1 /* $OpenBSD: src/sys/netbt/l2cap_signal.c,v 1.3 2008/02/24 21:34:48 uwe Exp $ */
2 /* $NetBSD: l2cap_signal.c,v 1.9 2007/11/10 23:12:23 plunky Exp $ */
5 * Copyright (c) 2005 Iain Hibbert.
6 * Copyright (c) 2006 Itronix Inc.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. The name of Itronix Inc. may not be used to endorse
18 * or promote products derived from this software without specific
19 * prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
23 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
25 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
28 * ON ANY THEORY OF LIABILITY, WHETHER IN
29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31 * POSSIBILITY OF SUCH DAMAGE.
34 #include <sys/param.h>
35 #include <sys/kernel.h>
38 #include <sys/queue.h>
39 #include <sys/systm.h>
40 #include <sys/endian.h>
42 #include <netbt/bluetooth.h>
43 #include <netbt/hci.h>
44 #include <netbt/l2cap.h>
46 /*******************************************************************************
48 * L2CAP Signal processing
51 static void l2cap_recv_command_rej(struct mbuf *, struct hci_link *);
52 static void l2cap_recv_connect_req(struct mbuf *, struct hci_link *);
53 static void l2cap_recv_connect_rsp(struct mbuf *, struct hci_link *);
54 static void l2cap_recv_config_req(struct mbuf *, struct hci_link *);
55 static void l2cap_recv_config_rsp(struct mbuf *, struct hci_link *);
56 static void l2cap_recv_disconnect_req(struct mbuf *, struct hci_link *);
57 static void l2cap_recv_disconnect_rsp(struct mbuf *, struct hci_link *);
58 static void l2cap_recv_info_req(struct mbuf *, struct hci_link *);
59 static int l2cap_send_signal(struct hci_link *, uint8_t, uint8_t, uint16_t, void *);
60 static int l2cap_send_command_rej(struct hci_link *, uint8_t, uint16_t, ...);
63 * process incoming signal packets (CID 0x0001). Can contain multiple
67 l2cap_recv_signal(struct mbuf *m, struct hci_link *link)
72 if (m->m_pkthdr.len == 0)
75 if (m->m_pkthdr.len < sizeof(cmd))
78 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
79 cmd.length = letoh16(cmd.length);
81 if (m->m_pkthdr.len < sizeof(cmd) + cmd.length)
84 DPRINTFN(2, "(%s) code %d, ident %d, len %d\n",
85 device_get_nameunit(link->hl_unit->hci_dev),
86 cmd.code, cmd.ident, cmd.length);
89 case L2CAP_COMMAND_REJ:
90 if (cmd.length > sizeof(l2cap_cmd_rej_cp))
93 l2cap_recv_command_rej(m, link);
96 case L2CAP_CONNECT_REQ:
97 if (cmd.length != sizeof(l2cap_con_req_cp))
100 l2cap_recv_connect_req(m, link);
103 case L2CAP_CONNECT_RSP:
104 if (cmd.length != sizeof(l2cap_con_rsp_cp))
107 l2cap_recv_connect_rsp(m, link);
110 case L2CAP_CONFIG_REQ:
111 l2cap_recv_config_req(m, link);
114 case L2CAP_CONFIG_RSP:
115 l2cap_recv_config_rsp(m, link);
118 case L2CAP_DISCONNECT_REQ:
119 if (cmd.length != sizeof(l2cap_discon_req_cp))
122 l2cap_recv_disconnect_req(m, link);
125 case L2CAP_DISCONNECT_RSP:
126 if (cmd.length != sizeof(l2cap_discon_rsp_cp))
129 l2cap_recv_disconnect_rsp(m, link);
133 m_adj(m, sizeof(cmd) + cmd.length);
134 l2cap_send_signal(link, L2CAP_ECHO_RSP, cmd.ident,
139 m_adj(m, sizeof(cmd) + cmd.length);
143 if (cmd.length != sizeof(l2cap_info_req_cp))
146 l2cap_recv_info_req(m, link);
150 m_adj(m, sizeof(cmd) + cmd.length);
159 panic("impossible!");
163 l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_NOT_UNDERSTOOD);
169 * Process Received Command Reject. For now we dont try to recover gracefully
170 * from this, it probably means that the link is garbled or the other end is
171 * insufficiently capable of handling normal traffic. (not *my* fault, no way!)
