| 1 | /* $NetBSD: hci_socket.c,v 1.45 2015/12/22 11:40:07 plunky Exp $ */ |
| 2 | |
| 3 | /*- |
| 4 | * Copyright (c) 2005 Iain Hibbert. |
| 5 | * Copyright (c) 2006 Itronix Inc. |
| 6 | * All rights reserved. |
| 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions |
| 10 | * are met: |
| 11 | * 1. Redistributions of source code must retain the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer. |
| 13 | * 2. Redistributions in binary form must reproduce the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer in the |
| 15 | * documentation and/or other materials provided with the distribution. |
| 16 | * 3. The name of Itronix Inc. may not be used to endorse |
| 17 | * or promote products derived from this software without specific |
| 18 | * prior written permission. |
| 19 | * |
| 20 | * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND |
| 21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
| 22 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 23 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY |
| 24 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 25 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| 26 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
| 27 | * ON ANY THEORY OF LIABILITY, WHETHER IN |
| 28 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 29 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| 30 | * POSSIBILITY OF SUCH DAMAGE. |
| 31 | */ |
| 32 | |
| 33 | #include <sys/cdefs.h> |
| 34 | __KERNEL_RCSID(0, "$NetBSD: hci_socket.c,v 1.45 2015/12/22 11:40:07 plunky Exp $" ); |
| 35 | |
| 36 | /* load symbolic names */ |
| 37 | #ifdef BLUETOOTH_DEBUG |
| 38 | #define PRUREQUESTS |
| 39 | #define PRCOREQUESTS |
| 40 | #endif |
| 41 | |
| 42 | #include <sys/param.h> |
| 43 | #include <sys/domain.h> |
| 44 | #include <sys/kauth.h> |
| 45 | #include <sys/kernel.h> |
| 46 | #include <sys/kmem.h> |
| 47 | #include <sys/mbuf.h> |
| 48 | #include <sys/proc.h> |
| 49 | #include <sys/protosw.h> |
| 50 | #include <sys/socket.h> |
| 51 | #include <sys/socketvar.h> |
| 52 | #include <sys/systm.h> |
| 53 | |
| 54 | #include <netbt/bluetooth.h> |
| 55 | #include <netbt/hci.h> |
| 56 | |
| 57 | /******************************************************************************* |
| 58 | * |
| 59 | * HCI SOCK_RAW Sockets - for control of Bluetooth Devices |
| 60 | * |
| 61 | */ |
| 62 | |
| 63 | /* |
| 64 | * the raw HCI protocol control block |
| 65 | */ |
| 66 | struct hci_pcb { |
| 67 | struct socket *hp_socket; /* socket */ |
| 68 | kauth_cred_t hp_cred; /* owner credential */ |
| 69 | unsigned int hp_flags; /* flags */ |
| 70 | bdaddr_t hp_laddr; /* local address */ |
| 71 | bdaddr_t hp_raddr; /* remote address */ |
| 72 | struct hci_filter hp_efilter; /* user event filter */ |
| 73 | struct hci_filter hp_pfilter; /* user packet filter */ |
| 74 | LIST_ENTRY(hci_pcb) hp_next; /* next HCI pcb */ |
| 75 | }; |
| 76 | |
| 77 | /* hp_flags */ |
| 78 | #define HCI_DIRECTION (1<<1) /* direction control messages */ |
| 79 | #define HCI_PROMISCUOUS (1<<2) /* listen to all units */ |
| 80 | |
| 81 | LIST_HEAD(hci_pcb_list, hci_pcb) hci_pcb = LIST_HEAD_INITIALIZER(hci_pcb); |
| 82 | |
| 83 | /* sysctl defaults */ |
| 84 | int hci_sendspace = HCI_CMD_PKT_SIZE; |
| 85 | int hci_recvspace = 4096; |
| 86 | |
| 87 | /* unprivileged commands opcode table */ |
| 88 | static const struct { |
| 89 | uint16_t opcode; |
| 90 | uint8_t offs; /* 0 - 63 */ |
| 91 | uint8_t mask; /* bit 0 - 7 */ |
| 92 | uint8_t length; /* approved length */ |
| 93 | } hci_cmds[] = { |
| 94 | { HCI_CMD_INQUIRY, |
| 95 | 0, 0x01, sizeof(hci_inquiry_cp) }, |
| 96 | { HCI_CMD_REMOTE_NAME_REQ, |
