1 /* $OpenBSD: hci_link.c,v 1.6 2007/09/17 01:33:33 krw Exp $ */
2 /* $NetBSD: hci_link.c,v 1.11 2007/04/21 06:15:23 plunky Exp $ */
3 /* $DragonFly: src/sys/netbt/hci_link.c,v 1.1 2007/12/30 20:02:56 hasso Exp $ */
6 * Copyright (c) 2005 Iain Hibbert.
7 * Copyright (c) 2006 Itronix Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. The name of Itronix Inc. may not be used to endorse
19 * or promote products derived from this software without specific
20 * prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
25 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
26 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
29 * ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/cdefs.h>
37 #include <sys/param.h>
38 #include <sys/kernel.h>
39 #include <sys/malloc.h>
42 #include <sys/queue.h>
43 #include <sys/systm.h>
44 #include <sys/endian.h>
45 #include <sys/callout.h>
47 #include <net/pf/pfvar.h>
50 #include <netbt/bluetooth.h>
51 #include <netbt/hci.h>
52 #include <netbt/l2cap.h>
53 #include <netbt/sco.h>
55 /*******************************************************************************
61 * Automatically expire unused ACL connections after this number of
62 * seconds (if zero, do not expire unused connections) [sysctl]
64 int hci_acl_expiry = 10; /* seconds */
67 * hci_acl_open(unit, bdaddr)
69 * open ACL connection to remote bdaddr. Only one ACL connection is permitted
70 * between any two Bluetooth devices, so we look for an existing one before
71 * trying to start a new one.
74 hci_acl_open(struct hci_unit *unit, bdaddr_t *bdaddr)
76 struct hci_link *link;
77 struct hci_memo *memo;
81 KKASSERT(unit != NULL);
82 KKASSERT(bdaddr != NULL);
84 link = hci_link_lookup_bdaddr(unit, bdaddr, HCI_LINK_ACL);
86 link = hci_link_alloc(unit);
90 link->hl_type = HCI_LINK_ACL;
91 bdaddr_copy(&link->hl_bdaddr, bdaddr);
94 switch(link->hl_state) {
97 * open connection to remote device
99 memset(&cp, 0, sizeof(cp));
100 bdaddr_copy(&cp.bdaddr, bdaddr);
101 cp.pkt_type = htole16(unit->hci_packet_type);
103 memo = hci_memo_find(unit, bdaddr);
105 cp.page_scan_rep_mode = memo->response.page_scan_rep_mode;
106 cp.page_scan_mode = memo->response.page_scan_mode;
107 cp.clock_offset = htole16(memo->response.clock_offset);
110 if (unit->hci_link_policy & HCI_LINK_POLICY_ENABLE_ROLE_SWITCH)
111 cp.accept_role_switch = 1;
113 err = hci_send_cmd(unit, HCI_CMD_CREATE_CON, &cp, sizeof(cp));
115 hci_link_free(link, err);
119 link->hl_state = HCI_LINK_WAIT_CONNECT;
122 case HCI_LINK_WAIT_CONNECT:
123 case HCI_LINK_WAIT_AUTH:
124 case HCI_LINK_WAIT_ENCRYPT:
125 case HCI_LINK_WAIT_SECURE:
127 * somebody else already trying to connect, we just
128 * sit on the bench with them..
134 * If already open, halt any expiry callouts. We dont need
135 * to care about already invoking callouts since refcnt >0
136 * will keep the link alive.
138 callout_stop(&link->hl_expire);
142 UNKNOWN(link->hl_state);
153 * Close ACL connection. When there are no more references to this link,
154 * we can either close it down or schedule a delayed closedown.
157 hci_acl_close(struct hci_link *link, int err)
159 KKASSERT(link != NULL);
161 if (--link->hl_refcnt == 0) {
162 if (link->hl_state == HCI_LINK_CLOSED)
163 hci_link_free(link, err);
164 else if (hci_acl_expiry > 0)
165 callout_reset(&link->hl_expire, hci_acl_expiry * hz,
166 hci_acl_timeout, link);
171 * Incoming ACL connection.
