3 * BlueZ - Bluetooth protocol stack for Linux
5 * Copyright (C) 2011-2012 Intel Corporation
6 * Copyright (C) 2004-2010 Marcel Holtmann <marcel@holtmann.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
41 #include <sys/socket.h>
45 #include <arpa/inet.h>
47 #include "src/shared/util.h"
48 #include "src/shared/mainloop.h"
49 #include "src/shared/ecc.h"
50 #include "monitor/bt.h"
52 #define HCI_BREDR 0x00
57 sa_family_t hci_family;
58 unsigned short hci_dev;
59 unsigned short hci_channel;
61 #define HCI_CHANNEL_USER 1
63 static uint16_t hci_index = 0;
64 static bool client_active = false;
65 static bool debug_enabled = false;
66 static bool emulate_ecc = false;
68 static void hexdump_print(const char *str, void *user_data)
70 printf("%s%s\n", (char *) user_data, str);
74 /* Receive commands, ACL and SCO data */
76 uint8_t host_buf[4096];
80 /* Receive events, ACL and SCO data */
82 uint8_t dev_buf[4096];
87 uint8_t event_mask[8];
88 uint8_t local_sk256[32];
91 static bool write_packet(int fd, const void *data, size_t size,
97 written = write(fd, data, size);
99 if (errno == EAGAIN || errno == EINTR)
105 util_hexdump('<', data, written, hexdump_print,
115 static void host_write_packet(struct proxy *proxy, void *buf, uint16_t len)
117 if (!write_packet(proxy->dev_fd, buf, len, "D: ")) {
118 fprintf(stderr, "Write to device descriptor failed\n");
119 mainloop_remove_fd(proxy->dev_fd);
123 static void dev_write_packet(struct proxy *proxy, void *buf, uint16_t len)
125 if (!write_packet(proxy->host_fd, buf, len, "H: ")) {
126 fprintf(stderr, "Write to host descriptor failed\n");
127 mainloop_remove_fd(proxy->host_fd);
131 static void cmd_status(struct proxy *proxy, uint8_t status, uint16_t opcode)
133 size_t buf_size = 1 + sizeof(struct bt_hci_evt_hdr) +
134 sizeof(struct bt_hci_evt_cmd_status);
135 void *buf = alloca(buf_size);
136 struct bt_hci_evt_hdr *hdr = buf + 1;
137 struct bt_hci_evt_cmd_status *cs = buf + 1 + sizeof(*hdr);
139 *((uint8_t *) buf) = BT_H4_EVT_PKT;
141 hdr->evt = BT_HCI_EVT_CMD_STATUS;
142 hdr->plen = sizeof(*cs);
146 cs->opcode = cpu_to_le16(opcode);
148 dev_write_packet(proxy, buf, buf_size);
151 static void le_meta_event(struct proxy *proxy, uint8_t event,
152 void *data, uint8_t len)
154 size_t buf_size = 1 + sizeof(struct bt_hci_evt_hdr) + 1 + len;
155 void *buf = alloca(buf_size);
156 struct bt_hci_evt_hdr *hdr = buf + 1;
158 *((uint8_t *) buf) = BT_H4_EVT_PKT;
160 hdr->evt = BT_HCI_EVT_LE_META_EVENT;
163 *((uint8_t *) (buf + 1 + sizeof(*hdr))) = event;
166 memcpy(buf + 1 + sizeof(*hdr) + 1, data, len);
168 dev_write_packet(proxy, buf, buf_size);
171 static void host_emulate_ecc(struct proxy *proxy, void *buf, uint16_t len)
173 uint8_t pkt_type = *((uint8_t *) buf);
174 struct bt_hci_cmd_hdr *hdr = buf + 1;
175 struct bt_hci_cmd_le_set_event_mask *lsem;
176 struct bt_hci_cmd_le_generate_dhkey *lgd;
177 struct bt_hci_evt_le_read_local_pk256_complete lrlpkc;
178 struct bt_hci_evt_le_generate_dhkey_complete lgdc;
180 if (pkt_type != BT_H4_CMD_PKT) {
181 host_write_packet(proxy, buf, len);
185 switch (le16_to_cpu(hdr->opcode)) {
186 case BT_HCI_CMD_LE_SET_EVENT_MASK:
187 lsem = buf + 1 + sizeof(*hdr);
188 memcpy(proxy->event_mask, lsem->mask, 8);
190 lsem->mask[0] &= ~0x80; /* P-256 Public Key Complete */
191 lsem->mask[1] &= ~0x01; /* Generate DHKey Complete */
193 host_write_packet(proxy, buf, len);
196 case BT_HCI_CMD_LE_READ_LOCAL_PK256:
197 if (!ecc_make_key(lrlpkc.local_pk256, proxy->local_sk256)) {
198 cmd_status(proxy, BT_HCI_ERR_COMMAND_DISALLOWED,
199 BT_HCI_CMD_LE_READ_LOCAL_PK256);
202 cmd_status(proxy, BT_HCI_ERR_SUCCESS,
203 BT_HCI_CMD_LE_READ_LOCAL_PK256);
205 if (!(proxy->event_mask[0] & 0x80))
208 lrlpkc.status = BT_HCI_ERR_SUCCESS;
209 le_meta_event(proxy, BT_HCI_EVT_LE_READ_LOCAL_PK256_COMPLETE,
210 &lrlpkc, sizeof(lrlpkc));
213 case BT_HCI_CMD_LE_GENERATE_DHKEY:
214 lgd = buf + 1 + sizeof(*hdr);
215 if (!ecdh_shared_secret(lgd->remote_pk256, proxy->local_sk256,
217 cmd_status(proxy, BT_HCI_ERR_COMMAND_DISALLOWED,
218 BT_HCI_CMD_LE_GENERATE_DHKEY);
221 cmd_status(proxy, BT_HCI_ERR_SUCCESS,
222 BT_HCI_CMD_LE_GENERATE_DHKEY);
224 if (!(proxy->event_mask[1] & 0x01))
227 lgdc.status = BT_HCI_ERR_SUCCESS;
228 le_meta_event(proxy, BT_HCI_EVT_LE_GENERATE_DHKEY_COMPLETE,
229 &lgdc, sizeof(lgdc));
233 host_write_packet(proxy, buf, len);
238 static void dev_emulate_ecc(struct proxy *proxy, void *buf, uint16_t len)
240 uint8_t pkt_type = *((uint8_t *) buf);
241 struct bt_hci_evt_hdr *hdr = buf + 1;
242 struct bt_hci_evt_cmd_complete *cc;
243 struct bt_hci_rsp_read_local_commands *rlc;
245 if (pkt_type != BT_H4_EVT_PKT) {
246 dev_write_packet(proxy, buf, len);
251 case BT_HCI_EVT_CMD_COMPLETE:
252 cc = buf + 1 + sizeof(*hdr);
254 switch (le16_to_cpu(cc->opcode)) {
255 case BT_HCI_CMD_READ_LOCAL_COMMANDS:
256 rlc = buf + 1 + sizeof(*hdr) + sizeof(*cc);
257 rlc->commands[34] |= 0x02; /* P-256 Public Key */
258 rlc->commands[34] |= 0x04; /* Generate DHKey */
262 dev_write_packet(proxy, buf, len);
266 dev_write_packet(proxy, buf, len);
271 static void host_read_destroy(void *user_data)
273 struct proxy *proxy = user_data;
275 printf("Closing host descriptor\n");
277 if (proxy->host_shutdown)
278 shutdown(proxy->host_fd, SHUT_RDWR);
280 close(proxy->host_fd);
283 if (proxy->dev_fd < 0) {
284 client_active = false;
287 mainloop_remove_fd(proxy->dev_fd);
290 static void host_read_callback(int fd, uint32_t events, void *user_data)
292 struct proxy *proxy = user_data;
293 struct bt_hci_cmd_hdr *cmd_hdr;
294 struct bt_hci_acl_hdr *acl_hdr;
295 struct bt_hci_sco_hdr *sco_hdr;
299 if (events & (EPOLLERR | EPOLLHUP)) {
300 fprintf(stderr, "Error from host descriptor\n");
301 mainloop_remove_fd(proxy->host_fd);
305 if (events & EPOLLRDHUP) {
306 fprintf(stderr, "Remote hangup of host descriptor\n");
307 mainloop_remove_fd(proxy->host_fd);
311 len = read(proxy->host_fd, proxy->host_buf + proxy->host_len,
312 sizeof(proxy->host_buf) - proxy->host_len);
314 if (errno == EAGAIN || errno == EINTR)
317 fprintf(stderr, "Read from host descriptor failed\n");
318 mainloop_remove_fd(proxy->host_fd);
323 util_hexdump('>', proxy->host_buf + proxy->host_len, len,
324 hexdump_print, "H: ");
326 proxy->host_len += len;
329 if (proxy->host_len < 1)
332 switch (proxy->host_buf[0]) {
