3 * BlueZ - Bluetooth protocol stack for Linux
5 * Copyright (C) 2011-2012 Intel Corporation
6 * Copyright (C) 2004-2010 Marcel Holtmann <marcel@holtmann.org>
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
37 #include "lib/bluetooth.h"
40 #include "src/shared/util.h"
41 #include "src/shared/timeout.h"
42 #include "src/shared/crypto.h"
43 #include "src/shared/ecc.h"
44 #include "monitor/bt.h"
47 #define has_bredr(btdev) (!((btdev)->features[4] & 0x20))
48 #define has_le(btdev) (!!((btdev)->features[4] & 0x40))
51 btdev_hook_func handler;
53 enum btdev_hook_type type;
57 #define MAX_HOOK_ENTRIES 16
70 bool ssp_auth_complete;
73 btdev_command_func command_handler;
76 btdev_send_func send_handler;
79 unsigned int inquiry_id;
80 unsigned int inquiry_timeout_id;
82 struct hook *hook_list[MAX_HOOK_ENTRIES];
84 struct bt_crypto *crypto;
86 uint16_t manufacturer;
92 uint8_t feat_page_2[8];
97 uint8_t random_addr[6];
98 uint8_t le_features[8];
101 uint16_t default_link_policy;
102 uint8_t event_mask[8];
103 uint8_t event_mask_page2[8];
104 uint8_t event_filter;
106 uint8_t dev_class[3];
107 uint16_t voice_setting;
108 uint16_t conn_accept_timeout;
109 uint16_t page_timeout;
111 uint16_t page_scan_interval;
112 uint16_t page_scan_window;
113 uint16_t page_scan_type;
115 uint16_t inquiry_scan_interval;
116 uint16_t inquiry_scan_window;
117 uint8_t inquiry_mode;
118 uint8_t afh_assessment_mode;
119 uint8_t ext_inquiry_fec;
120 uint8_t ext_inquiry_rsp[240];
121 uint8_t simple_pairing_mode;
122 uint8_t ssp_debug_mode;
123 uint8_t secure_conn_support;
124 uint8_t host_flow_control;
125 uint8_t le_supported;
126 uint8_t le_simultaneous;
127 uint8_t le_event_mask[8];
128 uint8_t le_adv_data[31];
129 uint8_t le_adv_data_len;
131 uint8_t le_adv_own_addr;
132 uint8_t le_adv_direct_addr_type;
133 uint8_t le_adv_direct_addr[6];
134 uint8_t le_scan_data[31];
135 uint8_t le_scan_data_len;
136 uint8_t le_scan_enable;
137 uint8_t le_scan_type;
138 uint8_t le_scan_own_addr_type;
139 uint8_t le_filter_dup;
140 uint8_t le_adv_enable;
143 uint8_t le_local_sk256[32];
145 uint16_t sync_train_interval;
146 uint32_t sync_train_timeout;
147 uint8_t sync_train_service_data;
150 struct inquiry_data {
158 #define DEFAULT_INQUIRY_INTERVAL 100 /* 100 miliseconds */
160 #define MAX_BTDEV_ENTRIES 16
162 static const uint8_t LINK_KEY_NONE[16] = { 0 };
163 static const uint8_t LINK_KEY_DUMMY[16] = { 0, 1, 2, 3, 4, 5, 6, 7,
164 8, 9, 0, 1, 2, 3, 4, 5 };
166 static struct btdev *btdev_list[MAX_BTDEV_ENTRIES] = { };
168 static int get_hook_index(struct btdev *btdev, enum btdev_hook_type type,
173 for (i = 0; i < MAX_HOOK_ENTRIES; i++) {
174 if (btdev->hook_list[i] == NULL)
177 if (btdev->hook_list[i]->type == type &&
178 btdev->hook_list[i]->opcode == opcode)
185 static bool run_hooks(struct btdev *btdev, enum btdev_hook_type type,
186 uint16_t opcode, const void *data, uint16_t len)
188 int index = get_hook_index(btdev, type, opcode);
192 return btdev->hook_list[index]->handler(data, len,
193 btdev->hook_list[index]->user_data);
196 static inline int add_btdev(struct btdev *btdev)
200 for (i = 0; i < MAX_BTDEV_ENTRIES; i++) {
201 if (btdev_list[i] == NULL) {
203 btdev_list[index] = btdev;
211 static inline int del_btdev(struct btdev *btdev)
215 for (i = 0; i < MAX_BTDEV_ENTRIES; i++) {
216 if (btdev_list[i] == btdev) {
218 btdev_list[index] = NULL;
226 static inline struct btdev *find_btdev_by_bdaddr(const uint8_t *bdaddr)
230 for (i = 0; i < MAX_BTDEV_ENTRIES; i++) {
231 if (btdev_list[i] && !memcmp(btdev_list[i]->bdaddr, bdaddr, 6))
232 return btdev_list[i];
238 static inline struct btdev *find_btdev_by_bdaddr_type(const uint8_t *bdaddr,
243 for (i = 0; i < MAX_BTDEV_ENTRIES; i++) {
249 if (bdaddr_type == 0x01)
250 cmp = memcmp(btdev_list[i]->random_addr, bdaddr, 6);
252 cmp = memcmp(btdev_list[i]->bdaddr, bdaddr, 6);
255 return btdev_list[i];
261 static void hexdump(const unsigned char *buf, uint16_t len)
263 static const char hexdigits[] = "0123456789abcdef";
270 for (i = 0; i < len; i++) {
271 str[((i % 16) * 3) + 0] = hexdigits[buf[i] >> 4];
272 str[((i % 16) * 3) + 1] = hexdigits[buf[i] & 0xf];
273 str[((i % 16) * 3) + 2] = ' ';
274 str[(i % 16) + 49] = isprint(buf[i]) ? buf[i] : '.';
276 if ((i + 1) % 16 == 0) {
280 printf("%-12c%s\n", ' ', str);
287 for (j = (i % 16); j < 16; j++) {
288 str[(j * 3) + 0] = ' ';
289 str[(j * 3) + 1] = ' ';
290 str[(j * 3) + 2] = ' ';
296 printf("%-12c%s\n", ' ', str);
300 static void get_bdaddr(uint16_t id, uint8_t index, uint8_t *bdaddr)
302 bdaddr[0] = id & 0xff;
310 static void set_common_commands_all(struct btdev *btdev)
312 btdev->commands[5] |= 0x40; /* Set Event Mask */
313 btdev->commands[5] |= 0x80; /* Reset */
314 btdev->commands[14] |= 0x08; /* Read Local Version */
315 btdev->commands[14] |= 0x10; /* Read Local Supported Commands */
316 btdev->commands[14] |= 0x20; /* Read Local Supported Features */
317 btdev->commands[14] |= 0x80; /* Read Buffer Size */
320 static void set_common_commands_bredrle(struct btdev *btdev)
322 btdev->commands[0] |= 0x20; /* Disconnect */
323 btdev->commands[2] |= 0x80; /* Read Remote Version Information */
324 btdev->commands[10] |= 0x20; /* Set Host Flow Control */
325 btdev->commands[10] |= 0x40; /* Host Buffer Size */
326 btdev->commands[15] |= 0x02; /* Read BD ADDR */
329 static void set_common_commands_bredr20(struct btdev *btdev)
331 btdev->commands[0] |= 0x01; /* Inquiry */
332 btdev->commands[0] |= 0x02; /* Inquiry Cancel */
333 btdev->commands[0] |= 0x10; /* Create Connection */
334 btdev->commands[0] |= 0x40; /* Add SCO Connection */
335 btdev->commands[0] |= 0x80; /* Cancel Create Connection */
336 btdev->commands[1] |= 0x01; /* Accept Connection Request */
337 btdev->commands[1] |= 0x02; /* Reject Connection Request */
338 btdev->commands[1] |= 0x04; /* Link Key Request Reply */
339 btdev->commands[1] |= 0x08; /* Link Key Request Negative Reply */
340 btdev->commands[1] |= 0x10; /* PIN Code Request Reply */
341 btdev->commands[1] |= 0x20; /* PIN Code Request Negative Reply */
342 btdev->commands[1] |= 0x80; /* Authentication Requested */
343 btdev->commands[2] |= 0x01; /* Set Connection Encryption */
344 btdev->commands[2] |= 0x08; /* Remote Name Request */
345 btdev->commands[2] |= 0x10; /* Cancel Remote Name Request */
346 btdev->commands[2] |= 0x20; /* Read Remote Supported Features */
347 btdev->commands[2] |= 0x40; /* Read Remote Extended Features */
348 btdev->commands[3] |= 0x01; /* Read Clock Offset */
349 btdev->commands[5] |= 0x08; /* Read Default Link Policy */
350 btdev->commands[5] |= 0x10; /* Write Default Link Policy */
351 btdev->commands[6] |= 0x01; /* Set Event Filter */
352 btdev->commands[6] |= 0x20; /* Read Stored Link Key */
353 btdev->commands[6] |= 0x40; /* Write Stored Link Key */
354 btdev->commands[6] |= 0x80; /* Delete Stored Link Key */
355 btdev->commands[7] |= 0x01; /* Write Local Name */
356 btdev->commands[7] |= 0x02; /* Read Local Name */
357 btdev->commands[7] |= 0x04; /* Read Connection Accept Timeout */
358 btdev->commands[7] |= 0x08; /* Write Connection Accept Timeout */
359 btdev->commands[7] |= 0x10; /* Read Page Timeout */
360 btdev->commands[7] |= 0x20; /* Write Page Timeout */
361 btdev->commands[7] |= 0x40; /* Read Scan Enable */
362 btdev->commands[7] |= 0x80; /* Write Scan Enable */
363 btdev->commands[8] |= 0x01; /* Read Page Scan Activity */
364 btdev->commands[8] |= 0x02; /* Write Page Scan Activity */
365 btdev->commands[8] |= 0x04; /* Read Inquiry Scan Activity */
366 btdev->commands[8] |= 0x08; /* Write Inquiry Scan Activity */
367 btdev->commands[8] |= 0x10; /* Read Authentication Enable */
368 btdev->commands[8] |= 0x20; /* Write Authentication Enable */
369 btdev->commands[9] |= 0x01; /* Read Class Of Device */
370 btdev->commands[9] |= 0x02; /* Write Class Of Device */
371 btdev->commands[9] |= 0x04; /* Read Voice Setting */
372 btdev->commands[9] |= 0x08; /* Write Voice Setting */
373 btdev->commands[11] |= 0x10; /* Write Current IAC LAP */
374 btdev->commands[12] |= 0x40; /* Read Inquiry Mode */
375 btdev->commands[12] |= 0x80; /* Write Inquiry Mode */
376 btdev->commands[13] |= 0x01; /* Read Page Scan Type */
377 btdev->commands[13] |= 0x02; /* Write Page Scan Type */
378 btdev->commands[13] |= 0x04; /* Read AFH Assess Mode */
379 btdev->commands[13] |= 0x08; /* Write AFH Assess Mode */
380 btdev->commands[14] |= 0x40; /* Read Local Extended Features */
381 btdev->commands[15] |= 0x01; /* Read Country Code */
382 btdev->commands[16] |= 0x04; /* Enable Device Under Test Mode */
385 static void set_bredr_commands(struct btdev *btdev)
387 set_common_commands_all(btdev);
388 set_common_commands_bredrle(btdev);
389 set_common_commands_bredr20(btdev);
391 btdev->commands[16] |= 0x08; /* Setup Synchronous Connection */
392 btdev->commands[17] |= 0x01; /* Read Extended Inquiry Response */
393 btdev->commands[17] |= 0x02; /* Write Extended Inquiry Response */
394 btdev->commands[17] |= 0x20; /* Read Simple Pairing Mode */
395 btdev->commands[17] |= 0x40; /* Write Simple Pairing Mode */
396 btdev->commands[17] |= 0x80; /* Read Local OOB Data */
397 btdev->commands[18] |= 0x01; /* Read Inquiry Response TX Power */
398 btdev->commands[18] |= 0x02; /* Write Inquiry Response TX Power */
399 btdev->commands[18] |= 0x80; /* IO Capability Request Reply */
400 btdev->commands[20] |= 0x10; /* Read Encryption Key Size */
401 btdev->commands[23] |= 0x04; /* Read Data Block Size */
402 btdev->commands[29] |= 0x20; /* Read Local Supported Codecs */
403 btdev->commands[30] |= 0x08; /* Get MWS Transport Layer Config */
406 static void set_bredr20_commands(struct btdev *btdev)
408 set_common_commands_all(btdev);
409 set_common_commands_bredrle(btdev);
410 set_common_commands_bredr20(btdev);
413 static void set_le_commands(struct btdev *btdev)
415 set_common_commands_all(btdev);
416 set_common_commands_bredrle(btdev);
418 btdev->commands[24] |= 0x20; /* Read LE Host Supported */
419 btdev->commands[24] |= 0x20; /* Write LE Host Supported */
420 btdev->commands[25] |= 0x01; /* LE Set Event Mask */
421 btdev->commands[25] |= 0x02; /* LE Read Buffer Size */
422 btdev->commands[25] |= 0x04; /* LE Read Local Features */
423 btdev->commands[25] |= 0x10; /* LE Set Random Address */
424 btdev->commands[25] |= 0x20; /* LE Set Adv Parameters */
425 btdev->commands[25] |= 0x40; /* LE Read Adv TX Power */
426 btdev->commands[25] |= 0x80; /* LE Set Adv Data */
427 btdev->commands[26] |= 0x01; /* LE Set Scan Response Data */
428 btdev->commands[26] |= 0x02; /* LE Set Adv Enable */
429 btdev->commands[26] |= 0x04; /* LE Set Scan Parameters */
430 btdev->commands[26] |= 0x08; /* LE Set Scan Enable */
431 btdev->commands[26] |= 0x10; /* LE Create Connection */
432 btdev->commands[26] |= 0x40; /* LE Read White List Size */
433 btdev->commands[26] |= 0x80; /* LE Clear White List */
434 btdev->commands[27] |= 0x04; /* LE Connection Update */
435 btdev->commands[27] |= 0x20; /* LE Read Remote Used Features */
436 btdev->commands[27] |= 0x40; /* LE Encrypt */
437 btdev->commands[27] |= 0x80; /* LE Rand */
438 btdev->commands[28] |= 0x01; /* LE Start Encryption */
439 btdev->commands[28] |= 0x02; /* LE Long Term Key Request Reply */
440 btdev->commands[28] |= 0x04; /* LE Long Term Key Request Neg Reply */
441 btdev->commands[28] |= 0x08; /* LE Read Supported States */
442 btdev->commands[28] |= 0x10; /* LE Receiver Test */
443 btdev->commands[28] |= 0x20; /* LE Transmitter Test */
444 btdev->commands[28] |= 0x40; /* LE Test End */
446 /* Extra LE commands for >= 4.1 adapters */