173 * For now, we accept all connections but it would be better to check
174 * the L2CAP listen list and only accept when there is a listener
177 * There should not be a link to the same bdaddr already, we check
178 * anyway though its left unhandled for now.
181 hci_acl_newconn(struct hci_unit *unit, bdaddr_t *bdaddr)
183 struct hci_link *link;
185 link = hci_link_lookup_bdaddr(unit, bdaddr, HCI_LINK_ACL);
189 link = hci_link_alloc(unit);
191 link->hl_state = HCI_LINK_WAIT_CONNECT;
192 link->hl_type = HCI_LINK_ACL;
193 bdaddr_copy(&link->hl_bdaddr, bdaddr);
195 if (hci_acl_expiry > 0)
196 callout_reset(&link->hl_expire, hci_acl_expiry * hz,
197 hci_acl_timeout, link);
204 hci_acl_timeout(void *arg)
206 struct hci_link *link = arg;
212 if (link->hl_refcnt > 0)
215 DPRINTF("link #%d expired\n", link->hl_handle);
217 switch (link->hl_state) {
218 case HCI_LINK_CLOSED:
219 case HCI_LINK_WAIT_CONNECT:
220 hci_link_free(link, ECONNRESET);
223 case HCI_LINK_WAIT_AUTH:
224 case HCI_LINK_WAIT_ENCRYPT:
225 case HCI_LINK_WAIT_SECURE:
227 cp.con_handle = htole16(link->hl_handle);
228 cp.reason = 0x13; /* "Remote User Terminated Connection" */
230 err = hci_send_cmd(link->hl_unit, HCI_CMD_DISCONNECT,
234 DPRINTF("error %d sending HCI_CMD_DISCONNECT\n",
241 UNKNOWN(link->hl_state);
250 * Initiate any Link Mode change requests.
253 hci_acl_setmode(struct hci_link *link)
257 KKASSERT(link != NULL);
258 KKASSERT(link->hl_unit != NULL);
260 if (link->hl_state != HCI_LINK_OPEN)
263 if ((link->hl_flags & HCI_LINK_AUTH_REQ)
264 && !(link->hl_flags & HCI_LINK_AUTH)) {
267 DPRINTF("requesting auth for handle #%d\n",
270 link->hl_state = HCI_LINK_WAIT_AUTH;
271 cp.con_handle = htole16(link->hl_handle);
272 err = hci_send_cmd(link->hl_unit, HCI_CMD_AUTH_REQ,
275 return (err == 0 ? EINPROGRESS : err);
278 if ((link->hl_flags & HCI_LINK_ENCRYPT_REQ)
279 && !(link->hl_flags & HCI_LINK_ENCRYPT)) {
280 hci_set_con_encryption_cp cp;
282 /* XXX we should check features for encryption capability */
284 DPRINTF("requesting encryption for handle #%d\n",
287 link->hl_state = HCI_LINK_WAIT_ENCRYPT;
288 cp.con_handle = htole16(link->hl_handle);
289 cp.encryption_enable = 0x01;
291 err = hci_send_cmd(link->hl_unit, HCI_CMD_SET_CON_ENCRYPTION,
294 return (err == 0 ? EINPROGRESS : err);
297 if ((link->hl_flags & HCI_LINK_SECURE_REQ)) {
298 hci_change_con_link_key_cp cp;
300 /* always change link key for SECURE requests */
301 link->hl_flags &= ~HCI_LINK_SECURE;
303 DPRINTF("changing link key for handle #%d\n",
306 link->hl_state = HCI_LINK_WAIT_SECURE;
307 cp.con_handle = htole16(link->hl_handle);
309 err = hci_send_cmd(link->hl_unit, HCI_CMD_CHANGE_CON_LINK_KEY,
312 return (err == 0 ? EINPROGRESS : err);
321 * This is called from event handlers when the mode change
322 * is complete. We notify upstream and restart the link.
