3 * BlueZ - Bluetooth protocol stack for Linux
5 * Copyright (C) 2004-2010 Marcel Holtmann <marcel@holtmann.org>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
31 #include <sys/types.h>
32 #include <sys/ioctl.h>
35 #include <bluetooth/bluetooth.h>
36 #include <bluetooth/hci.h>
37 #include <bluetooth/hci_lib.h>
38 #include <bluetooth/sdp.h>
39 #include <bluetooth/sdp_lib.h>
56 #define DISCOV_HALTED 0
59 #define DISCOV_NAMES 3
61 #define TIMEOUT_BR_LE_SCAN 5120 /* TGAP(100)/2 */
62 #define TIMEOUT_LE_SCAN 10240 /* TGAP(gen_disc_scan_min) */
64 #define LENGTH_BR_INQ 0x08
65 #define LENGTH_BR_LE_INQ 0x04
67 static int start_scanning(int index, int timeout);
69 static int child_pipe[2] = { -1, -1 };
71 static guint child_io_id = 0;
72 static guint ctl_io_id = 0;
81 /* Commands sent by kernel on starting an adapter */
98 gboolean bonding_initiator;
100 GIOChannel *io; /* For raw L2CAP socket (bonding) */
106 uint8_t randomizer[16];
119 enum name_state name_state;
122 static int max_dev = -1;
123 static struct dev_info {
128 uint8_t eir[HCI_MAX_EIR_LENGTH];
130 uint8_t extfeatures[8];
137 uint32_t current_cod;
139 uint32_t pending_cod;
140 gboolean cache_enable;
145 uint8_t io_capability;
147 struct hci_version ver;
151 uint16_t did_product;
152 uint16_t did_version;
175 uint16_t discoverable_timeout;
176 guint discoverable_id;
179 static int found_dev_rssi_cmp(gconstpointer a, gconstpointer b)
181 const struct found_dev *d1 = a, *d2 = b;
184 if (d2->name_state == NAME_NOT_NEEDED)
187 rssi1 = d1->rssi < 0 ? -d1->rssi : d1->rssi;
188 rssi2 = d2->rssi < 0 ? -d2->rssi : d2->rssi;
190 return rssi1 - rssi2;
193 static int found_dev_bda_cmp(gconstpointer a, gconstpointer b)
195 const struct found_dev *d1 = a, *d2 = b;
197 return bacmp(&d1->bdaddr, &d2->bdaddr);
200 static void found_dev_cleanup(struct dev_info *info)
202 g_slist_free_full(info->found_devs, g_free);
203 info->found_devs = NULL;
205 g_slist_free_full(info->need_name, g_free);
206 info->need_name = NULL;
209 static int resolve_name(struct dev_info *info, bdaddr_t *bdaddr)
211 remote_name_req_cp cp;
214 ba2str(bdaddr, addr);
215 DBG("hci%d dba %s", info->id, addr);
217 memset(&cp, 0, sizeof(cp));
218 bacpy(&cp.bdaddr, bdaddr);
219 cp.pscan_rep_mode = 0x02;
221 if (hci_send_cmd(info->sk, OGF_LINK_CTL, OCF_REMOTE_NAME_REQ,
222 REMOTE_NAME_REQ_CP_SIZE, &cp) < 0)
228 static int resolve_names(struct dev_info *info, struct btd_adapter *adapter)
230 struct found_dev *dev;
232 DBG("found_dev %u need_name %u", g_slist_length(info->found_devs),
233 g_slist_length(info->need_name));
235 if (g_slist_length(info->need_name) == 0)
238 dev = info->need_name->data;
239 resolve_name(info, &dev->bdaddr);
240 dev->name_state = NAME_PENDING;
245 static void set_state(int index, int state)
247 struct btd_adapter *adapter;
248 struct dev_info *dev = &devs[index];
250 if (dev->discov_state == state)
253 adapter = manager_find_adapter_by_id(index);
255 error("No matching adapter found");
259 dev->discov_state = state;
261 DBG("hci%d: new state %d", index, dev->discov_state);
263 switch (dev->discov_state) {
265 found_dev_cleanup(dev);
266 adapter_set_discovering(adapter, FALSE);
270 adapter_set_discovering(adapter, TRUE);
273 if (resolve_names(dev, adapter) < 0)
274 set_state(index, DISCOV_HALTED);
279 static inline gboolean is_le_capable(int index)
281 struct dev_info *dev = &devs[index];
283 return (dev->features[4] & LMP_LE &&
284 dev->extfeatures[0] & LMP_HOST_LE) ? TRUE : FALSE;
287 static inline gboolean is_bredr_capable(int index)
289 struct dev_info *dev = &devs[index];
291 return (dev->features[4] & LMP_NO_BREDR) == 0 ? TRUE : FALSE;
294 static int get_adapter_type(int index)
296 if (is_le_capable(index) && is_bredr_capable(index))
298 else if (is_le_capable(index))
300 else if (is_bredr_capable(index))
306 static int ignore_device(struct hci_dev_info *di)
308 return hci_test_bit(HCI_RAW, &di->flags) || di->type >> 4 != HCI_BREDR;
311 static struct dev_info *init_dev_info(int index, int sk, gboolean registered,
314 struct dev_info *dev = &devs[index];
316 memset(dev, 0, sizeof(*dev));
320 dev->cache_enable = TRUE;
321 dev->registered = registered;
322 dev->already_up = already_up;
323 dev->io_capability = 0x03; /* No Input No Output */
324 dev->discov_state = DISCOV_HALTED;
329 /* Async HCI command handling with callback support */
331 struct hci_cmd_data {
335 gpointer caller_data;
338 static gboolean hci_event_watch(GIOChannel *io,
339 GIOCondition cond, gpointer user_data)
341 unsigned char buf[HCI_MAX_EVENT_SIZE], *body;
342 struct hci_cmd_data *cmd = user_data;
343 evt_cmd_status *evt_status;
344 evt_auth_complete *evt_auth;
345 evt_encrypt_change *evt_enc;
347 set_conn_encrypt_cp cp;
350 uint8_t status = HCI_OE_POWER_OFF;
352 if (cond & G_IO_NVAL) {
353 cmd->cb(status, cmd->caller_data);
357 if (cond & (G_IO_ERR | G_IO_HUP))
360 dd = g_io_channel_unix_get_fd(io);
362 if (read(dd, buf, sizeof(buf)) < 0)
365 hdr = (hci_event_hdr *) (buf + 1);
366 body = buf + (1 + HCI_EVENT_HDR_SIZE);
370 evt_status = (evt_cmd_status *) body;
371 ocf = cmd_opcode_ocf(evt_status->opcode);
375 case OCF_AUTH_REQUESTED:
376 case OCF_SET_CONN_ENCRYPT:
377 if (evt_status->status != 0) {
378 /* Baseband rejected command */
379 status = evt_status->status;
386 /* Wait for the next event */
388 case EVT_AUTH_COMPLETE:
389 evt_auth = (evt_auth_complete *) body;
390 if (evt_auth->handle != cmd->handle) {
395 if (evt_auth->status != 0x00) {
396 status = evt_auth->status;
397 /* Abort encryption */
401 memset(&cp, 0, sizeof(cp));
402 cp.handle = cmd->handle;
405 cmd->ocf = OCF_SET_CONN_ENCRYPT;
407 if (hci_send_cmd(dd, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT,
408 SET_CONN_ENCRYPT_CP_SIZE, &cp) < 0) {
409 status = HCI_COMMAND_DISALLOWED;
412 /* Wait for encrypt change event */
414 case EVT_ENCRYPT_CHANGE:
415 evt_enc = (evt_encrypt_change *) body;
416 if (evt_enc->handle != cmd->handle)
419 /* Procedure finished: reporting status */
420 status = evt_enc->status;
428 cmd->cb(status, cmd->caller_data);
429 g_io_channel_shutdown(io, TRUE, NULL);
434 static int write_inq_mode(int index, uint8_t mode)
436 struct dev_info *dev = &devs[index];
437 write_inquiry_mode_cp cp;
439 memset(&cp, 0, sizeof(cp));
442 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_INQUIRY_MODE,
443 WRITE_INQUIRY_MODE_CP_SIZE, &cp) < 0)
449 static uint8_t get_inquiry_mode(int index)
451 struct dev_info *dev = &devs[index];
453 if (dev->features[6] & LMP_EXT_INQ)
456 if (dev->features[3] & LMP_RSSI_INQ)
459 if (dev->ver.manufacturer == 11 && dev->ver.hci_rev == 0x00 &&
460 dev->ver.lmp_subver == 0x0757)
463 if (dev->ver.manufacturer == 15) {
464 if (dev->ver.hci_rev == 0x03 &&
465 dev->ver.lmp_subver == 0x6963)
467 if (dev->ver.hci_rev == 0x09 &&
468 dev->ver.lmp_subver == 0x6963)
470 if (dev->ver.hci_rev == 0x00 &&
471 dev->ver.lmp_subver == 0x6965)
475 if (dev->ver.manufacturer == 31 && dev->ver.hci_rev == 0x2005 &&
476 dev->ver.lmp_subver == 0x1805)
482 static int init_ssp_mode(int index)
484 struct dev_info *dev = &devs[index];
485 write_simple_pairing_mode_cp cp;
487 if (ioctl(dev->sk, HCIGETAUTHINFO, NULL) < 0 && errno == EINVAL)
490 memset(&cp, 0, sizeof(cp));
493 if (hci_send_cmd(dev->sk, OGF_HOST_CTL,
494 OCF_WRITE_SIMPLE_PAIRING_MODE,
495 WRITE_SIMPLE_PAIRING_MODE_CP_SIZE, &cp) < 0)
501 static int hciops_set_discoverable(int index, gboolean discoverable,
504 struct dev_info *dev = &devs[index];
508 mode = (SCAN_PAGE | SCAN_INQUIRY);
512 DBG("hci%d discoverable %d", index, discoverable);
514 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE,
518 dev->discoverable_timeout = timeout;
523 static int hciops_set_pairable(int index, gboolean pairable)
525 struct btd_adapter *adapter;
527 DBG("hci%d pairable %d", index, pairable);
529 adapter = manager_find_adapter(&devs[index].bdaddr);
531 btd_adapter_pairable_changed(adapter, pairable);
533 devs[index].pairable = pairable;
538 static int hciops_power_off(int index)
540 struct dev_info *dev = &devs[index];
544 if (ioctl(dev->sk, HCIDEVDOWN, index) < 0 && errno != EALREADY)
550 static void set_event_mask(int index)
552 struct dev_info *dev = &devs[index];
553 /* The second byte is 0xff instead of 0x9f (two reserved bits
554 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
555 * command otherwise */
556 uint8_t events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
558 /* Events for 1.2 and newer controllers */
559 if (dev->ver.lmp_ver > 1) {
560 events[4] |= 0x01; /* Flow Specification Complete */
561 events[4] |= 0x02; /* Inquiry Result with RSSI */
562 events[4] |= 0x04; /* Read Remote Extended Features Complete */
563 events[5] |= 0x08; /* Synchronous Connection Complete */
564 events[5] |= 0x10; /* Synchronous Connection Changed */
567 if (dev->features[3] & LMP_RSSI_INQ)
568 events[4] |= 0x02; /* Inquiry Result with RSSI */
570 if (dev->features[5] & LMP_SNIFF_SUBR)
571 events[5] |= 0x20; /* Sniff Subrating */
573 if (dev->features[5] & LMP_PAUSE_ENC)
574 events[5] |= 0x80; /* Encryption Key Refresh Complete */
576 if (dev->features[6] & LMP_EXT_INQ)
577 events[5] |= 0x40; /* Extended Inquiry Result */
579 if (dev->features[6] & LMP_NFLUSH_PKTS)
580 events[7] |= 0x01; /* Enhanced Flush Complete */
582 if (dev->features[7] & LMP_LSTO)
583 events[6] |= 0x80; /* Link Supervision Timeout Changed */
585 if (dev->features[6] & LMP_SIMPLE_PAIR) {
586 events[6] |= 0x01; /* IO Capability Request */
587 events[6] |= 0x02; /* IO Capability Response */
588 events[6] |= 0x04; /* User Confirmation Request */
589 events[6] |= 0x08; /* User Passkey Request */
590 events[6] |= 0x10; /* Remote OOB Data Request */
591 events[6] |= 0x20; /* Simple Pairing Complete */
592 events[7] |= 0x04; /* User Passkey Notification */
593 events[7] |= 0x08; /* Keypress Notification */
594 events[7] |= 0x10; /* Remote Host Supported
595 * Features Notification */
598 if (dev->features[4] & LMP_LE)
599 events[7] |= 0x20; /* LE Meta-Event */
601 hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_SET_EVENT_MASK,
602 sizeof(events), events);
605 static void start_adapter(int index)
607 struct dev_info *dev = &devs[index];
609 uint16_t link_policy;
611 set_event_mask(index);
613 if (dev->features[6] & LMP_SIMPLE_PAIR)
614 init_ssp_mode(index);
616 inqmode = get_inquiry_mode(index);
618 write_inq_mode(index, inqmode);
620 if (dev->features[7] & LMP_INQ_TX_PWR)
621 hci_send_cmd(dev->sk, OGF_HOST_CTL,
622 OCF_READ_INQ_RESPONSE_TX_POWER_LEVEL, 0, NULL);
624 /* Set default link policy */
625 link_policy = main_opts.link_policy;
627 if (!(dev->features[0] & LMP_RSWITCH))
628 link_policy &= ~HCI_LP_RSWITCH;
629 if (!(dev->features[0] & LMP_HOLD))
630 link_policy &= ~HCI_LP_HOLD;
631 if (!(dev->features[0] & LMP_SNIFF))
632 link_policy &= ~HCI_LP_SNIFF;
633 if (!(dev->features[1] & LMP_PARK))
634 link_policy &= ~HCI_LP_PARK;
636 link_policy = htobs(link_policy);
637 hci_send_cmd(dev->sk, OGF_LINK_POLICY, OCF_WRITE_DEFAULT_LINK_POLICY,
638 sizeof(link_policy), &link_policy);
640 dev->current_cod = 0;
