddr.bt_bdaddr, &link->hl_bdaddr);
267 LIST_FOREACH(chan, &l2cap_listen_list, lc_ncid) {
268 if (chan->lc_laddr.bt_psm != laddr.bt_psm
269 && chan->lc_laddr.bt_psm != L2CAP_PSM_ANY)
272 if (!bdaddr_same(&laddr.bt_bdaddr, &chan->lc_laddr.bt_bdaddr)
273 && bdaddr_any(&chan->lc_laddr.bt_bdaddr) == 0)
276 new= (*chan->lc_proto->newconn)(chan->lc_upper, &laddr, &raddr);
280 err = l2cap_cid_alloc(new);
282 l2cap_send_connect_rsp(link, cmd.ident,
286 (*new->lc_proto->disconnected)(new->lc_upper, err);
290 new->lc_link = hci_acl_open(link->hl_unit, &link->hl_bdaddr);
291 KKASSERT(new->lc_link == link);
293 new->lc_rcid = cp.scid;
294 new->lc_ident = cmd.ident;
296 memcpy(&new->lc_laddr, &laddr, sizeof(struct sockaddr_bt));
297 memcpy(&new->lc_raddr, &raddr, sizeof(struct sockaddr_bt));
299 new->lc_mode = chan->lc_mode;
301 err = l2cap_setmode(new);
302 if (err == EINPROGRESS) {
303 new->lc_state = L2CAP_WAIT_SEND_CONNECT_RSP;
304 (*new->lc_proto->connecting)(new->lc_upper);
308 new->lc_state = L2CAP_CLOSED;
309 hci_acl_close(link, err);
312 l2cap_send_connect_rsp(link, cmd.ident,
316 (*new->lc_proto->disconnected)(new->lc_upper, err);
320 err = l2cap_send_connect_rsp(link, cmd.ident,
321 new->lc_lcid, new->lc_rcid,
324 l2cap_close(new, err);
328 new->lc_state = L2CAP_WAIT_CONFIG;
329 new->lc_flags |= (L2CAP_WAIT_CONFIG_REQ | L2CAP_WAIT_CONFIG_RSP);
330 err = l2cap_send_config_req(new);
332 l2cap_close(new, err);
337 l2cap_send_connect_rsp(link, cmd.ident,
339 L2CAP_PSM_NOT_SUPPORTED);
343 * Process Received Connect Response.
346 l2cap_recv_connect_rsp(struct mbuf *m, struct hci_link *link)
350 struct l2cap_req *req;
351 struct l2cap_channel *chan;
353 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
354 m_adj(m, sizeof(cmd));
356 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
357 m_adj(m, sizeof(cp));
359 cp.scid = letoh16(cp.scid);
360 cp.dcid = letoh16(cp.dcid);
361 cp.result = letoh16(cp.result);
363 req = l2cap_request_lookup(link, cmd.ident);
364 if (req == NULL || req->lr_code != L2CAP_CONNECT_REQ)
368 if (chan != NULL && chan->lc_lcid != cp.scid)
371 if (chan == NULL || chan->lc_state != L2CAP_WAIT_RECV_CONNECT_RSP) {
372 l2cap_request_free(req);
379 * Ok, at this point we have a connection to the other party. We
380 * could indicate upstream that we are ready for business and
381 * wait for a "Configure Channel Request" but I'm not so sure
382 * that is required in our case - we will proceed directly to
383 * sending our config request. We set two state bits because in
384 * the config state we are waiting for requests and responses.
386 l2cap_request_free(req);
387 chan->lc_rcid = cp.dcid;
388 chan->lc_state = L2CAP_WAIT_CONFIG;
389 chan->lc_flags |= (L2CAP_WAIT_CONFIG_REQ | L2CAP_WAIT_CONFIG_RSP);
390 l2cap_send_config_req(chan);
394 /* XXX dont release request, should start eRTX timeout? */
395 (*chan->lc_proto->connecting)(chan->lc_upper);
398 case L2CAP_PSM_NOT_SUPPORTED:
399 case L2CAP_SECURITY_BLOCK:
400 case L2CAP_NO_RESOURCES:
402 l2cap_request_free(req);
403 l2cap_close(chan, ECONNREFUSED);
409 * Process Received Config Request.