325 hci_acl_linkmode(struct hci_link *link)
327 struct l2cap_channel *chan, *next;
330 DPRINTF("handle #%d, auth %s, encrypt %s, secure %s\n",
332 (link->hl_flags & HCI_LINK_AUTH ? "on" : "off"),
333 (link->hl_flags & HCI_LINK_ENCRYPT ? "on" : "off"),
334 (link->hl_flags & HCI_LINK_SECURE ? "on" : "off"));
336 if (link->hl_flags & HCI_LINK_AUTH)
337 mode |= L2CAP_LM_AUTH;
339 if (link->hl_flags & HCI_LINK_ENCRYPT)
340 mode |= L2CAP_LM_ENCRYPT;
342 if (link->hl_flags & HCI_LINK_SECURE)
343 mode |= L2CAP_LM_SECURE;
346 * The link state will only be OPEN here if the mode change
347 * was successful. So, we can proceed with L2CAP connections,
348 * or notify already establshed channels, to allow any that
349 * are dissatisfied to disconnect before we restart.
351 next = LIST_FIRST(&l2cap_active_list);
352 while ((chan = next) != NULL) {
353 next = LIST_NEXT(chan, lc_ncid);
355 if (chan->lc_link != link)
358 switch(chan->lc_state) {
359 case L2CAP_WAIT_SEND_CONNECT_REQ: /* we are connecting */
360 if ((mode & chan->lc_mode) != chan->lc_mode) {
361 l2cap_close(chan, ECONNABORTED);
365 chan->lc_state = L2CAP_WAIT_RECV_CONNECT_RSP;
366 err = l2cap_send_connect_req(chan);
368 l2cap_close(chan, err);
373 case L2CAP_WAIT_SEND_CONNECT_RSP: /* they are connecting */
374 if ((mode & chan->lc_mode) != chan->lc_mode) {
375 l2cap_send_connect_rsp(link, chan->lc_ident,
377 L2CAP_SECURITY_BLOCK);
379 l2cap_close(chan, ECONNABORTED);
383 l2cap_send_connect_rsp(link, chan->lc_ident,
384 chan->lc_lcid, chan->lc_rcid,
387 chan->lc_state = L2CAP_WAIT_CONFIG;
388 chan->lc_flags |= (L2CAP_WAIT_CONFIG_RSP | L2CAP_WAIT_CONFIG_REQ);
389 err = l2cap_send_config_req(chan);
391 l2cap_close(chan, err);
396 case L2CAP_WAIT_RECV_CONNECT_RSP:
397 case L2CAP_WAIT_CONFIG:
398 case L2CAP_OPEN: /* already established */
399 (*chan->lc_proto->linkmode)(chan->lc_upper, mode);
407 link->hl_state = HCI_LINK_OPEN;
414 * we accumulate packet fragments on the hci_link structure
415 * until a full L2CAP frame is ready, then send it on.
418 hci_acl_recv(struct mbuf *m, struct hci_unit *unit)
420 struct hci_link *link;
421 hci_acldata_hdr_t hdr;
422 uint16_t handle, want;
426 KKASSERT(unit != NULL);
428 KKASSERT(m->m_pkthdr.len >= sizeof(hdr));
429 m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr);
430 m_adj(m, sizeof(hdr));
433 if (hdr.type != HCI_ACL_DATA_PKT) {
434 kprintf("%s: bad ACL packet type\n", unit->hci_devname);
438 if (m->m_pkthdr.len != letoh16(hdr.length)) {
439 kprintf("%s: bad ACL packet length (%d != %d)\n",
440 unit->hci_devname, m->m_pkthdr.len, letoh16(hdr.length));
445 hdr.length = letoh16(hdr.length);
446 hdr.con_handle = letoh16(hdr.con_handle);
447 handle = HCI_CON_HANDLE(hdr.con_handle);
448 pb = HCI_PB_FLAG(hdr.con_handle);
450 link = hci_link_lookup_handle(unit, handle);
454 DPRINTF("%s: dumping packet for unknown handle #%d\n",
455 unit->hci_devname, handle);
458 * There is no way to find out what this connection handle is
459 * for, just get rid of it. This may happen, if a USB dongle
460 * is plugged into a self powered hub and does not reset when
461 * the system is shut down.
