3 * BlueZ - Bluetooth protocol stack for Linux
5 * Copyright (C) 2011-2012 Intel Corporation
6 * Copyright (C) 2004-2010 Marcel Holtmann <marcel@holtmann.org>
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
37 #include "lib/bluetooth.h"
40 #include "src/shared/util.h"
41 #include "src/shared/timeout.h"
42 #include "src/shared/crypto.h"
43 #include "src/shared/ecc.h"
44 #include "monitor/bt.h"
47 #define has_bredr(btdev) (!((btdev)->features[4] & 0x20))
48 #define has_le(btdev) (!!((btdev)->features[4] & 0x40))
51 btdev_hook_func handler;
53 enum btdev_hook_type type;
57 #define MAX_HOOK_ENTRIES 16
70 bool ssp_auth_complete;
73 btdev_command_func command_handler;
76 btdev_send_func send_handler;
79 unsigned int inquiry_id;
80 unsigned int inquiry_timeout_id;
82 struct hook *hook_list[MAX_HOOK_ENTRIES];
84 struct bt_crypto *crypto;
86 uint16_t manufacturer;
92 uint8_t feat_page_2[8];
97 uint8_t random_addr[6];
98 uint8_t le_features[8];
101 uint16_t default_link_policy;
102 uint8_t event_mask[8];
103 uint8_t event_mask_page2[8];
104 uint8_t event_filter;
106 uint8_t dev_class[3];
107 uint16_t voice_setting;
108 uint16_t conn_accept_timeout;
109 uint16_t page_timeout;
111 uint16_t page_scan_interval;
112 uint16_t page_scan_window;
113 uint16_t page_scan_type;
115 uint16_t inquiry_scan_interval;
116 uint16_t inquiry_scan_window;
117 uint8_t inquiry_mode;
118 uint8_t afh_assessment_mode;
119 uint8_t ext_inquiry_fec;
120 uint8_t ext_inquiry_rsp[240];
121 uint8_t simple_pairing_mode;
122 uint8_t ssp_debug_mode;
123 uint8_t secure_conn_support;
124 uint8_t host_flow_control;
125 uint8_t le_supported;
126 uint8_t le_simultaneous;
127 uint8_t le_event_mask[8];
128 uint8_t le_adv_data[31];
129 uint8_t le_adv_data_len;
131 uint8_t le_adv_own_addr;
132 uint8_t le_adv_direct_addr_type;
133 uint8_t le_adv_direct_addr[6];
134 uint8_t le_scan_data[31];
135 uint8_t le_scan_data_len;
136 uint8_t le_scan_enable;
137 uint8_t le_scan_type;
138 uint8_t le_scan_own_addr_type;
139 uint8_t le_filter_dup;
140 uint8_t le_adv_enable;
143 uint8_t le_local_sk256[32];
145 uint16_t sync_train_interval;
146 uint32_t sync_train_timeout;
147 uint8_t sync_train_service_data;
150 struct inquiry_data {
158 #define DEFAULT_INQUIRY_INTERVAL 100 /* 100 miliseconds */
160 #define MAX_BTDEV_ENTRIES 16
162 static const uint8_t LINK_KEY_NONE[16] = { 0 };
163 static const uint8_t LINK_KEY_DUMMY[16] = { 0, 1, 2, 3, 4, 5, 6, 7,
164 8, 9, 0, 1, 2, 3, 4, 5 };
166 static struct btdev *btdev_list[MAX_BTDEV_ENTRIES] = { };
168 static int get_hook_index(struct btdev *btdev, enum btdev_hook_type type,
173 for (i = 0; i < MAX_HOOK_ENTRIES; i++) {
174 if (btdev->hook_list[i] == NULL)
177 if (btdev->hook_list[i]->type == type &&
178 btdev->hook_list[i]->opcode == opcode)
185 static bool run_hooks(struct btdev *btdev, enum btdev_hook_type type,
186 uint16_t opcode, const void *data, uint16_t len)
188 int index = get_hook_index(btdev, type, opcode);
192 return btdev->hook_list[index]->handler(data, len,
193 btdev->hook_list[index]->user_data);
196 static inline int add_btdev(struct btdev *btdev)
200 for (i = 0; i < MAX_BTDEV_ENTRIES; i++) {
201 if (btdev_list[i] == NULL) {
203 btdev_list[index] = btdev;
211 static inline int del_btdev(struct btdev *btdev)
215 for (i = 0; i < MAX_BTDEV_ENTRIES; i++) {
216 if (btdev_list[i] == btdev) {
218 btdev_list[index] = NULL;
226 static inline struct btdev *find_btdev_by_bdaddr(const uint8_t *bdaddr)
230 for (i = 0; i < MAX_BTDEV_ENTRIES; i++) {
231 if (btdev_list[i] && !memcmp(btdev_list[i]->bdaddr, bdaddr, 6))
232 return btdev_list[i];
238 static inline struct btdev *find_btdev_by_bdaddr_type(const uint8_t *bdaddr,
243 for (i = 0; i < MAX_BTDEV_ENTRIES; i++) {
249 if (bdaddr_type == 0x01)
250 cmp = memcmp(btdev_list[i]->random_addr, bdaddr, 6);
252 cmp = memcmp(btdev_list[i]->bdaddr, bdaddr, 6);
255 return btdev_list[i];
261 static void hexdump(const unsigned char *buf, uint16_t len)
263 static const char hexdigits[] = "0123456789abcdef";
270 for (i = 0; i < len; i++) {
271 str[((i % 16) * 3) + 0] = hexdigits[buf[i] >> 4];
272 str[((i % 16) * 3) + 1] = hexdigits[buf[i] & 0xf];
273 str[((i % 16) * 3) + 2] = ' ';
274 str[(i % 16) + 49] = isprint(buf[i]) ? buf[i] : '.';
276 if ((i + 1) % 16 == 0) {
280 printf("%-12c%s\n", ' ', str);
287 for (j = (i % 16); j < 16; j++) {
288 str[(j * 3) + 0] = ' ';
289 str[(j * 3) + 1] = ' ';
290 str[(j * 3) + 2] = ' ';
296 printf("%-12c%s\n", ' ', str);
300 static void get_bdaddr(uint16_t id, uint8_t index, uint8_t *bdaddr)
302 bdaddr[0] = id & 0xff;
310 static void set_common_commands_all(struct btdev *btdev)
312 btdev->commands[5] |= 0x40; /* Set Event Mask */
313 btdev->commands[5] |= 0x80; /* Reset */
314 btdev->commands[14] |= 0x08; /* Read Local Version */
315 btdev->commands[14] |= 0x10; /* Read Local Supported Commands */
316 btdev->commands[14] |= 0x20; /* Read Local Supported Features */
317 btdev->commands[14] |= 0x80; /* Read Buffer Size */
320 static void set_common_commands_bredrle(struct btdev *btdev)
322 btdev->commands[0] |= 0x20; /* Disconnect */
323 btdev->commands[2] |= 0x80; /* Read Remote Version Information */
324 btdev->commands[10] |= 0x20; /* Set Host Flow Control */
325 btdev->commands[10] |= 0x40; /* Host Buffer Size */
326 btdev->commands[15] |= 0x02; /* Read BD ADDR */
329 static void set_common_commands_bredr20(struct btdev *btdev)
331 btdev->commands[0] |= 0x01; /* Inquiry */
332 btdev->commands[0] |= 0x02; /* Inquiry Cancel */
333 btdev->commands[0] |= 0x10; /* Create Connection */
334 btdev->commands[0] |= 0x40; /* Add SCO Connection */
335 btdev->commands[0] |= 0x80; /* Cancel Create Connection */
336 btdev->commands[1] |= 0x01; /* Accept Connection Request */
337 btdev->commands[1] |= 0x02; /* Reject Connection Request */
338 btdev->commands[1] |= 0x04; /* Link Key Request Reply */
339 btdev->commands[1] |= 0x08; /* Link Key Request Negative Reply */
340 btdev->commands[1] |= 0x10; /* PIN Code Request Reply */
341 btdev->commands[1] |= 0x20; /* PIN Code Request Negative Reply */
342 btdev->commands[1] |= 0x80; /* Authentication Requested */
343 btdev->commands[2] |= 0x01; /* Set Connection Encryption */
344 btdev->commands[2] |= 0x08; /* Remote Name Request */
345 btdev->commands[2] |= 0x10; /* Cancel Remote Name Request */
346 btdev->commands[2] |= 0x20; /* Read Remote Supported Features */
347 btdev->commands[2] |= 0x40; /* Read Remote Extended Features */
348 btdev->commands[3] |= 0x01; /* Read Clock Offset */
349 btdev->commands[5] |= 0x08; /* Read Default Link Policy */
350 btdev->commands[5] |= 0x10; /* Write Default Link Policy */
351 btdev->commands[6] |= 0x01; /* Set Event Filter */
352 btdev->commands[6] |= 0x20; /* Read Stored Link Key */
353 btdev->commands[6] |= 0x40; /* Write Stored Link Key */
354 btdev->commands[6] |= 0x80; /* Delete Stored Link Key */
355 btdev->commands[7] |= 0x01; /* Write Local Name */
356 btdev->commands[7] |= 0x02; /* Read Local Name */
357 btdev->commands[7] |= 0x04; /* Read Connection Accept Timeout */
358 btdev->commands[7] |= 0x08; /* Write Connection Accept Timeout */
359 btdev->commands[7] |= 0x10; /* Read Page Timeout */
360 btdev->commands[7] |= 0x20; /* Write Page Timeout */
361 btdev->commands[7] |= 0x40; /* Read Scan Enable */
362 btdev->commands[7] |= 0x80; /* Write Scan Enable */
363 btdev->commands[8] |= 0x01; /* Read Page Scan Activity */
364 btdev->commands[8] |= 0x02; /* Write Page Scan Activity */
365 btdev->commands[8] |= 0x04; /* Read Inquiry Scan Activity */
366 btdev->commands[8] |= 0x08; /* Write Inquiry Scan Activity */
367 btdev->commands[8] |= 0x10; /* Read Authentication Enable */
368 btdev->commands[8] |= 0x20; /* Write Authentication Enable */
369 btdev->commands[9] |= 0x01; /* Read Class Of Device */
370 btdev->commands[9] |= 0x02; /* Write Class Of Device */
371 btdev->commands[9] |= 0x04; /* Read Voice Setting */
372 btdev->commands[9] |= 0x08; /* Write Voice Setting */
373 btdev->commands[11] |= 0x10; /* Write Current IAC LAP */
374 btdev->commands[12] |= 0x40; /* Read Inquiry Mode */
375 btdev->commands[12] |= 0x80; /* Write Inquiry Mode */
376 btdev->commands[13] |= 0x01; /* Read Page Scan Type */
377 btdev->commands[13] |= 0x02; /* Write Page Scan Type */
378 btdev->commands[13] |= 0x04; /* Read AFH Assess Mode */
379 btdev->commands[13] |= 0x08; /* Write AFH Assess Mode */
380 btdev->commands[14] |= 0x40; /* Read Local Extended Features */
381 btdev->commands[15] |= 0x01; /* Read Country Code */
382 btdev->commands[16] |= 0x04; /* Enable Device Under Test Mode */
385 static void set_bredr_commands(struct btdev *btdev)
387 set_common_commands_all(btdev);
388 set_common_commands_bredrle(btdev);
389 set_common_commands_bredr20(btdev);
391 btdev->commands[16] |= 0x08; /* Setup Synchronous Connection */
392 btdev->commands[17] |= 0x01; /* Read Extended Inquiry Response */
393 btdev->commands[17] |= 0x02; /* Write Extended Inquiry Response */
394 btdev->commands[17] |= 0x20; /* Read Simple Pairing Mode */
395 btdev->commands[17] |= 0x40; /* Write Simple Pairing Mode */
396 btdev->commands[17] |= 0x80; /* Read Local OOB Data */
397 btdev->commands[18] |= 0x01; /* Read Inquiry Response TX Power */
398 btdev->commands[18] |= 0x02; /* Write Inquiry Response TX Power */
399 btdev->commands[18] |= 0x80; /* IO Capability Request Reply */
400 btdev->commands[20] |= 0x10; /* Read Encryption Key Size */
401 btdev->commands[23] |= 0x04; /* Read Data Block Size */
402 btdev->commands[29] |= 0x20; /* Read Local Supported Codecs */
403 btdev->commands[30] |= 0x08; /* Get MWS Transport Layer Config */
406 static void set_bredr20_commands(struct btdev *btdev)
408 set_common_commands_all(btdev);
409 set_common_commands_bredrle(btdev);
410 set_common_commands_bredr20(btdev);
413 static void set_le_commands(struct btdev *btdev)
415 set_common_commands_all(btdev);
416 set_common_commands_bredrle(btdev);
418 btdev->commands[24] |= 0x20; /* Read LE Host Supported */
419 btdev->commands[24] |= 0x20; /* Write LE Host Supported */
420 btdev->commands[25] |= 0x01; /* LE Set Event Mask */
421 btdev->commands[25] |= 0x02; /* LE Read Buffer Size */
422 btdev->commands[25] |= 0x04; /* LE Read Local Features */
423 btdev->commands[25] |= 0x10; /* LE Set Random Address */
424 btdev->commands[25] |= 0x20; /* LE Set Adv Parameters */
425 btdev->commands[25] |= 0x40; /* LE Read Adv TX Power */
426 btdev->commands[25] |= 0x80; /* LE Set Adv Data */
427 btdev->commands[26] |= 0x01; /* LE Set Scan Response Data */
428 btdev->commands[26] |= 0x02; /* LE Set Adv Enable */
429 btdev->commands[26] |= 0x04; /* LE Set Scan Parameters */
430 btdev->commands[26] |= 0x08; /* LE Set Scan Enable */
431 btdev->commands[26] |= 0x10; /* LE Create Connection */
432 btdev->commands[26] |= 0x40; /* LE Read White List Size */
433 btdev->commands[26] |= 0x80; /* LE Clear White List */
434 btdev->commands[27] |= 0x04; /* LE Connection Update */
435 btdev->commands[27] |= 0x20; /* LE Read Remote Used Features */
436 btdev->commands[27] |= 0x40; /* LE Encrypt */
437 btdev->commands[27] |= 0x80; /* LE Rand */
438 btdev->commands[28] |= 0x01; /* LE Start Encryption */
439 btdev->commands[28] |= 0x02; /* LE Long Term Key Request Reply */
440 btdev->commands[28] |= 0x04; /* LE Long Term Key Request Neg Reply */
441 btdev->commands[28] |= 0x08; /* LE Read Supported States */
442 btdev->commands[28] |= 0x10; /* LE Receiver Test */
443 btdev->commands[28] |= 0x20; /* LE Transmitter Test */
444 btdev->commands[28] |= 0x40; /* LE Test End */
446 /* Extra LE commands for >= 4.1 adapters */
447 btdev->commands[33] |= 0x10; /* LE Remote Conn Param Req Reply */