447 btdev->commands[33] |= 0x10; /* LE Remote Conn Param Req Reply */
448 btdev->commands[33] |= 0x20; /* LE Remote Conn Param Req Neg Reply */
450 /* Extra LE commands for >= 4.2 adapters */
451 btdev->commands[34] |= 0x02; /* LE Read Local P-256 Public Key */
452 btdev->commands[34] |= 0x04; /* LE Generate DHKey */
455 static void set_bredrle_commands(struct btdev *btdev)
457 set_bredr_commands(btdev);
458 set_le_commands(btdev);
460 /* Extra BR/EDR commands we want to only support for >= 4.0
463 btdev->commands[22] |= 0x04; /* Set Event Mask Page 2 */
464 btdev->commands[31] |= 0x80; /* Read Sync Train Parameters */
465 btdev->commands[32] |= 0x04; /* Read Secure Connections Support */
466 btdev->commands[32] |= 0x08; /* Write Secure Connections Support */
467 btdev->commands[32] |= 0x10; /* Read Auth Payload Timeout */
468 btdev->commands[32] |= 0x20; /* Write Auth Payload Timeout */
469 btdev->commands[32] |= 0x40; /* Read Local OOB Extended Data */
472 static void set_amp_commands(struct btdev *btdev)
474 set_common_commands_all(btdev);
476 btdev->commands[22] |= 0x20; /* Read Local AMP Info */
479 static void set_bredrle_features(struct btdev *btdev)
481 btdev->features[0] |= 0x04; /* Encryption */
482 btdev->features[0] |= 0x20; /* Role switch */
483 btdev->features[0] |= 0x80; /* Sniff mode */
484 btdev->features[1] |= 0x08; /* SCO link */
485 btdev->features[2] |= 0x08; /* Transparent SCO */
486 btdev->features[3] |= 0x40; /* RSSI with inquiry results */
487 btdev->features[3] |= 0x80; /* Extended SCO link */
488 btdev->features[4] |= 0x08; /* AFH capable slave */
489 btdev->features[4] |= 0x10; /* AFH classification slave */
490 btdev->features[4] |= 0x40; /* LE Supported */
491 btdev->features[5] |= 0x02; /* Sniff subrating */
492 btdev->features[5] |= 0x04; /* Pause encryption */
493 btdev->features[5] |= 0x08; /* AFH capable master */
494 btdev->features[5] |= 0x10; /* AFH classification master */
495 btdev->features[6] |= 0x01; /* Extended Inquiry Response */
496 btdev->features[6] |= 0x02; /* Simultaneous LE and BR/EDR */
497 btdev->features[6] |= 0x08; /* Secure Simple Pairing */
498 btdev->features[6] |= 0x10; /* Encapsulated PDU */
499 btdev->features[6] |= 0x20; /* Erroneous Data Reporting */
500 btdev->features[6] |= 0x40; /* Non-flushable Packet Boundary Flag */
501 btdev->features[7] |= 0x01; /* Link Supervision Timeout Event */
502 btdev->features[7] |= 0x02; /* Inquiry TX Power Level */
503 btdev->features[7] |= 0x80; /* Extended features */
505 btdev->feat_page_2[0] |= 0x01; /* CSB - Master Operation */
506 btdev->feat_page_2[0] |= 0x02; /* CSB - Slave Operation */
507 btdev->feat_page_2[0] |= 0x04; /* Synchronization Train */
508 btdev->feat_page_2[0] |= 0x08; /* Synchronization Scan */
509 btdev->feat_page_2[0] |= 0x10; /* Inquiry Response Notification */
510 btdev->feat_page_2[1] |= 0x01; /* Secure Connections */
511 btdev->feat_page_2[1] |= 0x02; /* Ping */
516 static void set_bredr_features(struct btdev *btdev)
518 btdev->features[0] |= 0x04; /* Encryption */
519 btdev->features[0] |= 0x20; /* Role switch */
520 btdev->features[0] |= 0x80; /* Sniff mode */
521 btdev->features[1] |= 0x08; /* SCO link */
522 btdev->features[3] |= 0x40; /* RSSI with inquiry results */
523 btdev->features[3] |= 0x80; /* Extended SCO link */
524 btdev->features[4] |= 0x08; /* AFH capable slave */
525 btdev->features[4] |= 0x10; /* AFH classification slave */
526 btdev->features[5] |= 0x02; /* Sniff subrating */
527 btdev->features[5] |= 0x04; /* Pause encryption */
528 btdev->features[5] |= 0x08; /* AFH capable master */
529 btdev->features[5] |= 0x10; /* AFH classification master */
530 btdev->features[6] |= 0x01; /* Extended Inquiry Response */
531 btdev->features[6] |= 0x08; /* Secure Simple Pairing */
532 btdev->features[6] |= 0x10; /* Encapsulated PDU */
533 btdev->features[6] |= 0x20; /* Erroneous Data Reporting */
534 btdev->features[6] |= 0x40; /* Non-flushable Packet Boundary Flag */
535 btdev->features[7] |= 0x01; /* Link Supervision Timeout Event */
536 btdev->features[7] |= 0x02; /* Inquiry TX Power Level */
537 btdev->features[7] |= 0x80; /* Extended features */
542 static void set_bredr20_features(struct btdev *btdev)
544 btdev->features[0] |= 0x04; /* Encryption */
545 btdev->features[0] |= 0x20; /* Role switch */
546 btdev->features[0] |= 0x80; /* Sniff mode */
547 btdev->features[1] |= 0x08; /* SCO link */
548 btdev->features[3] |= 0x40; /* RSSI with inquiry results */
549 btdev->features[3] |= 0x80; /* Extended SCO link */
550 btdev->features[4] |= 0x08; /* AFH capable slave */
551 btdev->features[4] |= 0x10; /* AFH classification slave */
552 btdev->features[5] |= 0x02; /* Sniff subrating */
553 btdev->features[5] |= 0x04; /* Pause encryption */
554 btdev->features[5] |= 0x08; /* AFH capable master */
555 btdev->features[5] |= 0x10; /* AFH classification master */
556 btdev->features[7] |= 0x80; /* Extended features */
561 static void set_le_features(struct btdev *btdev)
563 btdev->features[4] |= 0x20; /* BR/EDR Not Supported */
564 btdev->features[4] |= 0x40; /* LE Supported */
568 btdev->le_features[0] |= 0x01; /* LE Encryption */
569 btdev->le_features[0] |= 0x02; /* Connection Parameters Request */
570 btdev->le_features[0] |= 0x08; /* Slave-initiated Features Exchange */
573 static void set_amp_features(struct btdev *btdev)
577 struct btdev *btdev_create(enum btdev_type type, uint16_t id)
582 btdev = malloc(sizeof(*btdev));
586 memset(btdev, 0, sizeof(*btdev));
588 if (type == BTDEV_TYPE_BREDRLE || type == BTDEV_TYPE_LE) {
589 btdev->crypto = bt_crypto_new();
590 if (!btdev->crypto) {
598 btdev->manufacturer = 63;
599 btdev->revision = 0x0000;
601 switch (btdev->type) {
602 case BTDEV_TYPE_BREDRLE:
603 btdev->version = 0x08;
604 set_bredrle_features(btdev);
605 set_bredrle_commands(btdev);
607 case BTDEV_TYPE_BREDR:
608 btdev->version = 0x05;
609 set_bredr_features(btdev);
610 set_bredr_commands(btdev);
613 btdev->version = 0x08;
614 set_le_features(btdev);
615 set_le_commands(btdev);
618 btdev->version = 0x01;
619 set_amp_features(btdev);
620 set_amp_commands(btdev);
622 case BTDEV_TYPE_BREDR20:
623 btdev->version = 0x03;
624 set_bredr20_features(btdev);
625 set_bredr20_commands(btdev);
629 btdev->page_scan_interval = 0x0800;
630 btdev->page_scan_window = 0x0012;
631 btdev->page_scan_type = 0x00;
633 btdev->sync_train_interval = 0x0080;
634 btdev->sync_train_timeout = 0x0002ee00;
635 btdev->sync_train_service_data = 0x00;
637 btdev->acl_mtu = 192;
638 btdev->acl_max_pkt = 1;
640 btdev->country_code = 0x00;
642 index = add_btdev(btdev);
644 bt_crypto_unref(btdev->crypto);
649 get_bdaddr(id, index, btdev->bdaddr);
654 void btdev_destroy(struct btdev *btdev)
659 if (btdev->inquiry_id > 0)
660 timeout_remove(btdev->inquiry_id);
662 bt_crypto_unref(btdev->crypto);
668 const uint8_t *btdev_get_bdaddr(struct btdev *btdev)
670 return btdev->bdaddr;
673 uint8_t *btdev_get_features(struct btdev *btdev)
675 return btdev->features;
678 uint8_t btdev_get_scan_enable(struct btdev *btdev)
680 return btdev->scan_enable;
683 uint8_t btdev_get_le_scan_enable(struct btdev *btdev)
685 return btdev->le_scan_enable;
688 static bool use_ssp(struct btdev *btdev1, struct btdev *btdev2)
690 if (btdev1->auth_enable || btdev2->auth_enable)
693 return (btdev1->simple_pairing_mode && btdev2->simple_pairing_mode);
696 void btdev_set_command_handler(struct btdev *btdev, btdev_command_func handler,
702 btdev->command_handler = handler;
703 btdev->command_data = user_data;
706 void btdev_set_send_handler(struct btdev *btdev, btdev_send_func handler,
712 btdev->send_handler = handler;
713 btdev->send_data = user_data;
716 static void send_packet(struct btdev *btdev, const struct iovec *iov,
719 if (!btdev->send_handler)
722 btdev->send_handler(iov, iovlen, btdev->send_data);
725 static void send_event(struct btdev *btdev, uint8_t event,
726 const void *data, uint8_t len)
728 struct bt_hci_evt_hdr hdr;
730 uint8_t pkt = BT_H4_EVT_PKT;
732 iov[0].iov_base = &pkt;
733 iov[0].iov_len = sizeof(pkt);
738 iov[1].iov_base = &hdr;
739 iov[1].iov_len = sizeof(hdr);
742 iov[2].iov_base = (void *) data;
743 iov[2].iov_len = len;
746 if (run_hooks(btdev, BTDEV_HOOK_POST_EVT, event, data, len))
747 send_packet(btdev, iov, len > 0 ? 3 : 2);
750 static void send_cmd(struct btdev *btdev, uint8_t evt, uint16_t opcode,
751 const struct iovec *iov, int iovlen)
753 struct bt_hci_evt_hdr hdr;
754 struct iovec iov2[2 + iovlen];
755 uint8_t pkt = BT_H4_EVT_PKT;
758 iov2[0].iov_base = &pkt;
759 iov2[0].iov_len = sizeof(pkt);
764 iov2[1].iov_base = &hdr;
765 iov2[1].iov_len = sizeof(hdr);
767 for (i = 0; i < iovlen; i++) {
768 hdr.plen += iov[i].iov_len;
769 iov2[2 + i].iov_base = iov[i].iov_base;
770 iov2[2 + i].iov_len = iov[i].iov_len;
773 if (run_hooks(btdev, BTDEV_HOOK_POST_CMD, opcode, iov[i -1].iov_base,
775 send_packet(btdev, iov2, 2 + iovlen);
778 static void cmd_complete(struct btdev *btdev, uint16_t opcode,
779 const void *data, uint8_t len)
781 struct bt_hci_evt_cmd_complete cc;
785 cc.opcode = cpu_to_le16(opcode);
787 iov[0].iov_base = &cc;
788 iov[0].iov_len = sizeof(cc);
790 iov[1].iov_base = (void *) data;
791 iov[1].iov_len = len;
793 send_cmd(btdev, BT_HCI_EVT_CMD_COMPLETE, opcode, iov, 2);
796 static void cmd_status(struct btdev *btdev, uint8_t status, uint16_t opcode)
798 struct bt_hci_evt_cmd_status cs;
803 cs.opcode = cpu_to_le16(opcode);
806 iov.iov_len = sizeof(cs);
808 send_cmd(btdev, BT_HCI_EVT_CMD_STATUS, opcode, &iov, 1);
811 static void le_meta_event(struct btdev *btdev, uint8_t event,
812 void *data, uint8_t len)
816 pkt_data = alloca(1 + len);
820 ((uint8_t *) pkt_data)[0] = event;
823 memcpy(pkt_data + 1, data, len);
825 send_event(btdev, BT_HCI_EVT_LE_META_EVENT, pkt_data, 1 + len);
828 static void num_completed_packets(struct btdev *btdev)
831 struct bt_hci_evt_num_completed_packets ncp;
834 ncp.handle = cpu_to_le16(42);
835 ncp.count = cpu_to_le16(1);
837 send_event(btdev, BT_HCI_EVT_NUM_COMPLETED_PACKETS,
842 static bool inquiry_callback(void *user_data)
844 struct inquiry_data *data = user_data;
845 struct btdev *btdev = data->btdev;
846 struct bt_hci_evt_inquiry_complete ic;
847 int sent = data->sent_count;
850 /*Report devices only once and wait for inquiry timeout*/
851 if (data->iter == MAX_BTDEV_ENTRIES)
854 for (i = data->iter; i < MAX_BTDEV_ENTRIES; i++) {
855 /*Lets sent 10 inquiry results at once */
856 if (sent + 10 == data->sent_count)
859 if (!btdev_list[i] || btdev_list[i] == btdev)
862 if (!(btdev_list[i]->scan_enable & 0x02))
865 if (btdev->inquiry_mode == 0x02 &&
866 btdev_list[i]->ext_inquiry_rsp[0]) {
867 struct bt_hci_evt_ext_inquiry_result ir;
870 memcpy(ir.bdaddr, btdev_list[i]->bdaddr, 6);
871 ir.pscan_rep_mode = 0x00;
872 ir.pscan_period_mode = 0x00;
873 memcpy(ir.dev_class, btdev_list[i]->dev_class, 3);
874 ir.clock_offset = 0x0000;
876 memcpy(ir.data, btdev_list[i]->ext_inquiry_rsp, 240);
878 send_event(btdev, BT_HCI_EVT_EXT_INQUIRY_RESULT,
884 if (btdev->inquiry_mode > 0x00) {
885 struct bt_hci_evt_inquiry_result_with_rssi ir;
888 memcpy(ir.bdaddr, btdev_list[i]->bdaddr, 6);
889 ir.pscan_rep_mode = 0x00;
890 ir.pscan_period_mode = 0x00;
891 memcpy(ir.dev_class, btdev_list[i]->dev_class, 3);
892 ir.clock_offset = 0x0000;
895 send_event(btdev, BT_HCI_EVT_INQUIRY_RESULT_WITH_RSSI,
899 struct bt_hci_evt_inquiry_result ir;
902 memcpy(ir.bdaddr, btdev_list[i]->bdaddr, 6);
903 ir.pscan_rep_mode = 0x00;
904 ir.pscan_period_mode = 0x00;
905 ir.pscan_mode = 0x00;
906 memcpy(ir.dev_class, btdev_list[i]->dev_class, 3);
