1 /* 2 * 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2000-2002 Maxim Krasnyansky <maxk (at) qualcomm.com> 6 * Copyright (C) 2003-2010 Marcel Holtmann <marcel (at) holtmann.org> 7 * 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, write to the Free Software 21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 22 * 23 */ 24 25 #ifdef HAVE_CONFIG_H 26 #include <config.h> 27 #endif 28 29 #include <netinet/in.h> 30 #include <stdio.h> 31 #include <errno.h> 32 #include <ctype.h> 33 #include <fcntl.h> 34 #include <unistd.h> 35 #include <stdlib.h> 36 #include <stdint.h> 37 #include <string.h> 38 #include <signal.h> 39 #include <getopt.h> 40 #include <syslog.h> 41 #include <sys/time.h> 42 #include <sys/stat.h> 43 #include <sys/poll.h> 44 #include <sys/ioctl.h> 45 #include <sys/socket.h> 46 #include <sys/resource.h> 47 48 #include <bluetooth/bluetooth.h> 49 #include <bluetooth/hci.h> 50 #include <bluetooth/hci_lib.h> 51 52 #include <netdb.h> 53 54 #include <glib.h> 55 56 #define GHCI_DEV "/dev/ghci" 57 58 #define VHCI_DEV "/dev/vhci" 59 #define VHCI_UDEV "/dev/hci_vhci" 60 61 #define VHCI_MAX_CONN 12 62 63 #define VHCI_ACL_MTU 192 64 #define VHCI_ACL_MAX_PKT 8 65 66 struct vhci_device { 67 uint8_t features[8]; 68 uint8_t name[248]; 69 uint8_t dev_class[3]; 70 uint8_t inq_mode; 71 uint8_t eir_fec; 72 uint8_t eir_data[HCI_MAX_EIR_LENGTH]; 73 uint16_t acl_cnt; 74 bdaddr_t bdaddr; 75 int fd; 76 int dd; 77 GIOChannel *scan; 78 }; 79 80 struct vhci_conn { 81 bdaddr_t dest; 82 uint16_t handle; 83 GIOChannel *chan; 84 }; 85 86 struct vhci_link_info { 87 bdaddr_t bdaddr; 88 uint8_t dev_class[3]; 89 uint8_t link_type; 90 uint8_t role; 91 } __attribute__ ((packed)); 92 93 static struct vhci_device vdev; 94 static struct vhci_conn *vconn[VHCI_MAX_CONN]; 95 96 struct btsnoop_hdr { 97 uint8_t id[8]; /* Identification Pattern */ 98 uint32_t version; /* Version Number = 1 */ 99 uint32_t type; /* Datalink Type */ 100 } __attribute__ ((packed)); 101 #define BTSNOOP_HDR_SIZE (sizeof(struct btsnoop_hdr)) 102 103 struct btsnoop_pkt { 104 uint32_t size; /* Original Length */ 105 uint32_t len; /* Included Length */ 106 uint32_t flags; /* Packet Flags */ 107 uint32_t drops; /* Cumulative Drops */ 108 uint64_t ts; /* Timestamp microseconds */ 109 uint8_t data[0]; /* Packet Data */ 110 } __attribute__ ((packed)); 111 #define BTSNOOP_PKT_SIZE (sizeof(struct btsnoop_pkt)) 112 113 static uint8_t btsnoop_id[] = { 0x62, 0x74, 0x73, 0x6e, 0x6f, 0x6f, 0x70, 0x00 }; 114 115 static GMainLoop *event_loop; 116 117 static volatile sig_atomic_t __io_canceled; 118 119 static inline void io_init(void) 120 { 121 __io_canceled = 0; 122 } 123 124 static inline void io_cancel(void) 125 { 126 __io_canceled = 1; 127 } 128 129 static void sig_term(int sig) 130 { 131 io_cancel(); 132 g_main_loop_quit(event_loop); 133 } 134 135 static gboolean io_acl_data(GIOChannel *chan, GIOCondition cond, gpointer data); 136 static gboolean io_conn_ind(GIOChannel *chan, GIOCondition cond, gpointer data); 137 static gboolean io_hci_data(GIOChannel *chan, GIOCondition cond, gpointer data); 138 139 static inline int read_n(int fd, void *buf, int len) 140 { 141 register int w, t = 0; 142 143 while (!