641 memset(dev->eir, 0, sizeof(dev->eir));
644 static int hciops_stop_inquiry(int index)
646 struct dev_info *dev = &devs[index];
650 if (hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_INQUIRY_CANCEL, 0, 0) < 0)
656 static void update_ext_inquiry_response(int index)
658 struct dev_info *dev = &devs[index];
659 write_ext_inquiry_response_cp cp;
663 if (!(dev->features[6] & LMP_EXT_INQ))
666 if (dev->ssp_mode == 0)
669 if (dev->cache_enable)
672 memset(&cp, 0, sizeof(cp));
674 eir_create(dev->name, dev->tx_power, dev->did_vendor, dev->did_product,
675 dev->did_version, dev->did_source, dev->uuids,
678 if (memcmp(cp.data, dev->eir, sizeof(cp.data)) == 0)
681 memcpy(dev->eir, cp.data, sizeof(cp.data));
683 if (hci_send_cmd(dev->sk, OGF_HOST_CTL,
684 OCF_WRITE_EXT_INQUIRY_RESPONSE,
685 WRITE_EXT_INQUIRY_RESPONSE_CP_SIZE, &cp) < 0)
686 error("Unable to write EIR data: %s (%d)",
687 strerror(errno), errno);
690 static int hciops_set_name(int index, const char *name)
692 struct dev_info *dev = &devs[index];
693 change_local_name_cp cp;
695 DBG("hci%d, name %s", index, name);
697 memset(&cp, 0, sizeof(cp));
698 strncpy((char *) cp.name, name, sizeof(cp.name));
700 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME,
701 CHANGE_LOCAL_NAME_CP_SIZE, &cp) < 0)
704 memcpy(dev->name, cp.name, 248);
705 update_ext_inquiry_response(index);
710 static int write_class(int index, uint32_t class)
712 struct dev_info *dev = &devs[index];
713 write_class_of_dev_cp cp;
715 DBG("hci%d class 0x%06x", index, class);
717 memcpy(cp.dev_class, &class, 3);
719 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV,
720 WRITE_CLASS_OF_DEV_CP_SIZE, &cp) < 0)
723 dev->pending_cod = class;
728 static int hciops_set_dev_class(int index, uint8_t major, uint8_t minor)
730 struct dev_info *dev = &devs[index];
733 DBG("hci%d major %u minor %u", index, major, minor);
735 /* Update only the major and minor class bits keeping remaining bits
737 dev->wanted_cod &= 0xffe000;
738 dev->wanted_cod |= ((major & 0x1f) << 8) | minor;
740 if (dev->wanted_cod == dev->current_cod ||
741 dev->cache_enable || dev->pending_cod)
744 DBG("Changing Major/Minor class to 0x%06x", dev->wanted_cod);
746 err = write_class(index, dev->wanted_cod);
748 error("Adapter class update failed: %s (%d)",
749 strerror(-err), -err);
754 static gboolean init_adapter(int index)
756 struct dev_info *dev = &devs[index];
757 struct btd_adapter *adapter = NULL;
758 gboolean existing_adapter = dev->registered;
759 uint8_t mode, on_mode, major, minor;
760 gboolean pairable, discoverable;
762 uint16_t discoverable_timeout;
764 if (!dev->registered) {
765 adapter = btd_manager_register_adapter(index, TRUE);
767 dev->registered = TRUE;
769 adapter = manager_find_adapter(&dev->bdaddr);
770 /* FIXME: manager_find_adapter should return a new ref */
771 btd_adapter_ref(adapter);
777 btd_adapter_get_mode(adapter, &mode, &on_mode,
778 &discoverable_timeout,
781 if (existing_adapter)
784 if (mode == MODE_OFF) {
785 hciops_power_off(index);
789 start_adapter(index);
791 name = btd_adapter_get_name(adapter);
793 hciops_set_name(index, name);
795 btd_adapter_get_class(adapter, &major, &minor);
796 hciops_set_dev_class(index, major, minor);
798 btd_adapter_start(adapter);
800 discoverable = (mode == MODE_DISCOVERABLE);
802 hciops_set_discoverable(index, discoverable, discoverable_timeout);
803 hciops_set_pairable(index, pairable);
806 hciops_stop_inquiry(index);
809 btd_adapter_unref(adapter);
813 static int hciops_encrypt_link(int index, bdaddr_t *dst, bt_hci_result_t cb,
817 struct hci_cmd_data *cmd;
818 struct hci_conn_info_req *cr;
819 auth_requested_cp cp;
820 struct hci_filter nf;
825 dd = hci_open_dev(index);
829 cr = g_malloc0(sizeof(*cr) + sizeof(struct hci_conn_info));
831 bacpy(&cr->bdaddr, dst);
833 err = ioctl(dd, HCIGETCONNINFO, cr);
834 link_mode = cr->conn_info->link_mode;
835 handle = cr->conn_info->handle;
843 if (link_mode & HCI_LM_ENCRYPT) {
848 memset(&cp, 0, sizeof(cp));
849 cp.handle = htobs(handle);
851 if (hci_send_cmd(dd, OGF_LINK_CTL, OCF_AUTH_REQUESTED,
852 AUTH_REQUESTED_CP_SIZE, &cp) < 0) {
857 cmd = g_new0(struct hci_cmd_data, 1);
858 cmd->handle = handle;
859 cmd->ocf = OCF_AUTH_REQUESTED;
861 cmd->caller_data = user_data;
863 hci_filter_clear(&nf);
864 hci_filter_set_ptype(HCI_EVENT_PKT, &nf);
865 hci_filter_set_event(EVT_CMD_STATUS, &nf);
866 hci_filter_set_event(EVT_AUTH_COMPLETE, &nf);
867 hci_filter_set_event(EVT_ENCRYPT_CHANGE, &nf);
869 if (setsockopt(dd, SOL_HCI, HCI_FILTER, &nf, sizeof(nf)) < 0) {
875 io = g_io_channel_unix_new(dd);
876 g_io_channel_set_close_on_unref(io, FALSE);
877 g_io_add_watch_full(io, G_PRIORITY_DEFAULT,
878 G_IO_HUP | G_IO_ERR | G_IO_NVAL | G_IO_IN,
879 hci_event_watch, cmd, g_free);
880 g_io_channel_unref(io);
889 static int hciops_set_did(int index, uint16_t vendor, uint16_t product,
890 uint16_t version, uint16_t source)
892 struct dev_info *dev = &devs[index];
894 dev->did_vendor = vendor;
895 dev->did_product = product;
896 dev->did_version = version;
897 dev->did_source = source;
902 /* End async HCI command handling */
904 /* Start of HCI event callbacks */
906 static gint conn_handle_cmp(gconstpointer a, gconstpointer b)
908 const struct bt_conn *conn = a;
909 uint16_t handle = *((const uint16_t *) b);
911 return (int) conn->handle - (int) handle;
914 static struct bt_conn *find_conn_by_handle(struct dev_info *dev,
919 match = g_slist_find_custom(dev->connections, &handle,
927 static gint conn_bdaddr_cmp(gconstpointer a, gconstpointer b)
929 const struct bt_conn *conn = a;
930 const bdaddr_t *bdaddr = b;
932 return bacmp(&conn->bdaddr, bdaddr);
935 static struct bt_conn *find_connection(struct dev_info *dev, bdaddr_t *bdaddr)
939 match = g_slist_find_custom(dev->connections, bdaddr, conn_bdaddr_cmp);
946 static struct bt_conn *get_connection(struct dev_info *dev, bdaddr_t *bdaddr)
948 struct bt_conn *conn;
950 conn = find_connection(dev, bdaddr);
954 conn = g_new0(struct bt_conn, 1);
957 conn->loc_cap = dev->io_capability;
958 conn->loc_auth = 0xff;
959 conn->rem_auth = 0xff;
960 bacpy(&conn->bdaddr, bdaddr);
962 dev->connections = g_slist_append(dev->connections, conn);
967 static int get_handle(int index, bdaddr_t *bdaddr, uint16_t *handle)
969 struct dev_info *dev = &devs[index];
970 struct bt_conn *conn;
973 ba2str(bdaddr, addr);
974 DBG("hci%d dba %s", index, addr);
976 conn = find_connection(dev, bdaddr);
980 *handle = conn->handle;
985 static int disconnect_addr(int index, bdaddr_t *dba, uint8_t reason)
991 err = get_handle(index, dba, &handle);
995 memset(&cp, 0, sizeof(cp));
996 cp.handle = htobs(handle);
999 if (hci_send_cmd(devs[index].sk, OGF_LINK_CTL, OCF_DISCONNECT,
1000 DISCONNECT_CP_SIZE, &cp) < 0)
1006 static void bonding_complete(struct dev_info *dev, struct bt_conn *conn,
1009 struct btd_adapter *adapter;
1011 DBG("status 0x%02x", status);
1013 if (conn->io != NULL) {
1014 /* bonding_connect_cb takes care of the successul case */
1016 g_io_channel_shutdown(conn->io, TRUE, NULL);
1017 g_io_channel_unref(conn->io);
1021 conn->bonding_initiator = FALSE;
1023 adapter = manager_find_adapter(&dev->bdaddr);
1025 adapter_bonding_complete(adapter, &conn->bdaddr, status);
1028 static int get_auth_info(int index, bdaddr_t *bdaddr, uint8_t *auth)
1030 struct dev_info *dev = &devs[index];
1031 struct hci_auth_info_req req;
1034 ba2str(bdaddr, addr);
1035 DBG("hci%d dba %s", index, addr);
1037 memset(&req, 0, sizeof(req));
1038 bacpy(&req.bdaddr, bdaddr);
1040 if (ioctl(dev->sk, HCIGETAUTHINFO, (unsigned long) &req) < 0)
1049 /* Link Key handling */
1051 static void link_key_request(int index, bdaddr_t *dba)
1053 struct dev_info *dev = &devs[index];
1054 struct link_key_info *key_info;
1055 struct bt_conn *conn;
1060 DBG("hci%d dba %s", index, da);
1062 conn = get_connection(dev, dba);
1063 if (conn->handle == 0)
1064 conn->secmode3 = TRUE;
1066 get_auth_info(index, dba, &conn->loc_auth);
1068 DBG("kernel auth requirements = 0x%02x", conn->loc_auth);
1070 match = g_slist_find_custom(dev->keys, dba, (GCompareFunc) bacmp);
1072 key_info = match->data;
1076 DBG("Matching key %s", key_info ? "found" : "not found");
1078 if (key_info == NULL || (!dev->debug_keys && key_info->type == 0x03)) {
1079 /* Link key not found */
1080 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY,
1085 /* Link key found */
1087 DBG("link key type 0x%02x", key_info->type);
1089 /* Don't use unauthenticated combination keys if MITM is
1091 if (key_info->type == 0x04 && conn->loc_auth != 0xff &&
1092 (conn->loc_auth & 0x01))
1093 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY,
1096 link_key_reply_cp lr;
1098 memcpy(lr.link_key, key_info->key, 16);
1099 bacpy(&lr.bdaddr, dba);
1101 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_LINK_KEY_REPLY,
1102 LINK_KEY_REPLY_CP_SIZE, &lr);
1106 static void link_key_notify(int index, void *ptr)
1108 struct dev_info *dev = &devs[index];
1109 evt_link_key_notify *evt = ptr;
1110 bdaddr_t *dba = &evt->bdaddr;
1111 struct link_key_info *key_info;
1112 uint8_t old_key_type, key_type;
1113 struct bt_conn *conn;
1119 DBG("hci%d dba %s type %d", index, da, evt->key_type);
1121 conn = get_connection(dev, &evt->bdaddr);
1123 match = g_slist_find_custom(dev->keys, dba, (GCompareFunc) bacmp);
1125 key_info = match->data;
1129 if (key_info == NULL) {
1130 key_info = g_new0(struct link_key_info, 1);
1131 bacpy(&key_info->bdaddr, &evt->bdaddr);
1132 old_key_type = 0xff;
1134 dev->keys = g_slist_remove(dev->keys, key_info);
1135 old_key_type = key_info->type;
1138 memcpy(key_info->key, evt->link_key, sizeof(evt->link_key));
1139 key_info->type = evt->key_type;
1140 key_info->pin_len = dev->pin_length;
1142 key_type = evt->key_type;
1144 DBG("key type 0x%02x old key type 0x%02x", key_type, old_key_type);
1145 DBG("local auth 0x%02x and remote auth 0x%02x",
1146 conn->loc_auth, conn->rem_auth);
1148 if (key_type == HCI_LK_CHANGED_COMBINATION) {
1149 /* Some buggy controller combinations generate a changed
1150 * combination key for legacy pairing even when there's no
1152 if (conn->rem_auth == 0xff && old_key_type == 0xff)
1153 key_type = HCI_LK_COMBINATION;
1154 else if (old_key_type != 0xff)
1155 key_type = old_key_type;
1157 /* This is Changed Combination Link Key for
1158 * a temporary link key.*/
1162 key_info->type = key_type;
1164 /* Skip the storage check if this is a debug key */
1165 if (key_type == HCI_LK_DEBUG_COMBINATION)
1168 /* Store the link key persistently if one of the following is true:
1169 * 1. this is a legacy link key
1170 * 2. this is a changed combination key and there was a previously
1172 * 3. neither local nor remote side had no-bonding as a requirement
1173 * 4. the local side had dedicated bonding as a requirement
1174 * 5. the remote side is using dedicated bonding since in that case
1175 * also the local requirements are set to dedicated bonding
1176 * If none of the above match only keep the link key around for
1177 * this connection and set the temporary flag for the device.