463 cp.con_handle = htole16(handle);
464 cp.reason = 0x13; /* "Remote User Terminated Connection" */
465 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &cp, sizeof(cp));
470 case HCI_PACKET_START:
471 if (link->hl_rxp != NULL)
472 kprintf("%s: dropped incomplete ACL packet\n",
475 if (m->m_pkthdr.len < sizeof(l2cap_hdr_t)) {
476 kprintf("%s: short ACL packet\n",
483 got = m->m_pkthdr.len;
486 case HCI_PACKET_FRAGMENT:
487 if (link->hl_rxp == NULL) {
488 kprintf("%s: unexpected packet fragment\n",
494 got = m->m_pkthdr.len + link->hl_rxp->m_pkthdr.len;
495 m_cat(link->hl_rxp, m);
497 m->m_pkthdr.len = got;
501 kprintf("%s: unknown packet type\n",
507 m_copydata(m, 0, sizeof(want), (caddr_t)&want);
508 want = letoh16(want) + sizeof(l2cap_hdr_t) - got;
516 l2cap_recv_frame(m, link);
525 * Send ACL data on link
527 * We must fragment packets into chunks of less than unit->hci_max_acl_size and
528 * prepend a relevant ACL header to each fragment. We keep a PDU structure
529 * attached to the link, so that completed fragments can be marked off and
530 * more data requested from above once the PDU is sent.
533 hci_acl_send(struct mbuf *m, struct hci_link *link,
534 struct l2cap_channel *chan)
536 struct l2cap_pdu *pdu;
537 struct mbuf *n = NULL;
538 int plen, mlen, num = 0;
540 KKASSERT(link != NULL);
542 KKASSERT(m->m_flags & M_PKTHDR);
543 KKASSERT(m->m_pkthdr.len > 0);
545 if (link->hl_state == HCI_LINK_CLOSED) {
550 pdu = pool_get(&l2cap_pdu_pool, PR_NOWAIT);
554 bzero(pdu, sizeof *pdu);
558 plen = m->m_pkthdr.len;
559 mlen = link->hl_unit->hci_max_acl_size;
561 DPRINTFN(5, "%s: handle #%d, plen = %d, max = %d\n",
562 link->hl_unit->hci_devname, link->hl_handle, plen, mlen);
566 n = m_split(m, mlen, MB_DONTWAIT);
574 m->m_flags |= M_PROTO1; /* tag first fragment */
576 DPRINTFN(10, "chunk of %d (plen = %d) bytes\n", mlen, plen);
577 IF_ENQUEUE(&pdu->lp_data, m);
582 TAILQ_INSERT_TAIL(&link->hl_txq, pdu, lp_next);
583 link->hl_txqlen += num;
592 IF_DRAIN(&pdu->lp_data);
593 pool_put(&l2cap_pdu_pool, pdu);
600 * Start sending ACL data on link.
602 * This is called when the queue may need restarting: as new data
603 * is queued, after link mode changes have completed, or when device
604 * buffers have cleared.
606 * We may use all the available packet slots. The reason that we add
607 * the ACL encapsulation here rather than in hci_acl_send() is that L2CAP
608 * signal packets may be queued before the handle is given to us..