__io_canceled && len > 0) { 144 if ((w = read(fd, buf, len)) < 0 ){ 145 if( errno == EINTR || errno == EAGAIN ) 146 continue; 147 return -1; 148 } 149 if (!w) 150 return 0; 151 len -= w; buf += w; t += w; 152 } 153 return t; 154 } 155 156 /* Write exactly len bytes (Signal safe)*/ 157 static inline int write_n(int fd, void *buf, int len) 158 { 159 register int w, t = 0; 160 161 while (!__io_canceled && len > 0) { 162 if ((w = write(fd, buf, len)) < 0 ){ 163 if( errno == EINTR || errno == EAGAIN ) 164 continue; 165 return -1; 166 } 167 if (!w) 168 return 0; 169 len -= w; buf += w; t += w; 170 } 171 return t; 172 } 173 174 static int create_snoop(char *file) 175 { 176 struct btsnoop_hdr hdr; 177 int fd, len; 178 179 fd = open(file, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); 180 if (fd < 0) 181 return fd; 182 183 memcpy(hdr.id, btsnoop_id, sizeof(btsnoop_id)); 184 hdr.version = htonl(1); 185 hdr.type = htonl(1002); 186 187 len = write(fd, &hdr, BTSNOOP_HDR_SIZE); 188 if (len < 0) { 189 close(fd); 190 return -EIO; 191 } 192 193 if (len != BTSNOOP_HDR_SIZE) { 194 close(fd); 195 return -1; 196 } 197 198 return fd; 199 } 200 201 static int write_snoop(int fd, int type, int incoming, unsigned char *buf, int len) 202 { 203 struct btsnoop_pkt pkt; 204 struct timeval tv; 205 uint32_t size = len; 206 uint64_t ts; 207 208 if (fd < 0) 209 return -1; 210 211 memset(&tv, 0, sizeof(tv)); 212 gettimeofday(&tv, NULL); 213 ts = (tv.tv_sec - 946684800ll) * 1000000ll + tv.tv_usec; 214 215 pkt.size = htonl(size); 216 pkt.len = pkt.size; 217 pkt.flags = ntohl(incoming & 0x01); 218 pkt.drops = htonl(0); 219 pkt.ts = hton64(ts + 0x00E03AB44A676000ll); 220 221 if (type == HCI_COMMAND_PKT || type == HCI_EVENT_PKT) 222 pkt.flags |= ntohl(0x02); 223 224 if (write(fd, &pkt, BTSNOOP_PKT_SIZE) < 0) 225 return -errno; 226 227 if (write(fd, buf, size) < 0) 228 return -errno; 229 230 return 0; 231 } 232 233 static struct vhci_conn *conn_get_by_bdaddr(bdaddr_t *ba) 234 { 235 register int i; 236 237 for (i = 0; i < VHCI_MAX_CONN; i++) 238 if (!bacmp(&vconn[i]->dest, ba)) 239 return vconn[i]; 240 241 return NULL; 242 } 243 244 static void command_status(uint16_t ogf, uint16_t ocf, uint8_t status) 245 { 246 uint8_t buf[HCI_MAX_FRAME_SIZE], *ptr = buf; 247 evt_cmd_status *cs; 248 hci_event_hdr *he; 249 250 /* Packet type */ 251 *ptr++ = HCI_EVENT_PKT; 252 253 /* Event header */ 254 he = (void *) ptr; ptr += HCI_EVENT_HDR_SIZE; 255 256 he->evt = EVT_CMD_STATUS; 257 he->plen = EVT_CMD_STATUS_SIZE; 258 259 cs = (void *) ptr; ptr += EVT_CMD_STATUS_SIZE; 260 261 cs->status = status; 262 cs->ncmd = 1; 263 cs->opcode = htobs(cmd_opcode_pack(ogf, ocf)); 264 265 write_snoop(vdev.dd, HCI_EVENT_PKT, 1, buf, ptr - buf); 266 267 if (write(vdev.fd, buf, ptr - buf) < 0) 268 