1179 if (key_type < HCI_LK_DEBUG_COMBINATION ||
1180 (key_type == HCI_LK_CHANGED_COMBINATION
1181 && old_key_type != HCI_LK_INVALID) ||
1182 (conn->loc_auth > 0x01 && conn->rem_auth > 0x01) ||
1183 (conn->loc_auth == 0x02 || conn->loc_auth == 0x03) ||
1184 (conn->rem_auth == 0x02 || conn->rem_auth == 0x03)) {
1187 err = btd_event_link_key_notify(&dev->bdaddr, dba,
1188 evt->link_key, key_type,
1192 status = HCI_OE_LOW_RESOURCES;
1194 status = HCI_MEMORY_FULL;
1200 dev->pin_length = 0;
1204 bonding_complete(dev, conn, status);
1205 disconnect_addr(index, dba, status);
1209 dev->keys = g_slist_prepend(dev->keys, key_info);
1211 /* If we're connected and not dedicated bonding initiators we're
1212 * done with the bonding process */
1213 if (!conn->bonding_initiator && conn->handle != 0)
1214 bonding_complete(dev, conn, 0);
1217 static void return_link_keys(int index, void *ptr)
1219 struct dev_info *dev = &devs[index];
1220 evt_return_link_keys *evt = ptr;
1221 uint8_t num = evt->num_keys;
1222 unsigned char key[16];
1227 DBG("hci%d num_keys %u", index, num);
1231 for (i = 0; i < num; i++) {
1232 bacpy(&dba, ptr); ba2str(&dba, da);
1233 memcpy(key, ptr + 6, 16);
1235 DBG("hci%d returned key for %s", index, da);
1237 btd_event_returned_link_key(&dev->bdaddr, &dba);
1243 /* Simple Pairing handling */
1245 static int hciops_confirm_reply(int index, bdaddr_t *bdaddr, uint8_t bdaddr_type,
1248 struct dev_info *dev = &devs[index];
1249 user_confirm_reply_cp cp;
1253 ba2str(bdaddr, addr);
1254 DBG("hci%d dba %s success %d", index, addr, success);
1256 memset(&cp, 0, sizeof(cp));
1257 bacpy(&cp.bdaddr, bdaddr);
1260 err = hci_send_cmd(dev->sk, OGF_LINK_CTL,
1261 OCF_USER_CONFIRM_REPLY,
1262 USER_CONFIRM_REPLY_CP_SIZE, &cp);
1264 err = hci_send_cmd(dev->sk, OGF_LINK_CTL,
1265 OCF_USER_CONFIRM_NEG_REPLY,
1266 USER_CONFIRM_REPLY_CP_SIZE, &cp);
1274 static void user_confirm_request(int index, void *ptr)
1276 struct dev_info *dev = &devs[index];
1277 evt_user_confirm_request *req = ptr;
1278 gboolean loc_mitm, rem_mitm;
1279 struct bt_conn *conn;
1281 DBG("hci%d", index);
1283 conn = find_connection(dev, &req->bdaddr);
1287 loc_mitm = (conn->loc_auth & 0x01) ? TRUE : FALSE;
1288 rem_mitm = (conn->rem_auth & 0x01) ? TRUE : FALSE;
1290 /* If we require MITM but the remote device can't provide that
1291 * (it has NoInputNoOutput) then reject the confirmation
1292 * request. The only exception is when we're dedicated bonding
1293 * initiators since then we always have the MITM bit set. */
1294 if (!conn->bonding_initiator && loc_mitm && conn->rem_cap == 0x03) {
1295 error("Rejecting request: remote device can't provide MITM");
1299 /* If no side requires MITM protection; auto-accept */
1300 if ((conn->loc_auth == 0xff || !loc_mitm || conn->rem_cap == 0x03) &&
1301 (!rem_mitm || conn->loc_cap == 0x03)) {
1302 DBG("auto accept of confirmation");
1304 /* Wait 5 milliseconds before doing auto-accept */
1307 if (hciops_confirm_reply(index, &req->bdaddr,
1308 BDADDR_BREDR, TRUE) < 0)
1314 if (btd_event_user_confirm(&dev->bdaddr, &req->bdaddr,
1315 btohl(req->passkey)) == 0)
1319 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_USER_CONFIRM_NEG_REPLY,
1323 static void user_passkey_request(int index, void *ptr)
1325 struct dev_info *dev = &devs[index];
1326 evt_user_passkey_request *req = ptr;
1328 DBG("hci%d", index);
1330 if (btd_event_user_passkey(&dev->bdaddr, &req->bdaddr) < 0)
1331 hci_send_cmd(dev->sk, OGF_LINK_CTL,
1332 OCF_USER_PASSKEY_NEG_REPLY, 6, ptr);
1335 static void user_passkey_notify(int index, void *ptr)
1337 struct dev_info *dev = &devs[index];
1338 evt_user_passkey_notify *req = ptr;
1340 DBG("hci%d", index);
1342 btd_event_user_notify(&dev->bdaddr, &req->bdaddr,
1343 btohl(req->passkey));
1346 static gint oob_bdaddr_cmp(gconstpointer a, gconstpointer b)
1348 const struct oob_data *data = a;
1349 const bdaddr_t *bdaddr = b;
1351 return bacmp(&data->bdaddr, bdaddr);
1354 static void remote_oob_data_request(int index, bdaddr_t *bdaddr)
1356 struct dev_info *dev = &devs[index];
1359 DBG("hci%d", index);
1361 match = g_slist_find_custom(dev->oob_data, bdaddr, oob_bdaddr_cmp);
1364 struct oob_data *data;
1365 remote_oob_data_reply_cp cp;
1369 bacpy(&cp.bdaddr, &data->bdaddr);
1370 memcpy(cp.hash, data->hash, sizeof(cp.hash));
1371 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
1373 dev->oob_data = g_slist_delete_link(dev->oob_data, match);
1375 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_REMOTE_OOB_DATA_REPLY,
1376 REMOTE_OOB_DATA_REPLY_CP_SIZE, &cp);
1379 hci_send_cmd(dev->sk, OGF_LINK_CTL,
1380 OCF_REMOTE_OOB_DATA_NEG_REPLY, 6, bdaddr);
1384 static int get_io_cap(int index, bdaddr_t *bdaddr, uint8_t *cap, uint8_t *auth)
1386 struct dev_info *dev = &devs[index];
1387 struct bt_conn *conn;
1390 conn = find_connection(dev, bdaddr);
1394 err = get_auth_info(index, bdaddr, &conn->loc_auth);
1398 DBG("initial authentication requirement is 0x%02x", conn->loc_auth);
1400 if (!dev->pairable && !conn->bonding_initiator) {
1401 if (conn->rem_auth < 0x02) {
1402 DBG("Allowing no bonding in non-bondable mode");
1403 /* Kernel defaults to general bonding and so
1404 * overwrite for this special case. Otherwise
1405 * non-pairable test cases will fail. */
1406 conn->loc_auth = conn->rem_auth;
1413 /* If the kernel doesn't know the local requirement just mirror
1415 if (conn->loc_auth == 0xff)
1416 conn->loc_auth = conn->rem_auth;
1418 if (conn->loc_auth == 0x00 || conn->loc_auth == 0x04) {
1419 /* If remote requests dedicated bonding follow that lead */
1420 if (conn->rem_auth == 0x02 || conn->rem_auth == 0x03) {
1422 /* If both remote and local IO capabilities allow MITM
1423 * then require it, otherwise don't */
1424 if (conn->rem_cap == 0x03 || conn->loc_cap == 0x03)
1425 conn->loc_auth = 0x02;
1427 conn->loc_auth = 0x03;
1430 /* If remote indicates no bonding then follow that. This
1431 * is important since the kernel might give general bonding
1433 if (conn->rem_auth == 0x00 || conn->rem_auth == 0x01)
1434 conn->loc_auth = 0x00;
1436 /* If remote requires MITM then also require it, unless
1437 * our IO capability is NoInputNoOutput (so some
1438 * just-works security cases can be tested) */
1439 if (conn->rem_auth != 0xff && (conn->rem_auth & 0x01) &&
1440 conn->loc_cap != 0x03)
1441 conn->loc_auth |= 0x01;
1445 *cap = conn->loc_cap;
1446 *auth = conn->loc_auth;
1448 DBG("final authentication requirement is 0x%02x", *auth);
1453 static void io_capa_request(int index, void *ptr)
1455 struct dev_info *dev = &devs[index];
1456 bdaddr_t *dba = ptr;
1457 uint8_t cap, auth = 0xff;
1462 DBG("hci%d IO capability request for %s", index, da);
1464 err = get_io_cap(index, dba, &cap, &auth);
1466 io_capability_neg_reply_cp cp;
1468 error("Getting IO capability failed: %s (%d)",
1469 strerror(-err), -err);
1471 memset(&cp, 0, sizeof(cp));
1472 bacpy(&cp.bdaddr, dba);
1473 cp.reason = HCI_PAIRING_NOT_ALLOWED;
1474 hci_send_cmd(dev->sk, OGF_LINK_CTL,
1475 OCF_IO_CAPABILITY_NEG_REPLY,
1476 IO_CAPABILITY_NEG_REPLY_CP_SIZE, &cp);
1478 io_capability_reply_cp cp;
1479 struct bt_conn *conn;
1482 memset(&cp, 0, sizeof(cp));
1483 bacpy(&cp.bdaddr, dba);
1484 cp.capability = cap;
1485 cp.authentication = auth;
1487 conn = find_connection(dev, dba);
1488 match = g_slist_find_custom(dev->oob_data, dba, oob_bdaddr_cmp);
1490 if ((conn->bonding_initiator || conn->rem_oob_data == 0x01) &&
1496 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_IO_CAPABILITY_REPLY,
1497 IO_CAPABILITY_REPLY_CP_SIZE, &cp);
1501 static void io_capa_response(int index, void *ptr)
1503 struct dev_info *dev = &devs[index];
1504 evt_io_capability_response *evt = ptr;
1505 struct bt_conn *conn;
1508 ba2str(&evt->bdaddr, da);
1509 DBG("hci%d IO capability response from %s", index, da);
1511 conn = find_connection(dev, &evt->bdaddr);
1513 conn->rem_cap = evt->capability;
1514 conn->rem_auth = evt->authentication;
1515 conn->rem_oob_data = evt->oob_data;
1519 /* PIN code handling */
1521 static void pin_code_request(int index, bdaddr_t *dba)
1523 struct dev_info *dev = &devs[index];
1524 struct bt_conn *conn;
1529 DBG("hci%d PIN request for %s", index, addr);
1531 conn = get_connection(dev, dba);
1532 if (conn->handle == 0)
1533 conn->secmode3 = TRUE;
1535 /* Check if the adapter is not pairable and if there isn't a bonding in
1537 if (!dev->pairable && !conn->bonding_initiator) {
1538 DBG("Rejecting PIN request in non-pairable mode");
1542 err = btd_event_request_pin(&dev->bdaddr, dba, FALSE);
1544 error("PIN code negative reply: %s", strerror(-err));
1551 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_PIN_CODE_NEG_REPLY, 6, dba);
1554 static inline void remote_features_notify(int index, void *ptr)
1556 struct dev_info *dev = &devs[index];
1557 evt_remote_host_features_notify *evt = ptr;
1559 if (evt->features[0] & 0x01)
1560 btd_event_set_legacy_pairing(&dev->bdaddr, &evt->bdaddr,
1563 btd_event_set_legacy_pairing(&dev->bdaddr, &evt->bdaddr,
1566 write_features_info(&dev->bdaddr, &evt->bdaddr, NULL, evt->features);
1569 static void read_local_version_complete(int index,
1570 const read_local_version_rp *rp)
1572 struct dev_info *dev = &devs[index];
1577 dev->ver.manufacturer = btohs(bt_get_unaligned(&rp->manufacturer));
1578 dev->ver.hci_ver = rp->hci_ver;
1579 dev->ver.hci_rev = btohs(bt_get_unaligned(&rp->hci_rev));
1580 dev->ver.lmp_ver = rp->lmp_ver;
1581 dev->ver.lmp_subver = btohs(bt_get_unaligned(&rp->lmp_subver));
1586 hci_clear_bit(PENDING_VERSION, &dev->pending);
1588 DBG("Got version for hci%d", index);
1590 if (!dev->pending && dev->up)
1591 init_adapter(index);
1594 static void read_local_features_complete(int index,
1595 const read_local_features_rp *rp)
1597 struct dev_info *dev = &devs[index];
1602 memcpy(dev->features, rp->features, 8);
1607 hci_clear_bit(PENDING_FEATURES, &dev->pending);
1609 DBG("Got features for hci%d", index);
1611 if (!dev->pending && dev->up)