611 hci_acl_start(struct hci_link *link)
613 struct hci_unit *unit;
614 hci_acldata_hdr_t *hdr;
615 struct l2cap_pdu *pdu;
619 KKASSERT(link != NULL);
621 unit = link->hl_unit;
622 KKASSERT(unit != NULL);
624 /* this is mainly to block ourselves (below) */
625 if (link->hl_state != HCI_LINK_OPEN)
628 if (link->hl_txqlen == 0 || unit->hci_num_acl_pkts == 0)
631 /* find first PDU with data to send */
632 pdu = TAILQ_FIRST(&link->hl_txq);
637 if (!IF_QEMPTY(&pdu->lp_data))
640 pdu = TAILQ_NEXT(pdu, lp_next);
643 while (unit->hci_num_acl_pkts > 0) {
644 IF_DEQUEUE(&pdu->lp_data, m);
647 if (m->m_flags & M_PROTO1)
648 handle = HCI_MK_CON_HANDLE(link->hl_handle,
649 HCI_PACKET_START, 0);
651 handle = HCI_MK_CON_HANDLE(link->hl_handle,
652 HCI_PACKET_FRAGMENT, 0);
654 M_PREPEND(m, sizeof(*hdr), MB_DONTWAIT);
658 hdr = mtod(m, hci_acldata_hdr_t *);
659 hdr->type = HCI_ACL_DATA_PKT;
660 hdr->con_handle = htole16(handle);
661 hdr->length = htole16(m->m_pkthdr.len - sizeof(*hdr));
666 hci_output_acl(unit, m);
668 if (IF_QEMPTY(&pdu->lp_data)) {
671 * This should enable streaming of PDUs - when
672 * we have placed all the fragments on the acl
673 * output queue, we trigger the L2CAP layer to
674 * send us down one more. Use a false state so
675 * we dont run into ourselves coming back from
678 link->hl_state = HCI_LINK_BLOCK;
679 l2cap_start(pdu->lp_chan);
680 link->hl_state = HCI_LINK_OPEN;
683 pdu = TAILQ_NEXT(pdu, lp_next);
690 * We had our turn now, move to the back of the queue to let
691 * other links have a go at the output buffers..
693 if (TAILQ_NEXT(link, hl_next)) {
694 TAILQ_REMOVE(&unit->hci_links, link, hl_next);
695 TAILQ_INSERT_TAIL(&unit->hci_links, link, hl_next);
700 * Confirm ACL packets cleared from Controller buffers. We scan our PDU
701 * list to clear pending fragments and signal upstream for more data
702 * when a PDU is complete.
705 hci_acl_complete(struct hci_link *link, int num)
707 struct l2cap_pdu *pdu;
708 struct l2cap_channel *chan;
710 DPRINTFN(5, "handle #%d (%d)\n", link->hl_handle, num);
713 pdu = TAILQ_FIRST(&link->hl_txq);
715 kprintf("%s: %d packets completed on handle #%x "
716 "but none pending!\n",
717 link->hl_unit->hci_devname, num,
722 if (num >= pdu->lp_pending) {
723 num -= pdu->lp_pending;
726 if (IF_QEMPTY(&pdu->lp_data)) {
727 TAILQ_REMOVE(&link->hl_txq, pdu, lp_next);
731 (*chan->lc_proto->complete)
734 if (chan->lc_pending == 0)
738 pool_put(&l2cap_pdu_pool, pdu);
741 pdu->lp_pending -= num;
747 /*******************************************************************************
749 * HCI SCO Connections
753 * Incoming SCO Connection. We check the list for anybody willing
757 hci_sco_newconn(struct hci_unit *unit, bdaddr_t *bdaddr)
759 struct sockaddr_bt laddr, raddr;
760 struct sco_pcb *pcb, *new;
761 struct hci_link *sco, *acl;
763 memset(&laddr, 0, sizeof(laddr));
764 laddr.bt_len = sizeof(laddr);
765 laddr.bt_family = AF_BLUETOOTH;
766 bdaddr_copy(&laddr.bt_bdaddr, &unit->hci_bdaddr);
768 memset(&raddr, 0, sizeof(raddr));
769 raddr.bt_len = sizeof(raddr);
770 raddr.bt_family = AF_BLUETOOTH;
771 bdaddr_copy(&raddr.bt_bdaddr, bdaddr);
774 * There should already be an ACL link up and running before
775 * the controller sends us SCO connection requests, but you
778 acl = hci_link_lookup_bdaddr(unit, bdaddr, HCI_LINK_ACL);
779 if (acl == NULL || acl->hl_state != HCI_LINK_OPEN)
782 LIST_FOREACH(pcb, &sco_pcb, sp_next) {
783 if ((pcb->sp_flags & SP_LISTENING) == 0)
786 new = (*pcb->sp_proto->newconn)(pcb->sp_upper, &laddr, &raddr);
791 * Ok, got new pcb so we can start a new link and fill
792 * in all the details.