412 l2cap_recv_config_req(struct mbuf *m, struct hci_link *link)
414 uint8_t buf[L2CAP_MTU_MINIMUM];
418 l2cap_cfg_opt_val_t val;
420 struct l2cap_channel *chan;
423 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
424 m_adj(m, sizeof(cmd));
425 left = letoh16(cmd.length);
427 if (left < sizeof(cp))
430 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
431 m_adj(m, sizeof(cp));
434 cp.dcid = letoh16(cp.dcid);
435 cp.flags = letoh16(cp.flags);
437 chan = l2cap_cid_lookup(cp.dcid);
438 if (chan == NULL || chan->lc_link != link
439 || chan->lc_state != L2CAP_WAIT_CONFIG
440 || (chan->lc_flags & L2CAP_WAIT_CONFIG_REQ) == 0) {
441 /* XXX we should really accept reconfiguration requests */
442 l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_INVALID_CID,
443 L2CAP_NULL_CID, cp.dcid);
447 /* ready our response packet */
448 rp.scid = htole16(chan->lc_rcid);
449 rp.flags = 0; /* "No Continuation" */
450 rp.result = L2CAP_SUCCESS;
454 * Process the packet. We build the return packet on the fly adding any
455 * unacceptable parameters as we go. As we can only return one result,
456 * unknown option takes precedence so we start our return packet anew
457 * and ignore option values thereafter as they will be re-sent.
459 * Since we do not support enough options to make overflowing the min
460 * MTU size an issue in normal use, we just reject config requests that
461 * make that happen. This could be because options are repeated or the
462 * packet is corrupted in some way.
464 * If unknown option types threaten to overflow the packet, we just
465 * ignore them. We can deny them next time.
468 if (left < sizeof(opt))
471 m_copydata(m, 0, sizeof(opt), (caddr_t)&opt);
472 m_adj(m, sizeof(opt));
475 if (left < opt.length)
478 switch(opt.type & L2CAP_OPT_HINT_MASK) {
480 if (rp.result == L2CAP_UNKNOWN_OPTION)
483 if (opt.length != L2CAP_OPT_MTU_SIZE)
486 m_copydata(m, 0, L2CAP_OPT_MTU_SIZE, (caddr_t)&val);
487 val.mtu = letoh16(val.mtu);
490 * XXX how do we know what the minimum acceptable MTU is
491 * for a channel? Spec says some profiles have a higher
492 * minimum but I have no way to find that out at this
495 if (val.mtu < L2CAP_MTU_MINIMUM) {
496 if (len + sizeof(opt) + L2CAP_OPT_MTU_SIZE > sizeof(buf))
499 rp.result = L2CAP_UNACCEPTABLE_PARAMS;
500 memcpy(buf + len, &opt, sizeof(opt));
502 val.mtu = htole16(L2CAP_MTU_MINIMUM);
503 memcpy(buf + len, &val, L2CAP_OPT_MTU_SIZE);
504 len += L2CAP_OPT_MTU_SIZE;
506 chan->lc_omtu = val.mtu;
510 case L2CAP_OPT_FLUSH_TIMO:
511 if (rp.result == L2CAP_UNKNOWN_OPTION)
514 if (opt.length != L2CAP_OPT_FLUSH_TIMO_SIZE)
518 * I think that this is informational only - he is
519 * informing us of the flush timeout he will be using.
520 * I dont think this affects us in any significant way,
521 * so just ignore this value for now.
526 if (rp.result == L2CAP_UNKNOWN_OPTION)
529 if (opt.length != L2CAP_OPT_QOS_SIZE)
532 m_copydata(m, 0, L2CAP_OPT_QOS_SIZE, (caddr_t)&val);
533 if (val.qos.service_type == L2CAP_QOS_NO_TRAFFIC ||
534 val.qos.service_type == L2CAP_QOS_BEST_EFFORT)
536 * In accordance with the spec, we choose to
537 * ignore the fields an provide no response.