1612 init_adapter(index);
1615 static void update_name(int index, const char *name)
1617 struct btd_adapter *adapter;
1619 adapter = manager_find_adapter_by_id(index);
1621 adapter_name_changed(adapter, name);
1623 update_ext_inquiry_response(index);
1626 static void read_local_name_complete(int index, read_local_name_rp *rp)
1628 struct dev_info *dev = &devs[index];
1630 DBG("hci%d status %u", index, rp->status);
1635 memcpy(dev->name, rp->name, 248);
1637 if (!dev->pending) {
1638 update_name(index, (char *) rp->name);
1642 hci_clear_bit(PENDING_NAME, &dev->pending);
1644 DBG("Got name for hci%d", index);
1646 if (!dev->pending && dev->up)
1647 init_adapter(index);
1650 static void read_tx_power_complete(int index, void *ptr)
1652 struct dev_info *dev = &devs[index];
1654 read_inq_response_tx_power_level_rp *rp = ptr;
1656 DBG("hci%d status %u", index, rp->status);
1661 dev->tx_power = rp->level;
1662 update_ext_inquiry_response(index);
1665 static void read_simple_pairing_mode_complete(int index, void *ptr)
1667 struct dev_info *dev = &devs[index];
1668 read_simple_pairing_mode_rp *rp = ptr;
1670 DBG("hci%d status %u", index, rp->status);
1675 dev->ssp_mode = rp->mode;
1676 update_ext_inquiry_response(index);
1679 static void read_local_ext_features_complete(int index,
1680 const read_local_ext_features_rp *rp)
1682 struct dev_info *dev = &devs[index];
1684 DBG("hci%d status %u", index, rp->status);
1689 /* Local Extended feature page number is 1 */
1690 if (rp->page_num != 1)
1693 memcpy(dev->extfeatures, rp->features, sizeof(dev->extfeatures));
1696 static void read_bd_addr_complete(int index, read_bd_addr_rp *rp)
1698 struct dev_info *dev = &devs[index];
1700 DBG("hci%d status %u", index, rp->status);
1705 bacpy(&dev->bdaddr, &rp->bdaddr);
1710 hci_clear_bit(PENDING_BDADDR, &dev->pending);
1712 DBG("Got bdaddr for hci%d", index);
1714 if (!dev->pending && dev->up)
1715 init_adapter(index);
1718 static inline void cs_inquiry_evt(int index, uint8_t status)
1721 error("Inquiry Failed with status 0x%02x", status);
1725 set_state(index, DISCOV_INQ);
1728 static inline void cmd_status(int index, void *ptr)
1730 evt_cmd_status *evt = ptr;
1731 uint16_t opcode = btohs(evt->opcode);
1733 if (opcode == cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY))
1734 cs_inquiry_evt(index, evt->status);
1737 static gboolean discoverable_timeout_handler(gpointer user_data)
1739 struct dev_info *dev = user_data;
1741 hciops_set_discoverable(dev->id, FALSE, 0);
1746 /* Limited Discoverable bit mask in CoD */
1747 #define LIMITED_BIT 0x002000
1749 static int hciops_set_limited_discoverable(int index, gboolean limited)
1751 struct dev_info *dev = &devs[index];
1752 int num = (limited ? 2 : 1);
1753 uint8_t lap[] = { 0x33, 0x8b, 0x9e, 0x00, 0x8b, 0x9e };
1754 write_current_iac_lap_cp cp;
1756 DBG("hci%d limited %d", index, limited);
1758 /* Check if limited bit needs to be set/reset */
1760 dev->wanted_cod |= LIMITED_BIT;
1762 dev->wanted_cod &= ~LIMITED_BIT;
1764 /* If we dont need the toggling, save an unnecessary CoD write */
1765 if (dev->pending_cod || dev->wanted_cod == dev->current_cod)
1772 memset(&cp, 0, sizeof(cp));
1773 cp.num_current_iac = num;
1774 memcpy(&cp.lap, lap, num * 3);
1776 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_CURRENT_IAC_LAP,
1777 (num * 3 + 1), &cp) < 0)
1780 return write_class(index, dev->wanted_cod);
1783 static void reset_discoverable_timeout(int index)
1785 struct dev_info *dev = &devs[index];
1787 if (dev->discoverable_id > 0) {
1788 g_source_remove(dev->discoverable_id);
1789 dev->discoverable_id = 0;
1793 static void set_discoverable_timeout(int index)
1795 struct dev_info *dev = &devs[index];
1797 reset_discoverable_timeout(index);
1799 if (dev->discoverable_timeout == 0) {
1800 hciops_set_limited_discoverable(index, FALSE);
1804 /* Set limited discoverable if pairable and interval between 0 to 60
1806 if (dev->pairable && dev->discoverable_timeout <= 60)
1807 hciops_set_limited_discoverable(index, TRUE);
1809 hciops_set_limited_discoverable(index, FALSE);
1811 dev->discoverable_id = g_timeout_add_seconds(dev->discoverable_timeout,
1812 discoverable_timeout_handler,
1816 static void read_scan_complete(int index, uint8_t status, void *ptr)
1818 struct btd_adapter *adapter;
1819 read_scan_enable_rp *rp = ptr;
1821 DBG("hci%d status %u", index, status);
1823 switch (rp->enable) {
1824 case (SCAN_PAGE | SCAN_INQUIRY):
1826 set_discoverable_timeout(index);
1829 reset_discoverable_timeout(index);
1830 hciops_set_limited_discoverable(index, FALSE);
1833 adapter = manager_find_adapter_by_id(index);
1835 error("Unable to find matching adapter");
1839 adapter_mode_changed(adapter, rp->enable);
1842 static void write_class_complete(int index, uint8_t status)
1844 struct dev_info *dev = &devs[index];
1845 struct btd_adapter *adapter;
1850 if (dev->pending_cod == 0)
1853 dev->current_cod = dev->pending_cod;
1854 dev->pending_cod = 0;
1856 adapter = manager_find_adapter(&dev->bdaddr);
1858 btd_adapter_class_changed(adapter, dev->current_cod);
1860 update_ext_inquiry_response(index);
1862 if (dev->wanted_cod == dev->current_cod)
1865 if (dev->wanted_cod & LIMITED_BIT &&
1866 !(dev->current_cod & LIMITED_BIT))
1867 hciops_set_limited_discoverable(index, TRUE);
1868 else if (!(dev->wanted_cod & LIMITED_BIT) &&
1869 (dev->current_cod & LIMITED_BIT))
1870 hciops_set_limited_discoverable(index, FALSE);
1872 write_class(index, dev->wanted_cod);
1875 static void read_local_oob_data_complete(int index, uint8_t status,
1876 read_local_oob_data_rp *rp)
1878 struct btd_adapter *adapter = manager_find_adapter_by_id(index);
1884 oob_read_local_data_complete(adapter, NULL, NULL);
1886 oob_read_local_data_complete(adapter, rp->hash, rp->randomizer);
1889 static inline void inquiry_complete_evt(int index, uint8_t status)
1892 struct btd_adapter *adapter;
1895 error("Inquiry Failed with status 0x%02x", status);
1899 adapter = manager_find_adapter_by_id(index);
1901 error("No matching adapter found");
1905 adapter_type = get_adapter_type(index);
1907 if (adapter_type == BR_EDR_LE &&
1908 start_scanning(index, TIMEOUT_BR_LE_SCAN) == 0)
1911 set_state(index, DISCOV_NAMES);
1914 static inline void cc_inquiry_cancel(int index, uint8_t status)
1917 error("Inquiry Cancel Failed with status 0x%02x", status);
1921 set_state(index, DISCOV_HALTED);
1924 static inline void cc_le_set_scan_enable(int index, uint8_t status)
1926 struct dev_info *info = &devs[index];
1929 error("LE Set Scan Enable Failed with status 0x%02x", status);
1933 if (info->discov_state == DISCOV_SCAN)
1934 set_state(index, DISCOV_HALTED);
1936 set_state(index, DISCOV_SCAN);
1939 static inline void cmd_complete(int index, void *ptr)
1941 struct dev_info *dev = &devs[index];
1942 evt_cmd_complete *evt = ptr;
1943 uint16_t opcode = btohs(evt->opcode);
1944 uint8_t status = *((uint8_t *) ptr + EVT_CMD_COMPLETE_SIZE);
1947 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_VERSION):
1948 ptr += sizeof(evt_cmd_complete);
1949 read_local_version_complete(index, ptr);
1951 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_FEATURES):
1952 ptr += sizeof(evt_cmd_complete);
1953 read_local_features_complete(index, ptr);
1955 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_EXT_FEATURES):
1956 ptr += sizeof(evt_cmd_complete);
1957 read_local_ext_features_complete(index, ptr);
1959 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BD_ADDR):
1960 ptr += sizeof(evt_cmd_complete);
1961 read_bd_addr_complete(index, ptr);
1963 case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY_CANCEL):
1964 cc_inquiry_cancel(index, status);
1966 case cmd_opcode_pack(OGF_LE_CTL, OCF_LE_SET_SCAN_ENABLE):
1967 cc_le_set_scan_enable(index, status);
1969 case cmd_opcode_pack(OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME):
1971 hci_send_cmd(dev->sk, OGF_HOST_CTL,
1972 OCF_READ_LOCAL_NAME, 0, 0);
1974 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE):
1975 hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_READ_SCAN_ENABLE,
1978 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_SCAN_ENABLE):
1979 ptr += sizeof(evt_cmd_complete);
1980 read_scan_complete(index, status, ptr);
1982 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV):
1983 write_class_complete(index, status);
1985 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SIMPLE_PAIRING_MODE):
1987 hci_send_cmd(dev->sk, OGF_HOST_CTL,
1988 OCF_READ_SIMPLE_PAIRING_MODE, 0, NULL);
1990 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_SIMPLE_PAIRING_MODE):
1991 ptr += sizeof(evt_cmd_complete);
1992 read_simple_pairing_mode_complete(index, ptr);
1994 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_NAME):
1995 ptr += sizeof(evt_cmd_complete);
1996 read_local_name_complete(index, ptr);
1998 case cmd_opcode_pack(OGF_HOST_CTL,
1999 OCF_READ_INQ_RESPONSE_TX_POWER_LEVEL):
2000 ptr += sizeof(evt_cmd_complete);
2001 read_tx_power_complete(index, ptr);
2003 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_OOB_DATA):
2004 ptr += sizeof(evt_cmd_complete);
2005 read_local_oob_data_complete(index, status, ptr);
2010 static inline void remote_name_information(int index, void *ptr)
2012 struct dev_info *dev = &devs[index];
2013 evt_remote_name_req_complete *evt = ptr;
2014 struct btd_adapter *adapter;
2015 char name[MAX_NAME_LENGTH + 1];
2016 struct found_dev *found;
2020 DBG("hci%d status %u", index, evt->status);
2022 memset(name, 0, sizeof(name));
2024 if (evt->status == 0) {
2025 memcpy(name, evt->name, MAX_NAME_LENGTH);
2026 btd_event_remote_name(&dev->bdaddr, &evt->bdaddr, name);
2029 adapter = manager_find_adapter_by_id(index);
2031 error("No matching adapter found");
2035 match = g_slist_find_custom(dev->need_name, &evt->bdaddr,
2040 found = match->data;
2041 found->name_state = NAME_NOT_NEEDED;
2043 dev->need_name = g_slist_remove_link(dev->need_name, match);