| 97 | 2, 0x08, sizeof(hci_remote_name_req_cp) }, |
| 98 | { HCI_CMD_READ_REMOTE_FEATURES, |
| 99 | 2, 0x20, sizeof(hci_read_remote_features_cp) }, |
| 100 | { HCI_CMD_READ_REMOTE_EXTENDED_FEATURES, |
| 101 | 2, 0x40, sizeof(hci_read_remote_extended_features_cp) }, |
| 102 | { HCI_CMD_READ_REMOTE_VER_INFO, |
| 103 | 2, 0x80, sizeof(hci_read_remote_ver_info_cp) }, |
| 104 | { HCI_CMD_READ_CLOCK_OFFSET, |
| 105 | 3, 0x01, sizeof(hci_read_clock_offset_cp) }, |
| 106 | { HCI_CMD_READ_LMP_HANDLE, |
| 107 | 3, 0x02, sizeof(hci_read_lmp_handle_cp) }, |
| 108 | { HCI_CMD_ROLE_DISCOVERY, |
| 109 | 4, 0x80, sizeof(hci_role_discovery_cp) }, |
| 110 | { HCI_CMD_READ_LINK_POLICY_SETTINGS, |
| 111 | 5, 0x02, sizeof(hci_read_link_policy_settings_cp) }, |
| 112 | { HCI_CMD_READ_DEFAULT_LINK_POLICY_SETTINGS, |
| 113 | 5, 0x08, 0 }, |
| 114 | { HCI_CMD_READ_PIN_TYPE, |
| 115 | 6, 0x04, 0 }, |
| 116 | { HCI_CMD_READ_LOCAL_NAME, |
| 117 | 7, 0x02, 0 }, |
| 118 | { HCI_CMD_READ_CON_ACCEPT_TIMEOUT, |
| 119 | 7, 0x04, 0 }, |
| 120 | { HCI_CMD_READ_PAGE_TIMEOUT, |
| 121 | 7, 0x10, 0 }, |
| 122 | { HCI_CMD_READ_SCAN_ENABLE, |
| 123 | 7, 0x40, 0 }, |
| 124 | { HCI_CMD_READ_PAGE_SCAN_ACTIVITY, |
| 125 | 8, 0x01, 0 }, |
| 126 | { HCI_CMD_READ_INQUIRY_SCAN_ACTIVITY, |
| 127 | 8, 0x04, 0 }, |
| 128 | { HCI_CMD_READ_AUTH_ENABLE, |
| 129 | 8, 0x10, 0 }, |
| 130 | { HCI_CMD_READ_ENCRYPTION_MODE, |
| 131 | 8, 0x40, 0 }, |
| 132 | { HCI_CMD_READ_UNIT_CLASS, |
| 133 | 9, 0x01, 0 }, |
| 134 | { HCI_CMD_READ_VOICE_SETTING, |
| 135 | 9, 0x04, 0 }, |
| 136 | { HCI_CMD_READ_AUTO_FLUSH_TIMEOUT, |
| 137 | 9, 0x10, sizeof(hci_read_auto_flush_timeout_cp) }, |
| 138 | { HCI_CMD_READ_NUM_BROADCAST_RETRANS, |
| 139 | 9, 0x40, 0 }, |
| 140 | { HCI_CMD_READ_HOLD_MODE_ACTIVITY, |
| 141 | 10, 0x01, 0 }, |
| 142 | { HCI_CMD_READ_XMIT_LEVEL, |
| 143 | 10, 0x04, sizeof(hci_read_xmit_level_cp) }, |
| 144 | { HCI_CMD_READ_SCO_FLOW_CONTROL, |
| 145 | 10, 0x08, 0 }, |
| 146 | { HCI_CMD_READ_LINK_SUPERVISION_TIMEOUT, |
| 147 | 11, 0x01, sizeof(hci_read_link_supervision_timeout_cp) }, |
| 148 | { HCI_CMD_READ_NUM_SUPPORTED_IAC, |
| 149 | 11, 0x04, 0 }, |
| 150 | { HCI_CMD_READ_IAC_LAP, |
| 151 | 11, 0x08, 0 }, |
| 152 | { HCI_CMD_READ_PAGE_SCAN_PERIOD, |
| 153 | 11, 0x20, 0 }, |
| 154 | { HCI_CMD_READ_PAGE_SCAN, |
| 155 | 11, 0x80, 0 }, |
| 156 | { HCI_CMD_READ_INQUIRY_SCAN_TYPE, |
| 157 | 12, 0x10, 0 }, |
| 158 | { HCI_CMD_READ_INQUIRY_MODE, |
| 159 | 12, 0x40, 0 }, |
| 160 | { HCI_CMD_READ_PAGE_SCAN_TYPE, |
| 161 | 13, 0x01, 0 }, |
| 162 | { HCI_CMD_READ_AFH_ASSESSMENT, |
| 163 | 13, 0x04, 0 }, |
| 164 | { HCI_CMD_READ_LOCAL_VER, |
| 165 | 14, 0x08, 0 }, |
| 166 | { HCI_CMD_READ_LOCAL_COMMANDS, |
| 167 | 14, 0x10, 0 }, |
| 168 | { HCI_CMD_READ_LOCAL_FEATURES, |
| 169 | 14, 0x20, 0 }, |
| 170 | { HCI_CMD_READ_LOCAL_EXTENDED_FEATURES, |
| 171 | 14, 0x40, sizeof(hci_read_local_extended_features_cp) }, |
| 172 | { HCI_CMD_READ_BUFFER_SIZE, |
| 173 | 14, 0x80, 0 }, |
| 174 | { HCI_CMD_READ_COUNTRY_CODE, |
| 175 | 15, 0x01, 0 }, |
| 176 | { HCI_CMD_READ_BDADDR, |
| 177 | 15, 0x02, 0 }, |
| 178 | { HCI_CMD_READ_FAILED_CONTACT_CNTR, |
| 179 | 15, 0x04, sizeof(hci_read_failed_contact_cntr_cp) }, |
| 180 | { HCI_CMD_READ_LINK_QUALITY, |
| 181 | 15, 0x10, sizeof(hci_read_link_quality_cp) }, |
| 182 | { HCI_CMD_READ_RSSI, |
| 183 | 15, 0x20, sizeof(hci_read_rssi_cp) }, |
| 184 | { HCI_CMD_READ_AFH_CHANNEL_MAP, |
| 185 | 15, 0x40, sizeof(hci_read_afh_channel_map_cp) }, |
| 186 | { HCI_CMD_READ_CLOCK, |
| 187 | 15, 0x80, sizeof(hci_read_clock_cp) }, |
| 188 | { HCI_CMD_READ_LOOPBACK_MODE, |
| 189 | 16, 0x01, 0 }, |
| 190 | { HCI_CMD_READ_EXTENDED_INQUIRY_RSP, |