334 if (proxy->host_len < 1 + sizeof(*cmd_hdr))
337 cmd_hdr = (void *) (proxy->host_buf + 1);
338 pktlen = 1 + sizeof(*cmd_hdr) + cmd_hdr->plen;
341 if (proxy->host_len < 1 + sizeof(*acl_hdr))
344 acl_hdr = (void *) (proxy->host_buf + 1);
345 pktlen = 1 + sizeof(*acl_hdr) + cpu_to_le16(acl_hdr->dlen);
348 if (proxy->host_len < 1 + sizeof(*sco_hdr))
351 sco_hdr = (void *) (proxy->host_buf + 1);
352 pktlen = 1 + sizeof(*sco_hdr) + sco_hdr->dlen;
355 /* Notification packet from /dev/vhci - ignore */
359 fprintf(stderr, "Received unknown host packet type 0x%02x\n",
361 mainloop_remove_fd(proxy->host_fd);
365 if (proxy->host_len < pktlen)
369 host_emulate_ecc(proxy, proxy->host_buf, pktlen);
371 host_write_packet(proxy, proxy->host_buf, pktlen);
373 if (proxy->host_len > pktlen) {
374 memmove(proxy->host_buf, proxy->host_buf + pktlen,
375 proxy->host_len - pktlen);
376 proxy->host_len -= pktlen;
383 static void dev_read_destroy(void *user_data)
385 struct proxy *proxy = user_data;
387 printf("Closing device descriptor\n");
389 if (proxy->dev_shutdown)
390 shutdown(proxy->dev_fd, SHUT_RDWR);
392 close(proxy->dev_fd);
395 if (proxy->host_fd < 0) {
396 client_active = false;
399 mainloop_remove_fd(proxy->host_fd);
402 static void dev_read_callback(int fd, uint32_t events, void *user_data)
404 struct proxy *proxy = user_data;
405 struct bt_hci_evt_hdr *evt_hdr;
406 struct bt_hci_acl_hdr *acl_hdr;
407 struct bt_hci_sco_hdr *sco_hdr;
411 if (events & (EPOLLERR | EPOLLHUP)) {
412 fprintf(stderr, "Error from device descriptor\n");
413 mainloop_remove_fd(proxy->dev_fd);
417 if (events & EPOLLRDHUP) {
418 fprintf(stderr, "Remote hangup of device descriptor\n");
419 mainloop_remove_fd(proxy->host_fd);
423 len = read(proxy->dev_fd, proxy->dev_buf + proxy->dev_len,
424 sizeof(proxy->dev_buf) - proxy->dev_len);
426 if (errno == EAGAIN || errno == EINTR)
429 fprintf(stderr, "Read from device descriptor failed\n");
430 mainloop_remove_fd(proxy->dev_fd);
435 util_hexdump('>', proxy->dev_buf + proxy->dev_len, len,
436 hexdump_print, "D: ");
438 proxy->dev_len += len;
441 if (proxy->dev_len < 1)
444 switch (proxy->dev_buf[0]) {
446 if (proxy->dev_len < 1 + sizeof(*evt_hdr))
449 evt_hdr = (void *) (proxy->dev_buf + 1);
450 pktlen = 1 + sizeof(*evt_hdr) + evt_hdr->plen;
453 if (proxy->dev_len < 1 + sizeof(*acl_hdr))
456 acl_hdr = (void *) (proxy->dev_buf + 1);
457 pktlen = 1 + sizeof(*acl_hdr) + cpu_to_le16(acl_hdr->dlen);
460 if (proxy->dev_len < 1 + sizeof(*sco_hdr))
463 sco_hdr = (void *) (proxy->dev_buf + 1);
464 pktlen = 1 + sizeof(*sco_hdr) + sco_hdr->dlen;
467 fprintf(stderr, "Received unknown device packet type 0x%02x\n",
469 mainloop_remove_fd(proxy->dev_fd);
473 if (proxy->dev_len < pktlen)
477 dev_emulate_ecc(proxy, proxy->dev_buf, pktlen);
479 dev_write_packet(proxy, proxy->dev_buf, pktlen);
481 if (proxy->dev_len > pktlen) {
482 memmove(proxy->dev_buf, proxy->dev_buf + pktlen,
483 proxy->dev_len - pktlen);
484 proxy->dev_len -= pktlen;
491 static bool setup_proxy(int host_fd, bool host_shutdown,
492 int dev_fd, bool dev_shutdown)
496 proxy = new0(struct proxy, 1);
501 printf("Enabling ECC emulation\n");
503 proxy->host_fd = host_fd;