174 l2cap_recv_command_rej(struct mbuf *m, struct hci_link *link)
176 struct l2cap_req *req;
177 struct l2cap_channel *chan;
181 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
182 m_adj(m, sizeof(cmd));
184 cmd.length = letoh16(cmd.length);
186 m_copydata(m, 0, cmd.length, (caddr_t)&cp);
187 m_adj(m, cmd.length);
189 req = l2cap_request_lookup(link, cmd.ident);
193 switch (letoh16(cp.reason)) {
194 case L2CAP_REJ_NOT_UNDERSTOOD:
196 * I dont know what to do, just move up the timeout
198 callout_reset(&req->lr_rtx,0,l2cap_rtx,req);
201 case L2CAP_REJ_MTU_EXCEEDED:
203 * I didnt send any commands over L2CAP_MTU_MINIMUM size, but..
205 * XXX maybe we should resend this, instead?
207 link->hl_mtu = letoh16(cp.data[0]);
208 callout_reset(&req->lr_rtx,0,l2cap_rtx,req);
211 case L2CAP_REJ_INVALID_CID:
213 * Well, if they dont have such a channel then our channel is
214 * most likely closed. Make it so.
217 l2cap_request_free(req);
218 if (chan != NULL && chan->lc_state != L2CAP_CLOSED)
219 l2cap_close(chan, ECONNABORTED);
224 UNKNOWN(letoh16(cp.reason));
230 * Process Received Connect Request. Find listening channel matching
231 * psm & addr and ask upper layer for a new channel.
234 l2cap_recv_connect_req(struct mbuf *m, struct hci_link *link)
236 struct sockaddr_bt laddr, raddr;
237 struct l2cap_channel *chan, *new;
243 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
244 m_adj(m, sizeof(cmd));
246 /* extract request */
247 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
248 m_adj(m, sizeof(cp));
250 cp.scid = letoh16(cp.scid);
251 cp.psm = letoh16(cp.psm);
253 memset(&laddr, 0, sizeof(struct sockaddr_bt));
254 laddr.bt_len = sizeof(struct sockaddr_bt);
255 laddr.bt_family = AF_BLUETOOTH;
256 laddr.bt_psm = cp.psm;
257 bdaddr_copy(&laddr.bt_bdaddr, &link->hl_unit->hci_bdaddr);
259 memset(&raddr, 0, sizeof(struct sockaddr_bt));
260 raddr.bt_len = sizeof(struct sockaddr_bt);
261 raddr.bt_family = AF_BLUETOOTH;
262 raddr.bt_psm = cp.psm;
263 bdaddr_copy(&raddr.bt_bdaddr, &link->hl_bdaddr);
265 LIST_FOREACH(chan, &l2cap_listen_list, lc_ncid) {
266 if (chan->lc_laddr.bt_psm != laddr.bt_psm
267 && chan->lc_laddr.bt_psm != L2CAP_PSM_ANY)
270 if (!bdaddr_same(&laddr.bt_bdaddr, &chan->lc_laddr.bt_bdaddr)
271 && bdaddr_any(&chan->lc_laddr.bt_bdaddr) == 0)
274 new= (*chan->lc_proto->newconn)(chan->lc_upper, &laddr, &raddr);
278 err = l2cap_cid_alloc(new);
280 l2cap_send_connect_rsp(link, cmd.ident,
284 (*new->lc_proto->disconnected)(new->lc_upper, err);
288 new->lc_link = hci_acl_open(link->hl_unit, &link->hl_bdaddr);