| 191 | 17, 0x01, 0 }, |
| 192 | { HCI_CMD_READ_SIMPLE_PAIRING_MODE, |
| 193 | 17, 0x20, 0 }, |
| 194 | { HCI_CMD_READ_INQUIRY_RSP_XMIT_POWER, |
| 195 | 18, 0x01, 0 }, |
| 196 | { HCI_CMD_READ_DEFAULT_ERRDATA_REPORTING, |
| 197 | 18, 0x04, 0 }, |
| 198 | }; |
| 199 | |
| 200 | /* |
| 201 | * supply a basic device send/recv policy |
| 202 | */ |
| 203 | static int |
| 204 | hci_device_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, |
| 205 | void *arg0, void *arg1, void *arg2, void *arg3) |
| 206 | { |
| 207 | int i, result; |
| 208 | |
| 209 | result = KAUTH_RESULT_DEFER; |
| 210 | |
| 211 | switch (action) { |
| 212 | case KAUTH_DEVICE_BLUETOOTH_SEND: { |
| 213 | struct hci_unit *unit = (struct hci_unit *)arg0; |
| 214 | hci_cmd_hdr_t *hdr = (hci_cmd_hdr_t *)arg1; |
| 215 | |
| 216 | /* |
| 217 | * Allow sending unprivileged commands if the packet size |
| 218 | * is correct and the unit claims to support it |
| 219 | */ |
| 220 | |
| 221 | if (hdr->type != HCI_CMD_PKT) |
| 222 | break; |
| 223 | |
| 224 | for (i = 0; i < __arraycount(hci_cmds); i++) { |
| 225 | if (hdr->opcode == hci_cmds[i].opcode |
| 226 | && hdr->length == hci_cmds[i].length |
| 227 | && (unit->hci_cmds[hci_cmds[i].offs] & hci_cmds[i].mask)) { |
| 228 | result = KAUTH_RESULT_ALLOW; |
| 229 | break; |
| 230 | } |
| 231 | } |
| 232 | |
| 233 | break; |
| 234 | } |
| 235 | |
| 236 | case KAUTH_DEVICE_BLUETOOTH_RECV: |
| 237 | switch((uint8_t)(uintptr_t)arg0) { |
| 238 | case HCI_CMD_PKT: { |
| 239 | uint16_t opcode = (uint16_t)(uintptr_t)arg1; |
| 240 | |
| 241 | /* |
| 242 | * Allow to see any unprivileged command packet |
| 243 | */ |
| 244 | |
| 245 | for (i = 0; i < __arraycount(hci_cmds); i++) { |
| 246 | if (opcode == hci_cmds[i].opcode) { |
| 247 | result = KAUTH_RESULT_ALLOW; |
| 248 | break; |
| 249 | } |
| 250 | } |
| 251 | |
| 252 | break; |
| 253 | } |
| 254 | |
| 255 | case HCI_EVENT_PKT: { |
| 256 | uint8_t event = (uint8_t)(uintptr_t)arg1; |
| 257 | |
| 258 | /* |
| 259 | * Allow to receive most events |
| 260 | */ |
| 261 | |
| 262 | switch (event) { |
| 263 | case HCI_EVENT_RETURN_LINK_KEYS: |
| 264 | case HCI_EVENT_LINK_KEY_NOTIFICATION: |
| 265 | case HCI_EVENT_USER_CONFIRM_REQ: |
| 266 | case HCI_EVENT_USER_PASSKEY_NOTIFICATION: |
| 267 | case HCI_EVENT_VENDOR: |
| 268 | break; |
| 269 | |
| 270 | default: |
| 271 | result = KAUTH_RESULT_ALLOW; |
| 272 | break; |
| 273 | } |
| 274 | |
| 275 | break; |
| 276 | } |
| 277 | |
| 278 | case HCI_ACL_DATA_PKT: |
| 279 | case HCI_SCO_DATA_PKT: { |
| 280 | /* uint16_t handle = (uint16_t)(uintptr_t)arg1; */ |
| 281 | /* |
| 282 | * don't normally allow receiving data packets |
| 283 | */ |
| 284 | break; |
| 285 | } |
| 286 | |
| 287 | default: |
| 288 | break; |
| 289 | } |
| 290 | |
| 291 | break; |
| 292 | |
| 293 | default: |
| 294 | break; |
| 295 | } |
| 296 | |
| 297 | return result; |
| 298 | } |
| 299 | |
| 300 | /* |
| 301 | * HCI protocol init routine, |
| 302 | * - set up a kauth listener to provide basic packet access policy |
| 303 | */ |
| 304 | void |
| 305 | hci_init(void) |
| 306 | { |
| 307 | |
| 308 | if (kauth_listen_scope(KAUTH_SCOPE_DEVICE, hci_device_cb, NULL) == NULL) |
| 309 | panic("Bluetooth HCI: cannot listen on device scope" ); |
| 310 | } |
| 311 | |
| 312 | /* |
| 313 | * When command packet reaches the device, we can drop |
| 314 | * it from the socket buffer (called from hci_output_acl) |
| 315 | */ |
| 316 | void |
| 317 | hci_drop(void *arg) |
| 318 | { |
| 319 | struct socket *so = arg; |
| 320 | |
| 321 | sbdroprecord(&so->so_snd); |
| 322 | sowwakeup(so); |
| 323 | } |
| 324 | |
| 325 | /* |
| 326 | * HCI socket is going away and has some pending packets. We let them |