448 btdev->commands[33] |= 0x20; /* LE Remote Conn Param Req Neg Reply */
450 /* Extra LE commands for >= 4.2 adapters */
451 btdev->commands[34] |= 0x02; /* LE Read Local P-256 Public Key */
452 btdev->commands[34] |= 0x04; /* LE Generate DHKey */
455 static void set_bredrle_commands(struct btdev *btdev)
457 set_bredr_commands(btdev);
458 set_le_commands(btdev);
460 /* Extra BR/EDR commands we want to only support for >= 4.0
463 btdev->commands[22] |= 0x04; /* Set Event Mask Page 2 */
464 btdev->commands[31] |= 0x80; /* Read Sync Train Parameters */
465 btdev->commands[32] |= 0x04; /* Read Secure Connections Support */
466 btdev->commands[32] |= 0x08; /* Write Secure Connections Support */
467 btdev->commands[32] |= 0x10; /* Read Auth Payload Timeout */
468 btdev->commands[32] |= 0x20; /* Write Auth Payload Timeout */
469 btdev->commands[32] |= 0x40; /* Read Local OOB Extended Data */
472 static void set_amp_commands(struct btdev *btdev)
474 set_common_commands_all(btdev);
476 btdev->commands[22] |= 0x20; /* Read Local AMP Info */
479 static void set_bredrle_features(struct btdev *btdev)
481 btdev->features[0] |= 0x04; /* Encryption */
482 btdev->features[0] |= 0x20; /* Role switch */
483 btdev->features[0] |= 0x80; /* Sniff mode */
484 btdev->features[1] |= 0x08; /* SCO link */
485 btdev->features[2] |= 0x08; /* Transparent SCO */
486 btdev->features[3] |= 0x40; /* RSSI with inquiry results */
487 btdev->features[3] |= 0x80; /* Extended SCO link */
488 btdev->features[4] |= 0x08; /* AFH capable slave */
489 btdev->features[4] |= 0x10; /* AFH classification slave */
490 btdev->features[4] |= 0x40; /* LE Supported */
491 btdev->features[5] |= 0x02; /* Sniff subrating */
492 btdev->features[5] |= 0x04; /* Pause encryption */
493 btdev->features[5] |= 0x08; /* AFH capable master */
494 btdev->features[5] |= 0x10; /* AFH classification master */
495 btdev->features[6] |= 0x01; /* Extended Inquiry Response */
496 btdev->features[6] |= 0x02; /* Simultaneous LE and BR/EDR */
497 btdev->features[6] |= 0x08; /* Secure Simple Pairing */
498 btdev->features[6] |= 0x10; /* Encapsulated PDU */
499 btdev->features[6] |= 0x20; /* Erroneous Data Reporting */
500 btdev->features[6] |= 0x40; /* Non-flushable Packet Boundary Flag */
501 btdev->features[7] |= 0x01; /* Link Supervision Timeout Event */
502 btdev->features[7] |= 0x02; /* Inquiry TX Power Level */
503 btdev->features[7] |= 0x80; /* Extended features */
505 btdev->feat_page_2[0] |= 0x01; /* CSB - Master Operation */
506 btdev->feat_page_2[0] |= 0x02; /* CSB - Slave Operation */
507 btdev->feat_page_2[0] |= 0x04; /* Synchronization Train */
508 btdev->feat_page_2[0] |= 0x08; /* Synchronization Scan */
509 btdev->feat_page_2[0] |= 0x10; /* Inquiry Response Notification */
510 btdev->feat_page_2[1] |= 0x01; /* Secure Connections */
511 btdev->feat_page_2[1] |= 0x02; /* Ping */
516 static void set_bredr_features(struct btdev *btdev)
518 btdev->features[0] |= 0x04; /* Encryption */
519 btdev->features[0] |= 0x20; /* Role switch */
520 btdev->features[0] |= 0x80; /* Sniff mode */
521 btdev->features[1] |= 0x08; /* SCO link */
522 btdev->features[3] |= 0x40; /* RSSI with inquiry results */
523 btdev->features[3] |= 0x80; /* Extended SCO link */
524 btdev->features[4] |= 0x08; /* AFH capable slave */
525 btdev->features[4] |= 0x10; /* AFH classification slave */
526 btdev->features[5] |= 0x02; /* Sniff subrating */
527 btdev->features[5] |= 0x04; /* Pause encryption */
528 btdev->features[5] |= 0x08; /* AFH capable master */
529 btdev->features[5] |= 0x10; /* AFH classification master */
530 btdev->features[6] |= 0x01; /* Extended Inquiry Response */
531 btdev->features[6] |= 0x08; /* Secure Simple Pairing */
532 btdev->features[6] |= 0x10; /* Encapsulated PDU */
533 btdev->features[6] |= 0x20; /* Erroneous Data Reporting */
534 btdev->features[6] |= 0x40; /* Non-flushable Packet Boundary Flag */
535 btdev->features[7] |= 0x01; /* Link Supervision Timeout Event */
536 btdev->features[7] |= 0x02; /* Inquiry TX Power Level */
537 btdev->features[7] |= 0x80; /* Extended features */
542 static void set_bredr20_features(struct btdev *btdev)
544 btdev->features[0] |= 0x04; /* Encryption */
545 btdev->features[0] |= 0x20; /* Role switch */
546 btdev->features[0] |= 0x80; /* Sniff mode */
547 btdev->features[1] |= 0x08; /* SCO link */
548 btdev->features[3] |= 0x40; /* RSSI with inquiry results */
549 btdev->features[3] |= 0x80; /* Extended SCO link */
550 btdev->features[4] |= 0x08; /* AFH capable slave */
551 btdev->features[4] |= 0x10; /* AFH classification slave */
552 btdev->features[5] |= 0x02; /* Sniff subrating */
553 btdev->features[5] |= 0x04; /* Pause encryption */
554 btdev->features[5] |= 0x08; /* AFH capable master */
555 btdev->features[5] |= 0x10; /* AFH classification master */
556 btdev->features[7] |= 0x80; /* Extended features */
561 static void set_le_features(struct btdev *btdev)
563 btdev->features[4] |= 0x20; /* BR/EDR Not Supported */
564 btdev->features[4] |= 0x40; /* LE Supported */
568 btdev->le_features[0] |= 0x01; /* LE Encryption */
569 btdev->le_features[0] |= 0x02; /* Connection Parameters Request */
570 btdev->le_features[0] |= 0x08; /* Slave-initiated Features Exchange */
573 static void set_le_states(struct btdev *btdev)
575 /* Set all 41 bits as per Bluetooth 5.0 specification */
576 btdev->le_states[0] = 0xff;
577 btdev->le_states[1] = 0xff;
578 btdev->le_states[2] = 0xff;
579 btdev->le_states[3] = 0xff;
580 btdev->le_states[4] = 0xff;
581 btdev->le_states[5] = 0x03;
584 static void set_amp_features(struct btdev *btdev)
588 struct btdev *btdev_create(enum btdev_type type, uint16_t id)
593 btdev = malloc(sizeof(*btdev));
597 memset(btdev, 0, sizeof(*btdev));
599 if (type == BTDEV_TYPE_BREDRLE || type == BTDEV_TYPE_LE) {
600 btdev->crypto = bt_crypto_new();
601 if (!btdev->crypto) {
609 btdev->manufacturer = 63;
610 btdev->revision = 0x0000;
612 switch (btdev->type) {
613 case BTDEV_TYPE_BREDRLE:
614 btdev->version = 0x09;
615 set_bredrle_features(btdev);
616 set_bredrle_commands(btdev);
617 set_le_states(btdev);
619 case BTDEV_TYPE_BREDR:
620 btdev->version = 0x05;
621 set_bredr_features(btdev);
622 set_bredr_commands(btdev);
625 btdev->version = 0x09;
626 set_le_features(btdev);
627 set_le_commands(btdev);
628 set_le_states(btdev);
631 btdev->version = 0x01;
632 set_amp_features(btdev);
633 set_amp_commands(btdev);
635 case BTDEV_TYPE_BREDR20:
636 btdev->version = 0x03;
637 set_bredr20_features(btdev);
638 set_bredr20_commands(btdev);
642 btdev->page_scan_interval = 0x0800;
643 btdev->page_scan_window = 0x0012;
644 btdev->page_scan_type = 0x00;
646 btdev->sync_train_interval = 0x0080;
647 btdev->sync_train_timeout = 0x0002ee00;
648 btdev->sync_train_service_data = 0x00;
650 btdev->acl_mtu = 192;
651 btdev->acl_max_pkt = 1;
653 btdev->country_code = 0x00;
655 index = add_btdev(btdev);
657 bt_crypto_unref(btdev->crypto);
662 get_bdaddr(id, index, btdev->bdaddr);
667 void btdev_destroy(struct btdev *btdev)
672 if (btdev->inquiry_id > 0)
673 timeout_remove(btdev->inquiry_id);
675 bt_crypto_unref(btdev->crypto);
681 const uint8_t *btdev_get_bdaddr(struct btdev *btdev)
683 return btdev->bdaddr;
686 uint8_t *btdev_get_features(struct btdev *btdev)
688 return btdev->features;
691 uint8_t btdev_get_scan_enable(struct btdev *btdev)
693 return btdev->scan_enable;
696 uint8_t btdev_get_le_scan_enable(struct btdev *btdev)
698 return btdev->le_scan_enable;
701 void btdev_set_le_states(struct btdev *btdev, const uint8_t *le_states)
703 memcpy(btdev->le_states, le_states, sizeof(btdev->le_states));
706 static bool use_ssp(struct btdev *btdev1, struct btdev *btdev2)
708 if (btdev1->auth_enable || btdev2->auth_enable)
711 return (btdev1->simple_pairing_mode && btdev2->simple_pairing_mode);
714 void btdev_set_command_handler(struct btdev *btdev, btdev_command_func handler,
720 btdev->command_handler = handler;
721 btdev->command_data = user_data;
724 void btdev_set_send_handler(struct btdev *btdev, btdev_send_func handler,
730 btdev->send_handler = handler;
731 btdev->send_data = user_data;
734 static void send_packet(struct btdev *btdev, const struct iovec *iov,
737 if (!btdev->send_handler)
740 btdev->send_handler(iov, iovlen, btdev->send_data);
743 static void send_event(struct btdev *btdev, uint8_t event,
744 const void *data, uint8_t len)
746 struct bt_hci_evt_hdr hdr;
748 uint8_t pkt = BT_H4_EVT_PKT;
750 iov[0].iov_base = &pkt;
751 iov[0].iov_len = sizeof(pkt);
756 iov[1].iov_base = &hdr;
757 iov[1].iov_len = sizeof(hdr);
760 iov[2].iov_base = (void *) data;
761 iov[2].iov_len = len;
764 if (run_hooks(btdev, BTDEV_HOOK_POST_EVT, event, data, len))
765 send_packet(btdev, iov, len > 0 ? 3 : 2);
768 static void send_cmd(struct btdev *btdev, uint8_t evt, uint16_t opcode,
769 const struct iovec *iov, int iovlen)
771 struct bt_hci_evt_hdr hdr;
772 struct iovec iov2[2 + iovlen];
773 uint8_t pkt = BT_H4_EVT_PKT;
776 iov2[0].iov_base = &pkt;
777 iov2[0].iov_len = sizeof(pkt);
782 iov2[1].iov_base = &hdr;
783 iov2[1].iov_len = sizeof(hdr);
785 for (i = 0; i < iovlen; i++) {
786 hdr.plen += iov[i].iov_len;
787 iov2[2 + i].iov_base = iov[i].iov_base;
788 iov2[2 + i].iov_len = iov[i].iov_len;
791 if (run_hooks(btdev, BTDEV_HOOK_POST_CMD, opcode, iov[i -1].iov_base,
793 send_packet(btdev, iov2, 2 + iovlen);
796 static void cmd_complete(struct btdev *btdev, uint16_t opcode,
797 const void *data, uint8_t len)
799 struct bt_hci_evt_cmd_complete cc;
803 cc.opcode = cpu_to_le16(opcode);
805 iov[0].iov_base = &cc;
806 iov[0].iov_len = sizeof(cc);
808 iov[1].iov_base = (void *) data;
809 iov[1].iov_len = len;
811 send_cmd(btdev, BT_HCI_EVT_CMD_COMPLETE, opcode, iov, 2);
814 static void cmd_status(struct btdev *btdev, uint8_t status, uint16_t opcode)
816 struct bt_hci_evt_cmd_status cs;
821 cs.opcode = cpu_to_le16(opcode);
824 iov.iov_len = sizeof(cs);
826 send_cmd(btdev, BT_HCI_EVT_CMD_STATUS, opcode, &iov, 1);
829 static void le_meta_event(struct btdev *btdev, uint8_t event,
830 void *data, uint8_t len)
834 pkt_data = alloca(1 + len);
838 ((uint8_t *) pkt_data)[0] = event;
841 memcpy(pkt_data + 1, data, len);
843 send_event(btdev, BT_HCI_EVT_LE_META_EVENT, pkt_data, 1 + len);
846 static void num_completed_packets(struct btdev *btdev)
849 struct bt_hci_evt_num_completed_packets ncp;
852 ncp.handle = cpu_to_le16(42);
853 ncp.count = cpu_to_le16(1);
855 send_event(btdev, BT_HCI_EVT_NUM_COMPLETED_PACKETS,
860 static bool inquiry_callback(void *user_data)
862 struct inquiry_data *data = user_data;
863 struct btdev *btdev = data->btdev;
864 struct bt_hci_evt_inquiry_complete ic;
865 int sent = data->sent_count;
868 /*Report devices only once and wait for inquiry timeout*/
869 if (data->iter == MAX_BTDEV_ENTRIES)
872 for (i = data->iter; i < MAX_BTDEV_ENTRIES; i++) {
873 /*Lets sent 10 inquiry results at once */
874 if (sent + 10 == data->sent_count)
877 if (!btdev_list[i] || btdev_list[i] == btdev)
880 if (!(btdev_list[i]->scan_enable & 0x02))
883 if (btdev->inquiry_mode == 0x02 &&
884 btdev_list[i]->ext_inquiry_rsp[0]) {
885 struct bt_hci_evt_ext_inquiry_result ir;
888 memcpy(ir.bdaddr, btdev_list[i]->bdaddr, 6);
889 ir.pscan_rep_mode = 0x00;
890 ir.pscan_period_mode = 0x00;
891 memcpy(ir.dev_class, btdev_list[i]->dev_class, 3);
892 ir.clock_offset = 0x0000;
894 memcpy(ir.data, btdev_list[i]->ext_inquiry_rsp, 240);
896 send_event(btdev, BT_HCI_EVT_EXT_INQUIRY_RESULT,
902 if (btdev->inquiry_mode > 0x00) {
903 struct bt_hci_evt_inquiry_result_with_rssi ir;
906 memcpy(ir.bdaddr, btdev_list[i]->bdaddr, 6);
907 ir.pscan_rep_mode = 0x00;
908 ir.pscan_period_mode = 0x00;