2045 match->next = dev->found_devs;
2046 dev->found_devs = match;
2047 dev->found_devs = g_slist_sort(dev->found_devs, found_dev_rssi_cmp);
2049 if (resolve_names(dev, adapter) < 0)
2050 set_state(index, DISCOV_HALTED);
2053 static inline void remote_version_information(int index, void *ptr)
2055 struct dev_info *dev = &devs[index];
2056 evt_read_remote_version_complete *evt = ptr;
2057 struct bt_conn *conn;
2059 DBG("hci%d status %u", index, evt->status);
2064 conn = find_conn_by_handle(dev, btohs(evt->handle));
2068 write_version_info(&dev->bdaddr, &conn->bdaddr,
2069 btohs(evt->manufacturer), evt->lmp_ver,
2070 btohs(evt->lmp_subver));
2073 static void dev_found(struct dev_info *info, bdaddr_t *dba, uint8_t bdaddr_type,
2074 uint8_t *cod, int8_t rssi, uint8_t cfm_name,
2075 uint8_t *eir, size_t eir_len)
2077 struct found_dev *dev;
2080 match = g_slist_find_custom(info->found_devs, dba, found_dev_bda_cmp);
2081 if (match != NULL) {
2086 dev = g_new0(struct found_dev, 1);
2087 bacpy(&dev->bdaddr, dba);
2090 dev->name_state = NAME_UNKNOWN;
2092 dev->name_state = NAME_NOT_NEEDED;
2094 if (cod && !eir_has_data_type(eir, eir_len, EIR_CLASS_OF_DEV))
2095 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
2098 info->found_devs = g_slist_prepend(info->found_devs, dev);
2101 btd_event_device_found(&info->bdaddr, dba, bdaddr_type, rssi, cfm_name,
2105 static inline void inquiry_result(int index, int plen, void *ptr)
2107 struct dev_info *dev = &devs[index];
2108 uint8_t num = *(uint8_t *) ptr++;
2111 for (i = 0; i < num; i++) {
2112 inquiry_info *info = ptr;
2115 memset(eir, 0, sizeof(eir));
2116 dev_found(dev, &info->bdaddr, BDADDR_BREDR, info->dev_class,
2118 ptr += INQUIRY_INFO_SIZE;
2122 static inline void inquiry_result_with_rssi(int index, int plen, void *ptr)
2124 struct dev_info *dev = &devs[index];
2125 uint8_t num = *(uint8_t *) ptr++;
2132 if ((plen - 1) / num == INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE) {
2133 for (i = 0; i < num; i++) {
2134 inquiry_info_with_rssi_and_pscan_mode *info = ptr;
2136 memset(eir, 0, sizeof(eir));
2137 dev_found(dev, &info->bdaddr, BDADDR_BREDR,
2138 info->dev_class, info->rssi,
2140 ptr += INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE;
2143 for (i = 0; i < num; i++) {
2144 inquiry_info_with_rssi *info = ptr;
2146 memset(eir, 0, sizeof(eir));
2147 dev_found(dev, &info->bdaddr, BDADDR_BREDR,
2148 info->dev_class, info->rssi,
2150 ptr += INQUIRY_INFO_WITH_RSSI_SIZE;
2155 static inline void extended_inquiry_result(int index, int plen, void *ptr)
2157 struct dev_info *dev = &devs[index];
2158 uint8_t num = *(uint8_t *) ptr++;
2161 for (i = 0; i < num; i++) {
2162 extended_inquiry_info *info = ptr;
2163 uint8_t eir[sizeof(info->data) + 5];
2167 eir_len = eir_length(info->data, sizeof(info->data));
2169 memset(eir, 0, sizeof(eir));
2170 memcpy(eir, info->data, eir_len);
2172 if (eir_has_data_type(eir, eir_len, EIR_NAME_COMPLETE))
2177 dev_found(dev, &info->bdaddr, BDADDR_BREDR, info->dev_class,
2178 info->rssi, cfm_name, eir, eir_len);
2179 ptr += EXTENDED_INQUIRY_INFO_SIZE;
2183 static inline void remote_features_information(int index, void *ptr)
2185 struct dev_info *dev = &devs[index];
2186 evt_read_remote_features_complete *evt = ptr;
2187 struct bt_conn *conn;
2189 DBG("hci%d status %u", index, evt->status);
2194 conn = find_conn_by_handle(dev, btohs(evt->handle));
2198 write_features_info(&dev->bdaddr, &conn->bdaddr, evt->features, NULL);
2201 struct remote_version_req {
2206 static gboolean __get_remote_version(gpointer user_data)
2208 struct remote_version_req *req = user_data;
2209 struct dev_info *dev = &devs[req->index];
2210 read_remote_version_cp cp;
2212 DBG("hci%d handle %u", req->index, req->handle);
2214 memset(&cp, 0, sizeof(cp));
2215 cp.handle = htobs(req->handle);
2217 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_READ_REMOTE_VERSION,
2218 READ_REMOTE_VERSION_CP_SIZE, &cp);
2223 static void get_remote_version(int index, uint16_t handle)
2225 struct remote_version_req *req;
2227 req = g_new0(struct remote_version_req, 1);
2228 req->handle = handle;
2231 g_timeout_add_seconds_full(G_PRIORITY_DEFAULT, 1, __get_remote_version,
2235 static void conn_free(struct bt_conn *conn)
2237 if (conn->io != NULL) {
2238 g_io_channel_shutdown(conn->io, TRUE, NULL);
2239 g_io_channel_unref(conn->io);
2245 static inline void conn_failed(int index, bdaddr_t *bdaddr, uint8_t status)
2247 struct dev_info *dev = &devs[index];
2248 struct bt_conn *conn;
2250 btd_event_conn_failed(&dev->bdaddr, bdaddr, status);
2252 conn = find_connection(dev, bdaddr);
2256 bonding_complete(dev, conn, status);
2258 dev->connections = g_slist_remove(dev->connections, conn);
2262 static inline void conn_complete(int index, void *ptr)
2264 struct dev_info *dev = &devs[index];
2265 evt_conn_complete *evt = ptr;
2266 char filename[PATH_MAX];
2267 char local_addr[18], peer_addr[18], *str;
2268 struct bt_conn *conn;
2270 if (evt->link_type != ACL_LINK)
2273 DBG("status 0x%02x", evt->status);
2275 if (evt->status != 0) {
2276 conn_failed(index, &evt->bdaddr, evt->status);
2280 conn = get_connection(dev, &evt->bdaddr);
2281 conn->handle = btohs(evt->handle);
2283 btd_event_conn_complete(&dev->bdaddr, &evt->bdaddr, BDADDR_BREDR,
2287 bonding_complete(dev, conn, 0);
2289 /* check if the remote version needs be requested */
2290 ba2str(&dev->bdaddr, local_addr);
2291 ba2str(&evt->bdaddr, peer_addr);
2293 create_name(filename, sizeof(filename), STORAGEDIR, local_addr,
2296 str = textfile_get(filename, peer_addr);
2298 get_remote_version(index, btohs(evt->handle));
2303 static inline uint8_t le_addr_type(uint8_t bdaddr_type)
2305 switch (bdaddr_type) {
2306 case LE_RANDOM_ADDRESS:
2307 return BDADDR_LE_RANDOM;
2308 case LE_PUBLIC_ADDRESS:
2310 return BDADDR_LE_PUBLIC;
2314 static inline void le_conn_complete(int index, void *ptr)
2316 struct dev_info *dev = &devs[index];
2317 evt_le_connection_complete *evt = ptr;
2318 char filename[PATH_MAX];
2319 char local_addr[18], peer_addr[18], *str;
2320 struct bt_conn *conn;
2321 uint8_t bdaddr_type;
2324 btd_event_conn_failed(&dev->bdaddr, &evt->peer_bdaddr,
2329 conn = get_connection(dev, &evt->peer_bdaddr);
2330 conn->handle = btohs(evt->handle);
2332 bdaddr_type = le_addr_type(evt->peer_bdaddr_type);
2333 btd_event_conn_complete(&dev->bdaddr, &evt->peer_bdaddr, bdaddr_type,
2336 /* check if the remote version needs be requested */
2337 ba2str(&dev->bdaddr, local_addr);
2338 ba2str(&evt->peer_bdaddr, peer_addr);
2340 create_name(filename, sizeof(filename), STORAGEDIR, local_addr,
2343 str = textfile_get(filename, peer_addr);
2345 get_remote_version(index, btohs(evt->handle));
2350 static inline void disconn_complete(int index, void *ptr)
2352 struct dev_info *dev = &devs[index];
2353 evt_disconn_complete *evt = ptr;
2354 struct bt_conn *conn;
2356 DBG("handle %u status 0x%02x", btohs(evt->handle), evt->status);
2358 if (evt->status != 0)
2361 conn = find_conn_by_handle(dev, btohs(evt->handle));
2365 dev->connections = g_slist_remove(dev->connections, conn);
2367 btd_event_disconn_complete(&dev->bdaddr, &conn->bdaddr);
2372 static inline void auth_complete(int index, void *ptr)
2374 struct dev_info *dev = &devs[index];
2375 evt_auth_complete *evt = ptr;
2376 struct bt_conn *conn;
2378 DBG("hci%d status %u", index, evt->status);
2380 conn = find_conn_by_handle(dev, btohs(evt->handle));
2384 bonding_complete(dev, conn, evt->status);
2387 static inline void simple_pairing_complete(int index, void *ptr)
2389 struct dev_info *dev = &devs[index];
2390 evt_simple_pairing_complete *evt = ptr;
2392 DBG("hci%d status %u", index, evt->status);
2394 btd_event_simple_pairing_complete(&dev->bdaddr, &evt->bdaddr,
2398 static inline void conn_request(int index, void *ptr)
2400 struct dev_info *dev = &devs[index];
2401 evt_conn_request *evt = ptr;
2402 uint32_t class = evt->dev_class[0] | (evt->dev_class[1] << 8)
2403 | (evt->dev_class[2] << 16);
2405 btd_event_remote_class(&dev->bdaddr, &evt->bdaddr, class);
2408 static inline void le_advertising_report(int index, evt_le_meta_event *meta)
2410 struct dev_info *dev = &devs[index];
2411 le_advertising_info *info;
2412 uint8_t num_reports, rssi;
2413 const uint8_t RSSI_SIZE = 1;
2415 num_reports = meta->data[0];
2417 info = (le_advertising_info *) &meta->data[1];
2418 rssi = *(info->data + info->length);
2420 dev_found(dev, &info->bdaddr, le_addr_type(info->bdaddr_type), NULL,
2421 rssi, 0, info->data, info->length);
2425 while (num_reports--) {
2426 info = (le_advertising_info *) (info->data + info->length +
2428 rssi = *(info->data + info->length);
2430 dev_found(dev, &info->bdaddr, le_addr_type(info->bdaddr_type),
2431 NULL, rssi, 0, info->data, info->length);
2435 static inline void le_metaevent(int index, void *ptr)
2437 evt_le_meta_event *meta = ptr;
2439 DBG("hci%d LE Meta Event %u", index, meta->subevent);
2441 switch (meta->subevent) {
2442 case EVT_LE_ADVERTISING_REPORT:
2443 le_advertising_report(index, meta);
2446 case EVT_LE_CONN_COMPLETE:
2447 le_conn_complete(index, meta->data);
2452 static void stop_hci_dev(int index)
2454 struct dev_info *dev = &devs[index];
2459 info("Stopping hci%d event socket", index);
2461 if (dev->watch_id > 0)
2462 g_source_remove(dev->watch_id);
2464 if (dev->stop_scan_id > 0)
2465 g_source_remove(dev->stop_scan_id);
2467 if (dev->io != NULL)
2468 g_io_channel_unref(dev->io);
2470 hci_close_dev(dev->sk);
2472 g_slist_free_full(dev->keys, g_free);
2473 g_slist_free_full(dev->uuids, g_free);
2474 g_slist_free_full(dev->connections, g_free);
2476 init_dev_info(index, -1, dev->registered, dev->already_up);
2479 static gboolean io_security_event(GIOChannel *chan, GIOCondition cond,
2482 unsigned char buf[HCI_MAX_EVENT_SIZE], *ptr = buf;
2483 int type, index = GPOINTER_TO_INT(data);
2484 struct dev_info *dev = &devs[index];
2485 struct hci_dev_info di;
2488 evt_cmd_status *evt;