| 327 | * go by design, but remove the context pointer as it will be invalid |
| 328 | * and we no longer need to be notified. |
| 329 | */ |
| 330 | static void |
| 331 | hci_cmdwait_flush(struct socket *so) |
| 332 | { |
| 333 | struct hci_unit *unit; |
| 334 | struct socket *ctx; |
| 335 | struct mbuf *m; |
| 336 | |
| 337 | DPRINTF("flushing %p\n" , so); |
| 338 | |
| 339 | SIMPLEQ_FOREACH(unit, &hci_unit_list, hci_next) { |
| 340 | m = MBUFQ_FIRST(&unit->hci_cmdwait); |
| 341 | while (m != NULL) { |
| 342 | ctx = M_GETCTX(m, struct socket *); |
| 343 | if (ctx == so) |
| 344 | M_SETCTX(m, NULL); |
| 345 | |
| 346 | m = MBUFQ_NEXT(m); |
| 347 | } |
| 348 | } |
| 349 | } |
| 350 | |
| 351 | static int |
| 352 | hci_attach(struct socket *so, int proto) |
| 353 | { |
| 354 | struct hci_pcb *pcb; |
| 355 | int error; |
| 356 | |
| 357 | KASSERT(so->so_pcb == NULL); |
| 358 | |
| 359 | if (so->so_lock == NULL) { |
| 360 | mutex_obj_hold(bt_lock); |
| 361 | so->so_lock = bt_lock; |
| 362 | solock(so); |
| 363 | } |
| 364 | KASSERT(solocked(so)); |
| 365 | |
| 366 | error = soreserve(so, hci_sendspace, hci_recvspace); |
| 367 | if (error) { |
| 368 | return error; |
| 369 | } |
| 370 | |
| 371 | pcb = kmem_zalloc(sizeof(struct hci_pcb), KM_SLEEP); |
| 372 | pcb->hp_cred = kauth_cred_dup(curlwp->l_cred); |
| 373 | pcb->hp_socket = so; |
| 374 | |
| 375 | /* |
| 376 | * Set default user filter. By default, socket only passes |
| 377 | * Command_Complete and Command_Status Events. |
| 378 | */ |
| 379 | hci_filter_set(HCI_EVENT_COMMAND_COMPL, &pcb->hp_efilter); |
| 380 | hci_filter_set(HCI_EVENT_COMMAND_STATUS, &pcb->hp_efilter); |
| 381 | hci_filter_set(HCI_EVENT_PKT, &pcb->hp_pfilter); |
| 382 | |
| 383 | LIST_INSERT_HEAD(&hci_pcb, pcb, hp_next); |
| 384 | so->so_pcb = pcb; |
| 385 | |
| 386 | return 0; |
| 387 | } |
| 388 | |
| 389 | static void |
| 390 | hci_detach(struct socket *so) |
| 391 | { |
| 392 | struct hci_pcb *pcb; |
| 393 | |
| 394 | pcb = (struct hci_pcb *)so->so_pcb; |
| 395 | KASSERT(pcb != NULL); |
| 396 | |
| 397 | if (so->so_snd.sb_mb != NULL) |
| 398 | hci_cmdwait_flush(so); |
| 399 | |
| 400 | if (pcb->hp_cred != NULL) |
| 401 | kauth_cred_free(pcb->hp_cred); |
| 402 | |
| 403 | so->so_pcb = NULL; |
| 404 | LIST_REMOVE(pcb, hp_next); |
| 405 | kmem_free(pcb, sizeof(*pcb)); |
| 406 | } |
| 407 | |
| 408 | static int |
| 409 | hci_accept(struct socket *so, struct sockaddr *nam) |
| 410 | { |
| 411 | KASSERT(solocked(so)); |
| 412 | |
| 413 | return EOPNOTSUPP; |
| 414 | } |
| 415 | |
| 416 | static int |
| 417 | hci_bind(struct socket *so, struct sockaddr *nam, struct lwp *l) |
| 418 | { |
| 419 | struct hci_pcb *pcb = so->so_pcb; |
| 420 | struct sockaddr_bt *sa = (struct sockaddr_bt *)nam; |
| 421 | |
| 422 | KASSERT(solocked(so)); |
| 423 | KASSERT(pcb != NULL); |
| 424 | KASSERT(nam != NULL); |
| 425 | |
| 426 | if (sa->bt_len != sizeof(struct sockaddr_bt)) |
| 427 | return EINVAL; |
| 428 | |
| 429 | if (sa->bt_family != AF_BLUETOOTH) |
| 430 | return EAFNOSUPPORT; |
| 431 | |
| 432 | bdaddr_copy(&pcb->hp_laddr, &sa->bt_bdaddr); |
| 433 | |
| 434 | if (bdaddr_any(&sa->bt_bdaddr)) |
| 435 | pcb->hp_flags |= HCI_PROMISCUOUS; |
| 436 | else |
| 437 | pcb->hp_flags &= ~HCI_PROMISCUOUS; |
| 438 | |
| 439 | return 0; |
| 440 | } |
| 441 | |
| 442 | static int |
| 443 | hci_listen(struct socket *so, struct lwp *l) |
| 444 | { |
| 445 | KASSERT(solocked(so)); |
| 446 | |
| 447 | return EOPNOTSUPP; |
| 448 | } |
| 449 | |
| 450 | static int |
| 451 | hci_connect(struct socket *so, struct sockaddr *nam, struct lwp *l) |
| 452 | { |
