1 /* $DragonFly: src/sys/netbt/l2cap_signal.c,v 1.2 2008/03/18 13:41:42 hasso Exp $ */
2 /* $OpenBSD: src/sys/netbt/l2cap_signal.c,v 1.3 2008/02/24 21:34:48 uwe Exp $ */
3 /* $NetBSD: l2cap_signal.c,v 1.9 2007/11/10 23:12:23 plunky Exp $ */
6 * Copyright (c) 2005 Iain Hibbert.
7 * Copyright (c) 2006 Itronix Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. The name of Itronix Inc. may not be used to endorse
19 * or promote products derived from this software without specific
20 * prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
25 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
26 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
29 * ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGE.
37 #include <sys/param.h>
38 #include <sys/kernel.h>
41 #include <sys/queue.h>
42 #include <sys/systm.h>
43 #include <sys/endian.h>
45 #include <netbt/bluetooth.h>
46 #include <netbt/hci.h>
47 #include <netbt/l2cap.h>
49 /*******************************************************************************
51 * L2CAP Signal processing
54 static void l2cap_recv_command_rej(struct mbuf *, struct hci_link *);
55 static void l2cap_recv_connect_req(struct mbuf *, struct hci_link *);
56 static void l2cap_recv_connect_rsp(struct mbuf *, struct hci_link *);
57 static void l2cap_recv_config_req(struct mbuf *, struct hci_link *);
58 static void l2cap_recv_config_rsp(struct mbuf *, struct hci_link *);
59 static void l2cap_recv_disconnect_req(struct mbuf *, struct hci_link *);
60 static void l2cap_recv_disconnect_rsp(struct mbuf *, struct hci_link *);
61 static void l2cap_recv_info_req(struct mbuf *, struct hci_link *);
62 static int l2cap_send_signal(struct hci_link *, uint8_t, uint8_t, uint16_t, void *);
63 static int l2cap_send_command_rej(struct hci_link *, uint8_t, uint16_t, ...);
66 * process incoming signal packets (CID 0x0001). Can contain multiple
70 l2cap_recv_signal(struct mbuf *m, struct hci_link *link)
75 if (m->m_pkthdr.len == 0)
78 if (m->m_pkthdr.len < sizeof(cmd))
81 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
82 cmd.length = letoh16(cmd.length);
84 if (m->m_pkthdr.len < sizeof(cmd) + cmd.length)
87 DPRINTFN(2, "(%s) code %d, ident %d, len %d\n",
88 device_get_nameunit(link->hl_unit->hci_dev),
89 cmd.code, cmd.ident, cmd.length);
92 case L2CAP_COMMAND_REJ:
93 if (cmd.length > sizeof(l2cap_cmd_rej_cp))
96 l2cap_recv_command_rej(m, link);
99 case L2CAP_CONNECT_REQ:
100 if (cmd.length != sizeof(l2cap_con_req_cp))
103 l2cap_recv_connect_req(m, link);
106 case L2CAP_CONNECT_RSP:
107 if (cmd.length != sizeof(l2cap_con_rsp_cp))
110 l2cap_recv_connect_rsp(m, link);
113 case L2CAP_CONFIG_REQ:
114 l2cap_recv_config_req(m, link);
117 case L2CAP_CONFIG_RSP:
118 l2cap_recv_config_rsp(m, link);
121 case L2CAP_DISCONNECT_REQ:
122 if (cmd.length != sizeof(l2cap_discon_req_cp))
125 l2cap_recv_disconnect_req(m, link);
128 case L2CAP_DISCONNECT_RSP:
129 if (cmd.length != sizeof(l2cap_discon_rsp_cp))
132 l2cap_recv_disconnect_rsp(m, link);
136 m_adj(m, sizeof(cmd) + cmd.length);
137 l2cap_send_signal(link, L2CAP_ECHO_RSP, cmd.ident,
142 m_adj(m, sizeof(cmd) + cmd.length);
146 if (cmd.length != sizeof(l2cap_info_req_cp))
149 l2cap_recv_info_req(m, link);
153 m_adj(m, sizeof(cmd) + cmd.length);
162 panic("impossible!");
166 l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_NOT_UNDERSTOOD);
172 * Process Received Command Reject. For now we dont try to recover gracefully
173 * from this, it probably means that the link is garbled or the other end is
174 * insufficiently capable of handling normal traffic. (not *my* fault, no way!)