2491 if (cond & (G_IO_NVAL | G_IO_HUP | G_IO_ERR)) {
2492 stop_hci_dev(index);
2496 fd = g_io_channel_unix_get_fd(chan);
2498 len = read(fd, buf, sizeof(buf));
2500 if (errno == EAGAIN)
2502 stop_hci_dev(index);
2508 if (type != HCI_EVENT_PKT)
2511 eh = (hci_event_hdr *) ptr;
2512 ptr += HCI_EVENT_HDR_SIZE;
2514 memset(&di, 0, sizeof(di));
2515 if (hci_devinfo(index, &di) == 0) {
2516 bacpy(&dev->bdaddr, &di.bdaddr);
2518 if (ignore_device(&di))
2523 case EVT_CMD_STATUS:
2524 cmd_status(index, ptr);
2527 case EVT_CMD_COMPLETE:
2528 cmd_complete(index, ptr);
2531 case EVT_REMOTE_NAME_REQ_COMPLETE:
2532 remote_name_information(index, ptr);
2535 case EVT_READ_REMOTE_VERSION_COMPLETE:
2536 remote_version_information(index, ptr);
2539 case EVT_READ_REMOTE_FEATURES_COMPLETE:
2540 remote_features_information(index, ptr);
2543 case EVT_REMOTE_HOST_FEATURES_NOTIFY:
2544 remote_features_notify(index, ptr);
2547 case EVT_INQUIRY_COMPLETE:
2548 evt = (evt_cmd_status *) ptr;
2549 inquiry_complete_evt(index, evt->status);
2552 case EVT_INQUIRY_RESULT:
2553 inquiry_result(index, eh->plen, ptr);
2556 case EVT_INQUIRY_RESULT_WITH_RSSI:
2557 inquiry_result_with_rssi(index, eh->plen, ptr);
2560 case EVT_EXTENDED_INQUIRY_RESULT:
2561 extended_inquiry_result(index, eh->plen, ptr);
2564 case EVT_CONN_COMPLETE:
2565 conn_complete(index, ptr);
2568 case EVT_DISCONN_COMPLETE:
2569 disconn_complete(index, ptr);
2572 case EVT_AUTH_COMPLETE:
2573 auth_complete(index, ptr);
2576 case EVT_SIMPLE_PAIRING_COMPLETE:
2577 simple_pairing_complete(index, ptr);
2580 case EVT_CONN_REQUEST:
2581 conn_request(index, ptr);
2583 case EVT_LE_META_EVENT:
2584 le_metaevent(index, ptr);
2586 case EVT_PIN_CODE_REQ:
2587 pin_code_request(index, (bdaddr_t *) ptr);
2590 case EVT_LINK_KEY_REQ:
2591 link_key_request(index, (bdaddr_t *) ptr);
2594 case EVT_LINK_KEY_NOTIFY:
2595 link_key_notify(index, ptr);
2598 case EVT_RETURN_LINK_KEYS:
2599 return_link_keys(index, ptr);
2602 case EVT_IO_CAPABILITY_REQUEST:
2603 io_capa_request(index, ptr);
2606 case EVT_IO_CAPABILITY_RESPONSE:
2607 io_capa_response(index, ptr);
2610 case EVT_USER_CONFIRM_REQUEST:
2611 user_confirm_request(index, ptr);
2614 case EVT_USER_PASSKEY_REQUEST:
2615 user_passkey_request(index, ptr);
2618 case EVT_USER_PASSKEY_NOTIFY:
2619 user_passkey_notify(index, ptr);
2622 case EVT_REMOTE_OOB_DATA_REQUEST:
2623 remote_oob_data_request(index, (bdaddr_t *) ptr);
2630 static void start_hci_dev(int index)
2632 struct dev_info *dev = &devs[index];
2633 GIOChannel *chan = dev->io;
2635 struct hci_filter flt;
2640 info("Listening for HCI events on hci%d", index);
2643 hci_filter_clear(&flt);
2644 hci_filter_set_ptype(HCI_EVENT_PKT, &flt);
2645 hci_filter_set_event(EVT_CMD_STATUS, &flt);
2646 hci_filter_set_event(EVT_CMD_COMPLETE, &flt);
2647 hci_filter_set_event(EVT_PIN_CODE_REQ, &flt);
2648 hci_filter_set_event(EVT_LINK_KEY_REQ, &flt);
2649 hci_filter_set_event(EVT_LINK_KEY_NOTIFY, &flt);
2650 hci_filter_set_event(EVT_RETURN_LINK_KEYS, &flt);
2651 hci_filter_set_event(EVT_IO_CAPABILITY_REQUEST, &flt);
2652 hci_filter_set_event(EVT_IO_CAPABILITY_RESPONSE, &flt);
2653 hci_filter_set_event(EVT_USER_CONFIRM_REQUEST, &flt);
2654 hci_filter_set_event(EVT_USER_PASSKEY_REQUEST, &flt);
2655 hci_filter_set_event(EVT_REMOTE_OOB_DATA_REQUEST, &flt);
2656 hci_filter_set_event(EVT_USER_PASSKEY_NOTIFY, &flt);
2657 hci_filter_set_event(EVT_KEYPRESS_NOTIFY, &flt);
2658 hci_filter_set_event(EVT_SIMPLE_PAIRING_COMPLETE, &flt);
2659 hci_filter_set_event(EVT_AUTH_COMPLETE, &flt);
2660 hci_filter_set_event(EVT_REMOTE_NAME_REQ_COMPLETE, &flt);
2661 hci_filter_set_event(EVT_READ_REMOTE_VERSION_COMPLETE, &flt);
2662 hci_filter_set_event(EVT_READ_REMOTE_FEATURES_COMPLETE, &flt);
2663 hci_filter_set_event(EVT_REMOTE_HOST_FEATURES_NOTIFY, &flt);
2664 hci_filter_set_event(EVT_INQUIRY_COMPLETE, &flt);
2665 hci_filter_set_event(EVT_INQUIRY_RESULT, &flt);
2666 hci_filter_set_event(EVT_INQUIRY_RESULT_WITH_RSSI, &flt);
2667 hci_filter_set_event(EVT_EXTENDED_INQUIRY_RESULT, &flt);
2668 hci_filter_set_event(EVT_CONN_REQUEST, &flt);
2669 hci_filter_set_event(EVT_CONN_COMPLETE, &flt);
2670 hci_filter_set_event(EVT_DISCONN_COMPLETE, &flt);
2671 hci_filter_set_event(EVT_LE_META_EVENT, &flt);
2672 if (setsockopt(dev->sk, SOL_HCI, HCI_FILTER, &flt, sizeof(flt)) < 0) {
2673 error("Can't set filter on hci%d: %s (%d)",
2674 index, strerror(errno), errno);
2678 chan = g_io_channel_unix_new(dev->sk);
2679 cond = G_IO_IN | G_IO_NVAL | G_IO_HUP | G_IO_ERR;
2680 dev->watch_id = g_io_add_watch_full(chan, G_PRIORITY_LOW, cond,
2682 GINT_TO_POINTER(index), NULL);
2684 dev->pin_length = 0;
2688 /* End of HCI event callbacks */
2690 static gboolean child_exit(GIOChannel *io, GIOCondition cond, void *user_data)
2692 int status, fd = g_io_channel_unix_get_fd(io);
2695 if (read(fd, &child_pid, sizeof(child_pid)) != sizeof(child_pid)) {
2696 error("child_exit: unable to read child pid from pipe");
2700 if (waitpid(child_pid, &status, 0) != child_pid)
2701 error("waitpid(%d) failed", child_pid);
2703 DBG("child %d exited", child_pid);
2708 static void at_child_exit(void)
2710 pid_t pid = getpid();
2712 if (write(child_pipe[1], &pid, sizeof(pid)) != sizeof(pid))
2713 error("unable to write to child pipe");
2716 static void device_devup_setup(int index)
2718 struct dev_info *dev = &devs[index];
2719 struct hci_dev_info di;
2720 read_stored_link_key_cp cp;
2722 DBG("hci%d", index);
2724 if (hci_devinfo(index, &di) < 0)
2727 if (ignore_device(&di))
2730 bacpy(&dev->bdaddr, &di.bdaddr);
2731 memcpy(dev->features, di.features, 8);
2733 if (dev->features[7] & LMP_EXT_FEAT) {
2734 uint8_t page_num = 0x01;
2736 hci_send_cmd(dev->sk, OGF_INFO_PARAM,
2737 OCF_READ_LOCAL_EXT_FEATURES, 1, &page_num);
2740 /* Set page timeout */
2741 if ((main_opts.flags & (1 << HCID_SET_PAGETO))) {
2742 write_page_timeout_cp cp;
2744 cp.timeout = htobs(main_opts.pageto);
2745 hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_PAGE_TIMEOUT,
2746 WRITE_PAGE_TIMEOUT_CP_SIZE, &cp);
2749 bacpy(&cp.bdaddr, BDADDR_ANY);
2751 hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_READ_STORED_LINK_KEY,
2752 READ_STORED_LINK_KEY_CP_SIZE, &cp);
2754 if (!dev->pending) {
2755 init_adapter(index);
2759 /* Even though it shouldn't happen (assuming the kernel behaves
2760 * properly) it seems like we might miss the very first
2761 * initialization commands that the kernel sends. So check for
2762 * it here and resend the ones we haven't seen their results yet */
2764 if (hci_test_bit(PENDING_FEATURES, &dev->pending))
2765 hci_send_cmd(dev->sk, OGF_INFO_PARAM,
2766 OCF_READ_LOCAL_FEATURES, 0, NULL);
2768 if (hci_test_bit(PENDING_VERSION, &dev->pending))
2769 hci_send_cmd(dev->sk, OGF_INFO_PARAM,
2770 OCF_READ_LOCAL_VERSION, 0, NULL);
2772 if (hci_test_bit(PENDING_NAME, &dev->pending))
2773 hci_send_cmd(dev->sk, OGF_HOST_CTL,
2774 OCF_READ_LOCAL_NAME, 0, 0);
2776 if (hci_test_bit(PENDING_BDADDR, &dev->pending))
2777 hci_send_cmd(dev->sk, OGF_INFO_PARAM,
2778 OCF_READ_BD_ADDR, 0, NULL);
2781 static void init_pending(int index)
2783 struct dev_info *dev = &devs[index];
2785 hci_set_bit(PENDING_BDADDR, &dev->pending);
2786 hci_set_bit(PENDING_VERSION, &dev->pending);
2787 hci_set_bit(PENDING_FEATURES, &dev->pending);
2788 hci_set_bit(PENDING_NAME, &dev->pending);
2791 static struct dev_info *init_device(int index, gboolean already_up)
2793 struct dev_info *dev;
2794 struct hci_dev_req dr;
2798 DBG("hci%d", index);
2800 dd = hci_open_dev(index);
2802 error("Unable to open hci%d: %s (%d)", index,
2803 strerror(errno), errno);
2807 if (index > max_dev) {
2809 devs = g_realloc(devs, sizeof(devs[0]) * (max_dev + 1));
2812 dev = init_dev_info(index, dd, FALSE, already_up);
2813 init_pending(index);
2814 start_hci_dev(index);
2816 /* Avoid forking if nothing else has to be done */
2820 /* Do initialization in the separate process */
2824 atexit(at_child_exit);
2827 error("Fork failed. Can't init device hci%d: %s (%d)",
2828 index, strerror(errno), errno);
2830 DBG("child %d forked", pid);
2834 memset(&dr, 0, sizeof(dr));
2838 dr.dev_opt = main_opts.link_mode;
2839 if (ioctl(dd, HCISETLINKMODE, (unsigned long) &dr) < 0)
2840 error("Can't set link mode on hci%d: %s (%d)",
2841 index, strerror(errno), errno);
2843 /* Start HCI device */
2844 if (ioctl(dd, HCIDEVUP, index) < 0 && errno != EALREADY) {
2845 error("Can't init device hci%d: %s (%d)",
2846 index, strerror(errno), errno);
2858 static void init_conn_list(int index)
2860 struct dev_info *dev = &devs[index];
2861 struct hci_conn_list_req *cl;
2862 struct hci_conn_info *ci;
2865 DBG("hci%d", index);
2867 cl = g_malloc0(10 * sizeof(*ci) + sizeof(*cl));
2873 if (ioctl(dev->sk, HCIGETCONNLIST, cl) < 0) {
2874 error("Unable to get connection list: %s (%d)",
2875 strerror(errno), errno);
2879 for (i = 0; i < cl->conn_num; i++, ci++) {
2880 struct bt_conn *conn;
2882 if (ci->type != ACL_LINK)
2885 conn = get_connection(dev, &ci->bdaddr);
2886 conn->handle = ci->handle;
2893 static void device_event(int event, int index)
2897 info("HCI dev %d registered", index);
2898 init_device(index, FALSE);
2902 info("HCI dev %d unregistered", index);
2903 stop_hci_dev(index);
2904 if (devs[index].registered)
2905 btd_manager_unregister_adapter(index);
2909 info("HCI dev %d up", index);
2910 devs[index].up = TRUE;
2911 device_devup_setup(index);
2915 info("HCI dev %d down", index);
2916 devs[index].up = FALSE;
2917 devs[index].pending_cod = 0;
2918 devs[index].cache_enable = TRUE;
2919 devs[index].discov_state = DISCOV_HALTED;
2920 reset_discoverable_timeout(index);
2921 if (!devs[index].pending) {
2922 struct btd_adapter *adapter;
2924 adapter = manager_find_adapter_by_id(index);
2926 btd_adapter_stop(adapter);
2928 init_pending(index);
2934 static gboolean init_known_adapters(gpointer user_data)
2936 struct hci_dev_list_req *dl;
2937 struct hci_dev_req *dr;
2938 int i, err, ctl = GPOINTER_TO_INT(user_data);