909 memcpy(ir.dev_class, btdev_list[i]->dev_class, 3);
910 ir.clock_offset = 0x0000;
913 send_event(btdev, BT_HCI_EVT_INQUIRY_RESULT_WITH_RSSI,
917 struct bt_hci_evt_inquiry_result ir;
920 memcpy(ir.bdaddr, btdev_list[i]->bdaddr, 6);
921 ir.pscan_rep_mode = 0x00;
922 ir.pscan_period_mode = 0x00;
923 ir.pscan_mode = 0x00;
924 memcpy(ir.dev_class, btdev_list[i]->dev_class, 3);
925 ir.clock_offset = 0x0000;
927 send_event(btdev, BT_HCI_EVT_INQUIRY_RESULT,
934 /* Check if we sent already required amount of responses*/
935 if (data->num_resp && data->sent_count == data->num_resp)
941 /* Note that destroy will be called */
942 ic.status = BT_HCI_ERR_SUCCESS;
943 send_event(btdev, BT_HCI_EVT_INQUIRY_COMPLETE, &ic, sizeof(ic));
948 static void inquiry_destroy(void *user_data)
950 struct inquiry_data *data = user_data;
951 struct btdev *btdev = data->btdev;
956 btdev->inquiry_id = 0;
958 if (btdev->inquiry_timeout_id > 0) {
959 timeout_remove(btdev->inquiry_timeout_id);
960 btdev->inquiry_timeout_id = 0;
967 static bool inquiry_timeout(void *user_data)
969 struct inquiry_data *data = user_data;
970 struct btdev *btdev = data->btdev;
971 struct bt_hci_evt_inquiry_complete ic;
973 timeout_remove(btdev->inquiry_id);
974 btdev->inquiry_timeout_id = 0;
976 /* Inquiry is stopped, send Inquiry complete event. */
977 ic.status = BT_HCI_ERR_SUCCESS;
978 send_event(btdev, BT_HCI_EVT_INQUIRY_COMPLETE, &ic, sizeof(ic));
983 static void inquiry_cmd(struct btdev *btdev, const void *cmd)
985 const struct bt_hci_cmd_inquiry *inq_cmd = cmd;
986 struct inquiry_data *data;
987 struct bt_hci_evt_inquiry_complete ic;
988 int status = BT_HCI_ERR_HARDWARE_FAILURE;
989 unsigned int inquiry_len_ms;
991 if (btdev->inquiry_id > 0) {
992 status = BT_HCI_ERR_COMMAND_DISALLOWED;
996 data = malloc(sizeof(*data));
1000 memset(data, 0, sizeof(*data));
1001 data->btdev = btdev;
1002 data->num_resp = inq_cmd->num_resp;
1004 /* Add timeout to cancel inquiry */
1005 inquiry_len_ms = 1280 * inq_cmd->length;
1007 btdev->inquiry_timeout_id = timeout_add(inquiry_len_ms,
1011 btdev->inquiry_id = timeout_add(DEFAULT_INQUIRY_INTERVAL,
1012 inquiry_callback, data,
1014 /* Return if success */
1015 if (btdev->inquiry_id > 0)
1020 send_event(btdev, BT_HCI_EVT_INQUIRY_COMPLETE, &ic, sizeof(ic));
1023 static void inquiry_cancel(struct btdev *btdev)
1027 if (!btdev->inquiry_id) {
1028 status = BT_HCI_ERR_COMMAND_DISALLOWED;
1029 cmd_complete(btdev, BT_HCI_CMD_INQUIRY_CANCEL, &status,
1034 timeout_remove(btdev->inquiry_timeout_id);
1035 btdev->inquiry_timeout_id = 0;
1036 timeout_remove(btdev->inquiry_id);
1037 btdev->inquiry_id = 0;
1039 status = BT_HCI_ERR_SUCCESS;
1040 cmd_complete(btdev, BT_HCI_CMD_INQUIRY_CANCEL, &status,
1044 static void conn_complete(struct btdev *btdev,
1045 const uint8_t *bdaddr, uint8_t status)
1047 struct bt_hci_evt_conn_complete cc;
1050 struct btdev *remote = find_btdev_by_bdaddr(bdaddr);
1052 btdev->conn = remote;
1053 remote->conn = btdev;
1056 memcpy(cc.bdaddr, btdev->bdaddr, 6);
1057 cc.encr_mode = 0x00;
1059 cc.handle = cpu_to_le16(42);
1060 cc.link_type = 0x01;
1062 send_event(remote, BT_HCI_EVT_CONN_COMPLETE, &cc, sizeof(cc));
1064 cc.handle = cpu_to_le16(42);
1065 cc.link_type = 0x01;
1067 cc.handle = cpu_to_le16(0x0000);
1068 cc.link_type = 0x01;
1072 memcpy(cc.bdaddr, bdaddr, 6);
1073 cc.encr_mode = 0x00;
1075 send_event(btdev, BT_HCI_EVT_CONN_COMPLETE, &cc, sizeof(cc));
1078 static void accept_conn_request_complete(struct btdev *btdev,
1079 const uint8_t *bdaddr)
1081 struct btdev *remote = find_btdev_by_bdaddr(bdaddr);
1086 if (btdev->auth_enable || remote->auth_enable)
1087 send_event(remote, BT_HCI_EVT_LINK_KEY_REQUEST,
1090 conn_complete(btdev, bdaddr, BT_HCI_ERR_SUCCESS);
1093 static void sync_conn_complete(struct btdev *btdev, uint16_t voice_setting,
1096 struct bt_hci_evt_sync_conn_complete cc;
1102 memcpy(cc.bdaddr, btdev->conn->bdaddr, 6);
1104 cc.handle = cpu_to_le16(status == BT_HCI_ERR_SUCCESS ? 257 : 0);
1105 cc.link_type = 0x02;
1106 cc.tx_interval = 0x000c;
1107 cc.retrans_window = 0x06;
1110 cc.air_mode = (voice_setting == 0x0060) ? 0x02 : 0x03;
1112 send_event(btdev, BT_HCI_EVT_SYNC_CONN_COMPLETE, &cc, sizeof(cc));
1115 static void sco_conn_complete(struct btdev *btdev, uint8_t status)
1117 struct bt_hci_evt_conn_complete cc;
1123 memcpy(cc.bdaddr, btdev->conn->bdaddr, 6);
1124 cc.handle = cpu_to_le16(status == BT_HCI_ERR_SUCCESS ? 257 : 0);
1125 cc.link_type = 0x00;
1126 cc.encr_mode = 0x00;
1128 send_event(btdev, BT_HCI_EVT_CONN_COMPLETE, &cc, sizeof(cc));
1131 static void le_conn_complete(struct btdev *btdev,
1132 const struct bt_hci_cmd_le_create_conn *lecc,
1135 char buf[1 + sizeof(struct bt_hci_evt_le_conn_complete)];
1136 struct bt_hci_evt_le_conn_complete *cc = (void *) &buf[1];
1138 memset(buf, 0, sizeof(buf));
1140 buf[0] = BT_HCI_EVT_LE_CONN_COMPLETE;
1143 struct btdev *remote;
1145 remote = find_btdev_by_bdaddr_type(lecc->peer_addr,
1146 lecc->peer_addr_type);
1148 btdev->conn = remote;
1149 btdev->le_adv_enable = 0;
1150 remote->conn = btdev;
1151 remote->le_adv_enable = 0;
1153 cc->status = status;
1154 cc->peer_addr_type = btdev->le_scan_own_addr_type;
1155 if (cc->peer_addr_type == 0x01)
1156 memcpy(cc->peer_addr, btdev->random_addr, 6);
1158 memcpy(cc->peer_addr, btdev->bdaddr, 6);
1161 cc->handle = cpu_to_le16(42);
1162 cc->interval = lecc->max_interval;
1163 cc->latency = lecc->latency;
1164 cc->supv_timeout = lecc->supv_timeout;
1166 send_event(remote, BT_HCI_EVT_LE_META_EVENT, buf, sizeof(buf));
1169 cc->status = status;
1170 cc->peer_addr_type = lecc->peer_addr_type;
1171 memcpy(cc->peer_addr, lecc->peer_addr, 6);
1174 send_event(btdev, BT_HCI_EVT_LE_META_EVENT, buf, sizeof(buf));
1177 static const uint8_t *scan_addr(const struct btdev *btdev)
1179 if (btdev->le_scan_own_addr_type == 0x01)
1180 return btdev->random_addr;
1182 return btdev->bdaddr;
1185 static const uint8_t *adv_addr(const struct btdev *btdev)
1187 if (btdev->le_adv_own_addr == 0x01)
1188 return btdev->random_addr;
1190 return btdev->bdaddr;
1193 static bool adv_match(struct btdev *scan, struct btdev *adv)
1195 /* Match everything if this is not directed advertising */
1196 if (adv->le_adv_type != 0x01 && adv->le_adv_type != 0x04)
1199 if (scan->le_scan_own_addr_type != adv->le_adv_direct_addr_type)
1202 return !memcmp(scan_addr(scan), adv->le_adv_direct_addr, 6);
1205 static bool adv_connectable(struct btdev *btdev)
1207 if (!btdev->le_adv_enable)
1210 return btdev->le_adv_type != 0x03;
1213 static void le_conn_request(struct btdev *btdev,
1214 const struct bt_hci_cmd_le_create_conn *lecc)
1216 struct btdev *remote = find_btdev_by_bdaddr_type(lecc->peer_addr,
1217 lecc->peer_addr_type);
1219 if (remote && adv_connectable(remote) && adv_match(btdev, remote) &&
1220 remote->le_adv_own_addr == lecc->peer_addr_type)
1221 le_conn_complete(btdev, lecc, 0);
1223 le_conn_complete(btdev, lecc,
1224 BT_HCI_ERR_CONN_FAILED_TO_ESTABLISH);
1227 static void conn_request(struct btdev *btdev, const uint8_t *bdaddr)
1229 struct btdev *remote = find_btdev_by_bdaddr(bdaddr);
1231 if (remote && remote->scan_enable & 0x02) {
1232 struct bt_hci_evt_conn_request cr;
1234 memcpy(cr.bdaddr, btdev->bdaddr, 6);
1235 memcpy(cr.dev_class, btdev->dev_class, 3);
1236 cr.link_type = 0x01;
1238 send_event(remote, BT_HCI_EVT_CONN_REQUEST, &cr, sizeof(cr));
1240 conn_complete(btdev, bdaddr, BT_HCI_ERR_PAGE_TIMEOUT);
1244 static void rej_le_conn_update(struct btdev *btdev, uint16_t handle,
1247 struct btdev *remote = btdev->conn;
1250 struct bt_hci_evt_le_conn_update_complete ev;
1256 ev.subevent = BT_HCI_EVT_LE_CONN_UPDATE_COMPLETE;
1257 ev.ev.handle = cpu_to_le16(handle);
1258 ev.ev.status = cpu_to_le16(reason);
1260 send_event(remote, BT_HCI_EVT_LE_META_EVENT, &ev, sizeof(ev));
1263 static void le_conn_update(struct btdev *btdev, uint16_t handle,
1264 uint16_t min_interval, uint16_t max_interval,
1265 uint16_t latency, uint16_t supv_timeout,
1266 uint16_t min_length, uint16_t max_length)
1268 struct btdev *remote = btdev->conn;
1271 struct bt_hci_evt_le_conn_update_complete ev;
1274 ev.subevent = BT_HCI_EVT_LE_CONN_UPDATE_COMPLETE;
1275 ev.ev.handle = cpu_to_le16(handle);
1276 ev.ev.interval = cpu_to_le16(min_interval);
1277 ev.ev.latency = cpu_to_le16(latency);
1278 ev.ev.supv_timeout = cpu_to_le16(supv_timeout);
1281 ev.ev.status = BT_HCI_ERR_SUCCESS;
1283 ev.ev.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1285 send_event(btdev, BT_HCI_EVT_LE_META_EVENT, &ev, sizeof(ev));
1288 send_event(remote, BT_HCI_EVT_LE_META_EVENT, &ev, sizeof(ev));
1291 static void le_conn_param_req(struct btdev *btdev, uint16_t handle,
1292 uint16_t min_interval, uint16_t max_interval,
1293 uint16_t latency, uint16_t supv_timeout,
1294 uint16_t min_length, uint16_t max_length)
1296 struct btdev *remote = btdev->conn;
1299 struct bt_hci_evt_le_conn_param_request ev;
1305 ev.subevent = BT_HCI_EVT_LE_CONN_PARAM_REQUEST;
1306 ev.ev.handle = cpu_to_le16(handle);
1307 ev.ev.min_interval = cpu_to_le16(min_interval);
1308 ev.ev.max_interval = cpu_to_le16(max_interval);
1309 ev.ev.latency = cpu_to_le16(latency);
1310 ev.ev.supv_timeout = cpu_to_le16(supv_timeout);
1312 send_event(remote, BT_HCI_EVT_LE_META_EVENT, &ev, sizeof(ev));
1315 static void disconnect_complete(struct btdev *btdev, uint16_t handle,
1318 struct bt_hci_evt_disconnect_complete dc;
1319 struct btdev *remote = btdev->conn;
1322 dc.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1323 dc.handle = cpu_to_le16(handle);
1326 send_event(btdev, BT_HCI_EVT_DISCONNECT_COMPLETE,
1331 dc.status = BT_HCI_ERR_SUCCESS;
1332 dc.handle = cpu_to_le16(handle);
1336 remote->conn = NULL;
1338 send_event(btdev, BT_HCI_EVT_DISCONNECT_COMPLETE, &dc, sizeof(dc));
1339 send_event(remote, BT_HCI_EVT_DISCONNECT_COMPLETE, &dc, sizeof(dc));
1342 static void link_key_req_reply_complete(struct btdev *btdev,
1343 const uint8_t *bdaddr,
1344 const uint8_t *link_key)
1346 struct btdev *remote = btdev->conn;
1347 struct bt_hci_evt_auth_complete ev;
1349 memcpy(btdev->link_key, link_key, 16);
1352 remote = find_btdev_by_bdaddr(bdaddr);
1357 if (!memcmp(remote->link_key, LINK_KEY_NONE, 16)) {
1358 send_event(remote, BT_HCI_EVT_LINK_KEY_REQUEST,
1363 ev.handle = cpu_to_le16(42);
1365 if (!memcmp(btdev->link_key, remote->link_key, 16))
1366 ev.status = BT_HCI_ERR_SUCCESS;
1368 ev.status = BT_HCI_ERR_AUTH_FAILURE;
1370 send_event(btdev, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
1371 send_event(remote, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
1374 static void link_key_req_neg_reply_complete(struct btdev *btdev,
1375 const uint8_t *bdaddr)
1377 struct btdev *remote = btdev->conn;
1380 remote = find_btdev_by_bdaddr(bdaddr);
1385 if (use_ssp(btdev, remote)) {
1386 struct bt_hci_evt_io_capability_request io_req;
1388 memcpy(io_req.bdaddr, bdaddr, 6);
1389 send_event(btdev, BT_HCI_EVT_IO_CAPABILITY_REQUEST, &io_req,
1392 struct bt_hci_evt_pin_code_request pin_req;
1394 memcpy(pin_req.bdaddr, bdaddr, 6);
1395 send_event(btdev, BT_HCI_EVT_PIN_CODE_REQUEST, &pin_req,
1400 static uint8_t get_link_key_type(struct btdev *btdev)
1402 struct btdev *remote = btdev->conn;
1403 uint8_t auth, unauth;
1408 if (!btdev->simple_pairing_mode)
1411 if (btdev->ssp_debug_mode || remote->ssp_debug_mode)
1414 if (btdev->secure_conn_support && remote->secure_conn_support) {
1422 if (btdev->io_cap == 0x03 || remote->io_cap == 0x03)
1425 if (!(btdev->auth_req & 0x01) && !(remote->auth_req & 0x01))
1428 /* DisplayOnly only produces authenticated with KeyboardOnly */
1429 if (btdev->io_cap == 0x00 && remote->io_cap != 0x02)