289 KKASSERT(new->lc_link == link);
291 new->lc_rcid = cp.scid;
292 new->lc_ident = cmd.ident;
294 memcpy(&new->lc_laddr, &laddr, sizeof(struct sockaddr_bt));
295 memcpy(&new->lc_raddr, &raddr, sizeof(struct sockaddr_bt));
297 new->lc_mode = chan->lc_mode;
299 err = l2cap_setmode(new);
300 if (err == EINPROGRESS) {
301 new->lc_state = L2CAP_WAIT_SEND_CONNECT_RSP;
302 (*new->lc_proto->connecting)(new->lc_upper);
306 new->lc_state = L2CAP_CLOSED;
307 hci_acl_close(link, err);
310 l2cap_send_connect_rsp(link, cmd.ident,
314 (*new->lc_proto->disconnected)(new->lc_upper, err);
318 err = l2cap_send_connect_rsp(link, cmd.ident,
319 new->lc_lcid, new->lc_rcid,
322 l2cap_close(new, err);
326 new->lc_state = L2CAP_WAIT_CONFIG;
327 new->lc_flags |= (L2CAP_WAIT_CONFIG_REQ | L2CAP_WAIT_CONFIG_RSP);
328 err = l2cap_send_config_req(new);
330 l2cap_close(new, err);
335 l2cap_send_connect_rsp(link, cmd.ident,
337 L2CAP_PSM_NOT_SUPPORTED);
341 * Process Received Connect Response.
344 l2cap_recv_connect_rsp(struct mbuf *m, struct hci_link *link)
348 struct l2cap_req *req;
349 struct l2cap_channel *chan;
351 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
352 m_adj(m, sizeof(cmd));
354 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
355 m_adj(m, sizeof(cp));
357 cp.scid = letoh16(cp.scid);
358 cp.dcid = letoh16(cp.dcid);
359 cp.result = letoh16(cp.result);
361 req = l2cap_request_lookup(link, cmd.ident);
362 if (req == NULL || req->lr_code != L2CAP_CONNECT_REQ)
366 if (chan != NULL && chan->lc_lcid != cp.scid)
369 if (chan == NULL || chan->lc_state != L2CAP_WAIT_RECV_CONNECT_RSP) {
370 l2cap_request_free(req);
377 * Ok, at this point we have a connection to the other party. We
378 * could indicate upstream that we are ready for business and
379 * wait for a "Configure Channel Request" but I'm not so sure
380 * that is required in our case - we will proceed directly to
381 * sending our config request. We set two state bits because in
382 * the config state we are waiting for requests and responses.
384 l2cap_request_free(req);
385 chan->lc_rcid = cp.dcid;
386 chan->lc_state = L2CAP_WAIT_CONFIG;
387 chan->lc_flags |= (L2CAP_WAIT_CONFIG_REQ | L2CAP_WAIT_CONFIG_RSP);
388 l2cap_send_config_req(chan);
392 /* XXX dont release request, should start eRTX timeout? */
393 (*chan->lc_proto->connecting)(chan->lc_upper);
396 case L2CAP_PSM_NOT_SUPPORTED:
397 case L2CAP_SECURITY_BLOCK:
398 case L2CAP_NO_RESOURCES:
400 l2cap_request_free(req);
401 l2cap_close(chan, ECONNREFUSED);
407 * Process Received Config Request.