907 ir.clock_offset = 0x0000;
909 send_event(btdev, BT_HCI_EVT_INQUIRY_RESULT,
916 /* Check if we sent already required amount of responses*/
917 if (data->num_resp && data->sent_count == data->num_resp)
923 /* Note that destroy will be called */
924 ic.status = BT_HCI_ERR_SUCCESS;
925 send_event(btdev, BT_HCI_EVT_INQUIRY_COMPLETE, &ic, sizeof(ic));
930 static void inquiry_destroy(void *user_data)
932 struct inquiry_data *data = user_data;
933 struct btdev *btdev = data->btdev;
938 btdev->inquiry_id = 0;
940 if (btdev->inquiry_timeout_id > 0) {
941 timeout_remove(btdev->inquiry_timeout_id);
942 btdev->inquiry_timeout_id = 0;
949 static bool inquiry_timeout(void *user_data)
951 struct inquiry_data *data = user_data;
952 struct btdev *btdev = data->btdev;
953 struct bt_hci_evt_inquiry_complete ic;
955 timeout_remove(btdev->inquiry_id);
956 btdev->inquiry_timeout_id = 0;
958 /* Inquiry is stopped, send Inquiry complete event. */
959 ic.status = BT_HCI_ERR_SUCCESS;
960 send_event(btdev, BT_HCI_EVT_INQUIRY_COMPLETE, &ic, sizeof(ic));
965 static void inquiry_cmd(struct btdev *btdev, const void *cmd)
967 const struct bt_hci_cmd_inquiry *inq_cmd = cmd;
968 struct inquiry_data *data;
969 struct bt_hci_evt_inquiry_complete ic;
970 int status = BT_HCI_ERR_HARDWARE_FAILURE;
971 unsigned int inquiry_len_ms;
973 if (btdev->inquiry_id > 0) {
974 status = BT_HCI_ERR_COMMAND_DISALLOWED;
978 data = malloc(sizeof(*data));
982 memset(data, 0, sizeof(*data));
984 data->num_resp = inq_cmd->num_resp;
986 /* Add timeout to cancel inquiry */
987 inquiry_len_ms = 1280 * inq_cmd->length;
989 btdev->inquiry_timeout_id = timeout_add(inquiry_len_ms,
993 btdev->inquiry_id = timeout_add(DEFAULT_INQUIRY_INTERVAL,
994 inquiry_callback, data,
996 /* Return if success */
997 if (btdev->inquiry_id > 0)
1002 send_event(btdev, BT_HCI_EVT_INQUIRY_COMPLETE, &ic, sizeof(ic));
1005 static void inquiry_cancel(struct btdev *btdev)
1009 if (!btdev->inquiry_id) {
1010 status = BT_HCI_ERR_COMMAND_DISALLOWED;
1011 cmd_complete(btdev, BT_HCI_CMD_INQUIRY_CANCEL, &status,
1016 timeout_remove(btdev->inquiry_timeout_id);
1017 btdev->inquiry_timeout_id = 0;
1018 timeout_remove(btdev->inquiry_id);
1019 btdev->inquiry_id = 0;
1021 status = BT_HCI_ERR_SUCCESS;
1022 cmd_complete(btdev, BT_HCI_CMD_INQUIRY_CANCEL, &status,
1026 static void conn_complete(struct btdev *btdev,
1027 const uint8_t *bdaddr, uint8_t status)
1029 struct bt_hci_evt_conn_complete cc;
1032 struct btdev *remote = find_btdev_by_bdaddr(bdaddr);
1034 btdev->conn = remote;
1035 remote->conn = btdev;
1038 memcpy(cc.bdaddr, btdev->bdaddr, 6);
1039 cc.encr_mode = 0x00;
1041 cc.handle = cpu_to_le16(42);
1042 cc.link_type = 0x01;
1044 send_event(remote, BT_HCI_EVT_CONN_COMPLETE, &cc, sizeof(cc));
1046 cc.handle = cpu_to_le16(42);
1047 cc.link_type = 0x01;
1049 cc.handle = cpu_to_le16(0x0000);
1050 cc.link_type = 0x01;
1054 memcpy(cc.bdaddr, bdaddr, 6);
1055 cc.encr_mode = 0x00;
1057 send_event(btdev, BT_HCI_EVT_CONN_COMPLETE, &cc, sizeof(cc));
1060 static void accept_conn_request_complete(struct btdev *btdev,
1061 const uint8_t *bdaddr)
1063 struct btdev *remote = find_btdev_by_bdaddr(bdaddr);
1068 if (btdev->auth_enable || remote->auth_enable)
1069 send_event(remote, BT_HCI_EVT_LINK_KEY_REQUEST,
1072 conn_complete(btdev, bdaddr, BT_HCI_ERR_SUCCESS);
1075 static void sync_conn_complete(struct btdev *btdev, uint16_t voice_setting,
1078 struct bt_hci_evt_sync_conn_complete cc;
1084 memcpy(cc.bdaddr, btdev->conn->bdaddr, 6);
1086 cc.handle = cpu_to_le16(status == BT_HCI_ERR_SUCCESS ? 257 : 0);
1087 cc.link_type = 0x02;
1088 cc.tx_interval = 0x000c;
1089 cc.retrans_window = 0x06;
1092 cc.air_mode = (voice_setting == 0x0060) ? 0x02 : 0x03;
1094 send_event(btdev, BT_HCI_EVT_SYNC_CONN_COMPLETE, &cc, sizeof(cc));
1097 static void sco_conn_complete(struct btdev *btdev, uint8_t status)
1099 struct bt_hci_evt_conn_complete cc;
1105 memcpy(cc.bdaddr, btdev->conn->bdaddr, 6);
1106 cc.handle = cpu_to_le16(status == BT_HCI_ERR_SUCCESS ? 257 : 0);
1107 cc.link_type = 0x00;
1108 cc.encr_mode = 0x00;
1110 send_event(btdev, BT_HCI_EVT_CONN_COMPLETE, &cc, sizeof(cc));
1113 static void le_conn_complete(struct btdev *btdev,
1114 const struct bt_hci_cmd_le_create_conn *lecc,
1117 char buf[1 + sizeof(struct bt_hci_evt_le_conn_complete)];
1118 struct bt_hci_evt_le_conn_complete *cc = (void *) &buf[1];
1120 memset(buf, 0, sizeof(buf));
1122 buf[0] = BT_HCI_EVT_LE_CONN_COMPLETE;
1125 struct btdev *remote;
1127 remote = find_btdev_by_bdaddr_type(lecc->peer_addr,
1128 lecc->peer_addr_type);
1130 btdev->conn = remote;
1131 btdev->le_adv_enable = 0;
1132 remote->conn = btdev;
1133 remote->le_adv_enable = 0;
1135 cc->status = status;
1136 cc->peer_addr_type = btdev->le_scan_own_addr_type;
1137 if (cc->peer_addr_type == 0x01)
1138 memcpy(cc->peer_addr, btdev->random_addr, 6);
1140 memcpy(cc->peer_addr, btdev->bdaddr, 6);
1143 cc->handle = cpu_to_le16(42);
1144 cc->interval = lecc->max_interval;
1145 cc->latency = lecc->latency;
1146 cc->supv_timeout = lecc->supv_timeout;
1148 send_event(remote, BT_HCI_EVT_LE_META_EVENT, buf, sizeof(buf));
1151 cc->status = status;
1152 cc->peer_addr_type = lecc->peer_addr_type;
1153 memcpy(cc->peer_addr, lecc->peer_addr, 6);
1156 send_event(btdev, BT_HCI_EVT_LE_META_EVENT, buf, sizeof(buf));
1159 static const uint8_t *scan_addr(const struct btdev *btdev)
1161 if (btdev->le_scan_own_addr_type == 0x01)
1162 return btdev->random_addr;
1164 return btdev->bdaddr;
1167 static const uint8_t *adv_addr(const struct btdev *btdev)
1169 if (btdev->le_adv_own_addr == 0x01)
1170 return btdev->random_addr;
1172 return btdev->bdaddr;
1175 static bool adv_match(struct btdev *scan, struct btdev *adv)
1177 /* Match everything if this is not directed advertising */
1178 if (adv->le_adv_type != 0x01 && adv->le_adv_type != 0x04)
1181 if (scan->le_scan_own_addr_type != adv->le_adv_direct_addr_type)
1184 return !memcmp(scan_addr(scan), adv->le_adv_direct_addr, 6);
1187 static bool adv_connectable(struct btdev *btdev)
1189 if (!btdev->le_adv_enable)
1192 return btdev->le_adv_type != 0x03;
1195 static void le_conn_request(struct btdev *btdev,
1196 const struct bt_hci_cmd_le_create_conn *lecc)
1198 struct btdev *remote = find_btdev_by_bdaddr_type(lecc->peer_addr,
1199 lecc->peer_addr_type);
1201 if (remote && adv_connectable(remote) && adv_match(btdev, remote) &&
1202 remote->le_adv_own_addr == lecc->peer_addr_type)
1203 le_conn_complete(btdev, lecc, 0);
1205 le_conn_complete(btdev, lecc,
1206 BT_HCI_ERR_CONN_FAILED_TO_ESTABLISH);
1209 static void conn_request(struct btdev *btdev, const uint8_t *bdaddr)
1211 struct btdev *remote = find_btdev_by_bdaddr(bdaddr);
1213 if (remote && remote->scan_enable & 0x02) {
1214 struct bt_hci_evt_conn_request cr;
1216 memcpy(cr.bdaddr, btdev->bdaddr, 6);
1217 memcpy(cr.dev_class, btdev->dev_class, 3);
1218 cr.link_type = 0x01;
1220 send_event(remote, BT_HCI_EVT_CONN_REQUEST, &cr, sizeof(cr));
1222 conn_complete(btdev, bdaddr, BT_HCI_ERR_PAGE_TIMEOUT);
1226 static void rej_le_conn_update(struct btdev *btdev, uint16_t handle,
1229 struct btdev *remote = btdev->conn;
1232 struct bt_hci_evt_le_conn_update_complete ev;
1238 ev.subevent = BT_HCI_EVT_LE_CONN_UPDATE_COMPLETE;
1239 ev.ev.handle = cpu_to_le16(handle);
1240 ev.ev.status = cpu_to_le16(reason);
1242 send_event(remote, BT_HCI_EVT_LE_META_EVENT, &ev, sizeof(ev));
1245 static void le_conn_update(struct btdev *btdev, uint16_t handle,
1246 uint16_t min_interval, uint16_t max_interval,
1247 uint16_t latency, uint16_t supv_timeout,
1248 uint16_t min_length, uint16_t max_length)
1250 struct btdev *remote = btdev->conn;
1253 struct bt_hci_evt_le_conn_update_complete ev;
1256 ev.subevent = BT_HCI_EVT_LE_CONN_UPDATE_COMPLETE;
1257 ev.ev.handle = cpu_to_le16(handle);
1258 ev.ev.interval = cpu_to_le16(min_interval);
1259 ev.ev.latency = cpu_to_le16(latency);
1260 ev.ev.supv_timeout = cpu_to_le16(supv_timeout);
1263 ev.ev.status = BT_HCI_ERR_SUCCESS;
1265 ev.ev.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1267 send_event(btdev, BT_HCI_EVT_LE_META_EVENT, &ev, sizeof(ev));
1270 send_event(remote, BT_HCI_EVT_LE_META_EVENT, &ev, sizeof(ev));
1273 static void le_conn_param_req(struct btdev *btdev, uint16_t handle,
1274 uint16_t min_interval, uint16_t max_interval,
1275 uint16_t latency, uint16_t supv_timeout,
1276 uint16_t min_length, uint16_t max_length)
1278 struct btdev *remote = btdev->conn;
1281 struct bt_hci_evt_le_conn_param_request ev;
1287 ev.subevent = BT_HCI_EVT_LE_CONN_PARAM_REQUEST;
1288 ev.ev.handle = cpu_to_le16(handle);
1289 ev.ev.min_interval = cpu_to_le16(min_interval);
1290 ev.ev.max_interval = cpu_to_le16(max_interval);
1291 ev.ev.latency = cpu_to_le16(latency);
1292 ev.ev.supv_timeout = cpu_to_le16(supv_timeout);
1294 send_event(remote, BT_HCI_EVT_LE_META_EVENT, &ev, sizeof(ev));
1297 static void disconnect_complete(struct btdev *btdev, uint16_t handle,
1300 struct bt_hci_evt_disconnect_complete dc;
1301 struct btdev *remote = btdev->conn;
1304 dc.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1305 dc.handle = cpu_to_le16(handle);
1308 send_event(btdev, BT_HCI_EVT_DISCONNECT_COMPLETE,
1313 dc.status = BT_HCI_ERR_SUCCESS;
1314 dc.handle = cpu_to_le16(handle);
1318 remote->conn = NULL;
1320 send_event(btdev, BT_HCI_EVT_DISCONNECT_COMPLETE, &dc, sizeof(dc));
1321 send_event(remote, BT_HCI_EVT_DISCONNECT_COMPLETE, &dc, sizeof(dc));
1324 static void link_key_req_reply_complete(struct btdev *btdev,
1325 const uint8_t *bdaddr,
1326 const uint8_t *link_key)
1328 struct btdev *remote = btdev->conn;
1329 struct bt_hci_evt_auth_complete ev;
1331 memcpy(btdev->link_key, link_key, 16);
1334 remote = find_btdev_by_bdaddr(bdaddr);
1339 if (!memcmp(remote->link_key, LINK_KEY_NONE, 16)) {
1340 send_event(remote, BT_HCI_EVT_LINK_KEY_REQUEST,
1345 ev.handle = cpu_to_le16(42);
1347 if (!memcmp(btdev->link_key, remote->link_key, 16))
1348 ev.status = BT_HCI_ERR_SUCCESS;
1350 ev.status = BT_HCI_ERR_AUTH_FAILURE;
1352 send_event(btdev, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
1353 send_event(remote, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
1356 static void link_key_req_neg_reply_complete(struct btdev *btdev,
1357 const uint8_t *bdaddr)
1359 struct btdev *remote = btdev->conn;
1362 remote = find_btdev_by_bdaddr(bdaddr);
1367 if (use_ssp(btdev, remote)) {
1368 struct bt_hci_evt_io_capability_request io_req;
1370 memcpy(io_req.bdaddr, bdaddr, 6);
1371 send_event(btdev, BT_HCI_EVT_IO_CAPABILITY_REQUEST, &io_req,
1374 struct bt_hci_evt_pin_code_request pin_req;
1376 memcpy(pin_req.bdaddr, bdaddr, 6);
1377 send_event(btdev, BT_HCI_EVT_PIN_CODE_REQUEST, &pin_req,
1382 static uint8_t get_link_key_type(struct btdev *btdev)
1384 struct btdev *remote = btdev->conn;
1385 uint8_t auth, unauth;
1390 if (!btdev->simple_pairing_mode)
1393 if (btdev->ssp_debug_mode || remote->ssp_debug_mode)
1396 if (btdev->secure_conn_support && remote->secure_conn_support) {
1404 if (btdev->io_cap == 0x03 || remote->io_cap == 0x03)
1407 if (!(btdev->auth_req & 0x01) && !(remote->auth_req & 0x01))
1410 /* DisplayOnly only produces authenticated with KeyboardOnly */
1411 if (btdev->io_cap == 0x00 && remote->io_cap != 0x02)
1414 /* DisplayOnly only produces authenticated with KeyboardOnly */
1415 if (remote->io_cap == 0x00 && btdev->io_cap != 0x02)
1421 static void link_key_notify(struct btdev *btdev, const uint8_t *bdaddr,
1424 struct bt_hci_evt_link_key_notify ev;
1426 memcpy(btdev->link_key, key, 16);
1428 memcpy(ev.bdaddr, bdaddr, 6);
1429 memcpy(ev.link_key, key, 16);