2943 req_size = HCI_MAX_DEV * sizeof(struct hci_dev_req) + sizeof(uint16_t);
2945 dl = g_try_malloc0(req_size);
2947 error("Can't allocate devlist buffer");
2951 dl->dev_num = HCI_MAX_DEV;
2954 if (ioctl(ctl, HCIGETDEVLIST, dl) < 0) {
2956 error("Can't get device list: %s (%d)", strerror(-err), -err);
2961 for (i = 0; i < dl->dev_num; i++, dr++) {
2962 struct dev_info *dev;
2963 gboolean already_up;
2965 already_up = hci_test_bit(HCI_UP, &dr->dev_opt);
2967 dev = init_device(dr->dev_id, already_up);
2971 if (!dev->already_up)
2974 init_conn_list(dr->dev_id);
2977 hci_set_bit(PENDING_VERSION, &dev->pending);
2978 hci_send_cmd(dev->sk, OGF_INFO_PARAM,
2979 OCF_READ_LOCAL_VERSION, 0, NULL);
2980 device_event(HCI_DEV_UP, dr->dev_id);
2988 static gboolean io_stack_event(GIOChannel *chan, GIOCondition cond,
2991 unsigned char buf[HCI_MAX_FRAME_SIZE], *ptr;
2992 evt_stack_internal *si;
3000 fd = g_io_channel_unix_get_fd(chan);
3002 len = read(fd, buf, sizeof(buf));
3004 if (errno == EAGAIN)
3007 error("Read from control socket failed: %s (%d)",
3008 strerror(errno), errno);
3014 if (type != HCI_EVENT_PKT)
3017 eh = (hci_event_hdr *) ptr;
3018 if (eh->evt != EVT_STACK_INTERNAL)
3021 ptr += HCI_EVENT_HDR_SIZE;
3023 si = (evt_stack_internal *) ptr;
3026 sd = (void *) &si->data;
3027 device_event(sd->event, sd->dev_id);
3034 static int hciops_setup(void)
3036 struct sockaddr_hci addr;
3037 struct hci_filter flt;
3038 GIOChannel *ctl_io, *child_io;
3043 if (child_pipe[0] != -1)
3046 if (pipe(child_pipe) < 0) {
3048 error("pipe(): %s (%d)", strerror(-err), -err);
3052 child_io = g_io_channel_unix_new(child_pipe[0]);
3053 g_io_channel_set_close_on_unref(child_io, TRUE);
3054 child_io_id = g_io_add_watch(child_io,
3055 G_IO_IN | G_IO_ERR | G_IO_HUP | G_IO_NVAL,
3057 g_io_channel_unref(child_io);
3059 /* Create and bind HCI socket */
3060 sock = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI);
3063 error("Can't open HCI socket: %s (%d)", strerror(-err),
3069 hci_filter_clear(&flt);
3070 hci_filter_set_ptype(HCI_EVENT_PKT, &flt);
3071 hci_filter_set_event(EVT_STACK_INTERNAL, &flt);
3072 if (setsockopt(sock, SOL_HCI, HCI_FILTER, &flt, sizeof(flt)) < 0) {
3074 error("Can't set filter: %s (%d)", strerror(-err), -err);
3078 memset(&addr, 0, sizeof(addr));
3079 addr.hci_family = AF_BLUETOOTH;
3080 addr.hci_dev = HCI_DEV_NONE;
3081 if (bind(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
3083 error("Can't bind HCI socket: %s (%d)", strerror(-err), -err);
3087 ctl_io = g_io_channel_unix_new(sock);
3088 g_io_channel_set_close_on_unref(ctl_io, TRUE);
3090 ctl_io_id = g_io_add_watch(ctl_io, G_IO_IN, io_stack_event, NULL);
3092 g_io_channel_unref(ctl_io);
3094 g_idle_add(init_known_adapters, GINT_TO_POINTER(sock));
3099 static void hciops_cleanup(void)
3105 for (i = 0; i <= max_dev; i++)
3113 g_source_remove(child_io_id);
3118 g_source_remove(ctl_io_id);
3122 if (child_pipe[0] >= 0) {
3123 close(child_pipe[0]);
3127 if (child_pipe[1] >= 0) {
3128 close(child_pipe[1]);
3133 static int hciops_set_powered(int index, gboolean powered)
3135 struct dev_info *dev = &devs[index];
3138 DBG("hci%d powered %d", index, powered);
3140 if (powered == FALSE)
3141 return hciops_power_off(index);
3143 if (ioctl(dev->sk, HCIDEVUP, index) == 0)
3146 if (errno == EALREADY)
3150 error("Can't init device hci%d: %s (%d)",
3151 index, strerror(-err), -err);
3156 static int start_inquiry(int index, uint8_t length)
3158 struct dev_info *dev = &devs[index];
3159 uint8_t lap[3] = { 0x33, 0x8b, 0x9e };
3162 DBG("hci%d length %u", index, length);
3164 memset(&inq_cp, 0, sizeof(inq_cp));
3165 memcpy(&inq_cp.lap, lap, 3);
3166 inq_cp.length = length;
3167 inq_cp.num_rsp = 0x00;
3169 if (hci_send_cmd(dev->sk, OGF_LINK_CTL,
3170 OCF_INQUIRY, INQUIRY_CP_SIZE, &inq_cp) < 0)
3176 static int le_set_scan_enable(int index, uint8_t enable)
3178 struct dev_info *dev = &devs[index];
3179 le_set_scan_enable_cp cp;
3181 DBG("hci%d enable %u", index, enable);
3183 memset(&cp, 0, sizeof(cp));
3187 if (hci_send_cmd(dev->sk, OGF_LE_CTL, OCF_LE_SET_SCAN_ENABLE,
3188 LE_SET_SCAN_ENABLE_CP_SIZE, &cp) < 0)
3194 static gboolean stop_le_scan_cb(gpointer user_data)
3196 struct dev_info *dev = user_data;
3199 err = le_set_scan_enable(dev->id, 0);
3203 dev->stop_scan_id = 0;
3208 static int start_scanning(int index, int timeout)
3210 struct dev_info *dev = &devs[index];
3211 le_set_scan_parameters_cp cp;
3214 DBG("hci%d", index);
3216 memset(&cp, 0, sizeof(cp));
3217 cp.type = 0x01; /* Active scanning */
3218 /* The recommended value for scan interval and window is 11.25 msec.
3219 * It is calculated by: time = n * 0.625 msec */
3220 cp.interval = htobs(0x0012);
3221 cp.window = htobs(0x0012);
3222 cp.own_bdaddr_type = 0; /* Public address */
3223 cp.filter = 0; /* Accept all adv packets */
3225 if (hci_send_cmd(dev->sk, OGF_LE_CTL, OCF_LE_SET_SCAN_PARAMETERS,
3226 LE_SET_SCAN_PARAMETERS_CP_SIZE, &cp) < 0)
3229 err = le_set_scan_enable(index, 1);
3233 /* Schedule a le scan disable in 'timeout' milliseconds */
3234 dev->stop_scan_id = g_timeout_add(timeout, stop_le_scan_cb, dev);
3239 static int hciops_stop_scanning(int index)
3241 struct dev_info *dev = &devs[index];
3243 DBG("hci%d", index);
3245 if (dev->stop_scan_id > 0) {
3246 g_source_remove(dev->stop_scan_id);
3247 dev->stop_scan_id = 0;
3250 return le_set_scan_enable(index, 0);
3253 static int cancel_resolve_name(int index)
3255 struct dev_info *info = &devs[index];
3256 struct found_dev *dev;
3257 remote_name_req_cancel_cp cp;
3258 struct btd_adapter *adapter;
3260 DBG("hci%d", index);
3262 if (g_slist_length(info->need_name) == 0)
3265 dev = info->need_name->data;
3266 if (dev->name_state != NAME_PENDING)
3269 memset(&cp, 0, sizeof(cp));
3270 bacpy(&cp.bdaddr, &dev->bdaddr);
3272 adapter = manager_find_adapter_by_id(index);
3274 adapter_set_discovering(adapter, FALSE);
3276 found_dev_cleanup(info);
3278 if (hci_send_cmd(info->sk, OGF_LINK_CTL, OCF_REMOTE_NAME_REQ_CANCEL,
3279 REMOTE_NAME_REQ_CANCEL_CP_SIZE, &cp) < 0)
3285 static int hciops_start_discovery(int index)
3287 int adapter_type = get_adapter_type(index);
3289 DBG("hci%u", index);
3291 switch (adapter_type) {
3293 return start_inquiry(index, LENGTH_BR_LE_INQ);
3295 return start_inquiry(index, LENGTH_BR_INQ);
3297 return start_scanning(index, TIMEOUT_LE_SCAN);
3303 static int hciops_stop_discovery(int index)
3305 struct dev_info *dev = &devs[index];
3307 DBG("index %d", index);
3309 switch (dev->discov_state) {
3311 return hciops_stop_inquiry(index);
3313 return hciops_stop_scanning(index);
3315 cancel_resolve_name(index);
3321 static int hciops_set_fast_connectable(int index, gboolean enable)
3323 struct dev_info *dev = &devs[index];
3324 write_page_activity_cp cp;
3327 DBG("hci%d enable %d", index, enable);
3330 type = PAGE_SCAN_TYPE_INTERLACED;
3331 cp.interval = 0x0024; /* 22.5 msec page scan interval */
3333 type = PAGE_SCAN_TYPE_STANDARD; /* default */
3334 cp.interval = 0x0800; /* default 1.28 sec page scan */
3337 cp.window = 0x0012; /* default 11.25 msec page scan window */
3339 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_PAGE_ACTIVITY,
3340 WRITE_PAGE_ACTIVITY_CP_SIZE, &cp) < 0)
3342 else if (hci_send_cmd(dev->sk, OGF_HOST_CTL,
3343 OCF_WRITE_PAGE_SCAN_TYPE, 1, &type) < 0)
3349 static int hciops_read_clock(int index, bdaddr_t *bdaddr, int which,
3350 int timeout, uint32_t *clock,
3353 struct dev_info *dev = &devs[index];
3354 uint16_t handle = 0;
3358 ba2str(bdaddr, addr);
3359 DBG("hci%d addr %s which %d timeout %d", index, addr, which, timeout);
3361 ret = get_handle(index, bdaddr, &handle);
3365 if (hci_read_clock(dev->sk, htobs(handle), which, clock, accuracy,
3372 static int hciops_read_bdaddr(int index, bdaddr_t *bdaddr)
3374 struct dev_info *dev = &devs[index];
3376 DBG("hci%d", index);
3378 bacpy(bdaddr, &dev->bdaddr);
3383 static int hciops_block_device(int index, bdaddr_t *bdaddr,
3384 uint8_t bdaddr_type)
3386 struct dev_info *dev = &devs[index];
3389 ba2str(bdaddr, addr);
3390 DBG("hci%d dba %s", index, addr);
3392 if (ioctl(dev->sk, HCIBLOCKADDR, bdaddr) < 0)
3398 static int hciops_unblock_device(int index, bdaddr_t *bdaddr,
3399 uint8_t bdaddr_type)
3401 struct dev_info *dev = &devs[index];
3404 ba2str(bdaddr, addr);
3405 DBG("hci%d dba %s", index, addr);
3407 if (ioctl(dev->sk, HCIUNBLOCKADDR, bdaddr) < 0)
3413 static int hciops_get_conn_list(int index, GSList **conns)
3415 struct dev_info *dev = &devs[index];
3418 DBG("hci%d", index);
3422 for (l = dev->connections; l != NULL; l = g_slist_next(l)) {
3423 struct bt_conn *conn = l->data;
3425 *conns = g_slist_append(*conns,
3426 g_memdup(&conn->bdaddr, sizeof(bdaddr_t)));
3432 static int hciops_disconnect(int index, bdaddr_t *bdaddr, uint8_t bdaddr_type)
3434 DBG("hci%d", index);
3436 return disconnect_addr(index, bdaddr, HCI_OE_USER_ENDED_CONNECTION);
3439 static int hciops_remove_bonding(int index, bdaddr_t *bdaddr,
3440 uint8_t bdaddr_type)
3442 struct dev_info *dev = &devs[index];
3443 delete_stored_link_key_cp cp;
3447 ba2str(bdaddr, addr);
3448 DBG("hci%d dba %s", index, addr);
3450 match = g_slist_find_custom(dev->keys, bdaddr, (GCompareFunc) bacmp);
3452 g_free(match->data);
3453 dev->keys = g_slist_delete_link(dev->keys, match);
3456 memset(&cp, 0, sizeof(cp));
3457 bacpy(&cp.bdaddr, bdaddr);
3459 /* Delete the link key from the Bluetooth chip */
3460 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_DELETE_STORED_LINK_KEY,
3461 DELETE_STORED_LINK_KEY_CP_SIZE, &cp) < 0)
3467 static int hciops_pincode_reply(int index, bdaddr_t *bdaddr, const char *pin,
3470 struct dev_info *dev = &devs[index];
3474 ba2str(bdaddr, addr);
3475 DBG("hci%d dba %s", index, addr);
3478 pin_code_reply_cp pr;
3480 dev->pin_length = pin_len;
3482 memset(&pr, 0, sizeof(pr));
3483 bacpy(&pr.bdaddr, bdaddr);
3484 memcpy(pr.pin_code, pin, pin_len);
3485 pr.pin_len = pin_len;
3486 err = hci_send_cmd(dev->sk, OGF_LINK_CTL,