794 bdaddr_copy(&new->sp_laddr, &unit->hci_bdaddr);
795 bdaddr_copy(&new->sp_raddr, bdaddr);
797 sco = hci_link_alloc(unit);
803 sco->hl_type = HCI_LINK_SCO;
804 bdaddr_copy(&sco->hl_bdaddr, bdaddr);
806 sco->hl_link = hci_acl_open(unit, bdaddr);
807 KKASSERT(sco->hl_link == acl);
812 new->sp_mtu = unit->hci_max_sco_size;
820 * receive SCO packet, we only need to strip the header and send
821 * it to the right handler
824 hci_sco_recv(struct mbuf *m, struct hci_unit *unit)
826 struct hci_link *link;
827 hci_scodata_hdr_t hdr;
831 KKASSERT(unit != NULL);
833 KKASSERT(m->m_pkthdr.len >= sizeof(hdr));
834 m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr);
835 m_adj(m, sizeof(hdr));
838 if (hdr.type != HCI_SCO_DATA_PKT) {
839 kprintf("%s: bad SCO packet type\n", unit->hci_devname);
843 if (m->m_pkthdr.len != hdr.length) {
844 kprintf("%s: bad SCO packet length (%d != %d)\n",
845 unit->hci_devname, m->m_pkthdr.len, hdr.length);
850 hdr.con_handle = letoh16(hdr.con_handle);
851 handle = HCI_CON_HANDLE(hdr.con_handle);
853 link = hci_link_lookup_handle(unit, handle);
854 if (link == NULL || link->hl_type == HCI_LINK_ACL) {
855 DPRINTF("%s: dumping packet for unknown handle #%d\n",
856 unit->hci_devname, handle);
861 (*link->hl_sco->sp_proto->input)(link->hl_sco->sp_upper, m);
869 hci_sco_start(struct hci_link *link)
874 * SCO packets have completed at the controller, so we can
875 * signal up to free the buffer space.