syslog(LOG_ERR, "Can't send event: %s(%d)", 269 strerror(errno), errno); 270 } 271 272 static void command_complete(uint16_t ogf, uint16_t ocf, int plen, void *data) 273 { 274 uint8_t buf[HCI_MAX_FRAME_SIZE], *ptr = buf; 275 evt_cmd_complete *cc; 276 hci_event_hdr *he; 277 278 /* Packet type */ 279 *ptr++ = HCI_EVENT_PKT; 280 281 /* Event header */ 282 he = (void *) ptr; ptr += HCI_EVENT_HDR_SIZE; 283 284 he->evt = EVT_CMD_COMPLETE; 285 he->plen = EVT_CMD_COMPLETE_SIZE + plen; 286 287 cc = (void *) ptr; ptr += EVT_CMD_COMPLETE_SIZE; 288 289 cc->ncmd = 1; 290 cc->opcode = htobs(cmd_opcode_pack(ogf, ocf)); 291 292 if (plen) { 293 memcpy(ptr, data, plen); 294 ptr += plen; 295 } 296 297 write_snoop(vdev.dd, HCI_EVENT_PKT, 1, buf, ptr - buf); 298 299 if (write(vdev.fd, buf, ptr - buf) < 0) 300 syslog(LOG_ERR, "Can't send event: %s(%d)", 301 strerror(errno), errno); 302 } 303 304 static void connect_request(struct vhci_conn *conn) 305 { 306 uint8_t buf[HCI_MAX_FRAME_SIZE], *ptr = buf; 307 evt_conn_request *cr; 308 hci_event_hdr *he; 309 310 /* Packet type */ 311 *ptr++ = HCI_EVENT_PKT; 312 313 /* Event header */ 314 he = (void *) ptr; ptr += HCI_EVENT_HDR_SIZE; 315 316 he->evt = EVT_CONN_REQUEST; 317 he->plen = EVT_CONN_REQUEST_SIZE; 318 319 cr = (void *) ptr; ptr += EVT_CONN_REQUEST_SIZE; 320 321 bacpy(&cr->bdaddr, &conn->dest); 322 memset(&cr->dev_class, 0, sizeof(cr->dev_class)); 323 cr->link_type = ACL_LINK; 324 325 write_snoop(vdev.dd, HCI_EVENT_PKT, 1, buf, ptr - buf); 326 327 if (write(vdev.fd, buf, ptr - buf) < 0) 328 syslog(LOG_ERR, "Can't send event: %s (%d)", 329 strerror(errno), errno); 330 } 331 332 static void connect_complete(struct vhci_conn *conn) 333 { 334 uint8_t buf[HCI_MAX_FRAME_SIZE], *ptr = buf; 335 evt_conn_complete *cc; 336 hci_event_hdr *he; 337 338 /* Packet type */ 339 *ptr++ = HCI_EVENT_PKT; 340 341 /* Event header */ 342 he = (void *) ptr; ptr += HCI_EVENT_HDR_SIZE; 343 344 he->evt = EVT_CONN_COMPLETE; 345 he->plen = EVT_CONN_COMPLETE_SIZE; 346 347 cc = (void *) ptr; ptr += EVT_CONN_COMPLETE_SIZE; 348 349 bacpy(&cc->bdaddr, &conn->dest); 350 cc->status = 0x00; 351 cc->handle = htobs(conn->handle); 352 cc->link_type = ACL_LINK; 353 cc->encr_mode = 0x00; 354 355 write_snoop(vdev.dd, HCI_EVENT_PKT, 1, buf, ptr - buf); 356 357 if (write(vdev.fd, buf, ptr - buf) < 0) 358 syslog(LOG_ERR, "Can't send event: %s (%d)", 359 strerror(errno), errno); 360 } 361 362 static void disconn_complete(struct vhci_conn *conn) 363 { 364 uint8_t buf[HCI_MAX_FRAME_SIZE], *ptr = buf; 365 evt_disconn_complete *dc; 366 hci_event_hdr *he; 367 368 /* Packet type */ 369 *ptr++ = HCI_EVENT_PKT; 370 371 /* Event header */ 372 he = (void *) ptr; ptr += HCI_EVENT_HDR_SIZE; 373 374 he->evt = EVT_DISCONN_COMPLETE; 375 he->plen = EVT_DISCONN_COMPLETE_SIZE; 376 377 dc = (void *) ptr; ptr += EVT_DISCONN_COMPLETE_SIZE; 378 379 dc->status = 0x00; 380 dc->handle = htobs(conn->handle); 381 dc->reason = 0x00; 382 383 write_snoop(vdev.dd, HCI_EVENT_PKT, 1, buf, ptr - buf); 