| 453 | struct hci_pcb *pcb = so->so_pcb; |
| 454 | struct sockaddr_bt *sa = (struct sockaddr_bt *)nam; |
| 455 | |
| 456 | KASSERT(solocked(so)); |
| 457 | KASSERT(pcb != NULL); |
| 458 | KASSERT(nam != NULL); |
| 459 | |
| 460 | if (sa->bt_len != sizeof(struct sockaddr_bt)) |
| 461 | return EINVAL; |
| 462 | |
| 463 | if (sa->bt_family != AF_BLUETOOTH) |
| 464 | return EAFNOSUPPORT; |
| 465 | |
| 466 | if (hci_unit_lookup(&sa->bt_bdaddr) == NULL) |
| 467 | return EADDRNOTAVAIL; |
| 468 | |
| 469 | bdaddr_copy(&pcb->hp_raddr, &sa->bt_bdaddr); |
| 470 | soisconnected(so); |
| 471 | return 0; |
| 472 | } |
| 473 | |
| 474 | static int |
| 475 | hci_connect2(struct socket *so, struct socket *so2) |
| 476 | { |
| 477 | KASSERT(solocked(so)); |
| 478 | |
| 479 | return EOPNOTSUPP; |
| 480 | } |
| 481 | |
| 482 | static int |
| 483 | hci_disconnect(struct socket *so) |
| 484 | { |
| 485 | struct hci_pcb *pcb = so->so_pcb; |
| 486 | |
| 487 | KASSERT(solocked(so)); |
| 488 | KASSERT(pcb != NULL); |
| 489 | |
| 490 | bdaddr_copy(&pcb->hp_raddr, BDADDR_ANY); |
| 491 | |
| 492 | /* XXX we cannot call soisdisconnected() here, as it sets |
| 493 | * SS_CANTRCVMORE and SS_CANTSENDMORE. The problem being, |
| 494 | * that soisconnected() does not clear these and if you |
| 495 | * try to reconnect this socket (which is permitted) you |
| 496 | * get a broken pipe when you try to write any data. |
| 497 | */ |
| 498 | so->so_state &= ~SS_ISCONNECTED; |
| 499 | return 0; |
| 500 | } |
| 501 | |
| 502 | static int |
| 503 | hci_shutdown(struct socket *so) |
| 504 | { |
| 505 | KASSERT(solocked(so)); |
| 506 | |
| 507 | socantsendmore(so); |
| 508 | return 0; |
| 509 | } |
| 510 | |
| 511 | static int |
| 512 | hci_abort(struct socket *so) |
| 513 | { |
| 514 | KASSERT(solocked(so)); |
| 515 | |
| 516 | soisdisconnected(so); |
| 517 | hci_detach(so); |
| 518 | return 0; |
| 519 | } |
| 520 | |
| 521 | static int |
| 522 | hci_ioctl(struct socket *so, u_long cmd, void *nam, struct ifnet *ifp) |
| 523 | { |
| 524 | int err; |
| 525 | mutex_enter(bt_lock); |
| 526 | err = hci_ioctl_pcb(cmd, nam); |
| 527 | mutex_exit(bt_lock); |
| 528 | return err; |
| 529 | } |
| 530 | |
| 531 | static int |
| 532 | hci_stat(struct socket *so, struct stat *ub) |
| 533 | { |
| 534 | KASSERT(solocked(so)); |
| 535 | |
| 536 | return 0; |
| 537 | } |
| 538 | |
| 539 | static int |
| 540 | hci_peeraddr(struct socket *so, struct sockaddr *nam) |
| 541 | { |
| 542 | struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; |
| 543 | struct sockaddr_bt *sa = (struct sockaddr_bt *)nam; |
| 544 | |
| 545 | KASSERT(solocked(so)); |
| 546 | KASSERT(pcb != NULL); |
| 547 | KASSERT(nam != NULL); |
| 548 | |
| 549 | memset(sa, 0, sizeof(struct sockaddr_bt)); |
| 550 | sa->bt_len = sizeof(struct sockaddr_bt); |
| 551 | sa->bt_family = AF_BLUETOOTH; |
| 552 | bdaddr_copy(&sa->bt_bdaddr, &pcb->hp_raddr); |
| 553 | return 0; |
| 554 | } |
| 555 | |
| 556 | static int |
| 557 | hci_sockaddr(struct socket *so, struct sockaddr *nam) |
| 558 | { |
| 559 | struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; |
| 560 | struct sockaddr_bt *sa = (struct sockaddr_bt *)nam; |
| 561 | |
| 562 | KASSERT(solocked(so)); |
| 563 | KASSERT(pcb != NULL); |
| 564 | KASSERT(nam != NULL); |
| 565 | |
| 566 | memset(sa, 0, sizeof(struct sockaddr_bt)); |
| 567 | sa->bt_len = sizeof(struct sockaddr_bt); |
| 568 | sa->bt_family = AF_BLUETOOTH; |
| 569 | bdaddr_copy(&sa->bt_bdaddr, &pcb->hp_laddr); |
| 570 | return 0; |
| 571 | } |
| 572 | |
| 573 | static int |
| 574 | hci_rcvd(struct socket *so, int flags, struct lwp *l) |
| 575 | { |
| 576 | KASSERT(solocked(so)); |
| 577 | |