410 l2cap_recv_config_req(struct mbuf *m, struct hci_link *link)
412 uint8_t buf[L2CAP_MTU_MINIMUM];
416 l2cap_cfg_opt_val_t val;
418 struct l2cap_channel *chan;
421 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
422 m_adj(m, sizeof(cmd));
423 left = letoh16(cmd.length);
425 if (left < sizeof(cp))
428 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
429 m_adj(m, sizeof(cp));
432 cp.dcid = letoh16(cp.dcid);
433 cp.flags = letoh16(cp.flags);
435 chan = l2cap_cid_lookup(cp.dcid);
436 if (chan == NULL || chan->lc_link != link
437 || chan->lc_state != L2CAP_WAIT_CONFIG
438 || (chan->lc_flags & L2CAP_WAIT_CONFIG_REQ) == 0) {
439 /* XXX we should really accept reconfiguration requests */
440 l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_INVALID_CID,
441 L2CAP_NULL_CID, cp.dcid);
445 /* ready our response packet */
446 rp.scid = htole16(chan->lc_rcid);
447 rp.flags = 0; /* "No Continuation" */
448 rp.result = L2CAP_SUCCESS;
452 * Process the packet. We build the return packet on the fly adding any
453 * unacceptable parameters as we go. As we can only return one result,
454 * unknown option takes precedence so we start our return packet anew
455 * and ignore option values thereafter as they will be re-sent.
457 * Since we do not support enough options to make overflowing the min
458 * MTU size an issue in normal use, we just reject config requests that
459 * make that happen. This could be because options are repeated or the
460 * packet is corrupted in some way.
462 * If unknown option types threaten to overflow the packet, we just
463 * ignore them. We can deny them next time.
466 if (left < sizeof(opt))
469 m_copydata(m, 0, sizeof(opt), (caddr_t)&opt);
470 m_adj(m, sizeof(opt));
473 if (left < opt.length)
476 switch(opt.type & L2CAP_OPT_HINT_MASK) {
478 if (rp.result == L2CAP_UNKNOWN_OPTION)
481 if (opt.length != L2CAP_OPT_MTU_SIZE)
484 m_copydata(m, 0, L2CAP_OPT_MTU_SIZE, (caddr_t)&val);
485 val.mtu = letoh16(val.mtu);
488 * XXX how do we know what the minimum acceptable MTU is
489 * for a channel? Spec says some profiles have a higher
490 * minimum but I have no way to find that out at this
493 if (val.mtu < L2CAP_MTU_MINIMUM) {
494 if (len + sizeof(opt) + L2CAP_OPT_MTU_SIZE > sizeof(buf))
497 rp.result = L2CAP_UNACCEPTABLE_PARAMS;
498 memcpy(buf + len, &opt, sizeof(opt));
500 val.mtu = htole16(L2CAP_MTU_MINIMUM);
501 memcpy(buf + len, &val, L2CAP_OPT_MTU_SIZE);
502 len += L2CAP_OPT_MTU_SIZE;
504 chan->lc_omtu = val.mtu;
508 case L2CAP_OPT_FLUSH_TIMO:
509 if (rp.result == L2CAP_UNKNOWN_OPTION)
512 if (opt.length != L2CAP_OPT_FLUSH_TIMO_SIZE)
516 * I think that this is informational only - he is
517 * informing us of the flush timeout he will be using.
518 * I dont think this affects us in any significant way,
519 * so just ignore this value for now.
524 if (rp.result == L2CAP_UNKNOWN_OPTION)
527 if (opt.length != L2CAP_OPT_QOS_SIZE)
530 m_copydata(m, 0, L2CAP_OPT_QOS_SIZE, (caddr_t)&val);
531 if (val.qos.service_type == L2CAP_QOS_NO_TRAFFIC ||
532 val.qos.service_type == L2CAP_QOS_BEST_EFFORT)
534 * In accordance with the spec, we choose to
535 * ignore the fields an provide no response.
539 if (len + sizeof(opt) + L2CAP_OPT_QOS_SIZE > sizeof(buf))
542 if (val.qos.service_type != L2CAP_QOS_GUARANTEED) {
544 * Instead of sending an "unacceptable
545 * parameters" response, treat this as an
546 * unknown option and include the option
547 * value in the response.