384 385 if (write(vdev.fd, buf, ptr - buf) < 0) 386 syslog(LOG_ERR, "Can't send event: %s (%d)", 387 strerror(errno), errno); 388 389 vdev.acl_cnt = 0; 390 } 391 392 static void num_completed_pkts(struct vhci_conn *conn) 393 { 394 uint8_t buf[HCI_MAX_FRAME_SIZE], *ptr = buf; 395 evt_num_comp_pkts *np; 396 hci_event_hdr *he; 397 398 /* Packet type */ 399 *ptr++ = HCI_EVENT_PKT; 400 401 /* Event header */ 402 he = (void *) ptr; ptr += HCI_EVENT_HDR_SIZE; 403 404 he->evt = EVT_NUM_COMP_PKTS; 405 he->plen = EVT_NUM_COMP_PKTS_SIZE; 406 407 np = (void *) ptr; ptr += EVT_NUM_COMP_PKTS_SIZE; 408 np->num_hndl = 1; 409 410 *((uint16_t *) ptr) = htobs(conn->handle); ptr += 2; 411 *((uint16_t *) ptr) = htobs(vdev.acl_cnt); ptr += 2; 412 413 write_snoop(vdev.dd, HCI_EVENT_PKT, 1, buf, ptr - buf); 414 415 if (write(vdev.fd, buf, ptr - buf) < 0) 416 syslog(LOG_ERR, "Can't send event: %s (%d)", 417 strerror(errno), errno); 418 } 419 420 static int scan_enable(uint8_t *data) 421 { 422 struct sockaddr_in sa; 423 GIOChannel *sk_io; 424 bdaddr_t ba; 425 int sk, opt; 426 427 if (!(*data & SCAN_PAGE)) { 428 if (vdev.scan) { 429 g_io_channel_shutdown(vdev.scan, TRUE, NULL); 430 vdev.scan = NULL; 431 } 432 return 0; 433 } 434 435 if (vdev.scan) 436 return 0; 437 438 if ((sk = socket(AF_INET, SOCK_STREAM, 0)) < 0) { 439 syslog(LOG_ERR, "Can't create socket: %s (%d)", 440 strerror(errno), errno); 441 return 1; 442 } 443 444 opt = 1; 445 setsockopt(sk, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)); 446 447 baswap(&ba, &vdev.bdaddr); 448 sa.sin_family = AF_INET; 449 memcpy(&sa.sin_addr.s_addr, &ba, sizeof(sa.sin_addr.s_addr)); 450 sa.sin_port = *(uint16_t *) &ba.b[4]; 451 if (bind(sk, (struct sockaddr *) &sa, sizeof(sa))) { 452 syslog(LOG_ERR, "Can't bind socket: %s (%d)", 453 strerror(errno), errno); 454 goto failed; 455 } 456 457 if (listen(sk, 10)) { 458 syslog(LOG_ERR, "Can't listen on socket: %s (%d)", 459 strerror(errno), errno); 460 goto failed; 461 } 462 463 sk_io = g_io_channel_unix_new(sk); 464 g_io_add_watch(sk_io, G_IO_IN | G_IO_NVAL, io_conn_ind, NULL); 465 vdev.scan = sk_io; 466 return 0; 467 468 failed: 469 close(sk); 470 return 1; 471 } 472 473 static void accept_connection(uint8_t *data) 474 { 475 accept_conn_req_cp *cp = (void *) data; 476 struct vhci_conn *conn; 477 478 if (!(conn = conn_get_by_bdaddr(&cp->bdaddr))) 479 return; 480 481 connect_complete(conn); 482 483 g_io_add_watch(conn->chan, G_IO_IN | G_IO_NVAL | G_IO_HUP, 484 io_acl_data, (gpointer) conn); 485 } 486 487 static void close_connection(struct vhci_conn *conn) 488 { 489 char addr[18]; 490 491 ba2str(&conn->dest, addr); 492 syslog(LOG_INFO, "Closing connection %s handle %d", 493 addr, conn->handle); 494 495 g_io_channel_shutdown(conn->chan, TRUE, NULL); 496 g_io_channel_unref(conn->chan); 497 498 vconn[conn->handle - 1] = NULL; 499 disconn_complete(conn); 500 free(conn); 501 } 502 503 static void disconnect(uint8_t *data) 504 { 505 disconnect_cp *cp = (void *) data; 506 struct vhci_conn *conn; 507 uint16_t handle; 508 509 handle = btohs(cp->handle); 510 511 if (handle > VHCI_MAX_CONN) 512 return; 513 514 if (!