177 l2cap_recv_command_rej(struct mbuf *m, struct hci_link *link)
179 struct l2cap_req *req;
180 struct l2cap_channel *chan;
184 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
185 m_adj(m, sizeof(cmd));
187 cmd.length = letoh16(cmd.length);
189 m_copydata(m, 0, cmd.length, (caddr_t)&cp);
190 m_adj(m, cmd.length);
192 req = l2cap_request_lookup(link, cmd.ident);
196 switch (letoh16(cp.reason)) {
197 case L2CAP_REJ_NOT_UNDERSTOOD:
199 * I dont know what to do, just move up the timeout
201 callout_reset(&req->lr_rtx,0,l2cap_rtx,req);
204 case L2CAP_REJ_MTU_EXCEEDED:
206 * I didnt send any commands over L2CAP_MTU_MINIMUM size, but..
208 * XXX maybe we should resend this, instead?
210 link->hl_mtu = letoh16(cp.data[0]);
211 callout_reset(&req->lr_rtx,0,l2cap_rtx,req);
214 case L2CAP_REJ_INVALID_CID:
216 * Well, if they dont have such a channel then our channel is
217 * most likely closed. Make it so.
220 l2cap_request_free(req);
221 if (chan != NULL && chan->lc_state != L2CAP_CLOSED)
222 l2cap_close(chan, ECONNABORTED);
227 UNKNOWN(letoh16(cp.reason));
233 * Process Received Connect Request. Find listening channel matching
234 * psm & addr and ask upper layer for a new channel.
237 l2cap_recv_connect_req(struct mbuf *m, struct hci_link *link)
239 struct sockaddr_bt laddr, raddr;
240 struct l2cap_channel *chan, *new;
246 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
247 m_adj(m, sizeof(cmd));
249 /* extract request */
250 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
251 m_adj(m, sizeof(cp));
253 cp.scid = letoh16(cp.scid);
254 cp.psm = letoh16(cp.psm);
256 memset(&laddr, 0, sizeof(struct sockaddr_bt));
257 laddr.bt_len = sizeof(struct sockaddr_bt);
258 laddr.bt_family = AF_BLUETOOTH;
259 laddr.bt_psm = cp.psm;
260 bdaddr_copy(&laddr.bt_bdaddr, &link->hl_unit->hci_bdaddr);
262 memset(&raddr, 0, sizeof(struct sockaddr_bt));
263 raddr.bt_len = sizeof(struct sockaddr_bt);
264 raddr.bt_family = AF_BLUETOOTH;
265 raddr.bt_psm = cp.psm;
266 bdaddr_copy(&raddr.bt_bdaddr, &link->hl_bdaddr);
268 LIST_FOREACH(chan, &l2cap_listen_list, lc_ncid) {
269 if (chan->lc_laddr.bt_psm != laddr.bt_psm
270 && chan->lc_laddr.bt_psm != L2CAP_PSM_ANY)
273 if (!bdaddr_same(&laddr.bt_bdaddr, &chan->lc_laddr.bt_bdaddr)
274 && bdaddr_any(&chan->lc_laddr.bt_bdaddr) == 0)
277 new= (*chan->lc_proto->newconn)(chan->lc_upper, &laddr, &raddr);
281 err = l2cap_cid_alloc(new);
283 l2cap_send_connect_rsp(link, cmd.ident,
287 (*new->lc_proto->disconnected)(new->lc_upper, err);
291 new->lc_link = hci_acl_open(link->hl_unit, &link->hl_bdaddr);