549 rp.result = L2CAP_UNKNOWN_OPTION;
552 * According to the spec, we must return
553 * specific values for wild card parameters.
554 * I don't know what to return without lying,
555 * so return "unacceptable parameters" and
556 * specify the preferred service type as
559 rp.result = L2CAP_UNACCEPTABLE_PARAMS;
560 val.qos.service_type = L2CAP_QOS_BEST_EFFORT;
563 memcpy(buf + len, &opt, sizeof(opt));
565 memcpy(buf + len, &val, L2CAP_OPT_QOS_SIZE);
566 len += L2CAP_OPT_QOS_SIZE;
571 if (opt.type & L2CAP_OPT_HINT_BIT)
574 /* unknown options supersede all else */
575 if (rp.result != L2CAP_UNKNOWN_OPTION) {
576 rp.result = L2CAP_UNKNOWN_OPTION;
580 /* ignore if it doesn't fit */
581 if (len + sizeof(opt) > sizeof(buf))
584 /* return unknown option type, but no data */
585 buf[len++] = opt.type;
590 m_adj(m, opt.length);
594 rp.result = htole16(rp.result);
595 memcpy(buf, &rp, sizeof(rp));
596 l2cap_send_signal(link, L2CAP_CONFIG_RSP, cmd.ident, len, buf);
598 if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0
599 && rp.result == letoh16(L2CAP_SUCCESS)) {
601 chan->lc_flags &= ~L2CAP_WAIT_CONFIG_REQ;
603 if ((chan->lc_flags & L2CAP_WAIT_CONFIG_RSP) == 0) {
604 chan->lc_state = L2CAP_OPEN;
605 /* XXX how to distinguish REconfiguration? */
606 (*chan->lc_proto->connected)(chan->lc_upper);
612 l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_NOT_UNDERSTOOD);
618 * Process Received Config Response.
621 l2cap_recv_config_rsp(struct mbuf *m, struct hci_link *link)
626 l2cap_cfg_opt_val_t val;
627 struct l2cap_req *req;
628 struct l2cap_channel *chan;
631 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
632 m_adj(m, sizeof(cmd));
633 left = letoh16(cmd.length);
635 if (left < sizeof(cp))
638 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
639 m_adj(m, sizeof(cp));
642 cp.scid = letoh16(cp.scid);
643 cp.flags = letoh16(cp.flags);
644 cp.result = letoh16(cp.result);
646 req = l2cap_request_lookup(link, cmd.ident);
647 if (req == NULL || req->lr_code != L2CAP_CONFIG_REQ)
651 if (chan != NULL && chan->lc_lcid != cp.scid)
654 l2cap_request_free(req);
656 if (chan == NULL || chan->lc_state != L2CAP_WAIT_CONFIG
657 || (chan->lc_flags & L2CAP_WAIT_CONFIG_RSP) == 0)
660 if ((cp.flags & L2CAP_OPT_CFLAG_BIT)) {
664 * They have more to tell us and want another ID to
665 * use, so send an empty config request
667 if (l2cap_request_alloc(chan, L2CAP_CONFIG_REQ))
670 rp.dcid = htole16(cp.scid);
673 if (l2cap_send_signal(link, L2CAP_CONFIG_REQ, link->hl_lastid,
681 * If continuation flag was not set, our config request was
682 * accepted. We may have to wait for their config request to
683 * complete, so check that but otherwise we are open
685 * There may be 'advisory' values in the packet but we just
688 if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0) {
689 chan->lc_flags &= ~L2CAP_WAIT_CONFIG_RSP;
691 if ((chan->lc_flags & L2CAP_WAIT_CONFIG_REQ) == 0) {
692 chan->lc_state = L2CAP_OPEN;
693 /* XXX how to distinguish REconfiguration? */
694 (*chan->lc_proto->connected)(chan->lc_upper);
699 case L2CAP_UNACCEPTABLE_PARAMS:
701 * Packet contains unacceptable parameters with preferred values
704 if (left < sizeof(opt))
707 m_copydata(m, 0, sizeof(opt), (caddr_t)&opt);
708 m_adj(m, sizeof(opt));
711 if (left < opt.length)
716 if (opt.length != L2CAP_OPT_MTU_SIZE)
719 m_copydata(m, 0, L2CAP_OPT_MTU_SIZE, (caddr_t)&val);
720 chan->lc_imtu = letoh16(val.mtu);
721 if (chan->lc_imtu < L2CAP_MTU_MINIMUM)
722 chan->lc_imtu = L2CAP_MTU_DEFAULT;
725 case L2CAP_OPT_FLUSH_TIMO:
726 if (opt.length != L2CAP_OPT_FLUSH_TIMO_SIZE)
730 * Spec says: If we cannot honor proposed value,
731 * either disconnect or try again with original
732 * value. I can't really see why they want to
733 * interfere with OUR flush timeout in any case
734 * so we just punt for now.