504 proxy->host_shutdown = host_shutdown;
506 proxy->dev_fd = dev_fd;
507 proxy->dev_shutdown = dev_shutdown;
509 mainloop_add_fd(proxy->host_fd, EPOLLIN | EPOLLRDHUP,
510 host_read_callback, proxy, host_read_destroy);
512 mainloop_add_fd(proxy->dev_fd, EPOLLIN | EPOLLRDHUP,
513 dev_read_callback, proxy, dev_read_destroy);
518 static int open_channel(uint16_t index)
520 struct sockaddr_hci addr;
523 printf("Opening user channel for hci%u\n", hci_index);
525 fd = socket(PF_BLUETOOTH, SOCK_RAW | SOCK_CLOEXEC, BTPROTO_HCI);
527 perror("Failed to open Bluetooth socket");
531 memset(&addr, 0, sizeof(addr));
532 addr.hci_family = AF_BLUETOOTH;
533 addr.hci_dev = index;
534 addr.hci_channel = HCI_CHANNEL_USER;
536 if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
538 perror("Failed to bind Bluetooth socket");
545 static void server_callback(int fd, uint32_t events, void *user_data)
548 struct sockaddr common;
549 struct sockaddr_un sun;
550 struct sockaddr_in sin;
555 if (events & (EPOLLERR | EPOLLHUP)) {
560 memset(&addr, 0, sizeof(addr));
563 if (getsockname(fd, &addr.common, &len) < 0) {
564 perror("Failed to get socket name");
568 host_fd = accept(fd, &addr.common, &len);
570 perror("Failed to accept client socket");
575 fprintf(stderr, "Active client already present\n");
580 dev_fd = open_channel(hci_index);
586 printf("New client connected\n");
588 if (!setup_proxy(host_fd, true, dev_fd, false)) {
594 client_active = true;
597 static int open_unix(const char *path)
599 struct sockaddr_un addr;
604 fd = socket(PF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
606 perror("Failed to open Unix server socket");
610 memset(&addr, 0, sizeof(addr));
611 addr.sun_family = AF_UNIX;
612 strcpy(addr.sun_path, path);
614 if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
615 perror("Failed to bind Unix server socket");
620 if (listen(fd, 1) < 0) {
621 perror("Failed to listen Unix server socket");
626 if (chmod(path, 0666) < 0)
627 perror("Failed to change mode");
632 static int open_tcp(const char *address, unsigned int port)
634 struct sockaddr_in addr;
637 fd = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
639 perror("Failed to open TCP server socket");
643 setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
645 memset(&addr, 0, sizeof(addr));
646 addr.sin_family = AF_INET;
647 addr.sin_addr.s_addr = inet_addr(address);
648 addr.sin_port = htons(port);
650 if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
651 perror("Failed to bind TCP server socket");
656 if (listen(fd, 1) < 0) {
657 perror("Failed to listen TCP server socket");
665 static int connect_tcp(const char *address, unsigned int port)
667 struct sockaddr_in addr;
670 fd = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
672 perror("Failed to open TCP client socket");
676 memset(&addr, 0, sizeof(addr));
677 addr.sin_family = AF_INET;
678 addr.sin_addr.s_addr = inet_addr(address);
679 addr.sin_port = htons(port);
681 if (connect(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
682 perror("Failed to connect TCP client socket");
690 static int open_vhci(uint8_t type)
692 uint8_t create_req[2] = { 0xff, type };