292 KKASSERT(new->lc_link == link);
294 new->lc_rcid = cp.scid;
295 new->lc_ident = cmd.ident;
297 memcpy(&new->lc_laddr, &laddr, sizeof(struct sockaddr_bt));
298 memcpy(&new->lc_raddr, &raddr, sizeof(struct sockaddr_bt));
300 new->lc_mode = chan->lc_mode;
302 err = l2cap_setmode(new);
303 if (err == EINPROGRESS) {
304 new->lc_state = L2CAP_WAIT_SEND_CONNECT_RSP;
305 (*new->lc_proto->connecting)(new->lc_upper);
309 new->lc_state = L2CAP_CLOSED;
310 hci_acl_close(link, err);
313 l2cap_send_connect_rsp(link, cmd.ident,
317 (*new->lc_proto->disconnected)(new->lc_upper, err);
321 err = l2cap_send_connect_rsp(link, cmd.ident,
322 new->lc_lcid, new->lc_rcid,
325 l2cap_close(new, err);
329 new->lc_state = L2CAP_WAIT_CONFIG;
330 new->lc_flags |= (L2CAP_WAIT_CONFIG_REQ | L2CAP_WAIT_CONFIG_RSP);
331 err = l2cap_send_config_req(new);
333 l2cap_close(new, err);
338 l2cap_send_connect_rsp(link, cmd.ident,
340 L2CAP_PSM_NOT_SUPPORTED);
344 * Process Received Connect Response.
347 l2cap_recv_connect_rsp(struct mbuf *m, struct hci_link *link)
351 struct l2cap_req *req;
352 struct l2cap_channel *chan;
354 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
355 m_adj(m, sizeof(cmd));
357 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
358 m_adj(m, sizeof(cp));
360 cp.scid = letoh16(cp.scid);
361 cp.dcid = letoh16(cp.dcid);
362 cp.result = letoh16(cp.result);
364 req = l2cap_request_lookup(link, cmd.ident);
365 if (req == NULL || req->lr_code != L2CAP_CONNECT_REQ)
369 if (chan != NULL && chan->lc_lcid != cp.scid)
372 if (chan == NULL || chan->lc_state != L2CAP_WAIT_RECV_CONNECT_RSP) {
373 l2cap_request_free(req);
380 * Ok, at this point we have a connection to the other party. We
381 * could indicate upstream that we are ready for business and
382 * wait for a "Configure Channel Request" but I'm not so sure
383 * that is required in our case - we will proceed directly to
384 * sending our config request. We set two state bits because in
385 * the config state we are waiting for requests and responses.
387 l2cap_request_free(req);
388 chan->lc_rcid = cp.dcid;
389 chan->lc_state = L2CAP_WAIT_CONFIG;
390 chan->lc_flags |= (L2CAP_WAIT_CONFIG_REQ | L2CAP_WAIT_CONFIG_RSP);
391 l2cap_send_config_req(chan);
395 /* XXX dont release request, should start eRTX timeout? */
396 (*chan->lc_proto->connecting)(chan->lc_upper);
399 case L2CAP_PSM_NOT_SUPPORTED:
400 case L2CAP_SECURITY_BLOCK:
401 case L2CAP_NO_RESOURCES:
403 l2cap_request_free(req);
404 l2cap_close(chan, ECONNREFUSED);
410 * Process Received Config Request.