1432 /* DisplayOnly only produces authenticated with KeyboardOnly */
1433 if (remote->io_cap == 0x00 && btdev->io_cap != 0x02)
1439 static void link_key_notify(struct btdev *btdev, const uint8_t *bdaddr,
1442 struct bt_hci_evt_link_key_notify ev;
1444 memcpy(btdev->link_key, key, 16);
1446 memcpy(ev.bdaddr, bdaddr, 6);
1447 memcpy(ev.link_key, key, 16);
1448 ev.key_type = get_link_key_type(btdev);
1450 send_event(btdev, BT_HCI_EVT_LINK_KEY_NOTIFY, &ev, sizeof(ev));
1453 static void encrypt_change(struct btdev *btdev, uint8_t mode, uint8_t status)
1455 struct bt_hci_evt_encrypt_change ev;
1458 ev.handle = cpu_to_le16(42);
1459 ev.encr_mode = mode;
1461 send_event(btdev, BT_HCI_EVT_ENCRYPT_CHANGE, &ev, sizeof(ev));
1464 static void pin_code_req_reply_complete(struct btdev *btdev,
1465 const uint8_t *bdaddr, uint8_t pin_len,
1466 const uint8_t *pin_code)
1468 struct bt_hci_evt_auth_complete ev;
1469 struct btdev *remote = btdev->conn;
1472 remote = find_btdev_by_bdaddr(bdaddr);
1477 memcpy(btdev->pin, pin_code, pin_len);
1478 btdev->pin_len = pin_len;
1480 if (!remote->pin_len) {
1481 struct bt_hci_evt_pin_code_request pin_req;
1483 memcpy(pin_req.bdaddr, btdev->bdaddr, 6);
1484 send_event(remote, BT_HCI_EVT_PIN_CODE_REQUEST, &pin_req,
1489 if (btdev->pin_len == remote->pin_len &&
1490 !memcmp(btdev->pin, remote->pin, btdev->pin_len)) {
1491 link_key_notify(btdev, remote->bdaddr, LINK_KEY_DUMMY);
1492 link_key_notify(remote, btdev->bdaddr, LINK_KEY_DUMMY);
1493 ev.status = BT_HCI_ERR_SUCCESS;
1495 ev.status = BT_HCI_ERR_AUTH_FAILURE;
1499 ev.handle = cpu_to_le16(42);
1500 send_event(remote, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
1502 conn_complete(remote, btdev->bdaddr, ev.status);
1506 remote->pin_len = 0;
1509 static void pin_code_req_neg_reply_complete(struct btdev *btdev,
1510 const uint8_t *bdaddr)
1512 struct bt_hci_evt_auth_complete ev;
1513 struct btdev *remote = btdev->conn;
1516 remote = find_btdev_by_bdaddr(bdaddr);
1521 ev.status = BT_HCI_ERR_PIN_OR_KEY_MISSING;
1522 ev.handle = cpu_to_le16(42);
1525 send_event(btdev, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
1527 conn_complete(btdev, bdaddr, BT_HCI_ERR_PIN_OR_KEY_MISSING);
1530 if (remote->pin_len)
1531 send_event(remote, BT_HCI_EVT_AUTH_COMPLETE, &ev,
1534 conn_complete(remote, btdev->bdaddr,
1535 BT_HCI_ERR_PIN_OR_KEY_MISSING);
1539 static void auth_request_complete(struct btdev *btdev, uint16_t handle)
1541 struct btdev *remote = btdev->conn;
1544 struct bt_hci_evt_auth_complete ev;
1546 ev.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1547 ev.handle = cpu_to_le16(handle);
1549 send_event(btdev, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
1554 btdev->auth_init = true;
1556 send_event(btdev, BT_HCI_EVT_LINK_KEY_REQUEST, remote->bdaddr, 6);
1559 static void name_request_complete(struct btdev *btdev,
1560 const uint8_t *bdaddr, uint8_t status)
1562 struct bt_hci_evt_remote_name_request_complete nc;
1565 memcpy(nc.bdaddr, bdaddr, 6);
1566 memset(nc.name, 0, 248);
1569 struct btdev *remote = find_btdev_by_bdaddr(bdaddr);
1572 memcpy(nc.name, remote->name, 248);
1574 nc.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1577 send_event(btdev, BT_HCI_EVT_REMOTE_NAME_REQUEST_COMPLETE,
1581 static void remote_features_complete(struct btdev *btdev, uint16_t handle)
1583 struct bt_hci_evt_remote_features_complete rfc;
1586 rfc.status = BT_HCI_ERR_SUCCESS;
1587 rfc.handle = cpu_to_le16(handle);
1588 memcpy(rfc.features, btdev->conn->features, 8);
1590 rfc.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1591 rfc.handle = cpu_to_le16(handle);
1592 memset(rfc.features, 0, 8);
1595 send_event(btdev, BT_HCI_EVT_REMOTE_FEATURES_COMPLETE,
1599 static void btdev_get_host_features(struct btdev *btdev, uint8_t features[8])
1601 memset(features, 0, 8);
1602 if (btdev->simple_pairing_mode)
1603 features[0] |= 0x01;
1604 if (btdev->le_supported)
1605 features[0] |= 0x02;
1606 if (btdev->le_simultaneous)
1607 features[0] |= 0x04;
1608 if (btdev->secure_conn_support)
1609 features[0] |= 0x08;
1612 static void remote_ext_features_complete(struct btdev *btdev, uint16_t handle,
1615 struct bt_hci_evt_remote_ext_features_complete refc;
1617 if (btdev->conn && page < 0x02) {
1618 refc.handle = cpu_to_le16(handle);
1620 refc.max_page = 0x01;
1624 refc.status = BT_HCI_ERR_SUCCESS;
1625 memcpy(refc.features, btdev->conn->features, 8);
1628 refc.status = BT_HCI_ERR_SUCCESS;
1629 btdev_get_host_features(btdev->conn, refc.features);
1632 refc.status = BT_HCI_ERR_INVALID_PARAMETERS;
1633 memset(refc.features, 0, 8);
1637 refc.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1638 refc.handle = cpu_to_le16(handle);
1640 refc.max_page = 0x01;
1641 memset(refc.features, 0, 8);
1644 send_event(btdev, BT_HCI_EVT_REMOTE_EXT_FEATURES_COMPLETE,
1645 &refc, sizeof(refc));
1648 static void remote_version_complete(struct btdev *btdev, uint16_t handle)
1650 struct bt_hci_evt_remote_version_complete rvc;
1653 rvc.status = BT_HCI_ERR_SUCCESS;
1654 rvc.handle = cpu_to_le16(handle);
1655 rvc.lmp_ver = btdev->conn->version;
1656 rvc.manufacturer = cpu_to_le16(btdev->conn->manufacturer);
1657 rvc.lmp_subver = cpu_to_le16(btdev->conn->revision);
1659 rvc.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1660 rvc.handle = cpu_to_le16(handle);
1662 rvc.manufacturer = cpu_to_le16(0);
1663 rvc.lmp_subver = cpu_to_le16(0);
1666 send_event(btdev, BT_HCI_EVT_REMOTE_VERSION_COMPLETE,
1670 static void remote_clock_offset_complete(struct btdev *btdev, uint16_t handle)
1672 struct bt_hci_evt_clock_offset_complete coc;
1675 coc.status = BT_HCI_ERR_SUCCESS;
1676 coc.handle = cpu_to_le16(handle);
1677 coc.clock_offset = 0;
1679 coc.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1680 coc.handle = cpu_to_le16(handle);
1681 coc.clock_offset = 0;
1684 send_event(btdev, BT_HCI_EVT_CLOCK_OFFSET_COMPLETE,
1688 static void read_enc_key_size_complete(struct btdev *btdev, uint16_t handle)
1690 struct bt_hci_rsp_read_encrypt_key_size rsp;
1692 rsp.handle = cpu_to_le16(handle);
1695 rsp.status = BT_HCI_ERR_SUCCESS;
1698 rsp.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1702 cmd_complete(btdev, BT_HCI_CMD_READ_ENCRYPT_KEY_SIZE,
1706 static void io_cap_req_reply_complete(struct btdev *btdev,
1707 const uint8_t *bdaddr,
1708 uint8_t capability, uint8_t oob_data,
1709 uint8_t authentication)
1711 struct btdev *remote = btdev->conn;
1712 struct bt_hci_evt_io_capability_response ev;
1713 struct bt_hci_rsp_io_capability_request_reply rsp;
1717 status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1721 status = BT_HCI_ERR_SUCCESS;
1723 btdev->io_cap = capability;
1724 btdev->auth_req = authentication;
1726 memcpy(ev.bdaddr, btdev->bdaddr, 6);
1727 ev.capability = capability;
1728 ev.oob_data = oob_data;
1729 ev.authentication = authentication;
1731 send_event(remote, BT_HCI_EVT_IO_CAPABILITY_RESPONSE, &ev, sizeof(ev));
1733 if (remote->io_cap) {
1734 struct bt_hci_evt_user_confirm_request cfm;
1736 memcpy(cfm.bdaddr, btdev->bdaddr, 6);
1739 send_event(remote, BT_HCI_EVT_USER_CONFIRM_REQUEST,
1742 memcpy(cfm.bdaddr, bdaddr, 6);
1743 send_event(btdev, BT_HCI_EVT_USER_CONFIRM_REQUEST,
1746 send_event(remote, BT_HCI_EVT_IO_CAPABILITY_REQUEST,
1751 rsp.status = status;
1752 memcpy(rsp.bdaddr, bdaddr, 6);
1753 cmd_complete(btdev, BT_HCI_CMD_IO_CAPABILITY_REQUEST_REPLY,
1757 static void io_cap_req_neg_reply_complete(struct btdev *btdev,
1758 const uint8_t *bdaddr)
1760 struct bt_hci_rsp_io_capability_request_neg_reply rsp;
1762 rsp.status = BT_HCI_ERR_SUCCESS;
1763 memcpy(rsp.bdaddr, bdaddr, 6);
1764 cmd_complete(btdev, BT_HCI_CMD_IO_CAPABILITY_REQUEST_NEG_REPLY,
1768 static void ssp_complete(struct btdev *btdev, const uint8_t *bdaddr,
1769 uint8_t status, bool wait)
1771 struct bt_hci_evt_simple_pairing_complete iev, aev;
1772 struct bt_hci_evt_auth_complete auth;
1773 struct btdev *remote = btdev->conn;
1774 struct btdev *init, *accp;
1779 btdev->ssp_status = status;
1780 btdev->ssp_auth_complete = true;
1782 if (!remote->ssp_auth_complete && wait)
1785 if (status == BT_HCI_ERR_SUCCESS &&
1786 remote->ssp_status != BT_HCI_ERR_SUCCESS)
1787 status = remote->ssp_status;
1789 iev.status = status;
1790 aev.status = status;
1792 if (btdev->auth_init) {
1795 memcpy(iev.bdaddr, bdaddr, 6);
1796 memcpy(aev.bdaddr, btdev->bdaddr, 6);
1800 memcpy(iev.bdaddr, btdev->bdaddr, 6);
1801 memcpy(aev.bdaddr, bdaddr, 6);
1804 send_event(init, BT_HCI_EVT_SIMPLE_PAIRING_COMPLETE, &iev,
1806 send_event(accp, BT_HCI_EVT_SIMPLE_PAIRING_COMPLETE, &aev,
1809 if (status == BT_HCI_ERR_SUCCESS) {
1810 link_key_notify(init, iev.bdaddr, LINK_KEY_DUMMY);
1811 link_key_notify(accp, aev.bdaddr, LINK_KEY_DUMMY);
1814 auth.status = status;
1815 auth.handle = cpu_to_le16(42);
1816 send_event(init, BT_HCI_EVT_AUTH_COMPLETE, &auth, sizeof(auth));
1819 static void le_send_adv_report(struct btdev *btdev, const struct btdev *remote,
1825 struct bt_hci_evt_le_adv_report lar;
1826 uint8_t raw[10 + 31 + 1];
1830 meta_event.subevent = BT_HCI_EVT_LE_ADV_REPORT;
1832 memset(&meta_event.lar, 0, sizeof(meta_event.lar));
1833 meta_event.lar.num_reports = 1;
1834 meta_event.lar.event_type = type;
1835 meta_event.lar.addr_type = remote->le_adv_own_addr;
1836 memcpy(meta_event.lar.addr, adv_addr(remote), 6);
1838 /* Scan or advertising response */
1840 meta_event.lar.data_len = remote->le_scan_data_len;
1841 memcpy(meta_event.lar.data, remote->le_scan_data,
1842 meta_event.lar.data_len);
1844 meta_event.lar.data_len = remote->le_adv_data_len;
1845 memcpy(meta_event.lar.data, remote->le_adv_data,
1846 meta_event.lar.data_len);
1849 meta_event.raw[10 + meta_event.lar.data_len] = 127;
1850 send_event(btdev, BT_HCI_EVT_LE_META_EVENT, &meta_event,
1851 1 + 10 + meta_event.lar.data_len + 1);
1854 static uint8_t get_adv_report_type(uint8_t adv_type)
1857 * Connectable low duty cycle directed advertising creates a
1858 * connectable directed advertising report type.
1860 if (adv_type == 0x04)
1866 static void le_set_adv_enable_complete(struct btdev *btdev)
1868 uint8_t report_type;
1871 report_type = get_adv_report_type(btdev->le_adv_type);
1873 for (i = 0; i < MAX_BTDEV_ENTRIES; i++) {
1874 if (!btdev_list[i] || btdev_list[i] == btdev)
1877 if (!btdev_list[i]->le_scan_enable)
1880 if (!adv_match(btdev_list[i], btdev))
1883 le_send_adv_report(btdev_list[i], btdev, report_type);
1885 if (btdev_list[i]->le_scan_type != 0x01)
1888 /* ADV_IND & ADV_SCAN_IND generate a scan response */
1889 if (btdev->le_adv_type == 0x00 || btdev->le_adv_type == 0x02)
1890 le_send_adv_report(btdev_list[i], btdev, 0x04);
1894 static void le_set_scan_enable_complete(struct btdev *btdev)
1898 for (i = 0; i < MAX_BTDEV_ENTRIES; i++) {
1899 uint8_t report_type;
1901 if (!btdev_list[i] || btdev_list[i] == btdev)
1904 if (!btdev_list[i]->le_adv_enable)
1907 if (!adv_match(btdev, btdev_list[i]))
1910 report_type = get_adv_report_type(btdev_list[i]->le_adv_type);
1911 le_send_adv_report(btdev, btdev_list[i], report_type);
1913 if (btdev->le_scan_type != 0x01)
1916 /* ADV_IND & ADV_SCAN_IND generate a scan response */
1917 if (btdev_list[i]->le_adv_type == 0x00 ||
1918 btdev_list[i]->le_adv_type == 0x02)
1919 le_send_adv_report(btdev, btdev_list[i], 0x04);
1923 static void le_read_remote_features_complete(struct btdev *btdev)
1925 char buf[1 + sizeof(struct bt_hci_evt_le_remote_features_complete)];
1926 struct bt_hci_evt_le_remote_features_complete *ev = (void *) &buf[1];
1927 struct btdev *remote = btdev->conn;
1930 cmd_status(btdev, BT_HCI_ERR_UNKNOWN_CONN_ID,
1931 BT_HCI_CMD_LE_READ_REMOTE_FEATURES);
1935 cmd_status(btdev, BT_HCI_ERR_SUCCESS,
1936 BT_HCI_CMD_LE_READ_REMOTE_FEATURES);