746 m_adj(m, opt.length);
750 if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0)
751 l2cap_send_config_req(chan); /* no state change */
758 case L2CAP_UNKNOWN_OPTION:
760 * Packet contains options not understood. Turn off unknown
761 * options by setting them to default values (means they will
762 * not be requested again).
764 * If our option was already off then fail (paranoia?)
766 * XXX Should we consider that options were set for a reason?
769 if (left < sizeof(opt))
772 m_copydata(m, 0, sizeof(opt), (caddr_t)&opt);
773 m_adj(m, sizeof(opt));
776 if (left < opt.length)
779 m_adj(m, opt.length);
784 if (chan->lc_imtu == L2CAP_MTU_DEFAULT)
787 chan->lc_imtu = L2CAP_MTU_DEFAULT;
790 case L2CAP_OPT_FLUSH_TIMO:
791 if (chan->lc_flush == L2CAP_FLUSH_TIMO_DEFAULT)
794 chan->lc_flush = L2CAP_FLUSH_TIMO_DEFAULT;
806 if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0)
807 l2cap_send_config_req(chan); /* no state change */
816 DPRINTF("how did I get here!?\n");
819 l2cap_send_disconnect_req(chan);
820 l2cap_close(chan, ECONNABORTED);
827 * Process Received Disconnect Request. We must validate scid and dcid
828 * just in case but otherwise this connection is finished.
831 l2cap_recv_disconnect_req(struct mbuf *m, struct hci_link *link)
834 l2cap_discon_req_cp cp;
835 l2cap_discon_rsp_cp rp;
836 struct l2cap_channel *chan;
838 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
839 m_adj(m, sizeof(cmd));
841 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
842 m_adj(m, sizeof(cp));
844 cp.scid = letoh16(cp.scid);
845 cp.dcid = letoh16(cp.dcid);
847 chan = l2cap_cid_lookup(cp.dcid);
848 if (chan == NULL || chan->lc_link != link || chan->lc_rcid != cp.scid) {
849 l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_INVALID_CID,
854 rp.dcid = htole16(chan->lc_lcid);
855 rp.scid = htole16(chan->lc_rcid);
856 l2cap_send_signal(link, L2CAP_DISCONNECT_RSP, cmd.ident,
859 if (chan->lc_state != L2CAP_CLOSED)
860 l2cap_close(chan, ECONNRESET);
864 * Process Received Disconnect Response. We must validate scid and dcid but
865 * unless we were waiting for this signal, ignore it.