1430 ev.key_type = get_link_key_type(btdev);
1432 send_event(btdev, BT_HCI_EVT_LINK_KEY_NOTIFY, &ev, sizeof(ev));
1435 static void encrypt_change(struct btdev *btdev, uint8_t mode, uint8_t status)
1437 struct bt_hci_evt_encrypt_change ev;
1440 ev.handle = cpu_to_le16(42);
1441 ev.encr_mode = mode;
1443 send_event(btdev, BT_HCI_EVT_ENCRYPT_CHANGE, &ev, sizeof(ev));
1446 static void pin_code_req_reply_complete(struct btdev *btdev,
1447 const uint8_t *bdaddr, uint8_t pin_len,
1448 const uint8_t *pin_code)
1450 struct bt_hci_evt_auth_complete ev;
1451 struct btdev *remote = btdev->conn;
1454 remote = find_btdev_by_bdaddr(bdaddr);
1459 memcpy(btdev->pin, pin_code, pin_len);
1460 btdev->pin_len = pin_len;
1462 if (!remote->pin_len) {
1463 struct bt_hci_evt_pin_code_request pin_req;
1465 memcpy(pin_req.bdaddr, btdev->bdaddr, 6);
1466 send_event(remote, BT_HCI_EVT_PIN_CODE_REQUEST, &pin_req,
1471 if (btdev->pin_len == remote->pin_len &&
1472 !memcmp(btdev->pin, remote->pin, btdev->pin_len)) {
1473 link_key_notify(btdev, remote->bdaddr, LINK_KEY_DUMMY);
1474 link_key_notify(remote, btdev->bdaddr, LINK_KEY_DUMMY);
1475 ev.status = BT_HCI_ERR_SUCCESS;
1477 ev.status = BT_HCI_ERR_AUTH_FAILURE;
1481 ev.handle = cpu_to_le16(42);
1482 send_event(remote, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
1484 conn_complete(remote, btdev->bdaddr, ev.status);
1488 remote->pin_len = 0;
1491 static void pin_code_req_neg_reply_complete(struct btdev *btdev,
1492 const uint8_t *bdaddr)
1494 struct bt_hci_evt_auth_complete ev;
1495 struct btdev *remote = btdev->conn;
1498 remote = find_btdev_by_bdaddr(bdaddr);
1503 ev.status = BT_HCI_ERR_PIN_OR_KEY_MISSING;
1504 ev.handle = cpu_to_le16(42);
1507 send_event(btdev, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
1509 conn_complete(btdev, bdaddr, BT_HCI_ERR_PIN_OR_KEY_MISSING);
1512 if (remote->pin_len)
1513 send_event(remote, BT_HCI_EVT_AUTH_COMPLETE, &ev,
1516 conn_complete(remote, btdev->bdaddr,
1517 BT_HCI_ERR_PIN_OR_KEY_MISSING);
1521 static void auth_request_complete(struct btdev *btdev, uint16_t handle)
1523 struct btdev *remote = btdev->conn;
1526 struct bt_hci_evt_auth_complete ev;
1528 ev.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1529 ev.handle = cpu_to_le16(handle);
1531 send_event(btdev, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
1536 btdev->auth_init = true;
1538 send_event(btdev, BT_HCI_EVT_LINK_KEY_REQUEST, remote->bdaddr, 6);
1541 static void name_request_complete(struct btdev *btdev,
1542 const uint8_t *bdaddr, uint8_t status)
1544 struct bt_hci_evt_remote_name_request_complete nc;
1547 memcpy(nc.bdaddr, bdaddr, 6);
1548 memset(nc.name, 0, 248);
1551 struct btdev *remote = find_btdev_by_bdaddr(bdaddr);
1554 memcpy(nc.name, remote->name, 248);
1556 nc.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1559 send_event(btdev, BT_HCI_EVT_REMOTE_NAME_REQUEST_COMPLETE,
1563 static void remote_features_complete(struct btdev *btdev, uint16_t handle)
1565 struct bt_hci_evt_remote_features_complete rfc;
1568 rfc.status = BT_HCI_ERR_SUCCESS;
1569 rfc.handle = cpu_to_le16(handle);
1570 memcpy(rfc.features, btdev->conn->features, 8);
1572 rfc.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1573 rfc.handle = cpu_to_le16(handle);
1574 memset(rfc.features, 0, 8);
1577 send_event(btdev, BT_HCI_EVT_REMOTE_FEATURES_COMPLETE,
1581 static void btdev_get_host_features(struct btdev *btdev, uint8_t features[8])
1583 memset(features, 0, 8);
1584 if (btdev->simple_pairing_mode)
1585 features[0] |= 0x01;
1586 if (btdev->le_supported)
1587 features[0] |= 0x02;
1588 if (btdev->le_simultaneous)
1589 features[0] |= 0x04;
1590 if (btdev->secure_conn_support)
1591 features[0] |= 0x08;
1594 static void remote_ext_features_complete(struct btdev *btdev, uint16_t handle,
1597 struct bt_hci_evt_remote_ext_features_complete refc;
1599 if (btdev->conn && page < 0x02) {
1600 refc.handle = cpu_to_le16(handle);
1602 refc.max_page = 0x01;
1606 refc.status = BT_HCI_ERR_SUCCESS;
1607 memcpy(refc.features, btdev->conn->features, 8);
1610 refc.status = BT_HCI_ERR_SUCCESS;
1611 btdev_get_host_features(btdev->conn, refc.features);
1614 refc.status = BT_HCI_ERR_INVALID_PARAMETERS;
1615 memset(refc.features, 0, 8);
1619 refc.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1620 refc.handle = cpu_to_le16(handle);
1622 refc.max_page = 0x01;
1623 memset(refc.features, 0, 8);
1626 send_event(btdev, BT_HCI_EVT_REMOTE_EXT_FEATURES_COMPLETE,
1627 &refc, sizeof(refc));
1630 static void remote_version_complete(struct btdev *btdev, uint16_t handle)
1632 struct bt_hci_evt_remote_version_complete rvc;
1635 rvc.status = BT_HCI_ERR_SUCCESS;
1636 rvc.handle = cpu_to_le16(handle);
1637 rvc.lmp_ver = btdev->conn->version;
1638 rvc.manufacturer = cpu_to_le16(btdev->conn->manufacturer);
1639 rvc.lmp_subver = cpu_to_le16(btdev->conn->revision);
1641 rvc.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1642 rvc.handle = cpu_to_le16(handle);
1644 rvc.manufacturer = cpu_to_le16(0);
1645 rvc.lmp_subver = cpu_to_le16(0);
1648 send_event(btdev, BT_HCI_EVT_REMOTE_VERSION_COMPLETE,
1652 static void remote_clock_offset_complete(struct btdev *btdev, uint16_t handle)
1654 struct bt_hci_evt_clock_offset_complete coc;
1657 coc.status = BT_HCI_ERR_SUCCESS;
1658 coc.handle = cpu_to_le16(handle);
1659 coc.clock_offset = 0;
1661 coc.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1662 coc.handle = cpu_to_le16(handle);
1663 coc.clock_offset = 0;
1666 send_event(btdev, BT_HCI_EVT_CLOCK_OFFSET_COMPLETE,
1670 static void read_enc_key_size_complete(struct btdev *btdev, uint16_t handle)
1672 struct bt_hci_rsp_read_encrypt_key_size rsp;
1674 rsp.handle = cpu_to_le16(handle);
1677 rsp.status = BT_HCI_ERR_SUCCESS;
1680 rsp.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1684 cmd_complete(btdev, BT_HCI_CMD_READ_ENCRYPT_KEY_SIZE,
1688 static void io_cap_req_reply_complete(struct btdev *btdev,
1689 const uint8_t *bdaddr,
1690 uint8_t capability, uint8_t oob_data,
1691 uint8_t authentication)
1693 struct btdev *remote = btdev->conn;
1694 struct bt_hci_evt_io_capability_response ev;
1695 struct bt_hci_rsp_io_capability_request_reply rsp;
1699 status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1703 status = BT_HCI_ERR_SUCCESS;
1705 btdev->io_cap = capability;
1706 btdev->auth_req = authentication;
1708 memcpy(ev.bdaddr, btdev->bdaddr, 6);
1709 ev.capability = capability;
1710 ev.oob_data = oob_data;
1711 ev.authentication = authentication;
1713 send_event(remote, BT_HCI_EVT_IO_CAPABILITY_RESPONSE, &ev, sizeof(ev));
1715 if (remote->io_cap) {
1716 struct bt_hci_evt_user_confirm_request cfm;
1718 memcpy(cfm.bdaddr, btdev->bdaddr, 6);
1721 send_event(remote, BT_HCI_EVT_USER_CONFIRM_REQUEST,
1724 memcpy(cfm.bdaddr, bdaddr, 6);
1725 send_event(btdev, BT_HCI_EVT_USER_CONFIRM_REQUEST,
1728 send_event(remote, BT_HCI_EVT_IO_CAPABILITY_REQUEST,
1733 rsp.status = status;
1734 memcpy(rsp.bdaddr, bdaddr, 6);
1735 cmd_complete(btdev, BT_HCI_CMD_IO_CAPABILITY_REQUEST_REPLY,
1739 static void io_cap_req_neg_reply_complete(struct btdev *btdev,
1740 const uint8_t *bdaddr)
1742 struct bt_hci_rsp_io_capability_request_neg_reply rsp;
1744 rsp.status = BT_HCI_ERR_SUCCESS;
1745 memcpy(rsp.bdaddr, bdaddr, 6);
1746 cmd_complete(btdev, BT_HCI_CMD_IO_CAPABILITY_REQUEST_NEG_REPLY,
1750 static void ssp_complete(struct btdev *btdev, const uint8_t *bdaddr,
1751 uint8_t status, bool wait)
1753 struct bt_hci_evt_simple_pairing_complete iev, aev;
1754 struct bt_hci_evt_auth_complete auth;
1755 struct btdev *remote = btdev->conn;
1756 struct btdev *init, *accp;
1761 btdev->ssp_status = status;
1762 btdev->ssp_auth_complete = true;
1764 if (!remote->ssp_auth_complete && wait)
1767 if (status == BT_HCI_ERR_SUCCESS &&
1768 remote->ssp_status != BT_HCI_ERR_SUCCESS)
1769 status = remote->ssp_status;
1771 iev.status = status;
1772 aev.status = status;
1774 if (btdev->auth_init) {
1777 memcpy(iev.bdaddr, bdaddr, 6);
1778 memcpy(aev.bdaddr, btdev->bdaddr, 6);
1782 memcpy(iev.bdaddr, btdev->bdaddr, 6);
1783 memcpy(aev.bdaddr, bdaddr, 6);
1786 send_event(init, BT_HCI_EVT_SIMPLE_PAIRING_COMPLETE, &iev,
1788 send_event(accp, BT_HCI_EVT_SIMPLE_PAIRING_COMPLETE, &aev,
1791 if (status == BT_HCI_ERR_SUCCESS) {
1792 link_key_notify(init, iev.bdaddr, LINK_KEY_DUMMY);
1793 link_key_notify(accp, aev.bdaddr, LINK_KEY_DUMMY);
1796 auth.status = status;
1797 auth.handle = cpu_to_le16(42);
1798 send_event(init, BT_HCI_EVT_AUTH_COMPLETE, &auth, sizeof(auth));
1801 static void le_send_adv_report(struct btdev *btdev, const struct btdev *remote,
1807 struct bt_hci_evt_le_adv_report lar;
1808 uint8_t raw[10 + 31 + 1];
1812 meta_event.subevent = BT_HCI_EVT_LE_ADV_REPORT;
1814 memset(&meta_event.lar, 0, sizeof(meta_event.lar));
1815 meta_event.lar.num_reports = 1;
1816 meta_event.lar.event_type = type;
1817 meta_event.lar.addr_type = remote->le_adv_own_addr;
1818 memcpy(meta_event.lar.addr, adv_addr(remote), 6);
1820 /* Scan or advertising response */
1822 meta_event.lar.data_len = remote->le_scan_data_len;
1823 memcpy(meta_event.lar.data, remote->le_scan_data,
1824 meta_event.lar.data_len);
1826 meta_event.lar.data_len = remote->le_adv_data_len;
1827 memcpy(meta_event.lar.data, remote->le_adv_data,
1828 meta_event.lar.data_len);
1831 meta_event.raw[10 + meta_event.lar.data_len] = 127;
1832 send_event(btdev, BT_HCI_EVT_LE_META_EVENT, &meta_event,
1833 1 + 10 + meta_event.lar.data_len + 1);
1836 static uint8_t get_adv_report_type(uint8_t adv_type)
1839 * Connectable low duty cycle directed advertising creates a
1840 * connectable directed advertising report type.
1842 if (adv_type == 0x04)
1848 static void le_set_adv_enable_complete(struct btdev *btdev)
1850 uint8_t report_type;
1853 report_type = get_adv_report_type(btdev->le_adv_type);
1855 for (i = 0; i < MAX_BTDEV_ENTRIES; i++) {
1856 if (!btdev_list[i] || btdev_list[i] == btdev)
1859 if (!btdev_list[i]->le_scan_enable)
1862 if (!adv_match(btdev_list[i], btdev))
1865 le_send_adv_report(btdev_list[i], btdev, report_type);
1867 if (btdev_list[i]->le_scan_type != 0x01)
1870 /* ADV_IND & ADV_SCAN_IND generate a scan response */
1871 if (btdev->le_adv_type == 0x00 || btdev->le_adv_type == 0x02)
1872 le_send_adv_report(btdev_list[i], btdev, 0x04);
1876 static void le_set_scan_enable_complete(struct btdev *btdev)
1880 for (i = 0; i < MAX_BTDEV_ENTRIES; i++) {
1881 uint8_t report_type;
1883 if (!btdev_list[i] || btdev_list[i] == btdev)
1886 if (!btdev_list[i]->le_adv_enable)
1889 if (!adv_match(btdev, btdev_list[i]))
1892 report_type = get_adv_report_type(btdev_list[i]->le_adv_type);
1893 le_send_adv_report(btdev, btdev_list[i], report_type);
1895 if (btdev->le_scan_type != 0x01)
1898 /* ADV_IND & ADV_SCAN_IND generate a scan response */
1899 if (btdev_list[i]->le_adv_type == 0x00 ||
1900 btdev_list[i]->le_adv_type == 0x02)
1901 le_send_adv_report(btdev, btdev_list[i], 0x04);
1905 static void le_read_remote_features_complete(struct btdev *btdev)
1907 char buf[1 + sizeof(struct bt_hci_evt_le_remote_features_complete)];
1908 struct bt_hci_evt_le_remote_features_complete *ev = (void *) &buf[1];
1909 struct btdev *remote = btdev->conn;
1912 cmd_status(btdev, BT_HCI_ERR_UNKNOWN_CONN_ID,
1913 BT_HCI_CMD_LE_READ_REMOTE_FEATURES);
1917 cmd_status(btdev, BT_HCI_ERR_SUCCESS,
1918 BT_HCI_CMD_LE_READ_REMOTE_FEATURES);
1920 memset(buf, 0, sizeof(buf));
1921 buf[0] = BT_HCI_EVT_LE_REMOTE_FEATURES_COMPLETE;
1922 ev->status = BT_HCI_ERR_SUCCESS;
1923 ev->handle = cpu_to_le16(42);
1924 memcpy(ev->features, remote->le_features, 8);
1926 send_event(btdev, BT_HCI_EVT_LE_META_EVENT, buf, sizeof(buf));