1938 memset(buf, 0, sizeof(buf));
1939 buf[0] = BT_HCI_EVT_LE_REMOTE_FEATURES_COMPLETE;
1940 ev->status = BT_HCI_ERR_SUCCESS;
1941 ev->handle = cpu_to_le16(42);
1942 memcpy(ev->features, remote->le_features, 8);
1944 send_event(btdev, BT_HCI_EVT_LE_META_EVENT, buf, sizeof(buf));
1947 static void le_start_encrypt_complete(struct btdev *btdev, uint16_t ediv,
1950 char buf[1 + sizeof(struct bt_hci_evt_le_long_term_key_request)];
1951 struct bt_hci_evt_le_long_term_key_request *ev = (void *) &buf[1];
1952 struct btdev *remote = btdev->conn;
1955 cmd_status(btdev, BT_HCI_ERR_UNKNOWN_CONN_ID,
1956 BT_HCI_CMD_LE_START_ENCRYPT);
1960 cmd_status(btdev, BT_HCI_ERR_SUCCESS, BT_HCI_CMD_LE_START_ENCRYPT);
1962 memset(buf, 0, sizeof(buf));
1963 buf[0] = BT_HCI_EVT_LE_LONG_TERM_KEY_REQUEST;
1964 ev->handle = cpu_to_le16(42);
1968 send_event(remote, BT_HCI_EVT_LE_META_EVENT, buf, sizeof(buf));
1971 static void le_encrypt_complete(struct btdev *btdev)
1973 struct bt_hci_evt_encrypt_change ev;
1974 struct bt_hci_rsp_le_ltk_req_reply rp;
1975 struct btdev *remote = btdev->conn;
1977 memset(&rp, 0, sizeof(rp));
1978 rp.handle = cpu_to_le16(42);
1981 rp.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1982 cmd_complete(btdev, BT_HCI_CMD_LE_LTK_REQ_REPLY, &rp,
1987 rp.status = BT_HCI_ERR_SUCCESS;
1988 cmd_complete(btdev, BT_HCI_CMD_LE_LTK_REQ_REPLY, &rp, sizeof(rp));
1990 memset(&ev, 0, sizeof(ev));
1992 if (memcmp(btdev->le_ltk, remote->le_ltk, 16)) {
1993 ev.status = BT_HCI_ERR_AUTH_FAILURE;
1994 ev.encr_mode = 0x00;
1996 ev.status = BT_HCI_ERR_SUCCESS;
1997 ev.encr_mode = 0x01;
2000 ev.handle = cpu_to_le16(42);
2002 send_event(btdev, BT_HCI_EVT_ENCRYPT_CHANGE, &ev, sizeof(ev));
2003 send_event(remote, BT_HCI_EVT_ENCRYPT_CHANGE, &ev, sizeof(ev));
2006 static void ltk_neg_reply_complete(struct btdev *btdev)
2008 struct bt_hci_rsp_le_ltk_req_neg_reply rp;
2009 struct bt_hci_evt_encrypt_change ev;
2010 struct btdev *remote = btdev->conn;
2012 memset(&rp, 0, sizeof(rp));
2013 rp.handle = cpu_to_le16(42);
2016 rp.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
2017 cmd_complete(btdev, BT_HCI_CMD_LE_LTK_REQ_NEG_REPLY, &rp,
2022 rp.status = BT_HCI_ERR_SUCCESS;
2023 cmd_complete(btdev, BT_HCI_CMD_LE_LTK_REQ_NEG_REPLY, &rp, sizeof(rp));
2025 memset(&ev, 0, sizeof(ev));
2026 ev.status = BT_HCI_ERR_PIN_OR_KEY_MISSING;
2027 ev.handle = cpu_to_le16(42);
2029 send_event(remote, BT_HCI_EVT_ENCRYPT_CHANGE, &ev, sizeof(ev));
2032 static void btdev_reset(struct btdev *btdev)
2034 /* FIXME: include here clearing of all states that should be
2035 * cleared upon HCI_Reset
2038 btdev->le_scan_enable = 0x00;
2039 btdev->le_adv_enable = 0x00;
2042 static void default_cmd(struct btdev *btdev, uint16_t opcode,
2043 const void *data, uint8_t len)
2045 const struct bt_hci_cmd_remote_name_request_cancel *rnrc;
2046 const struct bt_hci_cmd_write_default_link_policy *wdlp;
2047 const struct bt_hci_cmd_set_event_mask *sem;
2048 const struct bt_hci_cmd_set_event_filter *sef;
2049 const struct bt_hci_cmd_write_local_name *wln;
2050 const struct bt_hci_cmd_write_conn_accept_timeout *wcat;
2051 const struct bt_hci_cmd_write_page_timeout *wpt;
2052 const struct bt_hci_cmd_write_scan_enable *wse;
2053 const struct bt_hci_cmd_write_page_scan_activity *wpsa;
2054 const struct bt_hci_cmd_write_inquiry_scan_activity *wisa;
2055 const struct bt_hci_cmd_write_page_scan_type *wpst;
2056 const struct bt_hci_cmd_write_auth_enable *wae;
2057 const struct bt_hci_cmd_write_class_of_dev *wcod;
2058 const struct bt_hci_cmd_write_voice_setting *wvs;
2059 const struct bt_hci_cmd_set_host_flow_control *shfc;
2060 const struct bt_hci_cmd_write_inquiry_mode *wim;
2061 const struct bt_hci_cmd_write_afh_assessment_mode *waam;
2062 const struct bt_hci_cmd_write_ext_inquiry_response *weir;
2063 const struct bt_hci_cmd_write_simple_pairing_mode *wspm;
2064 const struct bt_hci_cmd_io_capability_request_reply *icrr;
2065 const struct bt_hci_cmd_io_capability_request_reply *icrnr;
2066 const struct bt_hci_cmd_read_encrypt_key_size *reks;
2067 const struct bt_hci_cmd_write_le_host_supported *wlhs;
2068 const struct bt_hci_cmd_write_secure_conn_support *wscs;
2069 const struct bt_hci_cmd_set_event_mask_page2 *semp2;
2070 const struct bt_hci_cmd_le_set_event_mask *lsem;
2071 const struct bt_hci_cmd_le_set_random_address *lsra;
2072 const struct bt_hci_cmd_le_set_adv_parameters *lsap;
2073 const struct bt_hci_cmd_le_set_adv_data *lsad;
2074 const struct bt_hci_cmd_le_set_scan_rsp_data *lssrd;
2075 const struct bt_hci_cmd_setup_sync_conn *ssc;
2076 const struct bt_hci_cmd_write_ssp_debug_mode *wsdm;
2077 const struct bt_hci_cmd_le_set_adv_enable *lsae;
2078 const struct bt_hci_cmd_le_set_scan_parameters *lssp;
2079 const struct bt_hci_cmd_le_set_scan_enable *lsse;
2080 const struct bt_hci_cmd_le_start_encrypt *lse;
2081 const struct bt_hci_cmd_le_ltk_req_reply *llrr;
2082 const struct bt_hci_cmd_le_encrypt *lenc_cmd;
2083 const struct bt_hci_cmd_le_generate_dhkey *dh;
2084 const struct bt_hci_cmd_le_conn_param_req_reply *lcprr_cmd;
2085 const struct bt_hci_cmd_le_conn_param_req_neg_reply *lcprnr_cmd;
2086 const struct bt_hci_cmd_read_local_amp_assoc *rlaa_cmd;
2087 const struct bt_hci_cmd_read_rssi *rrssi;
2088 const struct bt_hci_cmd_read_tx_power *rtxp;
2089 struct bt_hci_rsp_read_default_link_policy rdlp;
2090 struct bt_hci_rsp_read_stored_link_key rslk;
2091 struct bt_hci_rsp_write_stored_link_key wslk;
2092 struct bt_hci_rsp_delete_stored_link_key dslk;
2093 struct bt_hci_rsp_read_local_name rln;
2094 struct bt_hci_rsp_read_conn_accept_timeout rcat;
2095 struct bt_hci_rsp_read_page_timeout rpt;
2096 struct bt_hci_rsp_read_scan_enable rse;
2097 struct bt_hci_rsp_read_page_scan_activity rpsa;
2098 struct bt_hci_rsp_read_inquiry_scan_activity risa;
2099 struct bt_hci_rsp_read_page_scan_type rpst;
2100 struct bt_hci_rsp_read_auth_enable rae;
2101 struct bt_hci_rsp_read_class_of_dev rcod;
2102 struct bt_hci_rsp_read_voice_setting rvs;
2103 struct bt_hci_rsp_read_num_supported_iac rnsi;
2104 struct bt_hci_rsp_read_current_iac_lap *rcil;
2105 struct bt_hci_rsp_read_inquiry_mode rim;
2106 struct bt_hci_rsp_read_afh_assessment_mode raam;
2107 struct bt_hci_rsp_read_ext_inquiry_response reir;
2108 struct bt_hci_rsp_read_simple_pairing_mode rspm;
2109 struct bt_hci_rsp_read_local_oob_data rlod;
2110 struct bt_hci_rsp_read_inquiry_resp_tx_power rirtp;
2111 struct bt_hci_rsp_read_le_host_supported rlhs;
2112 struct bt_hci_rsp_read_secure_conn_support rscs;
2113 struct bt_hci_rsp_read_local_oob_ext_data rloed;
2114 struct bt_hci_rsp_read_sync_train_params rstp;
2115 struct bt_hci_rsp_read_local_version rlv;
2116 struct bt_hci_rsp_read_local_commands rlc;
2117 struct bt_hci_rsp_read_local_features rlf;
2118 struct bt_hci_rsp_read_local_ext_features rlef;
2119 struct bt_hci_rsp_read_buffer_size rbs;
2120 struct bt_hci_rsp_read_country_code rcc;
2121 struct bt_hci_rsp_read_bd_addr rba;
2122 struct bt_hci_rsp_read_data_block_size rdbs;
2123 struct bt_hci_rsp_read_local_codecs *rlsc;
2124 struct bt_hci_rsp_read_local_amp_info rlai;
2125 struct bt_hci_rsp_read_local_amp_assoc rlaa_rsp;
2126 struct bt_hci_rsp_get_mws_transport_config *gmtc;
2127 struct bt_hci_rsp_le_conn_param_req_reply lcprr_rsp;
2128 struct bt_hci_rsp_le_conn_param_req_neg_reply lcprnr_rsp;
2129 struct bt_hci_rsp_le_read_buffer_size lrbs;
2130 struct bt_hci_rsp_le_read_local_features lrlf;
2131 struct bt_hci_rsp_le_read_adv_tx_power lratp;
2132 struct bt_hci_rsp_le_read_supported_states lrss;
2133 struct bt_hci_rsp_le_read_white_list_size lrwls;
2134 struct bt_hci_rsp_le_encrypt lenc;
2135 struct bt_hci_rsp_le_rand lr;
2136 struct bt_hci_rsp_le_test_end lte;
2137 struct bt_hci_rsp_remote_name_request_cancel rnrc_rsp;
2138 struct bt_hci_rsp_link_key_request_reply lkrr_rsp;
2139 struct bt_hci_rsp_link_key_request_neg_reply lkrnr_rsp;
2140 struct bt_hci_rsp_pin_code_request_neg_reply pcrr_rsp;
2141 struct bt_hci_rsp_pin_code_request_neg_reply pcrnr_rsp;
2142 struct bt_hci_rsp_user_confirm_request_reply ucrr_rsp;
2143 struct bt_hci_rsp_user_confirm_request_neg_reply ucrnr_rsp;
2144 struct bt_hci_rsp_read_rssi rrssi_rsp;
2145 struct bt_hci_rsp_read_tx_power rtxp_rsp;
2146 struct bt_hci_evt_le_read_local_pk256_complete pk_evt;
2147 struct bt_hci_evt_le_generate_dhkey_complete dh_evt;
2148 uint8_t status, page;
2151 case BT_HCI_CMD_INQUIRY:
2152 if (btdev->type == BTDEV_TYPE_LE)
2154 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2157 case BT_HCI_CMD_INQUIRY_CANCEL:
2158 if (btdev->type == BTDEV_TYPE_LE)
2160 inquiry_cancel(btdev);
2163 case BT_HCI_CMD_CREATE_CONN:
2164 if (btdev->type == BTDEV_TYPE_LE)
2166 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2169 case BT_HCI_CMD_DISCONNECT:
2170 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2173 case BT_HCI_CMD_CREATE_CONN_CANCEL:
2174 if (btdev->type == BTDEV_TYPE_LE)
2176 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2179 case BT_HCI_CMD_ACCEPT_CONN_REQUEST:
2180 if (btdev->type == BTDEV_TYPE_LE)
2182 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2185 case BT_HCI_CMD_REJECT_CONN_REQUEST:
2186 if (btdev->type == BTDEV_TYPE_LE)
2188 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2191 case BT_HCI_CMD_LINK_KEY_REQUEST_REPLY:
2192 if (btdev->type == BTDEV_TYPE_LE)
2194 lkrr_rsp.status = BT_HCI_ERR_SUCCESS;
2195 memcpy(lkrr_rsp.bdaddr, data, 6);
2196 cmd_complete(btdev, opcode, &lkrr_rsp, sizeof(lkrr_rsp));
2199 case BT_HCI_CMD_LINK_KEY_REQUEST_NEG_REPLY:
2200 if (btdev->type == BTDEV_TYPE_LE)
2202 lkrnr_rsp.status = BT_HCI_ERR_SUCCESS;
2203 memcpy(lkrnr_rsp.bdaddr, data, 6);
2204 cmd_complete(btdev, opcode, &lkrnr_rsp, sizeof(lkrnr_rsp));
2207 case BT_HCI_CMD_PIN_CODE_REQUEST_REPLY:
2208 if (btdev->type == BTDEV_TYPE_LE)
2210 pcrr_rsp.status = BT_HCI_ERR_SUCCESS;
2211 memcpy(pcrr_rsp.bdaddr, data, 6);
2212 cmd_complete(btdev, opcode, &pcrr_rsp, sizeof(pcrr_rsp));
2215 case BT_HCI_CMD_PIN_CODE_REQUEST_NEG_REPLY:
2216 if (btdev->type == BTDEV_TYPE_LE)
2218 pcrnr_rsp.status = BT_HCI_ERR_SUCCESS;
2219 memcpy(pcrnr_rsp.bdaddr, data, 6);
2220 cmd_complete(btdev, opcode, &pcrnr_rsp, sizeof(pcrnr_rsp));
2223 case BT_HCI_CMD_AUTH_REQUESTED:
2224 if (btdev->type == BTDEV_TYPE_LE)
2226 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2229 case BT_HCI_CMD_SET_CONN_ENCRYPT:
2230 if (btdev->type == BTDEV_TYPE_LE)
2232 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2235 case BT_HCI_CMD_REMOTE_NAME_REQUEST:
2236 if (btdev->type == BTDEV_TYPE_LE)
2238 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2241 case BT_HCI_CMD_REMOTE_NAME_REQUEST_CANCEL:
2242 if (btdev->type == BTDEV_TYPE_LE)
2245 rnrc_rsp.status = BT_HCI_ERR_SUCCESS;
2246 memcpy(rnrc_rsp.bdaddr, rnrc->bdaddr, 6);
2247 cmd_complete(btdev, opcode, &rnrc_rsp, sizeof(rnrc_rsp));
2250 case BT_HCI_CMD_READ_REMOTE_FEATURES:
2251 if (btdev->type == BTDEV_TYPE_LE)
2253 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2256 case BT_HCI_CMD_READ_REMOTE_EXT_FEATURES:
2257 if (btdev->type == BTDEV_TYPE_LE)
2259 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2262 case BT_HCI_CMD_READ_REMOTE_VERSION:
2263 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2266 case BT_HCI_CMD_READ_CLOCK_OFFSET:
2267 if (btdev->type == BTDEV_TYPE_LE)
2269 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
2272 case BT_HCI_CMD_READ_DEFAULT_LINK_POLICY:
2273 if (btdev->type == BTDEV_TYPE_LE)
2275 rdlp.status = BT_HCI_ERR_SUCCESS;
2276 rdlp.policy = cpu_to_le16(btdev->default_link_policy);
2277 cmd_complete(btdev, opcode, &rdlp, sizeof(rdlp));
2280 case BT_HCI_CMD_WRITE_DEFAULT_LINK_POLICY:
2281 if (btdev->type == BTDEV_TYPE_LE)