413 l2cap_recv_config_req(struct mbuf *m, struct hci_link *link)
415 uint8_t buf[L2CAP_MTU_MINIMUM];
419 l2cap_cfg_opt_val_t val;
421 struct l2cap_channel *chan;
424 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
425 m_adj(m, sizeof(cmd));
426 left = letoh16(cmd.length);
428 if (left < sizeof(cp))
431 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
432 m_adj(m, sizeof(cp));
435 cp.dcid = letoh16(cp.dcid);
436 cp.flags = letoh16(cp.flags);
438 chan = l2cap_cid_lookup(cp.dcid);
439 if (chan == NULL || chan->lc_link != link
440 || chan->lc_state != L2CAP_WAIT_CONFIG
441 || (chan->lc_flags & L2CAP_WAIT_CONFIG_REQ) == 0) {
442 /* XXX we should really accept reconfiguration requests */
443 l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_INVALID_CID,
444 L2CAP_NULL_CID, cp.dcid);
448 /* ready our response packet */
449 rp.scid = htole16(chan->lc_rcid);
450 rp.flags = 0; /* "No Continuation" */
451 rp.result = L2CAP_SUCCESS;
455 * Process the packet. We build the return packet on the fly adding any
456 * unacceptable parameters as we go. As we can only return one result,
457 * unknown option takes precedence so we start our return packet anew
458 * and ignore option values thereafter as they will be re-sent.
460 * Since we do not support enough options to make overflowing the min
461 * MTU size an issue in normal use, we just reject config requests that
462 * make that happen. This could be because options are repeated or the
463 * packet is corrupted in some way.
465 * If unknown option types threaten to overflow the packet, we just
466 * ignore them. We can deny them next time.
469 if (left < sizeof(opt))
472 m_copydata(m, 0, sizeof(opt), (caddr_t)&opt);
473 m_adj(m, sizeof(opt));
476 if (left < opt.length)
479 switch(opt.type & L2CAP_OPT_HINT_MASK) {
481 if (rp.result == L2CAP_UNKNOWN_OPTION)
484 if (opt.length != L2CAP_OPT_MTU_SIZE)
487 m_copydata(m, 0, L2CAP_OPT_MTU_SIZE, (caddr_t)&val);
488 val.mtu = letoh16(val.mtu);
491 * XXX how do we know what the minimum acceptable MTU is
492 * for a channel? Spec says some profiles have a higher
493 * minimum but I have no way to find that out at this
496 if (val.mtu < L2CAP_MTU_MINIMUM) {
497 if (len + sizeof(opt) + L2CAP_OPT_MTU_SIZE > sizeof(buf))
500 rp.result = L2CAP_UNACCEPTABLE_PARAMS;
501 memcpy(buf + len, &opt, sizeof(opt));
503 val.mtu = htole16(L2CAP_MTU_MINIMUM);
504 memcpy(buf + len, &val, L2CAP_OPT_MTU_SIZE);
505 len += L2CAP_OPT_MTU_SIZE;
507 chan->lc_omtu = val.mtu;
511 case L2CAP_OPT_FLUSH_TIMO:
512 if (rp.result == L2CAP_UNKNOWN_OPTION)
515 if (opt.length != L2CAP_OPT_FLUSH_TIMO_SIZE)
519 * I think that this is informational only - he is
520 * informing us of the flush timeout he will be using.
521 * I dont think this affects us in any significant way,
522 * so just ignore this value for now.
527 if (rp.result == L2CAP_UNKNOWN_OPTION)
530 if (opt.length != L2CAP_OPT_QOS_SIZE)
533 m_copydata(m, 0, L2CAP_OPT_QOS_SIZE, (caddr_t)&val);
534 if (val.qos.service_type == L2CAP_QOS_NO_TRAFFIC ||
535 val.qos.service_type == L2CAP_QOS_BEST_EFFORT)
537 * In accordance with the spec, we choose to
538 * ignore the fields an provide no response.
542 if (len + sizeof(opt) + L2CAP_OPT_QOS_SIZE > sizeof(buf))
545 if (val.qos.service_type != L2CAP_QOS_GUARANTEED) {
547 * Instead of sending an "unacceptable
548 * parameters" response, treat this as an
549 * unknown option and include the option
550 * value in the response.
552 rp.result = L2CAP_UNKNOWN_OPTION;
555 * According to the spec, we must return
556 * specific values for wild card parameters.