868 l2cap_recv_disconnect_rsp(struct mbuf *m, struct hci_link *link)
871 l2cap_discon_rsp_cp cp;
872 struct l2cap_req *req;
873 struct l2cap_channel *chan;
875 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
876 m_adj(m, sizeof(cmd));
878 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
879 m_adj(m, sizeof(cp));
881 cp.scid = letoh16(cp.scid);
882 cp.dcid = letoh16(cp.dcid);
884 req = l2cap_request_lookup(link, cmd.ident);
885 if (req == NULL || req->lr_code != L2CAP_DISCONNECT_REQ)
890 || chan->lc_lcid != cp.scid
891 || chan->lc_rcid != cp.dcid)
894 l2cap_request_free(req);
896 if (chan->lc_state != L2CAP_WAIT_DISCONNECT)
899 l2cap_close(chan, 0);
903 * Process Received Info Request. We must respond but alas dont
904 * support anything as yet so thats easy.
907 l2cap_recv_info_req(struct mbuf *m, struct hci_link *link)
910 l2cap_info_req_cp cp;
911 l2cap_info_rsp_cp rp;
913 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
914 m_adj(m, sizeof(cmd));
916 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
917 m_adj(m, sizeof(cp));
919 switch(letoh16(cp.type)) {
920 case L2CAP_CONNLESS_MTU:
921 case L2CAP_EXTENDED_FEATURES:
924 rp.result = htole16(L2CAP_NOT_SUPPORTED);
926 l2cap_send_signal(link, L2CAP_INFO_RSP, cmd.ident,
933 * Construct signal and wrap in C-Frame for link.
936 l2cap_send_signal(struct hci_link *link, uint8_t code, uint8_t ident,
937 uint16_t length, void *data)
941 l2cap_cmd_hdr_t *cmd;
947 if (sizeof(l2cap_cmd_hdr_t) + length > link->hl_mtu)
948 kprintf("(%s) exceeding L2CAP Signal MTU for link!\n",
949 device_get_nameunit(link->hl_unit->hci_dev));
952 m = m_gethdr(M_NOWAIT, MT_DATA);
956 hdr = mtod(m, l2cap_hdr_t *);
957 cmd = (l2cap_cmd_hdr_t *)(hdr + 1);
959 m->m_len = m->m_pkthdr.len = MHLEN;
963 m_copyback(m, sizeof(*hdr) + sizeof(*cmd), length, data);
968 cmd->length = htole16(length);
969 length += sizeof(*cmd);
972 hdr->length = htole16(length);
973 hdr->dcid = htole16(L2CAP_SIGNAL_CID);
974 length += sizeof(*hdr);
976 if (m->m_pkthdr.len != MAX(MHLEN, length)) {
981 m->m_pkthdr.len = length;
982 m->m_len = MIN(length, MHLEN);
984 DPRINTFN(2, "(%s) code %d, ident %d, len %d\n",
985 device_get_nameunit(link->hl_unit->hci_dev), code, ident,
988 return hci_acl_send(m, link, NULL);
992 * Send Command Reject packet.
995 l2cap_send_command_rej(struct hci_link *link, uint8_t ident,
996 uint16_t reason, ...)