| 578 | return EOPNOTSUPP; |
| 579 | } |
| 580 | |
| 581 | static int |
| 582 | hci_recvoob(struct socket *so, struct mbuf *m, int flags) |
| 583 | { |
| 584 | KASSERT(solocked(so)); |
| 585 | |
| 586 | return EOPNOTSUPP; |
| 587 | } |
| 588 | |
| 589 | static int |
| 590 | hci_send(struct socket *so, struct mbuf *m, struct sockaddr *nam, |
| 591 | struct mbuf *control, struct lwp *l) |
| 592 | { |
| 593 | struct hci_pcb *pcb = so->so_pcb; |
| 594 | struct sockaddr_bt *sa = (struct sockaddr_bt *)nam; |
| 595 | struct hci_unit *unit; |
| 596 | struct mbuf *m0; |
| 597 | hci_cmd_hdr_t hdr; |
| 598 | int err = 0; |
| 599 | |
| 600 | KASSERT(solocked(so)); |
| 601 | KASSERT(pcb != NULL); |
| 602 | KASSERT(m != NULL); |
| 603 | |
| 604 | if (control) /* have no use for this */ |
| 605 | m_freem(control); |
| 606 | |
| 607 | if (sa) { |
| 608 | if (sa->bt_len != sizeof(struct sockaddr_bt)) { |
| 609 | err = EINVAL; |
| 610 | goto bad; |
| 611 | } |
| 612 | |
| 613 | if (sa->bt_family != AF_BLUETOOTH) { |
| 614 | err = EAFNOSUPPORT; |
| 615 | goto bad; |
| 616 | } |
| 617 | } |
| 618 | |
| 619 | /* |
| 620 | * this came from userland, so we check it out first |
| 621 | */ |
| 622 | |
| 623 | /* wants at least a header to start with */ |
| 624 | if (m->m_pkthdr.len < sizeof(hdr)) { |
| 625 | err = EMSGSIZE; |
| 626 | goto bad; |
| 627 | } |
| 628 | m_copydata(m, 0, sizeof(hdr), &hdr); |
| 629 | hdr.opcode = le16toh(hdr.opcode); |
| 630 | |
| 631 | /* only allows CMD packets to be sent */ |
| 632 | if (hdr.type != HCI_CMD_PKT) { |
| 633 | err = EINVAL; |
| 634 | goto bad; |
| 635 | } |
| 636 | |
| 637 | /* validates packet length */ |
| 638 | if (m->m_pkthdr.len != sizeof(hdr) + hdr.length) { |
| 639 | err = EMSGSIZE; |
| 640 | goto bad; |
| 641 | } |
| 642 | |
| 643 | /* finds destination */ |
| 644 | unit = hci_unit_lookup((sa ? &sa->bt_bdaddr : &pcb->hp_raddr)); |
| 645 | if (unit == NULL) { |
| 646 | err = ENETDOWN; |
| 647 | goto bad; |
| 648 | } |
| 649 | |
| 650 | /* security checks for unprivileged users */ |
| 651 | if (pcb->hp_cred != NULL |
| 652 | && kauth_authorize_device(pcb->hp_cred, |
| 653 | KAUTH_DEVICE_BLUETOOTH_SEND, |
| 654 | unit, &hdr, NULL, NULL) != 0) { |
| 655 | err = EPERM; |
| 656 | goto bad; |
| 657 | } |
| 658 | |
| 659 | /* makess a copy for precious to keep */ |
| 660 | m0 = m_copypacket(m, M_DONTWAIT); |
| 661 | if (m0 == NULL) { |
| 662 | err = ENOMEM; |
| 663 | goto bad; |
| 664 | } |
| 665 | sbappendrecord(&pcb->hp_socket->so_snd, m0); |
| 666 | M_SETCTX(m, pcb->hp_socket); /* enable drop callback */ |
| 667 | |
| 668 | DPRINTFN(2, "(%s) opcode (%03x|%04x)\n" , device_xname(unit->hci_dev), |
| 669 | HCI_OGF(hdr.opcode), HCI_OCF(hdr.opcode)); |
| 670 | |
| 671 | /* Sendss it */ |
| 672 | if (unit->hci_num_cmd_pkts == 0) |
| 673 | MBUFQ_ENQUEUE(&unit->hci_cmdwait, m); |
| 674 | else |
| 675 | hci_output_cmd(unit, m); |
| 676 | |
| 677 | return 0; |
| 678 | |
| 679 | bad: |
| 680 | DPRINTF("packet (%d bytes) not sent (error %d)\n" , |
| 681 | m->m_pkthdr.len, err); |
| 682 | if (m) |
| 683 | m_freem(m); |
| 684 | |
| 685 | return err; |
| 686 | } |
| 687 | |
| 688 | static int |
| 689 | hci_sendoob(struct socket *so, struct mbuf *m, struct mbuf *control) |
| 690 | { |
| 691 | KASSERT(solocked(so)); |
| 692 | |
| 693 | if (m) |
| 694 | m_freem(m); |
| 695 | if (control) |
| 696 | m_freem(control); |
| 697 | |
| 698 | return EOPNOTSUPP; |
| 699 | } |
| 700 | |
| 701 | static int |
| 702 | hci_purgeif(struct socket *so, struct ifnet *ifp) |
| 703 | { |
| 704 | |
| 705 | return EOPNOTSUPP; |
| 706 | } |
| 707 | |
| 708 | /* |
| 709 | * get/set socket options |
| 710 | */ |
| 711 | int |