557 * I don't know what to return without lying,
558 * so return "unacceptable parameters" and
559 * specify the preferred service type as
562 rp.result = L2CAP_UNACCEPTABLE_PARAMS;
563 val.qos.service_type = L2CAP_QOS_BEST_EFFORT;
566 memcpy(buf + len, &opt, sizeof(opt));
568 memcpy(buf + len, &val, L2CAP_OPT_QOS_SIZE);
569 len += L2CAP_OPT_QOS_SIZE;
574 if (opt.type & L2CAP_OPT_HINT_BIT)
577 /* unknown options supersede all else */
578 if (rp.result != L2CAP_UNKNOWN_OPTION) {
579 rp.result = L2CAP_UNKNOWN_OPTION;
583 /* ignore if it doesn't fit */
584 if (len + sizeof(opt) > sizeof(buf))
587 /* return unknown option type, but no data */
588 buf[len++] = opt.type;
593 m_adj(m, opt.length);
597 rp.result = htole16(rp.result);
598 memcpy(buf, &rp, sizeof(rp));
599 l2cap_send_signal(link, L2CAP_CONFIG_RSP, cmd.ident, len, buf);
601 if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0
602 && rp.result == letoh16(L2CAP_SUCCESS)) {
604 chan->lc_flags &= ~L2CAP_WAIT_CONFIG_REQ;
606 if ((chan->lc_flags & L2CAP_WAIT_CONFIG_RSP) == 0) {
607 chan->lc_state = L2CAP_OPEN;
608 /* XXX how to distinguish REconfiguration? */
609 (*chan->lc_proto->connected)(chan->lc_upper);
615 l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_NOT_UNDERSTOOD);
621 * Process Received Config Response.
624 l2cap_recv_config_rsp(struct mbuf *m, struct hci_link *link)
629 l2cap_cfg_opt_val_t val;
630 struct l2cap_req *req;
631 struct l2cap_channel *chan;
634 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
635 m_adj(m, sizeof(cmd));
636 left = letoh16(cmd.length);
638 if (left < sizeof(cp))
641 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
642 m_adj(m, sizeof(cp));
645 cp.scid = letoh16(cp.scid);
646 cp.flags = letoh16(cp.flags);
647 cp.result = letoh16(cp.result);
649 req = l2cap_request_lookup(link, cmd.ident);
650 if (req == NULL || req->lr_code != L2CAP_CONFIG_REQ)
654 if (chan != NULL && chan->lc_lcid != cp.scid)
657 l2cap_request_free(req);
659 if (chan == NULL || chan->lc_state != L2CAP_WAIT_CONFIG
660 || (chan->lc_flags & L2CAP_WAIT_CONFIG_RSP) == 0)
663 if ((cp.flags & L2CAP_OPT_CFLAG_BIT)) {
667 * They have more to tell us and want another ID to
668 * use, so send an empty config request
670 if (l2cap_request_alloc(chan, L2CAP_CONFIG_REQ))
673 rp.dcid = htole16(cp.scid);
676 if (l2cap_send_signal(link, L2CAP_CONFIG_REQ, link->hl_lastid,
684 * If continuation flag was not set, our config request was
685 * accepted. We may have to wait for their config request to
686 * complete, so check that but otherwise we are open
688 * There may be 'advisory' values in the packet but we just
691 if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0) {
692 chan->lc_flags &= ~L2CAP_WAIT_CONFIG_RSP;
694 if ((chan->lc_flags & L2CAP_WAIT_CONFIG_REQ) == 0) {
695 chan->lc_state = L2CAP_OPEN;
696 /* XXX how to distinguish REconfiguration? */
697 (*chan->lc_proto->connected)(chan->lc_upper);
702 case L2CAP_UNACCEPTABLE_PARAMS:
704 * Packet contains unacceptable parameters with preferred values
707 if (left < sizeof(opt))
710 m_copydata(m, 0, sizeof(opt), (caddr_t)&opt);
711 m_adj(m, sizeof(opt));
714 if (left < opt.length)
719 if (opt.length != L2CAP_OPT_MTU_SIZE)
722 m_copydata(m, 0, L2CAP_OPT_MTU_SIZE, (caddr_t)&val);
723 chan->lc_imtu = letoh16(val.mtu);
724 if (chan->lc_imtu < L2CAP_MTU_MINIMUM)
725 chan->lc_imtu = L2CAP_MTU_DEFAULT;
728 case L2CAP_OPT_FLUSH_TIMO:
729 if (opt.length != L2CAP_OPT_FLUSH_TIMO_SIZE)
733 * Spec says: If we cannot honor proposed value,
734 * either disconnect or try again with original
735 * value. I can't really see why they want to
736 * interfere with OUR flush timeout in any case
737 * so we just punt for now.