2284 btdev->default_link_policy = le16_to_cpu(wdlp->policy);
2285 status = BT_HCI_ERR_SUCCESS;
2286 cmd_complete(btdev, opcode, &status, sizeof(status));
2289 case BT_HCI_CMD_SET_EVENT_MASK:
2291 memcpy(btdev->event_mask, sem->mask, 8);
2292 status = BT_HCI_ERR_SUCCESS;
2293 cmd_complete(btdev, opcode, &status, sizeof(status));
2296 case BT_HCI_CMD_RESET:
2298 status = BT_HCI_ERR_SUCCESS;
2299 cmd_complete(btdev, opcode, &status, sizeof(status));
2302 case BT_HCI_CMD_SET_EVENT_FILTER:
2303 if (btdev->type == BTDEV_TYPE_LE)
2306 btdev->event_filter = sef->type;
2307 status = BT_HCI_ERR_SUCCESS;
2308 cmd_complete(btdev, opcode, &status, sizeof(status));
2311 case BT_HCI_CMD_READ_STORED_LINK_KEY:
2312 if (btdev->type == BTDEV_TYPE_LE)
2314 rslk.status = BT_HCI_ERR_SUCCESS;
2315 rslk.max_num_keys = cpu_to_le16(0);
2316 rslk.num_keys = cpu_to_le16(0);
2317 cmd_complete(btdev, opcode, &rslk, sizeof(rslk));
2320 case BT_HCI_CMD_WRITE_STORED_LINK_KEY:
2321 if (btdev->type == BTDEV_TYPE_LE)
2323 wslk.status = BT_HCI_ERR_SUCCESS;
2325 cmd_complete(btdev, opcode, &wslk, sizeof(wslk));
2328 case BT_HCI_CMD_DELETE_STORED_LINK_KEY:
2329 if (btdev->type == BTDEV_TYPE_LE)
2331 dslk.status = BT_HCI_ERR_SUCCESS;
2332 dslk.num_keys = cpu_to_le16(0);
2333 cmd_complete(btdev, opcode, &dslk, sizeof(dslk));
2336 case BT_HCI_CMD_WRITE_LOCAL_NAME:
2337 if (btdev->type == BTDEV_TYPE_LE)
2340 memcpy(btdev->name, wln->name, 248);
2341 status = BT_HCI_ERR_SUCCESS;
2342 cmd_complete(btdev, opcode, &status, sizeof(status));
2345 case BT_HCI_CMD_READ_LOCAL_NAME:
2346 if (btdev->type == BTDEV_TYPE_LE)
2348 rln.status = BT_HCI_ERR_SUCCESS;
2349 memcpy(rln.name, btdev->name, 248);
2350 cmd_complete(btdev, opcode, &rln, sizeof(rln));
2353 case BT_HCI_CMD_READ_CONN_ACCEPT_TIMEOUT:
2354 if (btdev->type == BTDEV_TYPE_LE)
2356 rcat.status = BT_HCI_ERR_SUCCESS;
2357 rcat.timeout = cpu_to_le16(btdev->conn_accept_timeout);
2358 cmd_complete(btdev, opcode, &rcat, sizeof(rcat));
2361 case BT_HCI_CMD_WRITE_CONN_ACCEPT_TIMEOUT:
2362 if (btdev->type == BTDEV_TYPE_LE)
2365 btdev->conn_accept_timeout = le16_to_cpu(wcat->timeout);
2366 status = BT_HCI_ERR_SUCCESS;
2367 cmd_complete(btdev, opcode, &status, sizeof(status));
2370 case BT_HCI_CMD_READ_PAGE_TIMEOUT:
2371 if (btdev->type == BTDEV_TYPE_LE)
2373 rpt.status = BT_HCI_ERR_SUCCESS;
2374 rpt.timeout = cpu_to_le16(btdev->page_timeout);
2375 cmd_complete(btdev, opcode, &rpt, sizeof(rpt));
2378 case BT_HCI_CMD_WRITE_PAGE_TIMEOUT:
2379 if (btdev->type == BTDEV_TYPE_LE)
2382 btdev->page_timeout = le16_to_cpu(wpt->timeout);
2383 status = BT_HCI_ERR_SUCCESS;
2384 cmd_complete(btdev, opcode, &status, sizeof(status));
2387 case BT_HCI_CMD_READ_SCAN_ENABLE:
2388 if (btdev->type == BTDEV_TYPE_LE)
2390 rse.status = BT_HCI_ERR_SUCCESS;
2391 rse.enable = btdev->scan_enable;
2392 cmd_complete(btdev, opcode, &rse, sizeof(rse));
2395 case BT_HCI_CMD_WRITE_SCAN_ENABLE:
2396 if (btdev->type == BTDEV_TYPE_LE)
2399 btdev->scan_enable = wse->enable;
2400 status = BT_HCI_ERR_SUCCESS;
2401 cmd_complete(btdev, opcode, &status, sizeof(status));
2404 case BT_HCI_CMD_READ_PAGE_SCAN_ACTIVITY:
2405 if (btdev->type == BTDEV_TYPE_LE)
2407 rpsa.status = BT_HCI_ERR_SUCCESS;
2408 rpsa.interval = cpu_to_le16(btdev->page_scan_interval);
2409 rpsa.window = cpu_to_le16(btdev->page_scan_window);
2410 cmd_complete(btdev, opcode, &rpsa, sizeof(rpsa));
2413 case BT_HCI_CMD_WRITE_PAGE_SCAN_ACTIVITY:
2414 if (btdev->type == BTDEV_TYPE_LE)
2417 btdev->page_scan_interval = le16_to_cpu(wpsa->interval);
2418 btdev->page_scan_window = le16_to_cpu(wpsa->window);
2419 status = BT_HCI_ERR_SUCCESS;
2420 cmd_complete(btdev, opcode, &status, sizeof(status));
2423 case BT_HCI_CMD_READ_INQUIRY_SCAN_ACTIVITY:
2424 if (btdev->type == BTDEV_TYPE_LE)
2426 risa.status = BT_HCI_ERR_SUCCESS;
2427 risa.interval = cpu_to_le16(btdev->inquiry_scan_interval);
2428 risa.window = cpu_to_le16(btdev->inquiry_scan_window);
2429 cmd_complete(btdev, opcode, &risa, sizeof(risa));
2432 case BT_HCI_CMD_WRITE_INQUIRY_SCAN_ACTIVITY:
2433 if (btdev->type == BTDEV_TYPE_LE)
2436 btdev->inquiry_scan_interval = le16_to_cpu(wisa->interval);
2437 btdev->inquiry_scan_window = le16_to_cpu(wisa->window);
2438 status = BT_HCI_ERR_SUCCESS;
2439 cmd_complete(btdev, opcode, &status, sizeof(status));
2442 case BT_HCI_CMD_READ_PAGE_SCAN_TYPE:
2443 if (btdev->type == BTDEV_TYPE_LE)
2445 rpst.status = BT_HCI_ERR_SUCCESS;
2446 rpst.type = btdev->page_scan_type;
2447 cmd_complete(btdev, opcode, &rpst, sizeof(rpst));
2450 case BT_HCI_CMD_WRITE_PAGE_SCAN_TYPE:
2451 if (btdev->type == BTDEV_TYPE_LE)
2454 btdev->page_scan_type = wpst->type;
2455 status = BT_HCI_ERR_SUCCESS;
2456 cmd_complete(btdev, opcode, &status, sizeof(status));
2459 case BT_HCI_CMD_READ_AUTH_ENABLE:
2460 if (btdev->type == BTDEV_TYPE_LE)
2462 rae.status = BT_HCI_ERR_SUCCESS;
2463 rae.enable = btdev->auth_enable;
2464 cmd_complete(btdev, opcode, &rae, sizeof(rae));
2467 case BT_HCI_CMD_WRITE_AUTH_ENABLE:
2468 if (btdev->type == BTDEV_TYPE_LE)
2471 btdev->auth_enable = wae->enable;
2472 status = BT_HCI_ERR_SUCCESS;
2473 cmd_complete(btdev, opcode, &status, sizeof(status));
2476 case BT_HCI_CMD_READ_CLASS_OF_DEV:
2477 if (btdev->type == BTDEV_TYPE_LE)
2479 rcod.status = BT_HCI_ERR_SUCCESS;
2480 memcpy(rcod.dev_class, btdev->dev_class, 3);
2481 cmd_complete(btdev, opcode, &rcod, sizeof(rcod));
2484 case BT_HCI_CMD_WRITE_CLASS_OF_DEV:
2485 if (btdev->type == BTDEV_TYPE_LE)
2488 memcpy(btdev->dev_class, wcod->dev_class, 3);
2489 status = BT_HCI_ERR_SUCCESS;
2490 cmd_complete(btdev, opcode, &status, sizeof(status));
2493 case BT_HCI_CMD_READ_VOICE_SETTING:
2494 if (btdev->type == BTDEV_TYPE_LE)
2496 rvs.status = BT_HCI_ERR_SUCCESS;
2497 rvs.setting = cpu_to_le16(btdev->voice_setting);
2498 cmd_complete(btdev, opcode, &rvs, sizeof(rvs));
2501 case BT_HCI_CMD_WRITE_VOICE_SETTING:
2502 if (btdev->type == BTDEV_TYPE_LE)
2505 btdev->voice_setting = le16_to_cpu(wvs->setting);
2506 status = BT_HCI_ERR_SUCCESS;
2507 cmd_complete(btdev, opcode, &status, sizeof(status));
2510 case BT_HCI_CMD_SET_HOST_FLOW_CONTROL:
2512 if (shfc->enable > 0x03) {
2513 status = BT_HCI_ERR_INVALID_PARAMETERS;
2515 btdev->host_flow_control = shfc->enable;
2516 status = BT_HCI_ERR_SUCCESS;
2518 cmd_complete(btdev, opcode, &status, sizeof(status));
2521 case BT_HCI_CMD_HOST_BUFFER_SIZE:
2522 status = BT_HCI_ERR_SUCCESS;
2523 cmd_complete(btdev, opcode, &status, sizeof(status));
2526 case BT_HCI_CMD_HOST_NUM_COMPLETED_PACKETS:
2527 /* This command is special in the sense that no event is
2528 * normally generated after the command has completed.
2532 case BT_HCI_CMD_READ_NUM_SUPPORTED_IAC:
2533 if (btdev->type == BTDEV_TYPE_LE)
2535 rnsi.status = BT_HCI_ERR_SUCCESS;
2536 rnsi.num_iac = 0x01;
2537 cmd_complete(btdev, opcode, &rnsi, sizeof(rnsi));
2540 case BT_HCI_CMD_READ_CURRENT_IAC_LAP:
2541 if (btdev->type == BTDEV_TYPE_LE)
2543 rcil = alloca(sizeof(*rcil) + 3);
2544 rcil->status = BT_HCI_ERR_SUCCESS;
2545 rcil->num_iac = 0x01;
2546 rcil->iac_lap[0] = 0x33;
2547 rcil->iac_lap[1] = 0x8b;
2548 rcil->iac_lap[2] = 0x9e;
2549 cmd_complete(btdev, opcode, rcil, sizeof(*rcil) + 3);
2552 case BT_HCI_CMD_WRITE_CURRENT_IAC_LAP:
2553 if (btdev->type == BTDEV_TYPE_LE)
2555 status = BT_HCI_ERR_SUCCESS;
2556 cmd_complete(btdev, opcode, &status, sizeof(status));
2559 case BT_HCI_CMD_READ_INQUIRY_MODE:
2560 if (btdev->type == BTDEV_TYPE_LE)
2562 rim.status = BT_HCI_ERR_SUCCESS;
2563 rim.mode = btdev->inquiry_mode;
2564 cmd_complete(btdev, opcode, &rim, sizeof(rim));
2567 case BT_HCI_CMD_WRITE_INQUIRY_MODE:
2568 if (btdev->type == BTDEV_TYPE_LE)
2571 btdev->inquiry_mode = wim->mode;
2572 status = BT_HCI_ERR_SUCCESS;
2573 cmd_complete(btdev, opcode, &status, sizeof(status));
2576 case BT_HCI_CMD_READ_AFH_ASSESSMENT_MODE:
2577 if (btdev->type == BTDEV_TYPE_LE)
2579 raam.status = BT_HCI_ERR_SUCCESS;
2580 raam.mode = btdev->afh_assessment_mode;
2581 cmd_complete(btdev, opcode, &raam, sizeof(raam));
2584 case BT_HCI_CMD_WRITE_AFH_ASSESSMENT_MODE:
2585 if (btdev->type == BTDEV_TYPE_LE)
2588 btdev->afh_assessment_mode = waam->mode;
2589 status = BT_HCI_ERR_SUCCESS;
2590 cmd_complete(btdev, opcode, &status, sizeof(status));
2593 case BT_HCI_CMD_READ_EXT_INQUIRY_RESPONSE:
2594 if (btdev->type == BTDEV_TYPE_LE)
2596 reir.status = BT_HCI_ERR_SUCCESS;
2597 reir.fec = btdev->ext_inquiry_fec;
2598 memcpy(reir.data, btdev->ext_inquiry_rsp, 240);
2599 cmd_complete(btdev, opcode, &reir, sizeof(reir));
2602 case BT_HCI_CMD_WRITE_EXT_INQUIRY_RESPONSE:
2603 if (btdev->type == BTDEV_TYPE_LE)
2606 btdev->ext_inquiry_fec = weir->fec;
2607 memcpy(btdev->ext_inquiry_rsp, weir->data, 240);
2608 status = BT_HCI_ERR_SUCCESS;
2609 cmd_complete(btdev, opcode, &status, sizeof(status));
2612 case BT_HCI_CMD_READ_SIMPLE_PAIRING_MODE:
2613 if (btdev->type == BTDEV_TYPE_LE)
2615 rspm.status = BT_HCI_ERR_SUCCESS;
2616 rspm.mode = btdev->simple_pairing_mode;
2617 cmd_complete(btdev, opcode, &rspm, sizeof(rspm));
2620 case BT_HCI_CMD_WRITE_SIMPLE_PAIRING_MODE:
2621 if (btdev->type == BTDEV_TYPE_LE)
2624 btdev->simple_pairing_mode = wspm->mode;
2625 status = BT_HCI_ERR_SUCCESS;
2626 cmd_complete(btdev, opcode, &status, sizeof(status));
2629 case BT_HCI_CMD_IO_CAPABILITY_REQUEST_REPLY:
2630 if (btdev->type == BTDEV_TYPE_LE)
2633 io_cap_req_reply_complete(btdev, icrr->bdaddr,
2636 icrr->authentication);
2639 case BT_HCI_CMD_IO_CAPABILITY_REQUEST_NEG_REPLY:
2640 if (btdev->type == BTDEV_TYPE_LE)
2643 io_cap_req_neg_reply_complete(btdev, icrnr->bdaddr);
2644 ssp_complete(btdev, icrnr->bdaddr, BT_HCI_ERR_AUTH_FAILURE,
2648 case BT_HCI_CMD_USER_CONFIRM_REQUEST_REPLY:
2649 if (btdev->type == BTDEV_TYPE_LE)
2651 ucrr_rsp.status = BT_HCI_ERR_SUCCESS;
2652 memcpy(ucrr_rsp.bdaddr, data, 6);
2653 cmd_complete(btdev, opcode, &ucrr_rsp, sizeof(ucrr_rsp));
2654 ssp_complete(btdev, data, BT_HCI_ERR_SUCCESS, true);
2657 case BT_HCI_CMD_USER_CONFIRM_REQUEST_NEG_REPLY:
2658 if (btdev->type == BTDEV_TYPE_LE)
2660 ucrnr_rsp.status = BT_HCI_ERR_SUCCESS;
2661 memcpy(ucrnr_rsp.bdaddr, data, 6);
2662 cmd_complete(btdev, opcode, &ucrnr_rsp, sizeof(ucrnr_rsp));
2663 ssp_complete(btdev, data, BT_HCI_ERR_AUTH_FAILURE, true);
2666 case BT_HCI_CMD_READ_LOCAL_OOB_DATA:
2667 if (btdev->type == BTDEV_TYPE_LE)
2669 rlod.status = BT_HCI_ERR_SUCCESS;
2670 cmd_complete(btdev, opcode, &rlod, sizeof(rlod));
2673 case BT_HCI_CMD_READ_INQUIRY_RESP_TX_POWER:
2674 if (btdev->type == BTDEV_TYPE_LE)
2676 rirtp.status = BT_HCI_ERR_SUCCESS;
2678 cmd_complete(btdev, opcode, &rirtp, sizeof(rirtp));
2681 case BT_HCI_CMD_READ_LE_HOST_SUPPORTED:
2682 if (btdev->type != BTDEV_TYPE_BREDRLE)
2684 rlhs.status = BT_HCI_ERR_SUCCESS;
2685 rlhs.supported = btdev->le_supported;
2686 rlhs.simultaneous = btdev->le_simultaneous;
2687 cmd_complete(btdev, opcode, &rlhs, sizeof(rlhs));
2690 case BT_HCI_CMD_WRITE_LE_HOST_SUPPORTED:
2691 if (btdev->type != BTDEV_TYPE_BREDRLE)
2694 btdev->le_supported = wlhs->supported;
2695 btdev->le_simultaneous = wlhs->simultaneous;
2696 status = BT_HCI_ERR_SUCCESS;
2697 cmd_complete(btdev, opcode, &status, sizeof(status));
2700 case BT_HCI_CMD_READ_SECURE_CONN_SUPPORT:
2701 if (btdev->type != BTDEV_TYPE_BREDRLE)
2703 rscs.status = BT_HCI_ERR_SUCCESS;
2704 rscs.support = btdev->secure_conn_support;
2705 cmd_complete(btdev, opcode, &rscs, sizeof(rscs));
2708 case BT_HCI_CMD_WRITE_SECURE_CONN_SUPPORT:
2709 if (btdev->type != BTDEV_TYPE_BREDRLE)
2712 btdev->secure_conn_support = wscs->support;
2713 status = BT_HCI_ERR_SUCCESS;
2714 cmd_complete(btdev, opcode, &status, sizeof(status));
2717 case BT_HCI_CMD_READ_LOCAL_OOB_EXT_DATA:
2718 if (btdev->type != BTDEV_TYPE_BREDRLE)
2720 rloed.status = BT_HCI_ERR_SUCCESS;
2721 cmd_complete(btdev, opcode, &rloed, sizeof(rloed));
2724 case BT_HCI_CMD_READ_SYNC_TRAIN_PARAMS:
2725 if (btdev->type != BTDEV_TYPE_BREDRLE)
2727 rstp.status = BT_HCI_ERR_SUCCESS;
2728 rstp.interval = cpu_to_le16(btdev->sync_train_interval);
2729 rstp.timeout = cpu_to_le32(btdev->sync_train_timeout);
2730 rstp.service_data = btdev->sync_train_service_data;
2731 cmd_complete(btdev, opcode, &rstp, sizeof(rstp));
2734 case BT_HCI_CMD_READ_LOCAL_VERSION:
2735 rlv.status = BT_HCI_ERR_SUCCESS;
2736 rlv.hci_ver = btdev->version;
2737 rlv.hci_rev = cpu_to_le16(btdev->revision);
2738 rlv.lmp_ver = btdev->version;
2739 rlv.manufacturer = cpu_to_le16(btdev->manufacturer);
2740 rlv.lmp_subver = cpu_to_le16(btdev->revision);
2741 cmd_complete(btdev, opcode, &rlv, sizeof(rlv));
2744 case BT_HCI_CMD_READ_LOCAL_COMMANDS:
2745 rlc.status = BT_HCI_ERR_SUCCESS;
2746 memcpy(rlc.commands, btdev->commands, 64);
2747 cmd_complete(btdev, opcode, &rlc, sizeof(rlc));
2750 case BT_HCI_CMD_READ_LOCAL_FEATURES:
2751 rlf.status = BT_HCI_ERR_SUCCESS;
2752 memcpy(rlf.features, btdev->features, 8);
2753 cmd_complete(btdev, opcode, &rlf, sizeof(rlf));
2756 case BT_HCI_CMD_READ_LOCAL_EXT_FEATURES:
2757 if (btdev->type == BTDEV_TYPE_LE)
2760 page = ((const uint8_t *) data)[0];
2763 rlef.max_page = btdev->max_page;
2765 if (page > btdev->max_page) {
2766 rlef.status = BT_HCI_ERR_INVALID_PARAMETERS;
2767 memset(rlef.features, 0, 8);
2768 cmd_complete(btdev, opcode, &rlef, sizeof(rlef));
2774 rlef.status = BT_HCI_ERR_SUCCESS;
2775 memcpy(rlef.features, btdev->features, 8);
2778 rlef.status = BT_HCI_ERR_SUCCESS;
2779 btdev_get_host_features(btdev, rlef.features);
2782 rlef.status = BT_HCI_ERR_SUCCESS;
2783 memcpy(rlef.features, btdev->feat_page_2, 8);
2786 rlef.status = BT_HCI_ERR_INVALID_PARAMETERS;
2787 memset(rlef.features, 0, 8);
2790 cmd_complete(btdev, opcode, &rlef, sizeof(rlef));
2793 case BT_HCI_CMD_READ_BUFFER_SIZE:
2794 rbs.status = BT_HCI_ERR_SUCCESS;
2795 rbs.acl_mtu = cpu_to_le16(btdev->acl_mtu);
2797 rbs.acl_max_pkt = cpu_to_le16(btdev->acl_max_pkt);
2798 rbs.sco_max_pkt = cpu_to_le16(0);
2799 cmd_complete(btdev, opcode, &rbs, sizeof(rbs));
2802 case BT_HCI_CMD_READ_COUNTRY_CODE:
2803 rcc.status = BT_HCI_ERR_SUCCESS;
2804 rcc.code = btdev->country_code;
2805 cmd_complete(btdev, opcode, &rcc, sizeof(rcc));
2808 case BT_HCI_CMD_READ_BD_ADDR:
2809 rba.status = BT_HCI_ERR_SUCCESS;
2810 memcpy(rba.bdaddr, btdev->bdaddr, 6);
2811 cmd_complete(btdev, opcode, &rba, sizeof(rba));
2814 case BT_HCI_CMD_READ_DATA_BLOCK_SIZE:
2815 if (btdev->type == BTDEV_TYPE_LE)
2817 rdbs.status = BT_HCI_ERR_SUCCESS;
2818 rdbs.max_acl_len = cpu_to_le16(btdev->acl_mtu);
2819 rdbs.block_len = cpu_to_le16(btdev->acl_mtu);
2820 rdbs.num_blocks = cpu_to_le16(btdev->acl_max_pkt);
2821 cmd_complete(btdev, opcode, &rdbs, sizeof(rdbs));
2824 case BT_HCI_CMD_READ_LOCAL_CODECS:
2825 if (btdev->type == BTDEV_TYPE_LE)
2827 rlsc = alloca(sizeof(*rlsc) + 7);
2828 rlsc->status = BT_HCI_ERR_SUCCESS;
2829 rlsc->num_codecs = 0x06;
2830 rlsc->codec[0] = 0x00;
2831 rlsc->codec[1] = 0x01;
2832 rlsc->codec[2] = 0x02;
2833 rlsc->codec[3] = 0x03;
2834 rlsc->codec[4] = 0x04;
2835 rlsc->codec[5] = 0x05;
2836 rlsc->codec[6] = 0x00;
2837 cmd_complete(btdev, opcode, rlsc, sizeof(*rlsc) + 7);
2840 case BT_HCI_CMD_READ_RSSI:
2843 rrssi_rsp.status = BT_HCI_ERR_SUCCESS;
2844 rrssi_rsp.handle = rrssi->handle;
2845 rrssi_rsp.rssi = -1; /* non-zero so we can see it in tester */
2846 cmd_complete(btdev, opcode, &rrssi_rsp, sizeof(rrssi_rsp));
2849 case BT_HCI_CMD_READ_TX_POWER:
2852 switch (rtxp->type) {
2854 rtxp_rsp.status = BT_HCI_ERR_SUCCESS;
2855 rtxp_rsp.level = -1; /* non-zero */
2859 rtxp_rsp.status = BT_HCI_ERR_SUCCESS;
2860 rtxp_rsp.level = 4; /* max for class 2 radio */
2865 rtxp_rsp.status = BT_HCI_ERR_INVALID_PARAMETERS;
2869 rtxp_rsp.handle = rtxp->handle;
2870 cmd_complete(btdev, opcode, &rtxp_rsp, sizeof(rtxp_rsp));
2873 case BT_HCI_CMD_READ_ENCRYPT_KEY_SIZE:
2874 if (btdev->type != BTDEV_TYPE_BREDRLE &&
2875 btdev->type != BTDEV_TYPE_BREDR)
2878 read_enc_key_size_complete(btdev, le16_to_cpu(reks->handle));
2881 case BT_HCI_CMD_READ_LOCAL_AMP_INFO:
2882 if (btdev->type != BTDEV_TYPE_AMP)
2884 rlai.status = BT_HCI_ERR_SUCCESS;
2885 rlai.amp_status = 0x01; /* Used for Bluetooth only */
2886 rlai.total_bw = cpu_to_le32(0);
2887 rlai.max_bw = cpu_to_le32(0);
2888 rlai.min_latency = cpu_to_le32(0);
2889 rlai.max_pdu = cpu_to_le32(672);
2890 rlai.amp_type = 0x01; /* 802.11 AMP Controller */
2891 rlai.pal_cap = cpu_to_le16(0x0000);
2892 rlai.max_assoc_len = cpu_to_le16(672);
2893 rlai.max_flush_to = cpu_to_le32(0xffffffff);
2894 rlai.be_flush_to = cpu_to_le32(0xffffffff);
2895 cmd_complete(btdev, opcode, &rlai, sizeof(rlai));
2898 case BT_HCI_CMD_READ_LOCAL_AMP_ASSOC:
2899 if (btdev->type != BTDEV_TYPE_AMP)
2902 rlaa_rsp.status = BT_HCI_ERR_SUCCESS;
2903 rlaa_rsp.phy_handle = rlaa_cmd->phy_handle;
2904 rlaa_rsp.remain_assoc_len = cpu_to_le16(1);
2905 rlaa_rsp.assoc_fragment[0] = 0x42;
2906 memset(rlaa_rsp.assoc_fragment + 1, 0,
2907 sizeof(rlaa_rsp.assoc_fragment) - 1);
2908 cmd_complete(btdev, opcode, &rlaa_rsp, sizeof(rlaa_rsp));
2911 case BT_HCI_CMD_GET_MWS_TRANSPORT_CONFIG:
2912 if (btdev->type == BTDEV_TYPE_LE)
2914 gmtc = alloca(sizeof(*gmtc));
2915 gmtc->status = BT_HCI_ERR_SUCCESS;
2916 gmtc->num_transports = 0x00;
2917 cmd_complete(btdev, opcode, gmtc, sizeof(*gmtc));
2920 case BT_HCI_CMD_SET_EVENT_MASK_PAGE2:
2921 if (btdev->type != BTDEV_TYPE_BREDRLE)
2924 memcpy(btdev->event_mask_page2, semp2->mask, 8);
2925 status = BT_HCI_ERR_SUCCESS;
2926 cmd_complete(btdev, opcode, &status, sizeof(status));
2929 case BT_HCI_CMD_LE_SET_EVENT_MASK:
2930 if (btdev->type == BTDEV_TYPE_BREDR)
2933 memcpy(btdev->le_event_mask, lsem->mask, 8);
2934 status = BT_HCI_ERR_SUCCESS;
2935 cmd_complete(btdev, opcode, &status, sizeof(status));
2938 case BT_HCI_CMD_LE_READ_BUFFER_SIZE:
2939 if (btdev->type == BTDEV_TYPE_BREDR)
2941 lrbs.status = BT_HCI_ERR_SUCCESS;
2942 lrbs.le_mtu = cpu_to_le16(btdev->acl_mtu);
2943 lrbs.le_max_pkt = btdev->acl_max_pkt;
2944 cmd_complete(btdev, opcode, &lrbs, sizeof(lrbs));
2947 case BT_HCI_CMD_LE_READ_LOCAL_FEATURES:
2948 if (btdev->type == BTDEV_TYPE_BREDR)
2950 lrlf.status = BT_HCI_ERR_SUCCESS;
2951 memcpy(lrlf.features, btdev->le_features, 8);
2952 cmd_complete(btdev, opcode, &lrlf, sizeof(lrlf));
2955 case BT_HCI_CMD_LE_SET_RANDOM_ADDRESS:
2956 if (btdev->type == BTDEV_TYPE_BREDR)
2959 memcpy(btdev->random_addr, lsra->addr, 6);
2960 status = BT_HCI_ERR_SUCCESS;
2961 cmd_complete(btdev, opcode, &status, sizeof(status));
2964 case BT_HCI_CMD_LE_SET_ADV_PARAMETERS:
2965 if (btdev->type == BTDEV_TYPE_BREDR)
2968 if (btdev->le_adv_enable) {
2969 status = BT_HCI_ERR_COMMAND_DISALLOWED;
2970 cmd_complete(btdev, opcode, &status, sizeof(status));
2975 btdev->le_adv_type = lsap->type;
2976 btdev->le_adv_own_addr = lsap->own_addr_type;
2977 btdev->le_adv_direct_addr_type = lsap->direct_addr_type;
2978 memcpy(btdev->le_adv_direct_addr, lsap->direct_addr, 6);
2980 status = BT_HCI_ERR_SUCCESS;
2981 cmd_complete(btdev, opcode, &status, sizeof(status));
2984 case BT_HCI_CMD_LE_READ_ADV_TX_POWER:
2985 if (btdev->type == BTDEV_TYPE_BREDR)
2987 lratp.status = BT_HCI_ERR_SUCCESS;
2989 cmd_complete(btdev, opcode, &lratp, sizeof(lratp));
2992 case BT_HCI_CMD_LE_SET_ADV_ENABLE:
2993 if (btdev->type == BTDEV_TYPE_BREDR)
2996 if (btdev->le_adv_enable == lsae->enable)
2997 status = BT_HCI_ERR_COMMAND_DISALLOWED;
2999 btdev->le_adv_enable = lsae->enable;
3000 status = BT_HCI_ERR_SUCCESS;
3002 cmd_complete(btdev, opcode, &status, sizeof(status));
3003 if (status == BT_HCI_ERR_SUCCESS && btdev->le_adv_enable)
3004 le_set_adv_enable_complete(btdev);
3007 case BT_HCI_CMD_LE_SET_SCAN_PARAMETERS:
3008 if (btdev->type == BTDEV_TYPE_BREDR)
3013 if (btdev->le_scan_enable)
3014 status = BT_HCI_ERR_COMMAND_DISALLOWED;
3016 status = BT_HCI_ERR_SUCCESS;
3017 btdev->le_scan_type = lssp->type;
3018 btdev->le_scan_own_addr_type = lssp->own_addr_type;
3021 cmd_complete(btdev, opcode, &status, sizeof(status));
3024 case BT_HCI_CMD_LE_SET_SCAN_ENABLE:
3025 if (btdev->type == BTDEV_TYPE_BREDR)
3028 if (btdev->le_scan_enable == lsse->enable)
3029 status = BT_HCI_ERR_COMMAND_DISALLOWED;
3031 btdev->le_scan_enable = lsse->enable;
3032 btdev->le_filter_dup = lsse->filter_dup;
3033 status = BT_HCI_ERR_SUCCESS;
3035 cmd_complete(btdev, opcode, &status, sizeof(status));
3038 case BT_HCI_CMD_LE_CREATE_CONN:
3039 if (btdev->type == BTDEV_TYPE_BREDR)
3041 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
3044 case BT_HCI_CMD_LE_READ_WHITE_LIST_SIZE:
3045 if (btdev->type == BTDEV_TYPE_BREDR)
3047 lrwls.status = BT_HCI_ERR_SUCCESS;
3049 cmd_complete(btdev, opcode, &lrwls, sizeof(lrwls));
3052 case BT_HCI_CMD_LE_CONN_UPDATE:
3053 if (btdev->type == BTDEV_TYPE_BREDR)
3055 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
3058 case BT_HCI_CMD_LE_CLEAR_WHITE_LIST:
3059 if (btdev->type == BTDEV_TYPE_BREDR)
3061 status = BT_HCI_ERR_SUCCESS;
3062 cmd_complete(btdev, opcode, &status, sizeof(status));
3065 case BT_HCI_CMD_LE_ENCRYPT:
3066 if (btdev->type == BTDEV_TYPE_BREDR)
3069 if (!bt_crypto_e(btdev->crypto, lenc_cmd->key,
3070 lenc_cmd->plaintext, lenc.data)) {
3071 cmd_status(btdev, BT_HCI_ERR_COMMAND_DISALLOWED,
3075 lenc.status = BT_HCI_ERR_SUCCESS;
3076 cmd_complete(btdev, opcode, &lenc, sizeof(lenc));
3079 case BT_HCI_CMD_LE_RAND:
3080 if (btdev->type == BTDEV_TYPE_BREDR)
3082 if (!bt_crypto_random_bytes(btdev->crypto,
3083 (uint8_t *)&lr.number, 8)) {
3084 cmd_status(btdev, BT_HCI_ERR_COMMAND_DISALLOWED,
3088 lr.status = BT_HCI_ERR_SUCCESS;
3089 cmd_complete(btdev, opcode, &lr, sizeof(lr));
3092 case BT_HCI_CMD_LE_READ_LOCAL_PK256:
3093 if (btdev->type == BTDEV_TYPE_BREDR)
3095 if (!ecc_make_key(pk_evt.local_pk256, btdev->le_local_sk256)) {
3096 cmd_status(btdev, BT_HCI_ERR_COMMAND_DISALLOWED,
3100 cmd_status(btdev, BT_HCI_ERR_SUCCESS,
3101 BT_HCI_CMD_LE_READ_LOCAL_PK256);
3102 pk_evt.status = BT_HCI_ERR_SUCCESS;
3103 le_meta_event(btdev, BT_HCI_EVT_LE_READ_LOCAL_PK256_COMPLETE,
3104 &pk_evt, sizeof(pk_evt));
3107 case BT_HCI_CMD_LE_GENERATE_DHKEY:
3108 if (btdev->type == BTDEV_TYPE_BREDR)
3111 if (!ecdh_shared_secret(dh->remote_pk256, btdev->le_local_sk256,
3113 cmd_status(btdev, BT_HCI_ERR_COMMAND_DISALLOWED,
3117 cmd_status(btdev, BT_HCI_ERR_SUCCESS,
3118 BT_HCI_CMD_LE_GENERATE_DHKEY);
3119 dh_evt.status = BT_HCI_ERR_SUCCESS;
3120 le_meta_event(btdev, BT_HCI_EVT_LE_GENERATE_DHKEY_COMPLETE,
3121 &dh_evt, sizeof(dh_evt));
3124 case BT_HCI_CMD_LE_READ_SUPPORTED_STATES:
3125 if (btdev->type == BTDEV_TYPE_BREDR)
3127 lrss.status = BT_HCI_ERR_SUCCESS;
3128 memcpy(lrss.states, btdev->le_states, 8);
3129 cmd_complete(btdev, opcode, &lrss, sizeof(lrss));
3132 case BT_HCI_CMD_LE_SET_ADV_DATA:
3133 if (btdev->type == BTDEV_TYPE_BREDR)
3136 btdev->le_adv_data_len = lsad->len;
3137 memcpy(btdev->le_adv_data, lsad->data, 31);
3138 status = BT_HCI_ERR_SUCCESS;
3139 cmd_complete(btdev, opcode, &status, sizeof(status));
3142 case BT_HCI_CMD_LE_SET_SCAN_RSP_DATA:
3143 if (btdev->type == BTDEV_TYPE_BREDR)
3146 btdev->le_scan_data_len = lssrd->len;
3147 memcpy(btdev->le_scan_data, lssrd->data, 31);
3148 status = BT_HCI_ERR_SUCCESS;
3149 cmd_complete(btdev, opcode, &status, sizeof(status));
3152 case BT_HCI_CMD_LE_READ_REMOTE_FEATURES:
3153 if (btdev->type == BTDEV_TYPE_BREDR)
3155 le_read_remote_features_complete(btdev);
3158 case BT_HCI_CMD_LE_START_ENCRYPT:
3159 if (btdev->type == BTDEV_TYPE_BREDR)
3162 memcpy(btdev->le_ltk, lse->ltk, 16);