| 712 | hci_ctloutput(int req, struct socket *so, struct sockopt *sopt) |
| 713 | { |
| 714 | struct hci_pcb *pcb = (struct hci_pcb *)so->so_pcb; |
| 715 | int optval, err = 0; |
| 716 | |
| 717 | DPRINTFN(2, "req %s\n" , prcorequests[req]); |
| 718 | |
| 719 | if (pcb == NULL) |
| 720 | return EINVAL; |
| 721 | |
| 722 | if (sopt->sopt_level != BTPROTO_HCI) |
| 723 | return ENOPROTOOPT; |
| 724 | |
| 725 | switch(req) { |
| 726 | case PRCO_GETOPT: |
| 727 | switch (sopt->sopt_name) { |
| 728 | case SO_HCI_EVT_FILTER: |
| 729 | err = sockopt_set(sopt, &pcb->hp_efilter, |
| 730 | sizeof(struct hci_filter)); |
| 731 | |
| 732 | break; |
| 733 | |
| 734 | case SO_HCI_PKT_FILTER: |
| 735 | err = sockopt_set(sopt, &pcb->hp_pfilter, |
| 736 | sizeof(struct hci_filter)); |
| 737 | |
| 738 | break; |
| 739 | |
| 740 | case SO_HCI_DIRECTION: |
| 741 | err = sockopt_setint(sopt, |
| 742 | (pcb->hp_flags & HCI_DIRECTION ? 1 : 0)); |
| 743 | |
| 744 | break; |
| 745 | |
| 746 | default: |
| 747 | err = ENOPROTOOPT; |
| 748 | break; |
| 749 | } |
| 750 | break; |
| 751 | |
| 752 | case PRCO_SETOPT: |
| 753 | switch (sopt->sopt_name) { |
| 754 | case SO_HCI_EVT_FILTER: /* set event filter */ |
| 755 | err = sockopt_get(sopt, &pcb->hp_efilter, |
| 756 | sizeof(pcb->hp_efilter)); |
| 757 | |
| 758 | break; |
| 759 | |
| 760 | case SO_HCI_PKT_FILTER: /* set packet filter */ |
| 761 | err = sockopt_get(sopt, &pcb->hp_pfilter, |
| 762 | sizeof(pcb->hp_pfilter)); |
| 763 | |
| 764 | break; |
| 765 | |
| 766 | case SO_HCI_DIRECTION: /* request direction ctl messages */ |
| 767 | err = sockopt_getint(sopt, &optval); |
| 768 | if (err) |
| 769 | break; |
| 770 | |
| 771 | if (optval) |
| 772 | pcb->hp_flags |= HCI_DIRECTION; |
| 773 | else |
| 774 | pcb->hp_flags &= ~HCI_DIRECTION; |
| 775 | break; |
| 776 | |
| 777 | default: |
| 778 | err = ENOPROTOOPT; |
| 779 | break; |
| 780 | } |
| 781 | break; |
| 782 | |
| 783 | default: |
| 784 | err = ENOPROTOOPT; |
| 785 | break; |
| 786 | } |
| 787 | |
| 788 | return err; |
| 789 | } |
| 790 | |
| 791 | /* |
| 792 | * HCI mbuf tap routine |
| 793 | * |
| 794 | * copy packets to any raw HCI sockets that wish (and are |
| 795 | * permitted) to see them |
| 796 | */ |
| 797 | void |
| 798 | hci_mtap(struct mbuf *m, struct hci_unit *unit) |
| 799 | { |
| 800 | struct hci_pcb *pcb; |
| 801 | struct mbuf *m0, *ctlmsg, **ctl; |
| 802 | struct sockaddr_bt sa; |
| 803 | uint8_t type; |
| 804 | uint8_t event; |
| 805 | uint16_t arg1; |
| 806 | |
| 807 | KASSERT(m->m_len >= sizeof(type)); |
| 808 | |
| 809 | type = *mtod(m, uint8_t *); |
| 810 | |
| 811 | memset(&sa, 0, sizeof(sa)); |
| 812 | sa.bt_len = sizeof(struct sockaddr_bt); |
| 813 | sa.bt_family = AF_BLUETOOTH; |
| 814 | bdaddr_copy(&sa.bt_bdaddr, &unit->hci_bdaddr); |
| 815 | |
| 816 | LIST_FOREACH(pcb, &hci_pcb, hp_next) { |
| 817 | /* |
| 818 | * filter according to source address |
| 819 | */ |
| 820 | if ((pcb->hp_flags & HCI_PROMISCUOUS) == 0 |
| 821 | && bdaddr_same(&pcb->hp_laddr, &sa.bt_bdaddr) == 0) |
| 822 | continue; |
| 823 | |
| 824 | /* |
| 825 | * filter according to packet type filter |
| 826 | */ |
| 827 | if (hci_filter_test(type, &pcb->hp_pfilter) == 0) |
| 828 | continue; |
| 829 | |
| 830 | /* |
| 831 | * filter according to event/security filters |
| 832 | */ |
| 833 | switch(type) { |
| 834 | case HCI_EVENT_PKT: |
| 835 | KASSERT(m->m_len >= sizeof(hci_event_hdr_t)); |
| 836 | |
| 837 | event = mtod(m, hci_event_hdr_t *)->event; |
| 838 | |
| 839 | if (hci_filter_test(event, &pcb->hp_efilter) == 0) |
| 840 | continue; |
| 841 | |
| 842 | arg1 = event; |
| 843 | break; |
| 844 | |
| 845 | case HCI_CMD_PKT: |