749 m_adj(m, opt.length);
753 if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0)
754 l2cap_send_config_req(chan); /* no state change */
761 case L2CAP_UNKNOWN_OPTION:
763 * Packet contains options not understood. Turn off unknown
764 * options by setting them to default values (means they will
765 * not be requested again).
767 * If our option was already off then fail (paranoia?)
769 * XXX Should we consider that options were set for a reason?
772 if (left < sizeof(opt))
775 m_copydata(m, 0, sizeof(opt), (caddr_t)&opt);
776 m_adj(m, sizeof(opt));
779 if (left < opt.length)
782 m_adj(m, opt.length);
787 if (chan->lc_imtu == L2CAP_MTU_DEFAULT)
790 chan->lc_imtu = L2CAP_MTU_DEFAULT;
793 case L2CAP_OPT_FLUSH_TIMO:
794 if (chan->lc_flush == L2CAP_FLUSH_TIMO_DEFAULT)
797 chan->lc_flush = L2CAP_FLUSH_TIMO_DEFAULT;
809 if ((cp.flags & L2CAP_OPT_CFLAG_BIT) == 0)
810 l2cap_send_config_req(chan); /* no state change */
819 DPRINTF("how did I get here!?\n");
822 l2cap_send_disconnect_req(chan);
823 l2cap_close(chan, ECONNABORTED);
830 * Process Received Disconnect Request. We must validate scid and dcid
831 * just in case but otherwise this connection is finished.
834 l2cap_recv_disconnect_req(struct mbuf *m, struct hci_link *link)
837 l2cap_discon_req_cp cp;
838 l2cap_discon_rsp_cp rp;
839 struct l2cap_channel *chan;
841 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
842 m_adj(m, sizeof(cmd));
844 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
845 m_adj(m, sizeof(cp));
847 cp.scid = letoh16(cp.scid);
848 cp.dcid = letoh16(cp.dcid);
850 chan = l2cap_cid_lookup(cp.dcid);
851 if (chan == NULL || chan->lc_link != link || chan->lc_rcid != cp.scid) {
852 l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_INVALID_CID,
857 rp.dcid = htole16(chan->lc_lcid);
858 rp.scid = htole16(chan->lc_rcid);
859 l2cap_send_signal(link, L2CAP_DISCONNECT_RSP, cmd.ident,
862 if (chan->lc_state != L2CAP_CLOSED)
863 l2cap_close(chan, ECONNRESET);
867 * Process Received Disconnect Response. We must validate scid and dcid but
868 * unless we were waiting for this signal, ignore it.
871 l2cap_recv_disconnect_rsp(struct mbuf *m, struct hci_link *link)
874 l2cap_discon_rsp_cp cp;
875 struct l2cap_req *req;
876 struct l2cap_channel *chan;
878 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
879 m_adj(m, sizeof(cmd));
881 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
882 m_adj(m, sizeof(cp));
884 cp.scid = letoh16(cp.scid);
885 cp.dcid = letoh16(cp.dcid);
887 req = l2cap_request_lookup(link, cmd.ident);
888 if (req == NULL || req->lr_code != L2CAP_DISCONNECT_REQ)
893 || chan->lc_lcid != cp.scid
894 || chan->lc_rcid != cp.dcid)
897 l2cap_request_free(req);
899 if (chan->lc_state != L2CAP_WAIT_DISCONNECT)
902 l2cap_close(chan, 0);
906 * Process Received Info Request. We must respond but alas dont
907 * support anything as yet so thats easy.