(conn = vconn[handle-1])) 515 return; 516 517 close_connection(conn); 518 } 519 520 static void create_connection(uint8_t *data) 521 { 522 create_conn_cp *cp = (void *) data; 523 struct vhci_link_info info; 524 struct vhci_conn *conn; 525 struct sockaddr_in sa; 526 int h, sk, opt; 527 bdaddr_t ba; 528 529 for (h = 0; h < VHCI_MAX_CONN; h++) 530 if (!vconn[h]) 531 goto do_connect; 532 533 syslog(LOG_ERR, "Too many connections"); 534 return; 535 536 do_connect: 537 if ((sk = socket(AF_INET, SOCK_STREAM, 0)) < 0) { 538 syslog(LOG_ERR, "Can't create socket: %s (%d)", 539 strerror(errno), errno); 540 return; 541 } 542 543 opt = 1; 544 setsockopt(sk, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)); 545 546 baswap(&ba, &vdev.bdaddr); 547 sa.sin_family = AF_INET; 548 sa.sin_addr.s_addr = INADDR_ANY; // *(uint32_t *) &ba; 549 sa.sin_port = 0; // *(uint16_t *) &ba.b[4]; 550 if (bind(sk, (struct sockaddr *) &sa, sizeof(sa))) { 551 syslog(LOG_ERR, "Can't bind socket: %s (%d)", 552 strerror(errno), errno); 553 close(sk); 554 return; 555 } 556 557 baswap(&ba, &cp->bdaddr); 558 sa.sin_family = AF_INET; 559 memcpy(&sa.sin_addr.s_addr, &ba, sizeof(sa.sin_addr.s_addr)); 560 sa.sin_port = *(uint16_t *) &ba.b[4]; 561 if (connect(sk, (struct sockaddr *) &sa, sizeof(sa)) < 0) { 562 syslog(LOG_ERR, "Can't connect: %s (%d)", 563 strerror(errno), errno); 564 close(sk); 565 return; 566 } 567 568 /* Send info */ 569 memset(&info, 0, sizeof(info)); 570 bacpy(&info.bdaddr, &vdev.bdaddr); 571 info.link_type = ACL_LINK; 572 info.role = 1; 573 write_n(sk, (void *) &info, sizeof(info)); 574 575 if (!(conn = malloc(sizeof(*conn)))) { 576 syslog(LOG_ERR, "Can't alloc new connection: %s (%d)", 577 strerror(errno), errno); 578 close(sk); 579 return; 580 } 581 582 memcpy((uint8_t *) &ba, (uint8_t *) &sa.sin_addr, 4); 583 memcpy((uint8_t *) &ba.b[4], (uint8_t *) &sa.sin_port, 2); 584 baswap(&conn->dest, &ba); 585 586 vconn[h] = conn; 587 conn->handle = h + 1; 588 conn->chan = g_io_channel_unix_new(sk); 589 590 connect_complete(conn); 591 g_io_add_watch(conn->chan, G_IO_IN | G_IO_NVAL | G_IO_HUP, 592 io_acl_data, (gpointer) conn); 593 return; 594 } 595 596 static void hci_link_control(uint16_t ocf, int plen, uint8_t *data) 597 { 598 uint8_t status; 599 600 const uint16_t ogf = OGF_LINK_CTL; 601 602 switch (ocf) { 603 case OCF_CREATE_CONN: 604 command_status(ogf, ocf, 0x00); 605 create_connection(data); 606 break; 607 608 case OCF_ACCEPT_CONN_REQ: 609 command_status(ogf, ocf, 0x00); 610 accept_connection(data); 611 break; 612 613 case OCF_DISCONNECT: 614 command_status(ogf, ocf, 0x00); 615 disconnect(data); 616 break; 617 618 default: 619 status = 0x01; 620 command_complete(ogf, ocf, 1, &status); 621 break; 622 } 623 } 624 625 static void hci_link_policy(uint16_t ocf, int plen, uint8_t *data) 626 { 627 uint8_t status; 628 629 const uint16_t