696 fd = open("/dev/vhci", O_RDWR | O_CLOEXEC);
698 perror("Failed to open /dev/vhci device");
702 written = write(fd, create_req, sizeof(create_req));
704 perror("Failed to set device type");
712 static void signal_callback(int signum, void *user_data)
722 static void usage(void)
724 printf("btproxy - Bluetooth controller proxy\n"
726 printf("\tbtproxy [options]\n");
728 "\t-c, --connect <address> Connect to server\n"
729 "\t-l, --listen [address] Use TCP server\n"
730 "\t-u, --unix [path] Use Unix server\n"
731 "\t-p, --port <port> Use specified TCP port\n"
732 "\t-i, --index <num> Use specified controller\n"
733 "\t-a, --amp Create AMP controller\n"
734 "\t-e, --ecc Emulate ECC support\n"
735 "\t-d, --debug Enable debugging output\n"
736 "\t-h, --help Show help options\n");
739 static const struct option main_options[] = {
740 { "redirect", no_argument, NULL, 'r' },
741 { "connect", required_argument, NULL, 'c' },
742 { "listen", optional_argument, NULL, 'l' },
743 { "unix", optional_argument, NULL, 'u' },
744 { "port", required_argument, NULL, 'p' },
745 { "index", required_argument, NULL, 'i' },
746 { "amp", no_argument, NULL, 'a' },
747 { "ecc", no_argument, NULL, 'e' },
748 { "debug", no_argument, NULL, 'd' },
749 { "version", no_argument, NULL, 'v' },
750 { "help", no_argument, NULL, 'h' },
754 int main(int argc, char *argv[])
756 const char *connect_address = NULL;
757 const char *server_address = NULL;
758 const char *unix_path = NULL;
759 unsigned short tcp_port = 0xb1ee; /* 45550 */
760 bool use_redirect = false;
761 uint8_t type = HCI_BREDR;
768 opt = getopt_long(argc, argv, "rc:l::u::p:i:aedvh",
778 connect_address = optarg;
782 server_address = optarg;
784 server_address = "0.0.0.0";
790 unix_path = "/tmp/bt-server-bredr";
793 tcp_port = atoi(optarg);
796 if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
800 if (!isdigit(*str)) {
804 hci_index = atoi(str);
813 debug_enabled = true;
816 printf("%s\n", VERSION);
826 if (argc - optind > 0) {
827 fprintf(stderr, "Invalid command line parameters\n");
831 if (unix_path && (server_address || use_redirect)) {
832 fprintf(stderr, "Invalid to specify TCP and Unix servers\n");
836 if (connect_address && (unix_path || server_address || use_redirect)) {
837 fprintf(stderr, "Invalid to specify client and server mode\n");
844 sigaddset(&mask, SIGINT);
845 sigaddset(&mask, SIGTERM);
847 mainloop_set_signal(&mask, signal_callback, NULL, NULL);
849 if (connect_address || use_redirect) {
853 printf("Creating local redirect\n");
855 dev_fd = open_channel(hci_index);
857 printf("Connecting to %s:%u\n", connect_address,
860 dev_fd = connect_tcp(connect_address, tcp_port);
866 printf("Opening virtual device\n");
868 host_fd = open_vhci(type);
874 if (!setup_proxy(host_fd, false, dev_fd, true)) {
883 printf("Listening on %s\n", unix_path);
885 server_fd = open_unix(unix_path);
886 } else if (server_address) {
887 printf("Listening on %s:%u\n", server_address,
890 server_fd = open_tcp(server_address, tcp_port);
892 fprintf(stderr, "Missing emulator device\n");
899 mainloop_add_fd(server_fd, EPOLLIN, server_callback,
903 return mainloop_run();