910 l2cap_recv_info_req(struct mbuf *m, struct hci_link *link)
913 l2cap_info_req_cp cp;
914 l2cap_info_rsp_cp rp;
916 m_copydata(m, 0, sizeof(cmd), (caddr_t)&cmd);
917 m_adj(m, sizeof(cmd));
919 m_copydata(m, 0, sizeof(cp), (caddr_t)&cp);
920 m_adj(m, sizeof(cp));
922 switch(letoh16(cp.type)) {
923 case L2CAP_CONNLESS_MTU:
924 case L2CAP_EXTENDED_FEATURES:
927 rp.result = htole16(L2CAP_NOT_SUPPORTED);
929 l2cap_send_signal(link, L2CAP_INFO_RSP, cmd.ident,
936 * Construct signal and wrap in C-Frame for link.
939 l2cap_send_signal(struct hci_link *link, uint8_t code, uint8_t ident,
940 uint16_t length, void *data)
944 l2cap_cmd_hdr_t *cmd;
950 if (sizeof(l2cap_cmd_hdr_t) + length > link->hl_mtu)
951 kprintf("(%s) exceeding L2CAP Signal MTU for link!\n",
952 device_get_nameunit(link->hl_unit->hci_dev));
955 m = m_gethdr(MB_DONTWAIT, MT_DATA);
959 hdr = mtod(m, l2cap_hdr_t *);
960 cmd = (l2cap_cmd_hdr_t *)(hdr + 1);
962 m->m_len = m->m_pkthdr.len = MHLEN;
966 m_copyback(m, sizeof(*hdr) + sizeof(*cmd), length, data);
971 cmd->length = htole16(length);
972 length += sizeof(*cmd);
975 hdr->length = htole16(length);
976 hdr->dcid = htole16(L2CAP_SIGNAL_CID);
977 length += sizeof(*hdr);
979 if (m->m_pkthdr.len != MAX(MHLEN, length)) {
984 m->m_pkthdr.len = length;
985 m->m_len = MIN(length, MHLEN);
987 DPRINTFN(2, "(%s) code %d, ident %d, len %d\n",
988 device_get_nameunit(link->hl_unit->hci_dev), code, ident,
991 return hci_acl_send(m, link, NULL);
995 * Send Command Reject packet.
998 l2cap_send_command_rej(struct hci_link *link, uint8_t ident,
999 uint16_t reason, ...)