878 hci_sco_complete(struct hci_link *link, int num)
881 DPRINTFN(5, "handle #%d (num=%d)\n", link->hl_handle, num);
882 link->hl_sco->sp_pending--;
883 (*link->hl_sco->sp_proto->complete)(link->hl_sco->sp_upper, num);
886 /*******************************************************************************
888 * Generic HCI Connection alloc/free/lookup etc
892 hci_link_alloc(struct hci_unit *unit)
894 struct hci_link *link;
896 KKASSERT(unit != NULL);
898 link = kmalloc(sizeof *link, M_BLUETOOTH, M_NOWAIT | M_ZERO);
902 link->hl_unit = unit;
903 link->hl_state = HCI_LINK_CLOSED;
905 /* init ACL portion */
906 callout_init(&link->hl_expire);
909 TAILQ_INIT(&link->hl_txq); /* outgoing packets */
910 TAILQ_INIT(&link->hl_reqs); /* request queue */
912 link->hl_mtu = L2CAP_MTU_DEFAULT; /* L2CAP signal mtu */
913 link->hl_flush = L2CAP_FLUSH_TIMO_DEFAULT; /* flush timeout */
916 TAILQ_INSERT_HEAD(&unit->hci_links, link, hl_next);
922 hci_link_free(struct hci_link *link, int err)
924 struct l2cap_req *req;
925 struct l2cap_pdu *pdu;
926 struct l2cap_channel *chan, *next;
928 KKASSERT(link != NULL);
930 DPRINTF("#%d, type = %d, state = %d, refcnt = %d\n",
931 link->hl_handle, link->hl_type,
932 link->hl_state, link->hl_refcnt);
934 /* ACL reference count */
935 if (link->hl_refcnt > 0) {
936 next = LIST_FIRST(&l2cap_active_list);
937 while ((chan = next) != NULL) {
938 next = LIST_NEXT(chan, lc_ncid);
939 if (chan->lc_link == link)
940 l2cap_close(chan, err);
943 KKASSERT(link->hl_refcnt == 0);
945 /* ACL L2CAP requests.. */
946 while ((req = TAILQ_FIRST(&link->hl_reqs)) != NULL)
947 l2cap_request_free(req);
949 KKASSERT(TAILQ_EMPTY(&link->hl_reqs));
951 /* ACL outgoing data queue */
952 while ((pdu = TAILQ_FIRST(&link->hl_txq)) != NULL) {
953 TAILQ_REMOVE(&link->hl_txq, pdu, lp_next);
954 IF_DRAIN(&pdu->lp_data);
956 link->hl_unit->hci_num_acl_pkts += pdu->lp_pending;
958 pool_put(&l2cap_pdu_pool, pdu);
961 KKASSERT(TAILQ_EMPTY(&link->hl_txq));
963 /* ACL incoming data packet */
964 if (link->hl_rxp != NULL) {
965 m_freem(link->hl_rxp);
969 /* SCO master ACL link */
970 if (link->hl_link != NULL) {
971 hci_acl_close(link->hl_link, err);
972 link->hl_link = NULL;
976 if (link->hl_sco != NULL) {
982 (*pcb->sp_proto->disconnected)(pcb->sp_upper, err);
985 /* flush any SCO data */
987 IF_DRAIN(&link->hl_data);
990 * Halt the timeout - if its already running we cannot free the
991 * link structure but the timeout function will call us back in
994 link->hl_state = HCI_LINK_CLOSED;
995 callout_stop(&link->hl_expire);
996 if (callout_active(&link->hl_expire))
1000 TAILQ_REMOVE(&link->hl_unit->hci_links, link, hl_next);
1002 kfree(link, M_BLUETOOTH);
1006 * Lookup HCI link by type and state.
1009 hci_link_lookup_state(struct hci_unit *unit, uint16_t type, uint16_t state)
1011 struct hci_link *link;
1013 TAILQ_FOREACH(link, &unit->hci_links, hl_next) {
1014 if (link->hl_type == type && link->hl_state == state)
1022 * Lookup HCI link by address and type. Note that for SCO links there may
1023 * be more than one link per address, so we only return links with no
1024 * handle (ie new links)
1027 hci_link_lookup_bdaddr(struct hci_unit *unit, bdaddr_t *bdaddr, uint16_t type)
1029 struct hci_link *link;
1031 KKASSERT(unit != NULL);
1032 KKASSERT(bdaddr != NULL);
1034 TAILQ_FOREACH(link, &unit->hci_links, hl_next) {
1035 if (link->hl_type != type)
1038 if (type == HCI_LINK_SCO && link->hl_handle != 0)
1041 if (bdaddr_same(&link->hl_bdaddr, bdaddr))
1049 hci_link_lookup_handle(struct hci_unit *unit, uint16_t handle)
1051 struct hci_link *link;
1053 KKASSERT(unit != NULL);
1055 TAILQ_FOREACH(link, &unit->hci_links, hl_next) {
1056 if (handle == link->hl_handle)