1929 static void le_start_encrypt_complete(struct btdev *btdev, uint16_t ediv,
1932 char buf[1 + sizeof(struct bt_hci_evt_le_long_term_key_request)];
1933 struct bt_hci_evt_le_long_term_key_request *ev = (void *) &buf[1];
1934 struct btdev *remote = btdev->conn;
1937 cmd_status(btdev, BT_HCI_ERR_UNKNOWN_CONN_ID,
1938 BT_HCI_CMD_LE_START_ENCRYPT);
1942 cmd_status(btdev, BT_HCI_ERR_SUCCESS, BT_HCI_CMD_LE_START_ENCRYPT);
1944 memset(buf, 0, sizeof(buf));
1945 buf[0] = BT_HCI_EVT_LE_LONG_TERM_KEY_REQUEST;
1946 ev->handle = cpu_to_le16(42);
1950 send_event(remote, BT_HCI_EVT_LE_META_EVENT, buf, sizeof(buf));
1953 static void le_encrypt_complete(struct btdev *btdev)
1955 struct bt_hci_evt_encrypt_change ev;
1956 struct bt_hci_rsp_le_ltk_req_reply rp;
1957 struct btdev *remote = btdev->conn;
1959 memset(&rp, 0, sizeof(rp));
1960 rp.handle = cpu_to_le16(42);
1963 rp.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1964 cmd_complete(btdev, BT_HCI_CMD_LE_LTK_REQ_REPLY, &rp,
1969 rp.status = BT_HCI_ERR_SUCCESS;
1970 cmd_complete(btdev, BT_HCI_CMD_LE_LTK_REQ_REPLY, &rp, sizeof(rp));
1972 memset(&ev, 0, sizeof(ev));
1974 if (memcmp(btdev->le_ltk, remote->le_ltk, 16)) {
1975 ev.status = BT_HCI_ERR_AUTH_FAILURE;
1976 ev.encr_mode = 0x00;
1978 ev.status = BT_HCI_ERR_SUCCESS;
1979 ev.encr_mode = 0x01;
1982 ev.handle = cpu_to_le16(42);
1984 send_event(btdev, BT_HCI_EVT_ENCRYPT_CHANGE, &ev, sizeof(ev));
1985 send_event(remote, BT_HCI_EVT_ENCRYPT_CHANGE, &ev, sizeof(ev));
1988 static void ltk_neg_reply_complete(struct btdev *btdev)
1990 struct bt_hci_rsp_le_ltk_req_neg_reply rp;
1991 struct bt_hci_evt_encrypt_change ev;
1992 struct btdev *remote = btdev->conn;
1994 memset(&rp, 0, sizeof(rp));
1995 rp.handle = cpu_to_le16(42);
1998 rp.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1999 cmd_complete(btdev, BT_HCI_CMD_LE_LTK_REQ_NEG_REPLY, &rp,
2004 rp.status = BT_HCI_ERR_SUCCESS;
2005 cmd_complete(btdev, BT_HCI_CMD_LE_LTK_REQ_NEG_REPLY, &rp, sizeof(rp));
2007 memset(&ev, 0, sizeof(ev));
2008 ev.status = BT_HCI_ERR_PIN_OR_KEY_MISSING;
2009 ev.handle = cpu_to_le16(42);
2011 send_event(remote, BT_HCI_EVT_ENCRYPT_CHANGE, &ev, sizeof(ev));
2014 static void btdev_reset(struct btdev *btdev)
2016 /* FIXME: include here clearing of all states that should be
2017 * cleared upon HCI_Reset
2020 btdev->le_scan_enable = 0x00;
2021 btdev->le_adv_enable = 0x00;
2024 static void default_cmd(struct btdev *btdev, uint16_t opcode,
2025 const void *data, uint8_t len)
2027 const struct bt_hci_cmd_remote_name_request_cancel *rnrc;
2028 const struct bt_hci_cmd_write_default_link_policy *wdlp;
2029 const struct bt_hci_cmd_set_event_mask *sem;
2030 const struct bt_hci_cmd_set_event_filter *sef;
2031 const struct bt_hci_cmd_write_local_name *wln;
2032 const struct bt_hci_cmd_write_conn_accept_timeout *wcat;
2033 const struct bt_hci_cmd_write_page_timeout *wpt;
2034 const struct bt_hci_cmd_write_scan_enable *wse;
2035 const struct bt_hci_cmd_write_page_scan_activity *wpsa;
2036 const struct bt_hci_cmd_write_inquiry_scan_activity *wisa;
2037 const struct bt_hci_cmd_write_page_scan_type *wpst;
2038 const struct bt_hci_cmd_write_auth_enable *wae;
2039 const struct bt_hci_cmd_write_class_of_dev *wcod;
2040 const struct bt_hci_cmd_write_voice_setting *wvs;
2041 const struct bt_hci_cmd_set_host_flow_control *shfc;
2042 const struct bt_hci_cmd_write_inquiry_mode *wim;
2043 const struct bt_hci_cmd_write_afh_assessment_mode *waam;
2044 const struct bt_hci_cmd_write_ext_inquiry_response *weir;
2045 const struct bt_hci_cmd_write_simple_pairing_mode *wspm;
2046 const struct bt_hci_cmd_io_capability_request_reply *icrr;
2047 const struct bt_hci_cmd_io_capability_request_reply *icrnr;
2048 const struct bt_hci_cmd_read_encrypt_key_size *reks;
2049 const struct bt_hci_cmd_write_le_host_supported *wlhs;
2050 const struct bt_hci_cmd_write_secure_conn_support *wscs;
2051 const struct bt_hci_cmd_set_event_mask_page2 *semp2;
2052 const struct bt_hci_cmd_le_set_event_mask *lsem;
2053 const struct bt_hci_cmd_le_set_random_address *lsra;
2054 const struct bt_hci_cmd_le_set_adv_parameters *lsap;
2055 const struct bt_hci_cmd_le_set_adv_data *lsad;
2056 const struct bt_hci_cmd_le_set_scan_rsp_data *lssrd;
2057 const struct bt_hci_cmd_setup_sync_conn *ssc;
2058 const struct bt_hci_cmd_write_ssp_debug_mode *wsdm;
2059 const struct bt_hci_cmd_le_set_adv_enable *lsae;
2060 const struct bt_hci_cmd_le_set_scan_parameters *lssp;
2061 const struct bt_hci_cmd_le_set_scan_enable *lsse;
2062 const struct bt_hci_cmd_le_start_encrypt *lse;
2063 const struct bt_hci_cmd_le_ltk_req_reply *llrr;
2064 const struct bt_hci_cmd_le_encrypt *lenc_cmd;
2065 const struct bt_hci_cmd_le_generate_dhkey *dh;
2066 const struct bt_hci_cmd_le_conn_param_req_reply *lcprr_cmd;
2067 const struct bt_hci_cmd_le_conn_param_req_neg_reply *lcprnr_cmd;
2068 const struct bt_hci_cmd_read_local_amp_assoc *rlaa_cmd;
2069 const struct bt_hci_cmd_read_rssi *rrssi;
2070 const struct bt_hci_cmd_read_tx_power *rtxp;
2071 struct bt_hci_rsp_read_default_link_policy rdlp;
2072 struct bt_hci_rsp_read_stored_link_key rslk;
2073 struct bt_hci_rsp_write_stored_link_key wslk;
2074 struct bt_hci_rsp_delete_stored_link_key dslk;
2075 struct bt_hci_rsp_read_local_name rln;
2076 struct bt_hci_rsp_read_conn_accept_timeout rcat;
2077 struct bt_hci_rsp_read_page_timeout rpt;
2078 struct bt_hci_rsp_read_scan_enable rse;
2079 struct bt_hci_rsp_read_page_scan_activity rpsa;
2080 struct bt_hci_rsp_read_inquiry_scan_activity risa;
2081 struct bt_hci_rsp_read_page_scan_type rpst;
2082 struct bt_hci_rsp_read_auth_enable rae;
2083 struct bt_hci_rsp_read_class_of_dev rcod;
2084 struct bt_hci_rsp_read_voice_setting rvs;
2085 struct bt_hci_rsp_read_num_supported_iac rnsi;
2086 struct bt_hci_rsp_read_current_iac_lap *rcil;
2087 struct bt_hci_rsp_read_inquiry_mode rim;
2088 struct bt_hci_rsp_read_afh_assessment_mode raam;
2089 struct bt_hci_rsp_read_ext_inquiry_response reir;
2090 struct bt_hci_rsp_read_simple_pairing_mode rspm;
2091 struct bt_hci_rsp_read_local_oob_data rlod;
2092 struct bt_hci_rsp_read_inquiry_resp_tx_power rirtp;
2093 struct bt_hci_rsp_read_le_host_supported rlhs;
2094 struct bt_hci_rsp_read_secure_conn_support rscs;
2095 struct bt_hci_rsp_read_local_oob_ext_data rloed;
2096 struct bt_hci_rsp_read_sync_train_params rstp;
2097 struct bt_hci_rsp_read_local_version rlv;
2098 struct bt_hci_rsp_read_local_commands rlc;
2099 struct bt_hci_rsp_read_local_features rlf;
2100 struct bt_hci_rsp_read_local_ext_features rlef;
2101 struct bt_hci_rsp_read_buffer_size rbs;
2102 struct bt_hci_rsp_read_country_code rcc;
2103 struct bt_hci_rsp_read_bd_addr rba;
2104 struct bt_hci_rsp_read_data_block_size rdbs;
2105 struct bt_hci_rsp_read_local_codecs *rlsc;
2106 struct bt_hci_rsp_read_local_amp_info rlai;
2107 struct bt_hci_rsp_read_local_amp_assoc rlaa_rsp;
2108 struct bt_hci_rsp_get_mws_transport_config *gmtc;
2109 struct bt_hci_rsp_le_conn_param_req_reply lcprr_rsp;
2110 struct bt_hci_rsp_le_conn_param_req_neg_reply lcprnr_rsp;
2111 struct bt_hci_rsp_le_read_buffer_size lrbs;
2112 struct bt_hci_rsp_le_read_local_features lrlf;
2113 struct bt_hci_rsp_le_read_adv_tx_power lratp;
2114 struct bt_hci_rsp_le_read_supported_states lrss;
2115 struct bt_hci_rsp_le_read_white_list_size lrwls;
2116 struct bt_hci_rsp_le_encrypt lenc;
2117 struct bt_hci_rsp_le_rand lr;
2118 struct bt_hci_rsp_le_test_end lte;
2119 struct bt_hci_rsp_remote_name_request_cancel rnrc_rsp;
2120 struct bt_hci_rsp_link_key_request_reply lkrr_rsp;
2121 struct bt_hci_rsp_link_key_request_neg_reply lkrnr_rsp;
2122 struct bt_hci_rsp_pin_code_request_neg_reply pcrr_rsp;
2123 struct bt_hci_rsp_pin_code_request_neg_reply pcrnr_rsp;
2124 struct bt_hci_rsp_user_confirm_request_reply ucrr_rsp;
2125 struct bt_hci_rsp_user_confirm_request_neg_reply ucrnr_rsp;
2126 struct bt_hci_rsp_read_rssi rrssi_rsp;
2127 struct bt_hci_rsp_read_tx_power rtxp_rsp;
2128 struct bt_hci_evt_le_read_local_pk256_complete pk_evt;
2129 struct bt_hci_evt_le_generate_dhkey_complete dh_evt;
2130 uint8_t status, page;
2133 case BT_HCI_CMD_INQUIRY:
2134 if (btdev->type == BTDEV_TYPE_LE)
2136 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2139 case BT_HCI_CMD_INQUIRY_CANCEL:
2140 if (btdev->type == BTDEV_TYPE_LE)
2142 inquiry_cancel(btdev);
2145 case BT_HCI_CMD_CREATE_CONN:
2146 if (btdev->type == BTDEV_TYPE_LE)
2148 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2151 case BT_HCI_CMD_DISCONNECT:
2152 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2155 case BT_HCI_CMD_CREATE_CONN_CANCEL:
2156 if (btdev->type == BTDEV_TYPE_LE)
2158 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2161 case BT_HCI_CMD_ACCEPT_CONN_REQUEST:
2162 if (btdev->type == BTDEV_TYPE_LE)
2164 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2167 case BT_HCI_CMD_REJECT_CONN_REQUEST:
2168 if (btdev->type == BTDEV_TYPE_LE)
2170 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2173 case BT_HCI_CMD_LINK_KEY_REQUEST_REPLY:
2174 if (btdev->type == BTDEV_TYPE_LE)
2176 lkrr_rsp.status = BT_HCI_ERR_SUCCESS;
2177 memcpy(lkrr_rsp.bdaddr, data, 6);
2178 cmd_complete(btdev, opcode, &lkrr_rsp, sizeof(lkrr_rsp));
2181 case BT_HCI_CMD_LINK_KEY_REQUEST_NEG_REPLY:
2182 if (btdev->type == BTDEV_TYPE_LE)
2184 lkrnr_rsp.status = BT_HCI_ERR_SUCCESS;
2185 memcpy(lkrnr_rsp.bdaddr, data, 6);
2186 cmd_complete(btdev, opcode, &lkrnr_rsp, sizeof(lkrnr_rsp));
2189 case BT_HCI_CMD_PIN_CODE_REQUEST_REPLY:
2190 if (btdev->type == BTDEV_TYPE_LE)
2192 pcrr_rsp.status = BT_HCI_ERR_SUCCESS;
2193 memcpy(pcrr_rsp.bdaddr, data, 6);
2194 cmd_complete(btdev, opcode, &pcrr_rsp, sizeof(pcrr_rsp));
2197 case BT_HCI_CMD_PIN_CODE_REQUEST_NEG_REPLY:
2198 if (btdev->type == BTDEV_TYPE_LE)
2200 pcrnr_rsp.status = BT_HCI_ERR_SUCCESS;
2201 memcpy(pcrnr_rsp.bdaddr, data, 6);
2202 cmd_complete(btdev, opcode, &pcrnr_rsp, sizeof(pcrnr_rsp));
2205 case BT_HCI_CMD_AUTH_REQUESTED:
2206 if (btdev->type == BTDEV_TYPE_LE)
2208 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2211 case BT_HCI_CMD_SET_CONN_ENCRYPT:
2212 if (btdev->type == BTDEV_TYPE_LE)
2214 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2217 case BT_HCI_CMD_REMOTE_NAME_REQUEST:
2218 if (btdev->type == BTDEV_TYPE_LE)
2220 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2223 case BT_HCI_CMD_REMOTE_NAME_REQUEST_CANCEL:
2224 if (btdev->type == BTDEV_TYPE_LE)
2227 rnrc_rsp.status = BT_HCI_ERR_SUCCESS;
2228 memcpy(rnrc_rsp.bdaddr, rnrc->bdaddr, 6);
2229 cmd_complete(btdev, opcode, &rnrc_rsp, sizeof(rnrc_rsp));
2232 case BT_HCI_CMD_READ_REMOTE_FEATURES:
2233 if (btdev->type == BTDEV_TYPE_LE)
2235 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2238 case BT_HCI_CMD_READ_REMOTE_EXT_FEATURES:
2239 if (btdev->type == BTDEV_TYPE_LE)
2241 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2244 case BT_HCI_CMD_READ_REMOTE_VERSION:
2245 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2248 case BT_HCI_CMD_READ_CLOCK_OFFSET:
2249 if (btdev->type == BTDEV_TYPE_LE)
2251 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2254 case BT_HCI_CMD_READ_DEFAULT_LINK_POLICY:
2255 if (btdev->type == BTDEV_TYPE_LE)
2257 rdlp.status = BT_HCI_ERR_SUCCESS;
2258 rdlp.policy = cpu_to_le16(btdev->default_link_policy);
2259 cmd_complete(btdev, opcode, &rdlp, sizeof(rdlp));
2262 case BT_HCI_CMD_WRITE_DEFAULT_LINK_POLICY:
2263 if (btdev->type == BTDEV_TYPE_LE)
2266 btdev->default_link_policy = le16_to_cpu(wdlp->policy);
2267 status = BT_HCI_ERR_SUCCESS;
2268 cmd_complete(btdev, opcode, &status, sizeof(status));