3488 PIN_CODE_REPLY_CP_SIZE, &pr);
3490 err = hci_send_cmd(dev->sk, OGF_LINK_CTL,
3491 OCF_PIN_CODE_NEG_REPLY, 6, bdaddr);
3499 static int hciops_passkey_reply(int index, bdaddr_t *bdaddr,
3500 uint8_t bdaddr_type, uint32_t passkey)
3502 struct dev_info *dev = &devs[index];
3506 ba2str(bdaddr, addr);
3507 DBG("hci%d dba %s", index, addr);
3509 if (passkey != INVALID_PASSKEY) {
3510 user_passkey_reply_cp cp;
3512 memset(&cp, 0, sizeof(cp));
3513 bacpy(&cp.bdaddr, bdaddr);
3514 cp.passkey = passkey;
3516 err = hci_send_cmd(dev->sk, OGF_LINK_CTL,
3517 OCF_USER_PASSKEY_REPLY,
3518 USER_PASSKEY_REPLY_CP_SIZE, &cp);
3520 err = hci_send_cmd(dev->sk, OGF_LINK_CTL,
3521 OCF_USER_PASSKEY_NEG_REPLY, 6, bdaddr);
3529 static uint8_t generate_service_class(int index)
3531 struct dev_info *dev = &devs[index];
3535 for (l = dev->uuids; l != NULL; l = g_slist_next(l)) {
3536 struct uuid_info *uuid = l->data;
3538 val |= uuid->svc_hint;
3544 static int update_service_classes(int index)
3546 struct dev_info *dev = &devs[index];
3550 value = generate_service_class(index);
3552 DBG("hci%d value %u", index, value);
3554 /* Update only the service class, keep the limited bit,
3555 * major/minor class bits intact */
3556 dev->wanted_cod &= 0x00ffff;
3557 dev->wanted_cod |= (value << 16);
3559 /* If the cache is enabled or an existing CoD write is in progress
3561 if (dev->cache_enable || dev->pending_cod)
3564 /* If we already have the CoD we want, update EIR and return */
3565 if (dev->current_cod == dev->wanted_cod) {
3566 update_ext_inquiry_response(index);
3570 DBG("Changing service classes to 0x%06x", dev->wanted_cod);
3572 err = write_class(index, dev->wanted_cod);
3574 error("Adapter class update failed: %s (%d)",
3575 strerror(-err), -err);
3580 static int hciops_add_uuid(int index, uuid_t *uuid, uint8_t svc_hint)
3582 struct dev_info *dev = &devs[index];
3583 struct uuid_info *info;
3585 DBG("hci%d", index);
3587 info = g_new0(struct uuid_info, 1);
3588 memcpy(&info->uuid, uuid, sizeof(*uuid));
3589 info->svc_hint = svc_hint;
3591 dev->uuids = g_slist_append(dev->uuids, info);
3593 return update_service_classes(index);
3596 static int hciops_remove_uuid(int index, uuid_t *uuid)
3598 struct dev_info *dev = &devs[index];
3601 match = g_slist_find_custom(dev->uuids, uuid, sdp_uuid_cmp);
3603 g_free(match->data);
3604 dev->uuids = g_slist_delete_link(dev->uuids, match);
3607 DBG("hci%d", index);
3609 return update_service_classes(index);
3612 static int hciops_disable_cod_cache(int index)
3614 struct dev_info *dev = &devs[index];
3616 DBG("hci%d cache_enable %d", index, dev->cache_enable);
3618 if (!dev->cache_enable)
3621 DBG("hci%d current_cod 0x%06x wanted_cod 0x%06x", index,
3622 dev->current_cod, dev->wanted_cod);
3624 /* Disable and flush svc cache. All successive service class
3625 * updates * will be written to the device */
3626 dev->cache_enable = FALSE;
3628 if (dev->current_cod == dev->wanted_cod) {
3629 update_ext_inquiry_response(index);
3633 return write_class(index, dev->wanted_cod);
3636 static int hciops_restore_powered(int index)
3638 struct dev_info *dev = &devs[index];
3640 if (!dev->already_up && dev->up)
3641 return hciops_power_off(index);
3646 static int hciops_load_keys(int index, GSList *keys, gboolean debug_keys)
3648 struct dev_info *dev = &devs[index];
3651 DBG("hci%d keys %d debug_keys %d", index, g_slist_length(keys),
3654 if (dev->keys != NULL)
3657 for (l = keys; l; l = l->next) {
3658 struct link_key_info *orig, *dup;
3662 dup = g_memdup(orig, sizeof(*orig));
3664 dev->keys = g_slist_prepend(dev->keys, dup);
3667 dev->debug_keys = debug_keys;
3672 static int hciops_set_io_capability(int index, uint8_t io_capability)
3674 struct dev_info *dev = &devs[index];
3676 /* hciops is not to be used for SMP pairing for LE devices. So
3677 * change the IO capability from KeyboardDisplay to DisplayYesNo
3678 * in case it is set. */
3679 dev->io_capability = (io_capability == 0x04) ? 0x01 : io_capability;
3684 static int request_authentication(int index, bdaddr_t *bdaddr)
3686 struct dev_info *dev = &devs[index];
3687 auth_requested_cp cp;
3691 DBG("hci%d", index);
3693 err = get_handle(index, bdaddr, &handle);
3697 memset(&cp, 0, sizeof(cp));
3698 cp.handle = htobs(handle);
3700 if (hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_AUTH_REQUESTED,
3701 AUTH_REQUESTED_CP_SIZE, &cp) < 0)
3707 static void bonding_connect_cb(GIOChannel *io, GError *err, gpointer user_data)
3709 struct bt_conn *conn = user_data;
3710 struct dev_info *dev = conn->dev;
3714 g_io_channel_shutdown(io, TRUE, NULL);
3719 /* Wait proper error to be propagated by bonding complete */
3722 if (request_authentication(dev->id, &conn->bdaddr) < 0)
3728 bonding_complete(dev, conn, HCI_UNSPECIFIED_ERROR);
3731 static int hciops_create_bonding(int index, bdaddr_t *bdaddr,
3732 uint8_t bdaddr_type, uint8_t io_cap)
3734 struct dev_info *dev = &devs[index];
3735 BtIOSecLevel sec_level;
3736 struct bt_conn *conn;
3739 conn = get_connection(dev, bdaddr);
3741 if (conn->io != NULL)
3744 /* hciops is not to be used for SMP pairing for LE devices. So
3745 * change the IO capability from KeyboardDisplay to DisplayYesNo
3746 * in case it is set. */
3747 conn->loc_cap = (io_cap == 0x04 ? 0x01 : io_cap);
3749 /* If our IO capability is NoInputNoOutput use medium security
3750 * level (i.e. don't require MITM protection) else use high
3753 sec_level = BT_IO_SEC_MEDIUM;
3755 sec_level = BT_IO_SEC_HIGH;
3757 conn->io = bt_io_connect(BT_IO_L2RAW, bonding_connect_cb, conn,
3759 BT_IO_OPT_SOURCE_BDADDR, &dev->bdaddr,
3760 BT_IO_OPT_DEST_BDADDR, bdaddr,
3761 BT_IO_OPT_SEC_LEVEL, sec_level,
3763 if (conn->io == NULL) {
3764 error("bt_io_connect: %s", err->message);
3769 conn->bonding_initiator = TRUE;
3774 static int hciops_cancel_bonding(int index, bdaddr_t *bdaddr)
3776 struct dev_info *dev = &devs[index];
3777 struct bt_conn *conn;
3779 DBG("hci%d", index);
3781 conn = find_connection(dev, bdaddr);
3782 if (conn == NULL || conn->io == NULL)
3785 g_io_channel_shutdown(conn->io, TRUE, NULL);
3786 g_io_channel_unref(conn->io);
3792 static int hciops_read_local_oob_data(int index)
3794 struct dev_info *dev = &devs[index];
3796 DBG("hci%d", index);
3798 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_READ_LOCAL_OOB_DATA, 0, 0)
3805 static int hciops_add_remote_oob_data(int index, bdaddr_t *bdaddr,
3806 uint8_t *hash, uint8_t *randomizer)
3809 struct dev_info *dev = &devs[index];
3811 struct oob_data *data;
3813 ba2str(bdaddr, addr);
3814 DBG("hci%d bdaddr %s", index, addr);
3816 match = g_slist_find_custom(dev->oob_data, bdaddr, oob_bdaddr_cmp);
3821 data = g_new(struct oob_data, 1);
3822 bacpy(&data->bdaddr, bdaddr);
3823 dev->oob_data = g_slist_prepend(dev->oob_data, data);
3826 memcpy(data->hash, hash, sizeof(data->hash));
3827 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
3832 static int hciops_remove_remote_oob_data(int index, bdaddr_t *bdaddr)
3835 struct dev_info *dev = &devs[index];
3838 ba2str(bdaddr, addr);
3839 DBG("hci%d bdaddr %s", index, addr);
3841 match = g_slist_find_custom(dev->oob_data, bdaddr, oob_bdaddr_cmp);
3846 g_free(match->data);
3847 dev->oob_data = g_slist_delete_link(dev->oob_data, match);
3852 static int hciops_confirm_name(int index, bdaddr_t *bdaddr,
3853 uint8_t bdaddr_type, gboolean name_known)
3855 struct dev_info *info = &devs[index];
3856 struct found_dev *dev;
3860 ba2str(bdaddr, addr);
3861 DBG("hci%u %s name_known %u", index, addr, name_known);
3863 match = g_slist_find_custom(info->found_devs, bdaddr,
3871 dev->name_state = NAME_NOT_NEEDED;
3872 info->found_devs = g_slist_sort(info->found_devs,
3873 found_dev_rssi_cmp);
3877 dev->name_state = NAME_NEEDED;
3878 info->found_devs = g_slist_remove_link(info->found_devs, match);
3880 match->next = info->need_name;
3881 info->need_name = match;
3882 info->need_name = g_slist_sort(info->need_name, found_dev_rssi_cmp);
3887 static int hciops_load_ltks(int index, GSList *keys)
3892 static struct btd_adapter_ops hci_ops = {
3893 .setup = hciops_setup,
3894 .cleanup = hciops_cleanup,
3895 .set_powered = hciops_set_powered,
3896 .set_discoverable = hciops_set_discoverable,
3897 .set_pairable = hciops_set_pairable,
3898 .start_discovery = hciops_start_discovery,
3899 .stop_discovery = hciops_stop_discovery,
3900 .set_name = hciops_set_name,
3901 .set_dev_class = hciops_set_dev_class,
3902 .set_fast_connectable = hciops_set_fast_connectable,
3903 .read_clock = hciops_read_clock,
3904 .read_bdaddr = hciops_read_bdaddr,
3905 .block_device = hciops_block_device,
3906 .unblock_device = hciops_unblock_device,
3907 .get_conn_list = hciops_get_conn_list,
3908 .disconnect = hciops_disconnect,
3909 .remove_bonding = hciops_remove_bonding,
3910 .pincode_reply = hciops_pincode_reply,
3911 .confirm_reply = hciops_confirm_reply,
3912 .passkey_reply = hciops_passkey_reply,
3913 .encrypt_link = hciops_encrypt_link,
3914 .set_did = hciops_set_did,
3915 .add_uuid = hciops_add_uuid,
3916 .remove_uuid = hciops_remove_uuid,
3917 .disable_cod_cache = hciops_disable_cod_cache,
3918 .restore_powered = hciops_restore_powered,
3919 .load_keys = hciops_load_keys,
3920 .set_io_capability = hciops_set_io_capability,
3921 .create_bonding = hciops_create_bonding,
3922 .cancel_bonding = hciops_cancel_bonding,
3923 .read_local_oob_data = hciops_read_local_oob_data,
3924 .add_remote_oob_data = hciops_add_remote_oob_data,
3925 .remove_remote_oob_data = hciops_remove_remote_oob_data,
3926 .confirm_name = hciops_confirm_name,
3927 .load_ltks = hciops_load_ltks,
3930 static int hciops_init(void)
3933 #ifdef __TIZEN_PATCH__
3934 return btd_register_adapter_ops(&hci_ops, TRUE);
3936 return btd_register_adapter_ops(&hci_ops, FALSE);
3940 static void hciops_exit(void)
3943 btd_adapter_cleanup_ops(&hci_ops);
3946 BLUETOOTH_PLUGIN_DEFINE(hciops, VERSION,
3947 BLUETOOTH_PLUGIN_PRIORITY_LOW, hciops_init, hciops_exit)