ogf = OGF_INFO_PARAM; 630 631 switch (ocf) { 632 default: 633 status = 0x01; 634 command_complete(ogf, ocf, 1, &status); 635 break; 636 } 637 } 638 639 static void hci_host_control(uint16_t ocf, int plen, uint8_t *data) 640 { 641 read_local_name_rp ln; 642 read_class_of_dev_rp cd; 643 read_inquiry_mode_rp im; 644 read_ext_inquiry_response_rp ir; 645 uint8_t status; 646 647 const uint16_t ogf = OGF_HOST_CTL; 648 649 switch (ocf) { 650 case OCF_RESET: 651 status = 0x00; 652 command_complete(ogf, ocf, 1, &status); 653 break; 654 655 case OCF_SET_EVENT_FLT: 656 status = 0x00; 657 command_complete(ogf, ocf, 1, &status); 658 break; 659 660 case OCF_CHANGE_LOCAL_NAME: 661 status = 0x00; 662 memcpy(vdev.name, data, sizeof(vdev.name)); 663 command_complete(ogf, ocf, 1, &status); 664 break; 665 666 case OCF_READ_LOCAL_NAME: 667 ln.status = 0x00; 668 memcpy(ln.name, vdev.name, sizeof(ln.name)); 669 command_complete(ogf, ocf, sizeof(ln), &ln); 670 break; 671 672 case OCF_WRITE_CONN_ACCEPT_TIMEOUT: 673 case OCF_WRITE_PAGE_TIMEOUT: 674 status = 0x00; 675 command_complete(ogf, ocf, 1, &status); 676 break; 677 678 case OCF_WRITE_SCAN_ENABLE: 679 status = scan_enable(data); 680 command_complete(ogf, ocf, 1, &status); 681 break; 682 683 case OCF_WRITE_AUTH_ENABLE: 684 status = 0x00; 685 command_complete(ogf, ocf, 1, &status); 686 break; 687 688 case OCF_WRITE_ENCRYPT_MODE: 689 status = 0x00; 690 command_complete(ogf, ocf, 1, &status); 691 break; 692 693 case OCF_READ_CLASS_OF_DEV: 694 cd.status = 0x00; 695 memcpy(cd.dev_class, vdev.dev_class, 3); 696 command_complete(ogf, ocf, sizeof(cd), &cd); 697 break; 698 699 case OCF_WRITE_CLASS_OF_DEV: 700 status = 0x00; 701 memcpy(vdev.dev_class, data, 3); 702 command_complete(ogf, ocf, 1, &status); 703 break; 704 705 case OCF_READ_INQUIRY_MODE: 706 im.status = 0x00; 707 im.mode = vdev.inq_mode; 708 command_complete(ogf, ocf, sizeof(im), &im); 709 break; 710 711 case OCF_WRITE_INQUIRY_MODE: 712 status = 0x00; 713 vdev.inq_mode = data[0]; 714 command_complete(ogf, ocf, 1, &status); 715 break; 716 717 case OCF_READ_EXT_INQUIRY_RESPONSE: 718 ir.status = 0x00; 719 ir.fec = vdev.eir_fec; 720 memcpy(ir.data, vdev.eir_data, HCI_MAX_EIR_LENGTH); 721 command_complete(ogf, ocf, sizeof(ir), &ir); 722 break; 723 724 case OCF_WRITE_EXT_INQUIRY_RESPONSE: 725 status = 0x00; 726 vdev.eir_fec = data[0]; 727 memcpy(vdev.eir_data, data + 1, HCI_MAX_EIR_LENGTH); 728 command_complete(ogf, ocf, 1, &status); 729 break; 730 731 default: 732 status = 0x01; 733 command_complete(ogf, ocf, 1, &status); 734 break; 735 } 736 } 737 738 static void hci_info_param(uint16_t ocf, int plen, uint8_t *data) 739 { 740 read_local_version_rp lv; 741 read_local_features_rp lf; 742 read_local_ext_features_rp ef; 743 read_buffer_size_rp bs; 744 read_bd_addr_rp ba; 745 uint8_t status; 746 747 const uint16_t ogf = OGF_INFO_PARAM; 748 749 switch (ocf) { 750 case OCF_READ_LOCAL_VERSION: 751 lv.status = 0x00; 752 lv.hci_ver = 0x03; 753 lv.hci_rev = htobs(0x0000); 