2271 case BT_HCI_CMD_SET_EVENT_MASK:
2273 memcpy(btdev->event_mask, sem->mask, 8);
2274 status = BT_HCI_ERR_SUCCESS;
2275 cmd_complete(btdev, opcode, &status, sizeof(status));
2278 case BT_HCI_CMD_RESET:
2280 status = BT_HCI_ERR_SUCCESS;
2281 cmd_complete(btdev, opcode, &status, sizeof(status));
2284 case BT_HCI_CMD_SET_EVENT_FILTER:
2285 if (btdev->type == BTDEV_TYPE_LE)
2288 btdev->event_filter = sef->type;
2289 status = BT_HCI_ERR_SUCCESS;
2290 cmd_complete(btdev, opcode, &status, sizeof(status));
2293 case BT_HCI_CMD_READ_STORED_LINK_KEY:
2294 if (btdev->type == BTDEV_TYPE_LE)
2296 rslk.status = BT_HCI_ERR_SUCCESS;
2297 rslk.max_num_keys = cpu_to_le16(0);
2298 rslk.num_keys = cpu_to_le16(0);
2299 cmd_complete(btdev, opcode, &rslk, sizeof(rslk));
2302 case BT_HCI_CMD_WRITE_STORED_LINK_KEY:
2303 if (btdev->type == BTDEV_TYPE_LE)
2305 wslk.status = BT_HCI_ERR_SUCCESS;
2307 cmd_complete(btdev, opcode, &wslk, sizeof(wslk));
2310 case BT_HCI_CMD_DELETE_STORED_LINK_KEY:
2311 if (btdev->type == BTDEV_TYPE_LE)
2313 dslk.status = BT_HCI_ERR_SUCCESS;
2314 dslk.num_keys = cpu_to_le16(0);
2315 cmd_complete(btdev, opcode, &dslk, sizeof(dslk));
2318 case BT_HCI_CMD_WRITE_LOCAL_NAME:
2319 if (btdev->type == BTDEV_TYPE_LE)
2322 memcpy(btdev->name, wln->name, 248);
2323 status = BT_HCI_ERR_SUCCESS;
2324 cmd_complete(btdev, opcode, &status, sizeof(status));
2327 case BT_HCI_CMD_READ_LOCAL_NAME:
2328 if (btdev->type == BTDEV_TYPE_LE)
2330 rln.status = BT_HCI_ERR_SUCCESS;
2331 memcpy(rln.name, btdev->name, 248);
2332 cmd_complete(btdev, opcode, &rln, sizeof(rln));
2335 case BT_HCI_CMD_READ_CONN_ACCEPT_TIMEOUT:
2336 if (btdev->type == BTDEV_TYPE_LE)
2338 rcat.status = BT_HCI_ERR_SUCCESS;
2339 rcat.timeout = cpu_to_le16(btdev->conn_accept_timeout);
2340 cmd_complete(btdev, opcode, &rcat, sizeof(rcat));
2343 case BT_HCI_CMD_WRITE_CONN_ACCEPT_TIMEOUT:
2344 if (btdev->type == BTDEV_TYPE_LE)
2347 btdev->conn_accept_timeout = le16_to_cpu(wcat->timeout);
2348 status = BT_HCI_ERR_SUCCESS;
2349 cmd_complete(btdev, opcode, &status, sizeof(status));
2352 case BT_HCI_CMD_READ_PAGE_TIMEOUT:
2353 if (btdev->type == BTDEV_TYPE_LE)
2355 rpt.status = BT_HCI_ERR_SUCCESS;
2356 rpt.timeout = cpu_to_le16(btdev->page_timeout);
2357 cmd_complete(btdev, opcode, &rpt, sizeof(rpt));
2360 case BT_HCI_CMD_WRITE_PAGE_TIMEOUT:
2361 if (btdev->type == BTDEV_TYPE_LE)
2364 btdev->page_timeout = le16_to_cpu(wpt->timeout);
2365 status = BT_HCI_ERR_SUCCESS;
2366 cmd_complete(btdev, opcode, &status, sizeof(status));
2369 case BT_HCI_CMD_READ_SCAN_ENABLE:
2370 if (btdev->type == BTDEV_TYPE_LE)
2372 rse.status = BT_HCI_ERR_SUCCESS;
2373 rse.enable = btdev->scan_enable;
2374 cmd_complete(btdev, opcode, &rse, sizeof(rse));
2377 case BT_HCI_CMD_WRITE_SCAN_ENABLE:
2378 if (btdev->type == BTDEV_TYPE_LE)
2381 btdev->scan_enable = wse->enable;
2382 status = BT_HCI_ERR_SUCCESS;
2383 cmd_complete(btdev, opcode, &status, sizeof(status));
2386 case BT_HCI_CMD_READ_PAGE_SCAN_ACTIVITY:
2387 if (btdev->type == BTDEV_TYPE_LE)
2389 rpsa.status = BT_HCI_ERR_SUCCESS;
2390 rpsa.interval = cpu_to_le16(btdev->page_scan_interval);
2391 rpsa.window = cpu_to_le16(btdev->page_scan_window);
2392 cmd_complete(btdev, opcode, &rpsa, sizeof(rpsa));
2395 case BT_HCI_CMD_WRITE_PAGE_SCAN_ACTIVITY:
2396 if (btdev->type == BTDEV_TYPE_LE)
2399 btdev->page_scan_interval = le16_to_cpu(wpsa->interval);
2400 btdev->page_scan_window = le16_to_cpu(wpsa->window);
2401 status = BT_HCI_ERR_SUCCESS;
2402 cmd_complete(btdev, opcode, &status, sizeof(status));
2405 case BT_HCI_CMD_READ_INQUIRY_SCAN_ACTIVITY:
2406 if (btdev->type == BTDEV_TYPE_LE)
2408 risa.status = BT_HCI_ERR_SUCCESS;
2409 risa.interval = cpu_to_le16(btdev->inquiry_scan_interval);
2410 risa.window = cpu_to_le16(btdev->inquiry_scan_window);
2411 cmd_complete(btdev, opcode, &risa, sizeof(risa));
2414 case BT_HCI_CMD_WRITE_INQUIRY_SCAN_ACTIVITY:
2415 if (btdev->type == BTDEV_TYPE_LE)
2418 btdev->inquiry_scan_interval = le16_to_cpu(wisa->interval);
2419 btdev->inquiry_scan_window = le16_to_cpu(wisa->window);
2420 status = BT_HCI_ERR_SUCCESS;
2421 cmd_complete(btdev, opcode, &status, sizeof(status));
2424 case BT_HCI_CMD_READ_PAGE_SCAN_TYPE:
2425 if (btdev->type == BTDEV_TYPE_LE)
2427 rpst.status = BT_HCI_ERR_SUCCESS;
2428 rpst.type = btdev->page_scan_type;
2429 cmd_complete(btdev, opcode, &rpst, sizeof(rpst));
2432 case BT_HCI_CMD_WRITE_PAGE_SCAN_TYPE:
2433 if (btdev->type == BTDEV_TYPE_LE)
2436 btdev->page_scan_type = wpst->type;
2437 status = BT_HCI_ERR_SUCCESS;
2438 cmd_complete(btdev, opcode, &status, sizeof(status));
2441 case BT_HCI_CMD_READ_AUTH_ENABLE:
2442 if (btdev->type == BTDEV_TYPE_LE)
2444 rae.status = BT_HCI_ERR_SUCCESS;
2445 rae.enable = btdev->auth_enable;
2446 cmd_complete(btdev, opcode, &rae, sizeof(rae));
2449 case BT_HCI_CMD_WRITE_AUTH_ENABLE:
2450 if (btdev->type == BTDEV_TYPE_LE)
2453 btdev->auth_enable = wae->enable;
2454 status = BT_HCI_ERR_SUCCESS;
2455 cmd_complete(btdev, opcode, &status, sizeof(status));
2458 case BT_HCI_CMD_READ_CLASS_OF_DEV:
2459 if (btdev->type == BTDEV_TYPE_LE)
2461 rcod.status = BT_HCI_ERR_SUCCESS;
2462 memcpy(rcod.dev_class, btdev->dev_class, 3);
2463 cmd_complete(btdev, opcode, &rcod, sizeof(rcod));
2466 case BT_HCI_CMD_WRITE_CLASS_OF_DEV:
2467 if (btdev->type == BTDEV_TYPE_LE)
2470 memcpy(btdev->dev_class, wcod->dev_class, 3);
2471 status = BT_HCI_ERR_SUCCESS;
2472 cmd_complete(btdev, opcode, &status, sizeof(status));
2475 case BT_HCI_CMD_READ_VOICE_SETTING:
2476 if (btdev->type == BTDEV_TYPE_LE)
2478 rvs.status = BT_HCI_ERR_SUCCESS;
2479 rvs.setting = cpu_to_le16(btdev->voice_setting);
2480 cmd_complete(btdev, opcode, &rvs, sizeof(rvs));
2483 case BT_HCI_CMD_WRITE_VOICE_SETTING:
2484 if (btdev->type == BTDEV_TYPE_LE)
2487 btdev->voice_setting = le16_to_cpu(wvs->setting);
2488 status = BT_HCI_ERR_SUCCESS;
2489 cmd_complete(btdev, opcode, &status, sizeof(status));
2492 case BT_HCI_CMD_SET_HOST_FLOW_CONTROL:
2494 if (shfc->enable > 0x03) {
2495 status = BT_HCI_ERR_INVALID_PARAMETERS;
2497 btdev->host_flow_control = shfc->enable;
2498 status = BT_HCI_ERR_SUCCESS;
2500 cmd_complete(btdev, opcode, &status, sizeof(status));
2503 case BT_HCI_CMD_HOST_BUFFER_SIZE:
2504 status = BT_HCI_ERR_SUCCESS;
2505 cmd_complete(btdev, opcode, &status, sizeof(status));
2508 case BT_HCI_CMD_HOST_NUM_COMPLETED_PACKETS:
2509 /* This command is special in the sense that no event is
2510 * normally generated after the command has completed.
2514 case BT_HCI_CMD_READ_NUM_SUPPORTED_IAC:
2515 if (btdev->type == BTDEV_TYPE_LE)
2517 rnsi.status = BT_HCI_ERR_SUCCESS;
2518 rnsi.num_iac = 0x01;
2519 cmd_complete(btdev, opcode, &rnsi, sizeof(rnsi));
2522 case BT_HCI_CMD_READ_CURRENT_IAC_LAP:
2523 if (btdev->type == BTDEV_TYPE_LE)
2525 rcil = alloca(sizeof(*rcil) + 3);
2526 rcil->status = BT_HCI_ERR_SUCCESS;
2527 rcil->num_iac = 0x01;
2528 rcil->iac_lap[0] = 0x33;
2529 rcil->iac_lap[1] = 0x8b;
2530 rcil->iac_lap[2] = 0x9e;
2531 cmd_complete(btdev, opcode, rcil, sizeof(*rcil) + 3);
2534 case BT_HCI_CMD_WRITE_CURRENT_IAC_LAP:
2535 if (btdev->type == BTDEV_TYPE_LE)
2537 status = BT_HCI_ERR_SUCCESS;
2538 cmd_complete(btdev, opcode, &status, sizeof(status));
2541 case BT_HCI_CMD_READ_INQUIRY_MODE:
2542 if (btdev->type == BTDEV_TYPE_LE)
2544 rim.status = BT_HCI_ERR_SUCCESS;
2545 rim.mode = btdev->inquiry_mode;
2546 cmd_complete(btdev, opcode, &rim, sizeof(rim));
2549 case BT_HCI_CMD_WRITE_INQUIRY_MODE:
2550 if (btdev->type == BTDEV_TYPE_LE)
2553 btdev->inquiry_mode = wim->mode;
2554 status = BT_HCI_ERR_SUCCESS;
2555 cmd_complete(btdev, opcode, &status, sizeof(status));
2558 case BT_HCI_CMD_READ_AFH_ASSESSMENT_MODE:
2559 if (btdev->type == BTDEV_TYPE_LE)
2561 raam.status = BT_HCI_ERR_SUCCESS;
2562 raam.mode = btdev->afh_assessment_mode;
2563 cmd_complete(btdev, opcode, &raam, sizeof(raam));
2566 case BT_HCI_CMD_WRITE_AFH_ASSESSMENT_MODE:
2567 if (btdev->type == BTDEV_TYPE_LE)
2570 btdev->afh_assessment_mode = waam->mode;
2571 status = BT_HCI_ERR_SUCCESS;
2572 cmd_complete(btdev, opcode, &status, sizeof(status));
2575 case BT_HCI_CMD_READ_EXT_INQUIRY_RESPONSE:
2576 if (btdev->type == BTDEV_TYPE_LE)
2578 reir.status = BT_HCI_ERR_SUCCESS;
2579 reir.fec = btdev->ext_inquiry_fec;
2580 memcpy(reir.data, btdev->ext_inquiry_rsp, 240);
2581 cmd_complete(btdev, opcode, &reir, sizeof(reir));
2584 case BT_HCI_CMD_WRITE_EXT_INQUIRY_RESPONSE:
2585 if (btdev->type == BTDEV_TYPE_LE)
2588 btdev->ext_inquiry_fec = weir->fec;
2589 memcpy(btdev->ext_inquiry_rsp, weir->data, 240);
2590 status = BT_HCI_ERR_SUCCESS;
2591 cmd_complete(btdev, opcode, &status, sizeof(status));
2594 case BT_HCI_CMD_READ_SIMPLE_PAIRING_MODE:
2595 if (btdev->type == BTDEV_TYPE_LE)
2597 rspm.status = BT_HCI_ERR_SUCCESS;
2598 rspm.mode = btdev->simple_pairing_mode;
2599 cmd_complete(btdev, opcode, &rspm, sizeof(rspm));
2602 case BT_HCI_CMD_WRITE_SIMPLE_PAIRING_MODE:
2603 if (btdev->type == BTDEV_TYPE_LE)
2606 btdev->simple_pairing_mode = wspm->mode;
2607 status = BT_HCI_ERR_SUCCESS;
2608 cmd_complete(btdev, opcode, &status, sizeof(status));
2611 case BT_HCI_CMD_IO_CAPABILITY_REQUEST_REPLY:
2612 if (btdev->type == BTDEV_TYPE_LE)
2615 io_cap_req_reply_complete(btdev, icrr->bdaddr,
2618 icrr->authentication);
2621 case BT_HCI_CMD_IO_CAPABILITY_REQUEST_NEG_REPLY:
2622 if (btdev->type == BTDEV_TYPE_LE)
2625 io_cap_req_neg_reply_complete(btdev, icrnr->bdaddr);
2626 ssp_complete(btdev, icrnr->bdaddr, BT_HCI_ERR_AUTH_FAILURE,
2630 case BT_HCI_CMD_USER_CONFIRM_REQUEST_REPLY:
2631 if (btdev->type == BTDEV_TYPE_LE)
2633 ucrr_rsp.status = BT_HCI_ERR_SUCCESS;
2634 memcpy(ucrr_rsp.bdaddr, data, 6);
2635 cmd_complete(btdev, opcode, &ucrr_rsp, sizeof(ucrr_rsp));
2636 ssp_complete(btdev, data, BT_HCI_ERR_SUCCESS, true);
2639 case BT_HCI_CMD_USER_CONFIRM_REQUEST_NEG_REPLY:
2640 if (btdev->type == BTDEV_TYPE_LE)
2642 ucrnr_rsp.status = BT_HCI_ERR_SUCCESS;
2643 memcpy(ucrnr_rsp.bdaddr, data, 6);
2644 cmd_complete(btdev, opcode, &ucrnr_rsp, sizeof(ucrnr_rsp));
2645 ssp_complete(btdev, data, BT_HCI_ERR_AUTH_FAILURE, true);
2648 case BT_HCI_CMD_READ_LOCAL_OOB_DATA:
2649 if (btdev->type == BTDEV_TYPE_LE)
2651 rlod.status = BT_HCI_ERR_SUCCESS;
2652 cmd_complete(btdev, opcode, &rlod, sizeof(rlod));
2655 case BT_HCI_CMD_READ_INQUIRY_RESP_TX_POWER:
2656 if (btdev->type == BTDEV_TYPE_LE)
2658 rirtp.status = BT_HCI_ERR_SUCCESS;
2660 cmd_complete(btdev, opcode, &rirtp, sizeof(rirtp));
2663 case BT_HCI_CMD_READ_LE_HOST_SUPPORTED:
2664 if (btdev->type != BTDEV_TYPE_BREDRLE)
2666 rlhs.status = BT_HCI_ERR_SUCCESS;
2667 rlhs.supported = btdev->le_supported;
2668 rlhs.simultaneous = btdev->le_simultaneous;
2669 cmd_complete(btdev, opcode, &rlhs, sizeof(rlhs));
2672 case BT_HCI_CMD_WRITE_LE_HOST_SUPPORTED:
2673 if (btdev->type != BTDEV_TYPE_BREDRLE)
2676 btdev->le_supported = wlhs->supported;
2677 btdev->le_simultaneous = wlhs->simultaneous;
2678 status = BT_HCI_ERR_SUCCESS;
2679 cmd_complete(btdev, opcode, &status, sizeof(status));
2682 case BT_HCI_CMD_READ_SECURE_CONN_SUPPORT:
2683 if (btdev->type != BTDEV_TYPE_BREDRLE)
2685 rscs.status = BT_HCI_ERR_SUCCESS;
2686 rscs.support = btdev->secure_conn_support;
2687 cmd_complete(btdev, opcode, &rscs, sizeof(rscs));
2690 case BT_HCI_CMD_WRITE_SECURE_CONN_SUPPORT:
2691 if (btdev->type != BTDEV_TYPE_BREDRLE)
2694 btdev->secure_conn_support = wscs->support;
2695 status = BT_HCI_ERR_SUCCESS;
2696 cmd_complete(btdev, opcode, &status, sizeof(status));
2699 case BT_HCI_CMD_READ_LOCAL_OOB_EXT_DATA:
2700 if (btdev->type != BTDEV_TYPE_BREDRLE)
2702 rloed.status = BT_HCI_ERR_SUCCESS;
2703 cmd_complete(btdev, opcode, &rloed, sizeof(rloed));