541 if (len + sizeof(opt) + L2CAP_OPT_QOS_SIZE > sizeof(buf))
544 if (val.qos.service_type != L2CAP_QOS_GUARANTEED) {
546 * Instead of sending an "unacceptable
547 * parameters" response, treat this as an
548 * unknown option and include the option
549 * value in the response.
551 rp.result = L2CAP_UNKNOWN_OPTION;
554 * According to the spec, we must return
555 * specific values for wild card parameters.
556 * I don't know what to return without lying,
557 * so return "unacceptable parameters" and
558 * specify the preferred service type as
561 rp.result = L2CAP_UNACCEPTABLE_PARAMS;
562 val.qos.service_type = L2CAP_QOS_BEST_EFFORT;
565 memcpy(buf + len, &opt, sizeof(opt));
567 memcpy(buf + len, &val, L2CAP_OPT_QOS_SIZE);
568 len += L2CAP_OPT_QOS_SIZE;
573 if (opt.type & L2CAP_OPT_HINT_BIT)
576 /* unknown options supersede all else */
577 if (rp.result != L2CAP_UNKNOWN_OPTION) {
578 rp.result = L2CAP_UNKNOWN_OPTION;
582 /* ignore if it doesn't fit */
583 if (len + sizeof(opt) > sizeof(buf))
586 /* return unknown option type, but no data */
587 buf[len++] = opt.type;
592 m_adj(m, opt.length);
596 rp.result = htole16(rp.result);
597 memcpy(buf, &rp, sizeof(rp));
598 l2cap_send_signal(link, L2CAP_CONFIG_RSP, cmd.ident, len, buf);
600 if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0
601 && rp.result == letoh16(L2CAP_SUCCESS)) {
603 chan->lc_flags &= ~L2CAP_WAIT_CONFIG_REQ;
605 if ((chan->lc_flags & L2CAP_WAIT_CONFIG_RSP) == 0) {
606 chan->lc_state = L2CAP_OPEN;
607 /* XXX how to distinguish REconfiguration? */
608 (*chan->lc_proto->connected)(chan->lc_upper);
614 l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_NOT_UNDERSTOOD);
620 * Process Received Config Response.
623 l2cap_recv_config_rsp(struct mbuf *m, struct hci_link *link)
628 l2cap_cfg_opt_val_t val;
629 struct l2cap_req *req;
630 struct l2cap_channel *chan;
633 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
634 m_adj(m, sizeof(cmd));
635 left = letoh16(cmd.length);
637 if (left < sizeof(cp))
640 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
641 m_adj(m, sizeof(cp));
644 cp.scid = letoh16(cp.scid);
645 cp.flags = letoh16(cp.flags);
646 cp.result = letoh16(cp.result);
648 req = l2cap_request_lookup(link, cmd.ident);
649 if (req == NULL || req->lr_code != L2CAP_CONFIG_REQ)
653 if (chan != NULL && chan->lc_lcid != cp.scid)
656 l2cap_request_free(req);
658 if (chan == NULL || chan->lc_state != L2CAP_WAIT_CONFIG
659 || (chan->lc_flags & L2CAP_WAIT_CONFIG_RSP) == 0)
662 if ((cp.flags & L2CAP_OPT_CFLAG_BIT)) {
666 * They have more to tell us and want another ID to
667 * use, so send an empty config request
669 if (l2cap_request_alloc(chan, L2CAP_CONFIG_REQ))
672 rp.dcid = htole16(cp.scid);
675 if (l2cap_send_signal(link, L2CAP_CONFIG_REQ, link->hl_lastid,
683 * If continuation flag was not set, our config request was
684 * accepted. We may have to wait for their config request to
685 * complete, so check that but otherwise we are open
687 * There may be 'advisory' values in the packet but we just
690 if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0) {