1002 __va_start(ap, reason);
1004 cp.reason = htole16(reason);
1007 case L2CAP_REJ_NOT_UNDERSTOOD:
1011 case L2CAP_REJ_MTU_EXCEEDED:
1013 cp.data[0] = __va_arg(ap, int); /* SigMTU */
1014 cp.data[0] = htole16(cp.data[0]);
1017 case L2CAP_REJ_INVALID_CID:
1019 cp.data[0] = __va_arg(ap, int); /* dcid */
1020 cp.data[0] = htole16(cp.data[0]);
1021 cp.data[1] = __va_arg(ap, int); /* scid */
1022 cp.data[1] = htole16(cp.data[1]);
1032 return l2cap_send_signal(link, L2CAP_COMMAND_REJ, ident, len, &cp);
1036 * Send Connect Request
1039 l2cap_send_connect_req(struct l2cap_channel *chan)
1041 l2cap_con_req_cp cp;
1044 err = l2cap_request_alloc(chan, L2CAP_CONNECT_REQ);
1048 cp.psm = htole16(chan->lc_raddr.bt_psm);
1049 cp.scid = htole16(chan->lc_lcid);
1051 return l2cap_send_signal(chan->lc_link, L2CAP_CONNECT_REQ,
1052 chan->lc_link->hl_lastid, sizeof(cp), &cp);
1056 * Send Config Request
1058 * For outgoing config request, we only put options in the packet if they
1059 * differ from the default and would have to be actioned. We dont support
1060 * enough option types to make overflowing SigMTU an issue so it can all
1064 l2cap_send_config_req(struct l2cap_channel *chan)
1066 l2cap_cfg_req_cp *cp;
1067 l2cap_cfg_opt_t *opt;
1068 l2cap_cfg_opt_val_t *val;
1069 uint8_t *next, buf[L2CAP_MTU_MINIMUM];
1072 err = l2cap_request_alloc(chan, L2CAP_CONFIG_REQ);
1076 /* Config Header (4 octets) */
1077 cp = (l2cap_cfg_req_cp *)buf;
1078 cp->dcid = htole16(chan->lc_rcid);
1079 cp->flags = 0; /* "No Continuation" */
1081 next = buf + sizeof(l2cap_cfg_req_cp);
1083 /* Incoming MTU (4 octets) */
1084 if (chan->lc_imtu != L2CAP_MTU_DEFAULT) {
1085 opt = (l2cap_cfg_opt_t *)next;
1086 opt->type = L2CAP_OPT_MTU;
1087 opt->length = L2CAP_OPT_MTU_SIZE;
1089 val = (l2cap_cfg_opt_val_t *)(opt + 1);
1090 val->mtu = htole16(chan->lc_imtu);
1092 next += sizeof(l2cap_cfg_opt_t) + L2CAP_OPT_MTU_SIZE;
1095 /* Flush Timeout (4 octets) */
1096 if (chan->lc_flush != L2CAP_FLUSH_TIMO_DEFAULT) {
1097 opt = (l2cap_cfg_opt_t *)next;
1098 opt->type = L2CAP_OPT_FLUSH_TIMO;
1099 opt->length = L2CAP_OPT_FLUSH_TIMO_SIZE;
1101 val = (l2cap_cfg_opt_val_t *)(opt + 1);
1102 val->flush_timo = htole16(chan->lc_flush);
1104 next += sizeof(l2cap_cfg_opt_t) + L2CAP_OPT_FLUSH_TIMO_SIZE;
1107 /* Outgoing QoS Flow (24 octets) */
1108 /* Retransmission & Flow Control (11 octets) */
1110 * From here we need to start paying attention to SigMTU as we have
1111 * possibly overflowed the minimum supported..
1114 return l2cap_send_signal(chan->lc_link, L2CAP_CONFIG_REQ,
1115 chan->lc_link->hl_lastid, (int)(next - buf), buf);
1119 * Send Disconnect Request
1122 l2cap_send_disconnect_req(struct l2cap_channel *chan)
1124 l2cap_discon_req_cp cp;
1127 err = l2cap_request_alloc(chan, L2CAP_DISCONNECT_REQ);
1131 cp.dcid = htole16(chan->lc_rcid);
1132 cp.scid = htole16(chan->lc_lcid);
1134 return l2cap_send_signal(chan->lc_link, L2CAP_DISCONNECT_REQ,
1135 chan->lc_link->hl_lastid, sizeof(cp), &cp);
1139 * Send Connect Response
1142 l2cap_send_connect_rsp(struct hci_link *link, uint8_t ident, uint16_t dcid,
1143 uint16_t scid, uint16_t result)
1145 l2cap_con_rsp_cp cp;
1147 memset(&cp, 0, sizeof(cp));
1148 cp.dcid = htole16(dcid);
1149 cp.scid = htole16(scid);
1150 cp.result = htole16(result);
1152 return l2cap_send_signal(link, L2CAP_CONNECT_RSP, ident, sizeof(cp), &cp);