3163 le_start_encrypt_complete(btdev, lse->ediv, lse->rand);
3166 case BT_HCI_CMD_LE_LTK_REQ_REPLY:
3167 if (btdev->type == BTDEV_TYPE_BREDR)
3170 memcpy(btdev->le_ltk, llrr->ltk, 16);
3171 le_encrypt_complete(btdev);
3174 case BT_HCI_CMD_LE_LTK_REQ_NEG_REPLY:
3175 if (btdev->type == BTDEV_TYPE_BREDR)
3177 ltk_neg_reply_complete(btdev);
3180 case BT_HCI_CMD_SETUP_SYNC_CONN:
3181 if (btdev->type == BTDEV_TYPE_LE)
3184 status = BT_HCI_ERR_SUCCESS;
3185 cmd_status(btdev, BT_HCI_ERR_SUCCESS, opcode);
3186 sync_conn_complete(btdev, ssc->voice_setting,
3187 BT_HCI_ERR_SUCCESS);
3190 case BT_HCI_CMD_ADD_SCO_CONN:
3191 if (btdev->type == BTDEV_TYPE_LE)
3193 sco_conn_complete(btdev, BT_HCI_ERR_SUCCESS);
3196 case BT_HCI_CMD_ENABLE_DUT_MODE:
3197 status = BT_HCI_ERR_SUCCESS;
3198 cmd_complete(btdev, opcode, &status, sizeof(status));
3201 case BT_HCI_CMD_WRITE_SSP_DEBUG_MODE:
3202 if (btdev->type == BTDEV_TYPE_LE)
3205 btdev->ssp_debug_mode = wsdm->mode;
3206 status = BT_HCI_ERR_SUCCESS;
3207 cmd_complete(btdev, opcode, &status, sizeof(status));
3210 case BT_HCI_CMD_LE_RECEIVER_TEST:
3211 if (btdev->type == BTDEV_TYPE_BREDR)
3213 status = BT_HCI_ERR_SUCCESS;
3214 cmd_complete(btdev, opcode, &status, sizeof(status));
3217 case BT_HCI_CMD_LE_TRANSMITTER_TEST:
3218 if (btdev->type == BTDEV_TYPE_BREDR)
3220 status = BT_HCI_ERR_SUCCESS;
3221 cmd_complete(btdev, opcode, &status, sizeof(status));
3224 case BT_HCI_CMD_LE_TEST_END:
3225 if (btdev->type == BTDEV_TYPE_BREDR)
3227 lte.status = BT_HCI_ERR_SUCCESS;
3228 lte.num_packets = 0;
3229 cmd_complete(btdev, opcode, <e, sizeof(lte));
3232 case BT_HCI_CMD_LE_CONN_PARAM_REQ_REPLY:
3233 if (btdev->type == BTDEV_TYPE_BREDR)
3236 lcprr_rsp.handle = lcprr_cmd->handle;
3237 lcprr_rsp.status = BT_HCI_ERR_SUCCESS;
3238 cmd_complete(btdev, opcode, &lcprr_rsp, sizeof(lcprr_rsp));
3240 case BT_HCI_CMD_LE_CONN_PARAM_REQ_NEG_REPLY:
3241 if (btdev->type == BTDEV_TYPE_BREDR)
3244 lcprnr_rsp.handle = lcprnr_cmd->handle;
3245 lcprnr_rsp.status = BT_HCI_ERR_SUCCESS;
3246 cmd_complete(btdev, opcode, &lcprnr_rsp, sizeof(lcprnr_rsp));
3255 printf("Unsupported command 0x%4.4x\n", opcode);
3257 cmd_status(btdev, BT_HCI_ERR_UNKNOWN_COMMAND, opcode);
3260 static void default_cmd_completion(struct btdev *btdev, uint16_t opcode,
3261 const void *data, uint8_t len)
3263 const struct bt_hci_cmd_create_conn *cc;
3264 const struct bt_hci_cmd_disconnect *dc;
3265 const struct bt_hci_cmd_create_conn_cancel *ccc;
3266 const struct bt_hci_cmd_accept_conn_request *acr;
3267 const struct bt_hci_cmd_reject_conn_request *rcr;
3268 const struct bt_hci_cmd_auth_requested *ar;
3269 const struct bt_hci_cmd_set_conn_encrypt *sce;
3270 const struct bt_hci_cmd_link_key_request_reply *lkrr;
3271 const struct bt_hci_cmd_link_key_request_neg_reply *lkrnr;
3272 const struct bt_hci_cmd_pin_code_request_neg_reply *pcrnr;
3273 const struct bt_hci_cmd_pin_code_request_reply *pcrr;
3274 const struct bt_hci_cmd_remote_name_request *rnr;
3275 const struct bt_hci_cmd_remote_name_request_cancel *rnrc;
3276 const struct bt_hci_cmd_read_remote_features *rrf;
3277 const struct bt_hci_cmd_read_remote_ext_features *rref;
3278 const struct bt_hci_cmd_read_remote_version *rrv;
3279 const struct bt_hci_cmd_read_clock_offset *rco;
3280 const struct bt_hci_cmd_le_create_conn *lecc;
3281 const struct bt_hci_cmd_le_conn_update *lecu;
3282 const struct bt_hci_cmd_le_conn_param_req_reply *lcprr;
3283 const struct bt_hci_cmd_le_conn_param_req_neg_reply *lcprnr;
3284 const struct bt_hci_cmd_le_set_scan_enable *lsse;
3287 case BT_HCI_CMD_INQUIRY:
3288 if (btdev->type == BTDEV_TYPE_LE)
3290 inquiry_cmd(btdev, data);
3293 case BT_HCI_CMD_CREATE_CONN:
3294 if (btdev->type == BTDEV_TYPE_LE)
3297 conn_request(btdev, cc->bdaddr);
3300 case BT_HCI_CMD_DISCONNECT:
3302 disconnect_complete(btdev, le16_to_cpu(dc->handle), dc->reason);
3305 case BT_HCI_CMD_CREATE_CONN_CANCEL:
3306 if (btdev->type == BTDEV_TYPE_LE)
3309 conn_complete(btdev, ccc->bdaddr, BT_HCI_ERR_UNKNOWN_CONN_ID);
3312 case BT_HCI_CMD_ACCEPT_CONN_REQUEST:
3313 if (btdev->type == BTDEV_TYPE_LE)
3316 accept_conn_request_complete(btdev, acr->bdaddr);
3319 case BT_HCI_CMD_REJECT_CONN_REQUEST:
3320 if (btdev->type == BTDEV_TYPE_LE)
3323 conn_complete(btdev, rcr->bdaddr, BT_HCI_ERR_UNKNOWN_CONN_ID);
3326 case BT_HCI_CMD_LINK_KEY_REQUEST_REPLY:
3327 if (btdev->type == BTDEV_TYPE_LE)
3330 link_key_req_reply_complete(btdev, lkrr->bdaddr, lkrr->link_key);
3333 case BT_HCI_CMD_LINK_KEY_REQUEST_NEG_REPLY:
3334 if (btdev->type == BTDEV_TYPE_LE)
3337 link_key_req_neg_reply_complete(btdev, lkrnr->bdaddr);
3340 case BT_HCI_CMD_PIN_CODE_REQUEST_REPLY:
3341 if (btdev->type == BTDEV_TYPE_LE)
3344 pin_code_req_reply_complete(btdev, pcrr->bdaddr, pcrr->pin_len,
3348 case BT_HCI_CMD_PIN_CODE_REQUEST_NEG_REPLY:
3349 if (btdev->type == BTDEV_TYPE_LE)
3352 pin_code_req_neg_reply_complete(btdev, pcrnr->bdaddr);
3355 case BT_HCI_CMD_AUTH_REQUESTED:
3356 if (btdev->type == BTDEV_TYPE_LE)
3359 auth_request_complete(btdev, le16_to_cpu(ar->handle));
3362 case BT_HCI_CMD_SET_CONN_ENCRYPT:
3363 if (btdev->type == BTDEV_TYPE_LE)
3369 if (!sce->encr_mode)
3371 else if (btdev->secure_conn_support &&
3372 btdev->conn->secure_conn_support)
3377 encrypt_change(btdev, mode, BT_HCI_ERR_SUCCESS);
3378 encrypt_change(btdev->conn, mode, BT_HCI_ERR_SUCCESS);
3382 case BT_HCI_CMD_REMOTE_NAME_REQUEST:
3383 if (btdev->type == BTDEV_TYPE_LE)
3386 name_request_complete(btdev, rnr->bdaddr, BT_HCI_ERR_SUCCESS);
3389 case BT_HCI_CMD_REMOTE_NAME_REQUEST_CANCEL:
3390 if (btdev->type == BTDEV_TYPE_LE)
3393 name_request_complete(btdev, rnrc->bdaddr,
3394 BT_HCI_ERR_UNKNOWN_CONN_ID);
3397 case BT_HCI_CMD_READ_REMOTE_FEATURES:
3398 if (btdev->type == BTDEV_TYPE_LE)
3401 remote_features_complete(btdev, le16_to_cpu(rrf->handle));
3404 case BT_HCI_CMD_READ_REMOTE_EXT_FEATURES:
3405 if (btdev->type == BTDEV_TYPE_LE)
3408 remote_ext_features_complete(btdev, le16_to_cpu(rref->handle),
3412 case BT_HCI_CMD_READ_REMOTE_VERSION:
3414 remote_version_complete(btdev, le16_to_cpu(rrv->handle));
3417 case BT_HCI_CMD_READ_CLOCK_OFFSET:
3418 if (btdev->type == BTDEV_TYPE_LE)
3421 remote_clock_offset_complete(btdev, le16_to_cpu(rco->handle));
3424 case BT_HCI_CMD_LE_CREATE_CONN:
3425 if (btdev->type == BTDEV_TYPE_BREDR)
3428 btdev->le_scan_own_addr_type = lecc->own_addr_type;
3429 le_conn_request(btdev, lecc);
3432 case BT_HCI_CMD_LE_CONN_UPDATE:
3433 if (btdev->type == BTDEV_TYPE_BREDR)
3436 if (btdev->le_features[0] & 0x02)
3437 le_conn_param_req(btdev, le16_to_cpu(lecu->handle),
3438 le16_to_cpu(lecu->min_interval),
3439 le16_to_cpu(lecu->max_interval),
3440 le16_to_cpu(lecu->latency),
3441 le16_to_cpu(lecu->supv_timeout),
3442 le16_to_cpu(lecu->min_length),
3443 le16_to_cpu(lecu->max_length));
3445 le_conn_update(btdev, le16_to_cpu(lecu->handle),
3446 le16_to_cpu(lecu->min_interval),
3447 le16_to_cpu(lecu->max_interval),
3448 le16_to_cpu(lecu->latency),
3449 le16_to_cpu(lecu->supv_timeout),
3450 le16_to_cpu(lecu->min_length),
3451 le16_to_cpu(lecu->max_length));
3453 case BT_HCI_CMD_LE_CONN_PARAM_REQ_REPLY:
3454 if (btdev->type == BTDEV_TYPE_BREDR)
3457 le_conn_update(btdev, le16_to_cpu(lcprr->handle),
3458 le16_to_cpu(lcprr->min_interval),
3459 le16_to_cpu(lcprr->max_interval),
3460 le16_to_cpu(lcprr->latency),
3461 le16_to_cpu(lcprr->supv_timeout),
3462 le16_to_cpu(lcprr->min_length),
3463 le16_to_cpu(lcprr->max_length));
3465 case BT_HCI_CMD_LE_CONN_PARAM_REQ_NEG_REPLY:
3466 if (btdev->type == BTDEV_TYPE_BREDR)
3469 rej_le_conn_update(btdev, le16_to_cpu(lcprnr->handle),
3470 le16_to_cpu(lcprnr->reason));
3473 case BT_HCI_CMD_LE_SET_SCAN_ENABLE:
3474 if (btdev->type == BTDEV_TYPE_BREDR)
3477 if (btdev->le_scan_enable && lsse->enable)
3478 le_set_scan_enable_complete(btdev);
3483 struct btdev_callback {
3484 void (*function)(btdev_callback callback, uint8_t response,
3485 uint8_t status, const void *data, uint8_t len);
3492 void btdev_command_response(btdev_callback callback, uint8_t response,
3493 uint8_t status, const void *data, uint8_t len)
3495 callback->function(callback, response, status, data, len);
3498 static void handler_callback(btdev_callback callback, uint8_t response,
3499 uint8_t status, const void *data, uint8_t len)
3501 struct btdev *btdev = callback->user_data;
3504 case BTDEV_RESPONSE_DEFAULT:
3505 if (!run_hooks(btdev, BTDEV_HOOK_PRE_CMD, callback->opcode,
3506 callback->data, callback->len))
3508 default_cmd(btdev, callback->opcode,
3509 callback->data, callback->len);
3511 if (!run_hooks(btdev, BTDEV_HOOK_PRE_EVT, callback->opcode,
3512 callback->data, callback->len))
3514 default_cmd_completion(btdev, callback->opcode,
3515 callback->data, callback->len);
3517 case BTDEV_RESPONSE_COMMAND_STATUS:
3518 cmd_status(btdev, status, callback->opcode);
3520 case BTDEV_RESPONSE_COMMAND_COMPLETE:
3521 cmd_complete(btdev, callback->opcode, data, len);
3524 cmd_status(btdev, BT_HCI_ERR_UNKNOWN_COMMAND,
3530 static void process_cmd(struct btdev *btdev, const void *data, uint16_t len)
3532 struct btdev_callback callback;
3533 const struct bt_hci_cmd_hdr *hdr = data;
3535 if (len < sizeof(*hdr))
3538 callback.function = handler_callback;
3539 callback.user_data = btdev;
3540 callback.opcode = le16_to_cpu(hdr->opcode);
3541 callback.data = data + sizeof(*hdr);
3542 callback.len = hdr->plen;
3544 if (btdev->command_handler)
3545 btdev->command_handler(callback.opcode,
3546 callback.data, callback.len,
3547 &callback, btdev->command_data);
3549 if (!run_hooks(btdev, BTDEV_HOOK_PRE_CMD, callback.opcode,
3550 callback.data, callback.len))
3552 default_cmd(btdev, callback.opcode,
3553 callback.data, callback.len);
3555 if (!run_hooks(btdev, BTDEV_HOOK_PRE_EVT, callback.opcode,
3556 callback.data, callback.len))
3558 default_cmd_completion(btdev, callback.opcode,
3559 callback.data, callback.len);
3563 static void send_acl(struct btdev *conn, const void *data, uint16_t len)
3565 struct bt_hci_acl_hdr hdr;
3566 struct iovec iov[3];
3569 iov[0].iov_base = (void *) data;
3572 /* ACL_START_NO_FLUSH is only allowed from host to controller.
3573 * From controller to host this should be converted to ACL_START.
3575 memcpy(&hdr, data + 1, sizeof(hdr));
3576 if (acl_flags(hdr.handle) == ACL_START_NO_FLUSH)
3577 hdr.handle = acl_handle_pack(acl_handle(hdr.handle), ACL_START);
3579 iov[1].iov_base = &hdr;
3580 iov[1].iov_len = sizeof(hdr);
3582 iov[2].iov_base = (void *) (data + 1 + sizeof(hdr));
3583 iov[2].iov_len = len - 1 - sizeof(hdr);
3585 send_packet(conn, iov, 3);
3588 void btdev_receive_h4(struct btdev *btdev, const void *data, uint16_t len)
3598 pkt_type = ((const uint8_t *) data)[0];
3602 process_cmd(btdev, data + 1, len - 1);
3606 send_acl(btdev->conn, data, len);
3607 num_completed_packets(btdev);
3610 printf("Unsupported packet 0x%2.2x\n", pkt_type);
3615 int btdev_add_hook(struct btdev *btdev, enum btdev_hook_type type,
3616 uint16_t opcode, btdev_hook_func handler,
3624 if (get_hook_index(btdev, type, opcode) > 0)
3627 for (i = 0; i < MAX_HOOK_ENTRIES; i++) {
3628 if (btdev->hook_list[i] == NULL) {
3629 btdev->hook_list[i] = malloc(sizeof(struct hook));
3630 if (btdev->hook_list[i] == NULL)
3633 btdev->hook_list[i]->handler = handler;
3634 btdev->hook_list[i]->user_data = user_data;
3635 btdev->hook_list[i]->opcode = opcode;
3636 btdev->hook_list[i]->type = type;
3644 bool btdev_del_hook(struct btdev *btdev, enum btdev_hook_type type,
3652 for (i = 0; i < MAX_HOOK_ENTRIES; i++) {
3653 if (btdev->hook_list[i] == NULL)
3656 if (btdev->hook_list[i]->type != type ||
3657 btdev->hook_list[i]->opcode != opcode)
3660 free(btdev->hook_list[i]);
3661 btdev->hook_list[i] = NULL;