1001 l2cap_cmd_rej_cp cp;
1005 va_start(ap, reason);
1007 cp.reason = htole16(reason);
1010 case L2CAP_REJ_NOT_UNDERSTOOD:
1014 case L2CAP_REJ_MTU_EXCEEDED:
1016 cp.data[0] = va_arg(ap, int); /* SigMTU */
1017 cp.data[0] = htole16(cp.data[0]);
1020 case L2CAP_REJ_INVALID_CID:
1022 cp.data[0] = va_arg(ap, int); /* dcid */
1023 cp.data[0] = htole16(cp.data[0]);
1024 cp.data[1] = va_arg(ap, int); /* scid */
1025 cp.data[1] = htole16(cp.data[1]);
1035 return l2cap_send_signal(link, L2CAP_COMMAND_REJ, ident, len, &cp);
1039 * Send Connect Request
1042 l2cap_send_connect_req(struct l2cap_channel *chan)
1044 l2cap_con_req_cp cp;
1047 err = l2cap_request_alloc(chan, L2CAP_CONNECT_REQ);
1051 cp.psm = htole16(chan->lc_raddr.bt_psm);
1052 cp.scid = htole16(chan->lc_lcid);
1054 return l2cap_send_signal(chan->lc_link, L2CAP_CONNECT_REQ,
1055 chan->lc_link->hl_lastid, sizeof(cp), &cp);
1059 * Send Config Request
1061 * For outgoing config request, we only put options in the packet if they
1062 * differ from the default and would have to be actioned. We dont support
1063 * enough option types to make overflowing SigMTU an issue so it can all
1067 l2cap_send_config_req(struct l2cap_channel *chan)
1069 l2cap_cfg_req_cp *cp;
1070 l2cap_cfg_opt_t *opt;
1071 l2cap_cfg_opt_val_t *val;
1072 uint8_t *next, buf[L2CAP_MTU_MINIMUM];
1075 err = l2cap_request_alloc(chan, L2CAP_CONFIG_REQ);
1079 /* Config Header (4 octets) */
1080 cp = (l2cap_cfg_req_cp *)buf;
1081 cp->dcid = htole16(chan->lc_rcid);
1082 cp->flags = 0; /* "No Continuation" */
1084 next = buf + sizeof(l2cap_cfg_req_cp);
1086 /* Incoming MTU (4 octets) */
1087 if (chan->lc_imtu != L2CAP_MTU_DEFAULT) {
1088 opt = (l2cap_cfg_opt_t *)next;
1089 opt->type = L2CAP_OPT_MTU;
1090 opt->length = L2CAP_OPT_MTU_SIZE;
1092 val = (l2cap_cfg_opt_val_t *)(opt + 1);
1093 val->mtu = htole16(chan->lc_imtu);
1095 next += sizeof(l2cap_cfg_opt_t) + L2CAP_OPT_MTU_SIZE;
1098 /* Flush Timeout (4 octets) */
1099 if (chan->lc_flush != L2CAP_FLUSH_TIMO_DEFAULT) {
1100 opt = (l2cap_cfg_opt_t *)next;
1101 opt->type = L2CAP_OPT_FLUSH_TIMO;
1102 opt->length = L2CAP_OPT_FLUSH_TIMO_SIZE;
1104 val = (l2cap_cfg_opt_val_t *)(opt + 1);
1105 val->flush_timo = htole16(chan->lc_flush);
1107 next += sizeof(l2cap_cfg_opt_t) + L2CAP_OPT_FLUSH_TIMO_SIZE;
1110 /* Outgoing QoS Flow (24 octets) */
1111 /* Retransmission & Flow Control (11 octets) */
1113 * From here we need to start paying attention to SigMTU as we have
1114 * possibly overflowed the minimum supported..
1117 return l2cap_send_signal(chan->lc_link, L2CAP_CONFIG_REQ,
1118 chan->lc_link->hl_lastid, (int)(next - buf), buf);
1122 * Send Disconnect Request
1125 l2cap_send_disconnect_req(struct l2cap_channel *chan)
1127 l2cap_discon_req_cp cp;
1130 err = l2cap_request_alloc(chan, L2CAP_DISCONNECT_REQ);
1134 cp.dcid = htole16(chan->lc_rcid);
1135 cp.scid = htole16(chan->lc_lcid);
1137 return l2cap_send_signal(chan->lc_link, L2CAP_DISCONNECT_REQ,
1138 chan->lc_link->hl_lastid, sizeof(cp), &cp);
1142 * Send Connect Response
1145 l2cap_send_connect_rsp(struct hci_link *link, uint8_t ident, uint16_t dcid,
1146 uint16_t scid, uint16_t result)
1148 l2cap_con_rsp_cp cp;
1150 memset(&cp, 0, sizeof(cp));
1151 cp.dcid = htole16(dcid);
1152 cp.scid = htole16(scid);
1153 cp.result = htole16(result);
1155 return l2cap_send_signal(link, L2CAP_CONNECT_RSP, ident, sizeof(cp), &cp);
mihaic's projects / dragonfly.git / blob