691 chan->lc_flags &= ~L2CAP_WAIT_CONFIG_RSP;
693 if ((chan->lc_flags & L2CAP_WAIT_CONFIG_REQ) == 0) {
694 chan->lc_state = L2CAP_OPEN;
695 /* XXX how to distinguish REconfiguration? */
696 (*chan->lc_proto->connected)(chan->lc_upper);
701 case L2CAP_UNACCEPTABLE_PARAMS:
703 * Packet contains unacceptable parameters with preferred values
706 if (left < sizeof(opt))
709 m_copydata(m, 0, sizeof(opt), (caddr_t)&opt);
710 m_adj(m, sizeof(opt));
713 if (left < opt.length)
718 if (opt.length != L2CAP_OPT_MTU_SIZE)
721 m_copydata(m, 0, L2CAP_OPT_MTU_SIZE, (caddr_t)&val);
722 chan->lc_imtu = letoh16(val.mtu);
723 if (chan->lc_imtu < L2CAP_MTU_MINIMUM)
724 chan->lc_imtu = L2CAP_MTU_DEFAULT;
727 case L2CAP_OPT_FLUSH_TIMO:
728 if (opt.length != L2CAP_OPT_FLUSH_TIMO_SIZE)
732 * Spec says: If we cannot honor proposed value,
733 * either disconnect or try again with original
734 * value. I can't really see why they want to
735 * interfere with OUR flush timeout in any case
736 * so we just punt for now.
748 m_adj(m, opt.length);
752 if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0)
753 l2cap_send_config_req(chan); /* no state change */
760 case L2CAP_UNKNOWN_OPTION:
762 * Packet contains options not understood. Turn off unknown
763 * options by setting them to default values (means they will
764 * not be requested again).
766 * If our option was already off then fail (paranoia?)
768 * XXX Should we consider that options were set for a reason?
771 if (left < sizeof(opt))
774 m_copydata(m, 0, sizeof(opt), (caddr_t)&opt);
775 m_adj(m, sizeof(opt));
778 if (left < opt.length)
781 m_adj(m, opt.length);
786 if (chan->lc_imtu == L2CAP_MTU_DEFAULT)
789 chan->lc_imtu = L2CAP_MTU_DEFAULT;
792 case L2CAP_OPT_FLUSH_TIMO:
793 if (chan->lc_flush == L2CAP_FLUSH_TIMO_DEFAULT)
796 chan->lc_flush = L2CAP_FLUSH_TIMO_DEFAULT;
808 if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0)
809 l2cap_send_config_req(chan); /* no state change */
818 DPRINTF("how did I get here!?\n");
821 l2cap_send_disconnect_req(chan);
822 l2cap_close(chan, ECONNABORTED);
829 * Process Received Disconnect Request. We must validate scid and dcid
830 * just in case but otherwise this connection is finished.
833 l2cap_recv_disconnect_req(struct mbuf *m, struct hci_link *link)
836 l2cap_discon_req_cp cp;
837 l2cap_discon_rsp_cp rp;
838 struct l2cap_channel *chan;
840 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
841 m_adj(m, sizeof(cmd));
843 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
844 m_adj(m, sizeof(cp));
846 cp.scid = letoh16(cp.scid);
847 cp.dcid = letoh16(cp.dcid);
849 chan = l2cap_cid_lookup(cp.dcid);
850 if (chan == NULL || chan->lc_link != link || chan->lc_rcid != cp.scid) {
851 l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_INVALID_CID,
856 rp.dcid = htole16(chan->lc_lcid);
857 rp.scid = htole16(chan->lc_rcid);
858 l2cap_send_signal(link, L2CAP_DISCONNECT_RSP, cmd.ident,
861 if (chan->lc_state != L2CAP_CLOSED)
862 l2cap_close(chan, ECONNRESET);
866 * Process Received Disconnect Response. We must validate scid and dcid but
867 * unless we were waiting for this signal, ignore it.