| 846 | KASSERT(m->m_len >= sizeof(hci_cmd_hdr_t)); |
| 847 | arg1 = le16toh(mtod(m, hci_cmd_hdr_t *)->opcode); |
| 848 | break; |
| 849 | |
| 850 | case HCI_ACL_DATA_PKT: |
| 851 | KASSERT(m->m_len >= sizeof(hci_acldata_hdr_t)); |
| 852 | arg1 = le16toh(mtod(m, hci_acldata_hdr_t *)->con_handle); |
| 853 | arg1 = HCI_CON_HANDLE(arg1); |
| 854 | break; |
| 855 | |
| 856 | case HCI_SCO_DATA_PKT: |
| 857 | KASSERT(m->m_len >= sizeof(hci_scodata_hdr_t)); |
| 858 | arg1 = le16toh(mtod(m, hci_scodata_hdr_t *)->con_handle); |
| 859 | arg1 = HCI_CON_HANDLE(arg1); |
| 860 | break; |
| 861 | |
| 862 | default: |
| 863 | arg1 = 0; |
| 864 | break; |
| 865 | } |
| 866 | |
| 867 | if (pcb->hp_cred != NULL |
| 868 | && kauth_authorize_device(pcb->hp_cred, |
| 869 | KAUTH_DEVICE_BLUETOOTH_RECV, |
| 870 | KAUTH_ARG(type), KAUTH_ARG(arg1), NULL, NULL) != 0) |
| 871 | continue; |
| 872 | |
| 873 | /* |
| 874 | * create control messages |
| 875 | */ |
| 876 | ctlmsg = NULL; |
| 877 | ctl = &ctlmsg; |
| 878 | if (pcb->hp_flags & HCI_DIRECTION) { |
| 879 | int dir = m->m_flags & M_LINK0 ? 1 : 0; |
| 880 | |
| 881 | *ctl = sbcreatecontrol(&dir, sizeof(dir), |
| 882 | SCM_HCI_DIRECTION, BTPROTO_HCI); |
| 883 | |
| 884 | if (*ctl != NULL) |
| 885 | ctl = &((*ctl)->m_next); |
| 886 | } |
| 887 | if (pcb->hp_socket->so_options & SO_TIMESTAMP) { |
| 888 | struct timeval tv; |
| 889 | |
| 890 | microtime(&tv); |
| 891 | *ctl = sbcreatecontrol(&tv, sizeof(tv), |
| 892 | SCM_TIMESTAMP, SOL_SOCKET); |
| 893 | |
| 894 | if (*ctl != NULL) |
| 895 | ctl = &((*ctl)->m_next); |
| 896 | } |
| 897 | |
| 898 | /* |
| 899 | * copy to socket |
| 900 | */ |
| 901 | m0 = m_copypacket(m, M_DONTWAIT); |
| 902 | if (m0 && sbappendaddr(&pcb->hp_socket->so_rcv, |
| 903 | (struct sockaddr *)&sa, m0, ctlmsg)) { |
| 904 | sorwakeup(pcb->hp_socket); |
| 905 | } else { |
| 906 | m_freem(ctlmsg); |
| 907 | m_freem(m0); |
| 908 | } |
| 909 | } |
| 910 | } |
| 911 | |
| 912 | PR_WRAP_USRREQS(hci) |
| 913 | |
| 914 | #define hci_attach hci_attach_wrapper |
| 915 | #define hci_detach hci_detach_wrapper |
| 916 | #define hci_accept hci_accept_wrapper |
| 917 | #define hci_bind hci_bind_wrapper |
| 918 | #define hci_listen hci_listen_wrapper |
| 919 | #define hci_connect hci_connect_wrapper |
| 920 | #define hci_connect2 hci_connect2_wrapper |
| 921 | #define hci_disconnect hci_disconnect_wrapper |
| 922 | #define hci_shutdown hci_shutdown_wrapper |
| 923 | #define hci_abort hci_abort_wrapper |
| 924 | #define hci_ioctl hci_ioctl_wrapper |
| 925 | #define hci_stat hci_stat_wrapper |
| 926 | #define hci_peeraddr hci_peeraddr_wrapper |
| 927 | #define hci_sockaddr hci_sockaddr_wrapper |
| 928 | #define hci_rcvd hci_rcvd_wrapper |
| 929 | #define hci_recvoob hci_recvoob_wrapper |
| 930 | #define hci_send hci_send_wrapper |
| 931 | #define hci_sendoob hci_sendoob_wrapper |
| 932 | #define hci_purgeif hci_purgeif_wrapper |
| 933 | |
| 934 | const struct pr_usrreqs hci_usrreqs = { |
| 935 | .pr_attach = hci_attach, |
| 936 | .pr_detach = hci_detach, |
| 937 | .pr_accept = hci_accept, |
| 938 | .pr_bind = hci_bind, |
| 939 | .pr_listen = hci_listen, |
| 940 | .pr_connect = hci_connect, |
| 941 | .pr_connect2 = hci_connect2, |
| 942 | .pr_disconnect = hci_disconnect, |
| 943 | .pr_shutdown = hci_shutdown, |
| 944 | .pr_abort = hci_abort, |
| 945 | .pr_ioctl = hci_ioctl, |
| 946 | .pr_stat = hci_stat, |
| 947 | .pr_peeraddr = hci_peeraddr, |
| 948 | .pr_sockaddr = hci_sockaddr, |
| 949 | .pr_rcvd = hci_rcvd, |
| 950 | .pr_recvoob = hci_recvoob, |
| 951 | .pr_send = hci_send, |
| 952 | .pr_sendoob = hci_sendoob, |
| 953 | .pr_purgeif = hci_purgeif, |
| 954 | }; |
| 955 | |