2706 case BT_HCI_CMD_READ_SYNC_TRAIN_PARAMS:
2707 if (btdev->type != BTDEV_TYPE_BREDRLE)
2709 rstp.status = BT_HCI_ERR_SUCCESS;
2710 rstp.interval = cpu_to_le16(btdev->sync_train_interval);
2711 rstp.timeout = cpu_to_le32(btdev->sync_train_timeout);
2712 rstp.service_data = btdev->sync_train_service_data;
2713 cmd_complete(btdev, opcode, &rstp, sizeof(rstp));
2716 case BT_HCI_CMD_READ_LOCAL_VERSION:
2717 rlv.status = BT_HCI_ERR_SUCCESS;
2718 rlv.hci_ver = btdev->version;
2719 rlv.hci_rev = cpu_to_le16(btdev->revision);
2720 rlv.lmp_ver = btdev->version;
2721 rlv.manufacturer = cpu_to_le16(btdev->manufacturer);
2722 rlv.lmp_subver = cpu_to_le16(btdev->revision);
2723 cmd_complete(btdev, opcode, &rlv, sizeof(rlv));
2726 case BT_HCI_CMD_READ_LOCAL_COMMANDS:
2727 rlc.status = BT_HCI_ERR_SUCCESS;
2728 memcpy(rlc.commands, btdev->commands, 64);
2729 cmd_complete(btdev, opcode, &rlc, sizeof(rlc));
2732 case BT_HCI_CMD_READ_LOCAL_FEATURES:
2733 rlf.status = BT_HCI_ERR_SUCCESS;
2734 memcpy(rlf.features, btdev->features, 8);
2735 cmd_complete(btdev, opcode, &rlf, sizeof(rlf));
2738 case BT_HCI_CMD_READ_LOCAL_EXT_FEATURES:
2739 if (btdev->type == BTDEV_TYPE_LE)
2742 page = ((const uint8_t *) data)[0];
2745 rlef.max_page = btdev->max_page;
2747 if (page > btdev->max_page) {
2748 rlef.status = BT_HCI_ERR_INVALID_PARAMETERS;
2749 memset(rlef.features, 0, 8);
2750 cmd_complete(btdev, opcode, &rlef, sizeof(rlef));
2756 rlef.status = BT_HCI_ERR_SUCCESS;
2757 memcpy(rlef.features, btdev->features, 8);
2760 rlef.status = BT_HCI_ERR_SUCCESS;
2761 btdev_get_host_features(btdev, rlef.features);
2764 rlef.status = BT_HCI_ERR_SUCCESS;
2765 memcpy(rlef.features, btdev->feat_page_2, 8);
2768 rlef.status = BT_HCI_ERR_INVALID_PARAMETERS;
2769 memset(rlef.features, 0, 8);
2772 cmd_complete(btdev, opcode, &rlef, sizeof(rlef));
2775 case BT_HCI_CMD_READ_BUFFER_SIZE:
2776 rbs.status = BT_HCI_ERR_SUCCESS;
2777 rbs.acl_mtu = cpu_to_le16(btdev->acl_mtu);
2779 rbs.acl_max_pkt = cpu_to_le16(btdev->acl_max_pkt);
2780 rbs.sco_max_pkt = cpu_to_le16(0);
2781 cmd_complete(btdev, opcode, &rbs, sizeof(rbs));
2784 case BT_HCI_CMD_READ_COUNTRY_CODE:
2785 rcc.status = BT_HCI_ERR_SUCCESS;
2786 rcc.code = btdev->country_code;
2787 cmd_complete(btdev, opcode, &rcc, sizeof(rcc));
2790 case BT_HCI_CMD_READ_BD_ADDR:
2791 rba.status = BT_HCI_ERR_SUCCESS;
2792 memcpy(rba.bdaddr, btdev->bdaddr, 6);
2793 cmd_complete(btdev, opcode, &rba, sizeof(rba));
2796 case BT_HCI_CMD_READ_DATA_BLOCK_SIZE:
2797 if (btdev->type == BTDEV_TYPE_LE)
2799 rdbs.status = BT_HCI_ERR_SUCCESS;
2800 rdbs.max_acl_len = cpu_to_le16(btdev->acl_mtu);
2801 rdbs.block_len = cpu_to_le16(btdev->acl_mtu);
2802 rdbs.num_blocks = cpu_to_le16(btdev->acl_max_pkt);
2803 cmd_complete(btdev, opcode, &rdbs, sizeof(rdbs));
2806 case BT_HCI_CMD_READ_LOCAL_CODECS:
2807 if (btdev->type == BTDEV_TYPE_LE)
2809 rlsc = alloca(sizeof(*rlsc) + 7);
2810 rlsc->status = BT_HCI_ERR_SUCCESS;
2811 rlsc->num_codecs = 0x06;
2812 rlsc->codec[0] = 0x00;
2813 rlsc->codec[1] = 0x01;
2814 rlsc->codec[2] = 0x02;
2815 rlsc->codec[3] = 0x03;
2816 rlsc->codec[4] = 0x04;
2817 rlsc->codec[5] = 0x05;
2818 rlsc->codec[6] = 0x00;
2819 cmd_complete(btdev, opcode, rlsc, sizeof(*rlsc) + 7);
2822 case BT_HCI_CMD_READ_RSSI:
2825 rrssi_rsp.status = BT_HCI_ERR_SUCCESS;
2826 rrssi_rsp.handle = rrssi->handle;
2827 rrssi_rsp.rssi = -1; /* non-zero so we can see it in tester */
2828 cmd_complete(btdev, opcode, &rrssi_rsp, sizeof(rrssi_rsp));
2831 case BT_HCI_CMD_READ_TX_POWER:
2834 switch (rtxp->type) {
2836 rtxp_rsp.status = BT_HCI_ERR_SUCCESS;
2837 rtxp_rsp.level = -1; /* non-zero */
2841 rtxp_rsp.status = BT_HCI_ERR_SUCCESS;
2842 rtxp_rsp.level = 4; /* max for class 2 radio */
2847 rtxp_rsp.status = BT_HCI_ERR_INVALID_PARAMETERS;
2851 rtxp_rsp.handle = rtxp->handle;
2852 cmd_complete(btdev, opcode, &rtxp_rsp, sizeof(rtxp_rsp));
2855 case BT_HCI_CMD_READ_ENCRYPT_KEY_SIZE:
2856 if (btdev->type != BTDEV_TYPE_BREDRLE &&
2857 btdev->type != BTDEV_TYPE_BREDR)
2860 read_enc_key_size_complete(btdev, le16_to_cpu(reks->handle));
2863 case BT_HCI_CMD_READ_LOCAL_AMP_INFO:
2864 if (btdev->type != BTDEV_TYPE_AMP)
2866 rlai.status = BT_HCI_ERR_SUCCESS;
2867 rlai.amp_status = 0x01; /* Used for Bluetooth only */
2868 rlai.total_bw = cpu_to_le32(0);
2869 rlai.max_bw = cpu_to_le32(0);
2870 rlai.min_latency = cpu_to_le32(0);
2871 rlai.max_pdu = cpu_to_le32(672);
2872 rlai.amp_type = 0x01; /* 802.11 AMP Controller */
2873 rlai.pal_cap = cpu_to_le16(0x0000);
2874 rlai.max_assoc_len = cpu_to_le16(672);
2875 rlai.max_flush_to = cpu_to_le32(0xffffffff);
2876 rlai.be_flush_to = cpu_to_le32(0xffffffff);
2877 cmd_complete(btdev, opcode, &rlai, sizeof(rlai));
2880 case BT_HCI_CMD_READ_LOCAL_AMP_ASSOC:
2881 if (btdev->type != BTDEV_TYPE_AMP)
2884 rlaa_rsp.status = BT_HCI_ERR_SUCCESS;
2885 rlaa_rsp.phy_handle = rlaa_cmd->phy_handle;
2886 rlaa_rsp.remain_assoc_len = cpu_to_le16(1);
2887 rlaa_rsp.assoc_fragment[0] = 0x42;
2888 memset(rlaa_rsp.assoc_fragment + 1, 0,
2889 sizeof(rlaa_rsp.assoc_fragment) - 1);
2890 cmd_complete(btdev, opcode, &rlaa_rsp, sizeof(rlaa_rsp));
2893 case BT_HCI_CMD_GET_MWS_TRANSPORT_CONFIG:
2894 if (btdev->type == BTDEV_TYPE_LE)
2896 gmtc = alloca(sizeof(*gmtc));
2897 gmtc->status = BT_HCI_ERR_SUCCESS;
2898 gmtc->num_transports = 0x00;
2899 cmd_complete(btdev, opcode, gmtc, sizeof(*gmtc));
2902 case BT_HCI_CMD_SET_EVENT_MASK_PAGE2:
2903 if (btdev->type != BTDEV_TYPE_BREDRLE)
2906 memcpy(btdev->event_mask_page2, semp2->mask, 8);
2907 status = BT_HCI_ERR_SUCCESS;
2908 cmd_complete(btdev, opcode, &status, sizeof(status));
2911 case BT_HCI_CMD_LE_SET_EVENT_MASK:
2912 if (btdev->type == BTDEV_TYPE_BREDR)
2915 memcpy(btdev->le_event_mask, lsem->mask, 8);
2916 status = BT_HCI_ERR_SUCCESS;
2917 cmd_complete(btdev, opcode, &status, sizeof(status));
2920 case BT_HCI_CMD_LE_READ_BUFFER_SIZE:
2921 if (btdev->type == BTDEV_TYPE_BREDR)
2923 lrbs.status = BT_HCI_ERR_SUCCESS;
2924 lrbs.le_mtu = cpu_to_le16(btdev->acl_mtu);
2925 lrbs.le_max_pkt = btdev->acl_max_pkt;
2926 cmd_complete(btdev, opcode, &lrbs, sizeof(lrbs));
2929 case BT_HCI_CMD_LE_READ_LOCAL_FEATURES:
2930 if (btdev->type == BTDEV_TYPE_BREDR)
2932 lrlf.status = BT_HCI_ERR_SUCCESS;
2933 memcpy(lrlf.features, btdev->le_features, 8);
2934 cmd_complete(btdev, opcode, &lrlf, sizeof(lrlf));
2937 case BT_HCI_CMD_LE_SET_RANDOM_ADDRESS:
2938 if (btdev->type == BTDEV_TYPE_BREDR)
2941 memcpy(btdev->random_addr, lsra->addr, 6);
2942 status = BT_HCI_ERR_SUCCESS;
2943 cmd_complete(btdev, opcode, &status, sizeof(status));
2946 case BT_HCI_CMD_LE_SET_ADV_PARAMETERS:
2947 if (btdev->type == BTDEV_TYPE_BREDR)
2950 if (btdev->le_adv_enable) {
2951 status = BT_HCI_ERR_COMMAND_DISALLOWED;
2952 cmd_complete(btdev, opcode, &status, sizeof(status));
2957 btdev->le_adv_type = lsap->type;
2958 btdev->le_adv_own_addr = lsap->own_addr_type;
2959 btdev->le_adv_direct_addr_type = lsap->direct_addr_type;
2960 memcpy(btdev->le_adv_direct_addr, lsap->direct_addr, 6);
2962 status = BT_HCI_ERR_SUCCESS;
2963 cmd_complete(btdev, opcode, &status, sizeof(status));
2966 case BT_HCI_CMD_LE_READ_ADV_TX_POWER:
2967 if (btdev->type == BTDEV_TYPE_BREDR)
2969 lratp.status = BT_HCI_ERR_SUCCESS;
2971 cmd_complete(btdev, opcode, &lratp, sizeof(lratp));
2974 case BT_HCI_CMD_LE_SET_ADV_ENABLE:
2975 if (btdev->type == BTDEV_TYPE_BREDR)
2978 if (btdev->le_adv_enable == lsae->enable)
2979 status = BT_HCI_ERR_COMMAND_DISALLOWED;
2981 btdev->le_adv_enable = lsae->enable;
2982 status = BT_HCI_ERR_SUCCESS;
2984 cmd_complete(btdev, opcode, &status, sizeof(status));
2985 if (status == BT_HCI_ERR_SUCCESS && btdev->le_adv_enable)
2986 le_set_adv_enable_complete(btdev);
2989 case BT_HCI_CMD_LE_SET_SCAN_PARAMETERS:
2990 if (btdev->type == BTDEV_TYPE_BREDR)
2995 if (btdev->le_scan_enable)
2996 status = BT_HCI_ERR_COMMAND_DISALLOWED;
2998 status = BT_HCI_ERR_SUCCESS;
2999 btdev->le_scan_type = lssp->type;
3000 btdev->le_scan_own_addr_type = lssp->own_addr_type;
3003 cmd_complete(btdev, opcode, &status, sizeof(status));
3006 case BT_HCI_CMD_LE_SET_SCAN_ENABLE:
3007 if (btdev->type == BTDEV_TYPE_BREDR)
3010 if (btdev->le_scan_enable == lsse->enable)
3011 status = BT_HCI_ERR_COMMAND_DISALLOWED;
3013 btdev->le_scan_enable = lsse->enable;
3014 btdev->le_filter_dup = lsse->filter_dup;
3015 status = BT_HCI_ERR_SUCCESS;
3017 cmd_complete(btdev, opcode, &status, sizeof(status));
3020 case BT_HCI_CMD_LE_CREATE_CONN:
3021 if (btdev->type == BTDEV_TYPE_BREDR)
3023 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
3026 case BT_HCI_CMD_LE_READ_WHITE_LIST_SIZE:
3027 if (btdev->type == BTDEV_TYPE_BREDR)
3029 lrwls.status = BT_HCI_ERR_SUCCESS;
3031 cmd_complete(btdev, opcode, &lrwls, sizeof(lrwls));
3034 case BT_HCI_CMD_LE_CONN_UPDATE:
3035 if (btdev->type == BTDEV_TYPE_BREDR)
3037 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
3040 case BT_HCI_CMD_LE_CLEAR_WHITE_LIST:
3041 if (btdev->type == BTDEV_TYPE_BREDR)
3043 status = BT_HCI_ERR_SUCCESS;
3044 cmd_complete(btdev, opcode, &status, sizeof(status));
3047 case BT_HCI_CMD_LE_ENCRYPT:
3048 if (btdev->type == BTDEV_TYPE_BREDR)
3051 if (!bt_crypto_e(btdev->crypto, lenc_cmd->key,
3052 lenc_cmd->plaintext, lenc.data)) {
3053 cmd_status(btdev, BT_HCI_ERR_COMMAND_DISALLOWED,
3057 lenc.status = BT_HCI_ERR_SUCCESS;
3058 cmd_complete(btdev, opcode, &lenc, sizeof(lenc));
3061 case BT_HCI_CMD_LE_RAND:
3062 if (btdev->type == BTDEV_TYPE_BREDR)
3064 if (!bt_crypto_random_bytes(btdev->crypto,
3065 (uint8_t *)&lr.number, 8)) {
3066 cmd_status(btdev, BT_HCI_ERR_COMMAND_DISALLOWED,
3070 lr.status = BT_HCI_ERR_SUCCESS;
3071 cmd_complete(btdev, opcode, &lr, sizeof(lr));
3074 case BT_HCI_CMD_LE_READ_LOCAL_PK256:
3075 if (btdev->type == BTDEV_TYPE_BREDR)
3077 if (!ecc_make_key(pk_evt.local_pk256, btdev->le_local_sk256)) {
3078 cmd_status(btdev, BT_HCI_ERR_COMMAND_DISALLOWED,
3082 cmd_status(btdev, BT_HCI_ERR_SUCCESS,
3083 BT_HCI_CMD_LE_READ_LOCAL_PK256);
3084 pk_evt.status = BT_HCI_ERR_SUCCESS;
3085 le_meta_event(btdev, BT_HCI_EVT_LE_READ_LOCAL_PK256_COMPLETE,
3086 &pk_evt, sizeof(pk_evt));
3089 case BT_HCI_CMD_LE_GENERATE_DHKEY:
3090 if (btdev->type == BTDEV_TYPE_BREDR)
3093 if (!ecdh_shared_secret(dh->remote_pk256, btdev->le_local_sk256,
3095 cmd_status(btdev, BT_HCI_ERR_COMMAND_DISALLOWED,
3099 cmd_status(btdev, BT_HCI_ERR_SUCCESS,
3100 BT_HCI_CMD_LE_GENERATE_DHKEY);
3101 le_meta_event(btdev, BT_HCI_EVT_LE_GENERATE_DHKEY_COMPLETE,
3102 &dh_evt, sizeof(dh_evt));
3105 case BT_HCI_CMD_LE_READ_SUPPORTED_STATES:
3106 if (btdev->type == BTDEV_TYPE_BREDR)
3108 lrss.status = BT_HCI_ERR_SUCCESS;
3109 memcpy(lrss.states, btdev->le_states, 8);
3110 cmd_complete(btdev, opcode, &lrss, sizeof(lrss));
3113 case BT_HCI_CMD_LE_SET_ADV_DATA:
3114 if (btdev->type == BTDEV_TYPE_BREDR)
3117 btdev->le_adv_data_len = lsad->len;
3118 memcpy(btdev->le_adv_data, lsad->data, 31);
3119 status = BT_HCI_ERR_SUCCESS;
3120 cmd_complete(btdev, opcode, &status, sizeof(status));
3123 case BT_HCI_CMD_LE_SET_SCAN_RSP_DATA:
3124 if (btdev->type == BTDEV_TYPE_BREDR)
3127 btdev->le_scan_data_len = lssrd->len;
3128 memcpy(btdev->le_scan_data, lssrd->data, 31);
3129 status = BT_HCI_ERR_SUCCESS;
3130 cmd_complete(btdev, opcode, &status, sizeof(status));
3133 case BT_HCI_CMD_LE_READ_REMOTE_FEATURES:
3134 if (btdev->type == BTDEV_TYPE_BREDR)
3136 le_read_remote_features_complete(btdev);
3139 case BT_HCI_CMD_LE_START_ENCRYPT:
3140 if (btdev->type == BTDEV_TYPE_BREDR)
3143 memcpy(btdev->le_ltk, lse->ltk, 16);
3144 le_start_encrypt_complete(btdev, lse->ediv, lse->rand);
3147 case BT_HCI_CMD_LE_LTK_REQ_REPLY:
3148 if (btdev->type == BTDEV_TYPE_BREDR)
3151 memcpy(btdev->le_ltk, llrr->ltk, 16);
3152 le_encrypt_complete(btdev);
3155 case BT_HCI_CMD_LE_LTK_REQ_NEG_REPLY:
3156 if (btdev->type == BTDEV_TYPE_BREDR)
3158 ltk_neg_reply_complete(btdev);
3161 case BT_HCI_CMD_SETUP_SYNC_CONN:
3162 if (btdev->type == BTDEV_TYPE_LE)
3165 status = BT_HCI_ERR_SUCCESS;
3166 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
3167 sync_conn_complete(btdev, ssc->voice_setting,
3168 BT_HCI_ERR_SUCCESS);
3171 case BT_HCI_CMD_ADD_SCO_CONN:
3172 if (btdev->type == BTDEV_TYPE_LE)
3174 sco_conn_complete(btdev, BT_HCI_ERR_SUCCESS);
3177 case BT_HCI_CMD_ENABLE_DUT_MODE:
3178 status = BT_HCI_ERR_SUCCESS;
3179 cmd_complete(btdev, opcode, &status, sizeof(status));
3182 case BT_HCI_CMD_WRITE_SSP_DEBUG_MODE:
3183 if (btdev->type == BTDEV_TYPE_LE)
3186 btdev->ssp_debug_mode = wsdm->mode;
3187 status = BT_HCI_ERR_SUCCESS;
3188 cmd_complete(btdev, opcode, &status, sizeof(status));
3191 case BT_HCI_CMD_LE_RECEIVER_TEST:
3192 if (btdev->type == BTDEV_TYPE_BREDR)
3194 status = BT_HCI_ERR_SUCCESS;
3195 cmd_complete(btdev, opcode, &status, sizeof(status));
3198 case BT_HCI_CMD_LE_TRANSMITTER_TEST:
3199 if (btdev->type == BTDEV_TYPE_BREDR)
3201 status = BT_HCI_ERR_SUCCESS;
3202 cmd_complete(btdev, opcode, &status, sizeof(status));
3205 case BT_HCI_CMD_LE_TEST_END:
3206 if (btdev->type == BTDEV_TYPE_BREDR)
3208 lte.status = BT_HCI_ERR_SUCCESS;
3209 lte.num_packets = 0;
3210 cmd_complete(btdev, opcode, <e, sizeof(lte));
3213 case BT_HCI_CMD_LE_CONN_PARAM_REQ_REPLY:
3214 if (btdev->type == BTDEV_TYPE_BREDR)
3217 lcprr_rsp.handle = lcprr_cmd->handle;
3218 lcprr_rsp.status = BT_HCI_ERR_SUCCESS;
3219 cmd_complete(btdev, opcode, &lcprr_rsp, sizeof(lcprr_rsp));
3221 case BT_HCI_CMD_LE_CONN_PARAM_REQ_NEG_REPLY:
3222 if (btdev->type == BTDEV_TYPE_BREDR)
3225 lcprnr_rsp.handle = lcprnr_cmd->handle;
3226 lcprnr_rsp.status = BT_HCI_ERR_SUCCESS;
3227 cmd_complete(btdev, opcode, &lcprnr_rsp, sizeof(lcprnr_rsp));
3236 printf("Unsupported command 0x%4.4x\n", opcode);
3238 cmd_status(btdev, BT_HCI_ERR_UNKNOWN_COMMAND, opcode);
3241 static void default_cmd_completion(struct btdev *btdev, uint16_t opcode,
3242 const void *data, uint8_t len)
3244 const struct bt_hci_cmd_create_conn *cc;
3245 const struct bt_hci_cmd_disconnect *dc;
3246 const struct bt_hci_cmd_create_conn_cancel *ccc;
3247 const struct bt_hci_cmd_accept_conn_request *acr;
3248 const struct bt_hci_cmd_reject_conn_request *rcr;
3249 const struct bt_hci_cmd_auth_requested *ar;
3250 const struct bt_hci_cmd_set_conn_encrypt *sce;
3251 const struct bt_hci_cmd_link_key_request_reply *lkrr;
3252 const struct bt_hci_cmd_link_key_request_neg_reply *lkrnr;
3253 const struct bt_hci_cmd_pin_code_request_neg_reply *pcrnr;
3254 const struct bt_hci_cmd_pin_code_request_reply *pcrr;
3255 const struct bt_hci_cmd_remote_name_request *rnr;
3256 const struct bt_hci_cmd_remote_name_request_cancel *rnrc;
3257 const struct bt_hci_cmd_read_remote_features *rrf;
3258 const struct bt_hci_cmd_read_remote_ext_features *rref;
3259 const struct bt_hci_cmd_read_remote_version *rrv;
3260 const struct bt_hci_cmd_read_clock_offset *rco;
3261 const struct bt_hci_cmd_le_create_conn *lecc;
3262 const struct bt_hci_cmd_le_conn_update *lecu;
3263 const struct bt_hci_cmd_le_conn_param_req_reply *lcprr;
3264 const struct bt_hci_cmd_le_conn_param_req_neg_reply *lcprnr;
3265 const struct bt_hci_cmd_le_set_scan_enable *lsse;
3268 case BT_HCI_CMD_INQUIRY:
3269 if (btdev->type == BTDEV_TYPE_LE)
3271 inquiry_cmd(btdev, data);
3274 case BT_HCI_CMD_CREATE_CONN:
3275 if (btdev->type == BTDEV_TYPE_LE)
3278 conn_request(btdev, cc->bdaddr);
3281 case BT_HCI_CMD_DISCONNECT:
3283 disconnect_complete(btdev, le16_to_cpu(dc->handle), dc->reason);
3286 case BT_HCI_CMD_CREATE_CONN_CANCEL:
3287 if (btdev->type == BTDEV_TYPE_LE)
3290 conn_complete(btdev, ccc->bdaddr, BT_HCI_ERR_UNKNOWN_CONN_ID);
3293 case BT_HCI_CMD_ACCEPT_CONN_REQUEST:
3294 if (btdev->type == BTDEV_TYPE_LE)
3297 accept_conn_request_complete(btdev, acr->bdaddr);
3300 case BT_HCI_CMD_REJECT_CONN_REQUEST:
3301 if (btdev->type == BTDEV_TYPE_LE)
3304 conn_complete(btdev, rcr->bdaddr, BT_HCI_ERR_UNKNOWN_CONN_ID);
3307 case BT_HCI_CMD_LINK_KEY_REQUEST_REPLY:
3308 if (btdev->type == BTDEV_TYPE_LE)
3311 link_key_req_reply_complete(btdev, lkrr->bdaddr, lkrr->link_key);
3314 case BT_HCI_CMD_LINK_KEY_REQUEST_NEG_REPLY:
3315 if (btdev->type == BTDEV_TYPE_LE)
3318 link_key_req_neg_reply_complete(btdev, lkrnr->bdaddr);
3321 case BT_HCI_CMD_PIN_CODE_REQUEST_REPLY:
3322 if (btdev->type == BTDEV_TYPE_LE)
3325 pin_code_req_reply_complete(btdev, pcrr->bdaddr, pcrr->pin_len,
3329 case BT_HCI_CMD_PIN_CODE_REQUEST_NEG_REPLY:
3330 if (btdev->type == BTDEV_TYPE_LE)
3333 pin_code_req_neg_reply_complete(btdev, pcrnr->bdaddr);
3336 case BT_HCI_CMD_AUTH_REQUESTED:
3337 if (btdev->type == BTDEV_TYPE_LE)
3340 auth_request_complete(btdev, le16_to_cpu(ar->handle));
3343 case BT_HCI_CMD_SET_CONN_ENCRYPT:
3344 if (btdev->type == BTDEV_TYPE_LE)
3350 if (!sce->encr_mode)
3352 else if (btdev->secure_conn_support &&
3353 btdev->conn->secure_conn_support)
3358 encrypt_change(btdev, mode, BT_HCI_ERR_SUCCESS);
3359 encrypt_change(btdev->conn, mode, BT_HCI_ERR_SUCCESS);
3363 case BT_HCI_CMD_REMOTE_NAME_REQUEST:
3364 if (btdev->type == BTDEV_TYPE_LE)
3367 name_request_complete(btdev, rnr->bdaddr, BT_HCI_ERR_SUCCESS);
3370 case BT_HCI_CMD_REMOTE_NAME_REQUEST_CANCEL:
3371 if (btdev->type == BTDEV_TYPE_LE)
3374 name_request_complete(btdev, rnrc->bdaddr,
3375 BT_HCI_ERR_UNKNOWN_CONN_ID);
3378 case BT_HCI_CMD_READ_REMOTE_FEATURES:
3379 if (btdev->type == BTDEV_TYPE_LE)
3382 remote_features_complete(btdev, le16_to_cpu(rrf->handle));
3385 case BT_HCI_CMD_READ_REMOTE_EXT_FEATURES:
3386 if (btdev->type == BTDEV_TYPE_LE)
3389 remote_ext_features_complete(btdev, le16_to_cpu(rref->handle),
3393 case BT_HCI_CMD_READ_REMOTE_VERSION:
3395 remote_version_complete(btdev, le16_to_cpu(rrv->handle));
3398 case BT_HCI_CMD_READ_CLOCK_OFFSET:
3399 if (btdev->type == BTDEV_TYPE_LE)
3402 remote_clock_offset_complete(btdev, le16_to_cpu(rco->handle));
3405 case BT_HCI_CMD_LE_CREATE_CONN:
3406 if (btdev->type == BTDEV_TYPE_BREDR)
3409 btdev->le_scan_own_addr_type = lecc->own_addr_type;
3410 le_conn_request(btdev, lecc);
3413 case BT_HCI_CMD_LE_CONN_UPDATE:
3414 if (btdev->type == BTDEV_TYPE_BREDR)
3417 if (btdev->le_features[0] & 0x02)
3418 le_conn_param_req(btdev, le16_to_cpu(lecu->handle),
3419 le16_to_cpu(lecu->min_interval),
3420 le16_to_cpu(lecu->max_interval),
3421 le16_to_cpu(lecu->latency),
3422 le16_to_cpu(lecu->supv_timeout),
3423 le16_to_cpu(lecu->min_length),
3424 le16_to_cpu(lecu->max_length));
3426 le_conn_update(btdev, le16_to_cpu(lecu->handle),
3427 le16_to_cpu(lecu->min_interval),
3428 le16_to_cpu(lecu->max_interval),
3429 le16_to_cpu(lecu->latency),
3430 le16_to_cpu(lecu->supv_timeout),
3431 le16_to_cpu(lecu->min_length),
3432 le16_to_cpu(lecu->max_length));
3434 case BT_HCI_CMD_LE_CONN_PARAM_REQ_REPLY:
3435 if (btdev->type == BTDEV_TYPE_BREDR)
3438 le_conn_update(btdev, le16_to_cpu(lcprr->handle),
3439 le16_to_cpu(lcprr->min_interval),
3440 le16_to_cpu(lcprr->max_interval),
3441 le16_to_cpu(lcprr->latency),
3442 le16_to_cpu(lcprr->supv_timeout),
3443 le16_to_cpu(lcprr->min_length),
3444 le16_to_cpu(lcprr->max_length));
3446 case BT_HCI_CMD_LE_CONN_PARAM_REQ_NEG_REPLY:
3447 if (btdev->type == BTDEV_TYPE_BREDR)
3450 rej_le_conn_update(btdev, le16_to_cpu(lcprnr->handle),
3451 le16_to_cpu(lcprnr->reason));
3454 case BT_HCI_CMD_LE_SET_SCAN_ENABLE:
3455 if (btdev->type == BTDEV_TYPE_BREDR)
3458 if (btdev->le_scan_enable && lsse->enable)
3459 le_set_scan_enable_complete(btdev);
3464 struct btdev_callback {
3465 void (*function)(btdev_callback callback, uint8_t response,
3466 uint8_t status, const void *data, uint8_t len);
3473 void btdev_command_response(btdev_callback callback, uint8_t response,
3474 uint8_t status, const void *data, uint8_t len)
3476 callback->function(callback, response, status, data, len);
3479 static void handler_callback(btdev_callback callback, uint8_t response,
3480 uint8_t status, const void *data, uint8_t len)
3482 struct btdev *btdev = callback->user_data;
3485 case BTDEV_RESPONSE_DEFAULT:
3486 if (!run_hooks(btdev, BTDEV_HOOK_PRE_CMD, callback->opcode,
3487 callback->data, callback->len))
3489 default_cmd(btdev, callback->opcode,
3490 callback->data, callback->len);
3492 if (!run_hooks(btdev, BTDEV_HOOK_PRE_EVT, callback->opcode,
3493 callback->data, callback->len))
3495 default_cmd_completion(btdev, callback->opcode,
3496 callback->data, callback->len);
3498 case BTDEV_RESPONSE_COMMAND_STATUS:
3499 cmd_status(btdev, status, callback->opcode);
3501 case BTDEV_RESPONSE_COMMAND_COMPLETE:
3502 cmd_complete(btdev, callback->opcode, data, len);
3505 cmd_status(btdev, BT_HCI_ERR_UNKNOWN_COMMAND,
3511 static void process_cmd(struct btdev *btdev, const void *data, uint16_t len)
3513 struct btdev_callback callback;
3514 const struct bt_hci_cmd_hdr *hdr = data;
3516 if (len < sizeof(*hdr))
3519 callback.function = handler_callback;
3520 callback.user_data = btdev;
3521 callback.opcode = le16_to_cpu(hdr->opcode);
3522 callback.data = data + sizeof(*hdr);
3523 callback.len = hdr->plen;
3525 if (btdev->command_handler)
3526 btdev->command_handler(callback.opcode,
3527 callback.data, callback.len,
3528 &callback, btdev->command_data);
3530 if (!run_hooks(btdev, BTDEV_HOOK_PRE_CMD, callback.opcode,
3531 callback.data, callback.len))
3533 default_cmd(btdev, callback.opcode,
3534 callback.data, callback.len);
3536 if (!run_hooks(btdev, BTDEV_HOOK_PRE_EVT, callback.opcode,
3537 callback.data, callback.len))
3539 default_cmd_completion(btdev, callback.opcode,
3540 callback.data, callback.len);
3544 static void send_acl(struct btdev *conn, const void *data, uint16_t len)
3546 struct bt_hci_acl_hdr hdr;
3547 struct iovec iov[3];
3550 iov[0].iov_base = (void *) data;
3553 /* ACL_START_NO_FLUSH is only allowed from host to controller.
3554 * From controller to host this should be converted to ACL_START.
3556 memcpy(&hdr, data + 1, sizeof(hdr));
3557 if (acl_flags(hdr.handle) == ACL_START_NO_FLUSH)
3558 hdr.handle = acl_handle_pack(acl_handle(hdr.handle), ACL_START);
3560 iov[1].iov_base = &hdr;
3561 iov[1].iov_len = sizeof(hdr);
3563 iov[2].iov_base = (void *) (data + 1 + sizeof(hdr));
3564 iov[2].iov_len = len - 1 - sizeof(hdr);
3566 send_packet(conn, iov, 3);
3569 void btdev_receive_h4(struct btdev *btdev, const void *data, uint16_t len)
3579 pkt_type = ((const uint8_t *) data)[0];
3583 process_cmd(btdev, data + 1, len - 1);
3587 send_acl(btdev->conn, data, len);
3588 num_completed_packets(btdev);
3591 printf("Unsupported packet 0x%2.2x\n", pkt_type);
3596 int btdev_add_hook(struct btdev *btdev, enum btdev_hook_type type,
3597 uint16_t opcode, btdev_hook_func handler,
3605 if (get_hook_index(btdev, type, opcode) > 0)
3608 for (i = 0; i < MAX_HOOK_ENTRIES; i++) {
3609 if (btdev->hook_list[i] == NULL) {
3610 btdev->hook_list[i] = malloc(sizeof(struct hook));
3611 if (btdev->hook_list[i] == NULL)
3614 btdev->hook_list[i]->handler = handler;
3615 btdev->hook_list[i]->user_data = user_data;
3616 btdev->hook_list[i]->opcode = opcode;
3617 btdev->hook_list[i]->type = type;
3625 bool btdev_del_hook(struct btdev *btdev, enum btdev_hook_type type,
3633 for (i = 0; i < MAX_HOOK_ENTRIES; i++) {
3634 if (btdev->hook_list[i] == NULL)
3637 if (btdev->hook_list[i]->type != type ||
3638 btdev->hook_list[i]->opcode != opcode)
3641 free(btdev->hook_list[i]);
3642 btdev->hook_list[i] = NULL;