870 l2cap_recv_disconnect_rsp(struct mbuf *m, struct hci_link *link)
873 l2cap_discon_rsp_cp cp;
874 struct l2cap_req *req;
875 struct l2cap_channel *chan;
877 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
878 m_adj(m, sizeof(cmd));
880 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
881 m_adj(m, sizeof(cp));
883 cp.scid = letoh16(cp.scid);
884 cp.dcid = letoh16(cp.dcid);
886 req = l2cap_request_lookup(link, cmd.ident);
887 if (req == NULL || req->lr_code != L2CAP_DISCONNECT_REQ)
892 || chan->lc_lcid != cp.scid
893 || chan->lc_rcid != cp.dcid)
896 l2cap_request_free(req);
898 if (chan->lc_state != L2CAP_WAIT_DISCONNECT)
901 l2cap_close(chan, 0);
905 * Process Received Info Request. We must respond but alas dont
906 * support anything as yet so thats easy.
909 l2cap_recv_info_req(struct mbuf *m, struct hci_link *link)
912 l2cap_info_req_cp cp;
913 l2cap_info_rsp_cp rp;
915 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
916 m_adj(m, sizeof(cmd));
918 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
919 m_adj(m, sizeof(cp));
921 switch(letoh16(cp.type)) {
922 case L2CAP_CONNLESS_MTU:
923 case L2CAP_EXTENDED_FEATURES:
926 rp.result = htole16(L2CAP_NOT_SUPPORTED);
928 l2cap_send_signal(link, L2CAP_INFO_RSP, cmd.ident,
935 * Construct signal and wrap in C-Frame for link.
938 l2cap_send_signal(struct hci_link *link, uint8_t code, uint8_t ident,
939 uint16_t length, void *data)
943 l2cap_cmd_hdr_t *cmd;
949 if (sizeof(l2cap_cmd_hdr_t) + length > link->hl_mtu)
950 kprintf("(%s) exceeding L2CAP Signal MTU for link!\n",
951 device_get_nameunit(link->hl_unit->hci_dev));
954 m = m_gethdr(M_NOWAIT, MT_DATA);
958 hdr = mtod(m, l2cap_hdr_t *);
959 cmd = (l2cap_cmd_hdr_t *)(hdr + 1);
961 m->m_len = m->m_pkthdr.len = MHLEN;
965 m_copyback(m, sizeof(*hdr) + sizeof(*cmd), length, data);
970 cmd->length = htole16(length);
971 length += sizeof(*cmd);
974 hdr->length = htole16(length);
975 hdr->dcid = htole16(L2CAP_SIGNAL_CID);
976 length += sizeof(*hdr);
978 if (m->m_pkthdr.len != MAX(MHLEN, length)) {
983 m->m_pkthdr.len = length;
984 m->m_len = MIN(length, MHLEN);
986 DPRINTFN(2, "(%s) code %d, ident %d, len %d\n",
987 device_get_nameunit(link->hl_unit->hci_dev), code, ident,
990 return hci_acl_send(m, link, NULL);
994 * Send Command Reject packet.
997 l2cap_send_command_rej(struct hci_link *link, uint8_t ident,
998 uint16_t reason, ...)
1000 l2cap_cmd_rej_cp cp;
1004 va_start(ap, reason);
1006 cp.reason = htole16(reason);
1009 case L2CAP_REJ_NOT_UNDERSTOOD:
1013 case L2CAP_REJ_MTU_EXCEEDED:
1015 cp.data[0] = va_arg(ap, int); /* SigMTU */
1016 cp.data[0] = htole16(cp.data[0]);
1019 case L2CAP_REJ_INVALID_CID:
1021 cp.data[0] = va_arg(ap, int); /* dcid */
1022 cp.data[0] = htole16(cp.data[0]);
1023 cp.data[1] = va_arg(ap, int); /* scid */
1024 cp.data[1] = htole16(cp.data[1]);
1034 return l2cap_send_signal(link, L2CAP_COMMAND_REJ, ident, len, &cp);
1038 * Send Connect Request
1041 l2cap_send_connect_req(struct l2cap_channel *chan)
1043 l2cap_con_req_cp cp;
1046 err = l2cap_request_alloc(chan, L2CAP_CONNECT_REQ);
1050 cp.psm = htole16(chan->lc_raddr.bt_psm);
1051 cp.scid = htole16(chan->lc_lcid);
1053 return l2cap_send_signal(chan->lc_link, L2CAP_CONNECT_REQ,
1054 chan->lc_link->hl_lastid, sizeof(cp), &cp);
1058 * Send Config Request
1060 * For outgoing config request, we only put options in the packet if they
1061 * differ from the default and would have to be actioned. We dont support
1062 * enough option types to make overflowing SigMTU an issue so it can all
1066 l2cap_send_config_req(struct l2cap_channel *chan)
1068 l2cap_cfg_req_cp *cp;
1069 l2cap_cfg_opt_t *opt;
1070 l2cap_cfg_opt_val_t *val;
1071 uint8_t *next, buf[L2CAP_MTU_MINIMUM];
1074 err = l2cap_request_alloc(chan, L2CAP_CONFIG_REQ);
1078 /* Config Header (4 octets) */
1079 cp = (l2cap_cfg_req_cp *)buf;
1080 cp->dcid = htole16(chan->lc_rcid);
1081 cp->flags = 0; /* "No Continuation" */
1083 next = buf + sizeof(l2cap_cfg_req_cp);
1085 /* Incoming MTU (4 octets) */
1086 if (chan->lc_imtu != L2CAP_MTU_DEFAULT) {
1087 opt = (l2cap_cfg_opt_t *)next;
1088 opt->type = L2CAP_OPT_MTU;
1089 opt->length = L2CAP_OPT_MTU_SIZE;
1091 val = (l2cap_cfg_opt_val_t *)(opt + 1);
1092 val->mtu = htole16(chan->lc_imtu);
1094 next += sizeof(l2cap_cfg_opt_t) + L2CAP_OPT_MTU_SIZE;
1097 /* Flush Timeout (4 octets) */
1098 if (chan->lc_flush != L2CAP_FLUSH_TIMO_DEFAULT) {
1099 opt = (l2cap_cfg_opt_t *)next;
1100 opt->type = L2CAP_OPT_FLUSH_TIMO;
1101 opt->length = L2CAP_OPT_FLUSH_TIMO_SIZE;
1103 val = (l2cap_cfg_opt_val_t *)(opt + 1);
1104 val->flush_timo = htole16(chan->lc_flush);
1106 next += sizeof(l2cap_cfg_opt_t) + L2CAP_OPT_FLUSH_TIMO_SIZE;
1109 /* Outgoing QoS Flow (24 octets) */
1110 /* Retransmission & Flow Control (11 octets) */
1112 * From here we need to start paying attention to SigMTU as we have
1113 * possibly overflowed the minimum supported..
1116 return l2cap_send_signal(chan->lc_link, L2CAP_CONFIG_REQ,
1117 chan->lc_link->hl_lastid, (int)(next - buf), buf);
1121 * Send Disconnect Request
1124 l2cap_send_disconnect_req(struct l2cap_channel *chan)
1126 l2cap_discon_req_cp cp;
1129 err = l2cap_request_alloc(chan, L2CAP_DISCONNECT_REQ);
1133 cp.dcid = htole16(chan->lc_rcid);
1134 cp.scid = htole16(chan->lc_lcid);
1136 return l2cap_send_signal(chan->lc_link, L2CAP_DISCONNECT_REQ,
1137 chan->lc_link->hl_lastid, sizeof(cp), &cp);
1141 * Send Connect Response
1144 l2cap_send_connect_rsp(struct hci_link *link, uint8_t ident, uint16_t dcid,
1145 uint16_t scid, uint16_t result)
1147 l2cap_con_rsp_cp cp;
1149 memset(&cp, 0, sizeof(cp));
1150 cp.dcid = htole16(dcid);
1151 cp.scid = htole16(scid);
1152 cp.result = htole16(result);
1154 return l2cap_send_signal(link, L2CAP_CONNECT_RSP, ident, sizeof(cp), &cp);
tuxillo's projects / dragonfly.git / blob