754 lv.lmp_ver = 0x03; 755 lv.manufacturer = htobs(29); 756 lv.lmp_subver = htobs(0x0000); 757 command_complete(ogf, ocf, sizeof(lv), &lv); 758 break; 759 760 case OCF_READ_LOCAL_FEATURES: 761 lf.status = 0x00; 762 memcpy(lf.features, vdev.features, 8); 763 command_complete(ogf, ocf, sizeof(lf), &lf); 764 break; 765 766 case OCF_READ_LOCAL_EXT_FEATURES: 767 ef.status = 0x00; 768 if (*data == 0) { 769 ef.page_num = 0; 770 ef.max_page_num = 0; 771 memcpy(ef.features, vdev.features, 8); 772 } else { 773 ef.page_num = *data; 774 ef.max_page_num = 0; 775 memset(ef.features, 0, 8); 776 } 777 command_complete(ogf, ocf, sizeof(ef), &ef); 778 break; 779 780 case OCF_READ_BUFFER_SIZE: 781 bs.status = 0x00; 782 bs.acl_mtu = htobs(VHCI_ACL_MTU); 783 bs.sco_mtu = 0; 784 bs.acl_max_pkt = htobs(VHCI_ACL_MAX_PKT); 785 bs.sco_max_pkt = htobs(0); 786 command_complete(ogf, ocf, sizeof(bs), &bs); 787 break; 788 789 case OCF_READ_BD_ADDR: 790 ba.status = 0x00; 791 bacpy(&ba.bdaddr, &vdev.bdaddr); 792 command_complete(ogf, ocf, sizeof(ba), &ba); 793 break; 794 795 default: 796 status = 0x01; 797 command_complete(ogf, ocf, 1, &status); 798 break; 799 } 800 } 801 802 static void hci_command(uint8_t *data) 803 { 804 hci_command_hdr *ch; 805 uint8_t *ptr = data; 806 uint16_t ogf, ocf; 807 808 ch = (hci_command_hdr *) ptr; 809 ptr += HCI_COMMAND_HDR_SIZE; 810 811 ch->opcode = btohs(ch->opcode); 812 ogf = cmd_opcode_ogf(ch->opcode); 813 ocf = cmd_opcode_ocf(ch->opcode); 814 815 switch (ogf) { 816 case OGF_LINK_CTL: 817 hci_link_control(ocf, ch->plen, ptr); 818 break; 819 820 case OGF_LINK_POLICY: 821 hci_link_policy(ocf, ch->plen, ptr); 822 break; 823 824 case OGF_HOST_CTL: 825 hci_host_control(ocf, ch->plen, ptr); 826 break; 827 828 case OGF_INFO_PARAM: 829 hci_info_param(ocf, ch->plen, ptr); 830 break; 831 } 832 } 833 834 static void hci_acl_data(uint8_t *data) 835 { 836 hci_acl_hdr *ah = (void *) data; 837 struct vhci_conn *conn; 838 uint16_t handle; 839 int fd; 840 841 handle = acl_handle(btohs(ah->handle)); 842 843 if (handle > VHCI_MAX_CONN || !(conn = vconn[handle - 1])) { 844 syslog(LOG_ERR, "Bad connection handle %d", handle); 845 return; 846 } 847 848 fd = g_io_channel_unix_get_fd(conn->chan); 849 if (write_n(fd, data, btohs(ah->dlen) + HCI_ACL_HDR_SIZE) < 0) { 850 close_connection(conn); 851 return; 852 } 853 854 if (++vdev.acl_cnt > VHCI_ACL_MAX_PKT - 1) { 855 /* Send num of complete packets event */ 856 num_completed_pkts(conn); 857 vdev.acl_cnt = 0; 858 } 859 } 860 861 static gboolean io_acl_data(GIOChannel *chan, GIOCondition cond, gpointer data) 862 { 863 struct vhci_conn *conn = (struct vhci_conn *) data; 864 unsigned char buf[HCI_MAX_FRAME_SIZE], *ptr; 865 hci_acl_hdr *ah; 866 uint16_t flags; 867 int fd, len; 868 869 if (cond & G_IO_NVAL) { 870 g_io_channel_unref(chan); 871 return FALSE; 872 } 873 874 if (cond & G_IO_HUP) { 875 close_connection(conn); 876 return FALSE; 877 } 878 879 fd = g_io_channel_unix_get_fd(chan); 880 881 ptr = buf + 1; 882 if (read_n(fd, ptr, HCI_ACL_HDR_SIZE) <= 0) { 883 close_connection(conn); 884 return FALSE; 885 } 886 887 ah = (void *) ptr; 888 ptr += HCI_ACL_HDR_SIZE; 889 890 len = btohs(ah->dlen); 891 if (read_n(fd, ptr, len) <= 0) { 892 close_connection(conn); 893 return FALSE; 894 } 895 896 buf[0] = HCI_ACLDATA_PKT; 897 898 flags = acl_flags(btohs(ah->handle)); 899 ah->handle = htobs(acl_handle_pack(conn->handle, flags)); 900 len += HCI_ACL_HDR_SIZE + 1; 901 902 write_snoop(vdev.dd, HCI_ACLDATA_PKT, 1, buf, len); 903 904 if (write(vdev.fd, buf, len) < 0) 905 return FALSE; 906 907 return TRUE; 908 } 909 910 static gboolean io_conn_ind(GIOChannel *chan, GIOCondition cond, gpointer data) 911 { 912 struct vhci_link_info info; 913 struct vhci_conn *conn; 914 struct sockaddr_in sa; 915 socklen_t len; 916 int sk, nsk, h; 917 918 if (cond & G_IO_NVAL) 919 return FALSE; 920 921 sk = g_io_channel_unix_get_fd(chan); 922 923 len = sizeof(sa); 924 if ((nsk = accept(sk, (struct sockaddr *) &sa, &len)) < 0) 925 return TRUE; 926 927 if (read_n(nsk, &info, sizeof(info)) < 0) { 928 syslog(LOG_ERR, "Can't read link info"); 929 return TRUE; 930 } 931 932 if (!(conn = malloc(sizeof(*conn)))) { 933 syslog(LOG_ERR, "Can't alloc new connection"); 934 close(nsk); 935 return TRUE; 936 } 937 938 bacpy(&conn->dest, &info.bdaddr); 939 940 for (h = 0; h < VHCI_MAX_CONN; h++) 941 if (!vconn[h]) 942 goto accepted; 943 944 syslog(LOG_ERR, "Too many connections"); 945 free(conn); 946 close(nsk); 947 return TRUE; 948 949 accepted: 950 vconn[h] = conn; 951 conn->handle = h + 1; 952 conn->chan = g_io_channel_unix_new(nsk); 953 connect_request(conn); 954 955 return TRUE; 956 } 957 958 static gboolean io_hci_data(GIOChannel *chan, GIOCondition cond, gpointer data) 959 { 960 unsigned char buf[HCI_MAX_FRAME_SIZE], *ptr; 961 int type; 962 ssize_t len; 963 int fd; 964 965 ptr = buf; 966 967 fd = g_io_channel_unix_get_fd(chan); 968 969 len = read(fd, buf, sizeof(buf)); 970 if (len < 0) { 971 if (errno == EAGAIN) 972 return TRUE; 973 974 syslog(LOG_ERR, "Read failed: %s (%d)", strerror(errno), errno); 975 g_io_channel_unref(chan); 976 g_main_loop_quit(event_loop); 977 return FALSE; 978 } 979 980 type = *ptr++; 981 982 write_snoop(vdev.dd, type, 0, buf, len); 983 984 switch (type) { 985 case HCI_COMMAND_PKT: 986 hci_command(ptr); 987 break; 988 989 case HCI_ACLDATA_PKT: 990 hci_acl_data(ptr); 991 break; 992 993 default: 994 syslog(LOG_ERR, "Unknown packet type 0x%2.2x", type); 995 break; 996 } 997 998 return TRUE; 999 } 1000 1001 static int getbdaddrbyname(char *str, bdaddr_t *ba) 1002 { 1003 int i, n, len; 1004 1005 len = strlen(str); 1006 1007 /* Check address format */ 1008 for (i = 0, n = 0; i < len; i++) 1009 if (str[i] == ':') 1010 n++; 1011 1012 if (n == 5) { 1013 /* BD address */ 1014 str2ba(str, ba); 1015 return 0; 1016 } 1017 1018 if (n == 1) { 1019 /* IP address + port */ 1020 struct hostent *hent; 1021 bdaddr_t b; 1022 char *ptr; 1023 1024 ptr = strchr(str, ':'); 1025 *ptr++ = 0; 1026 1027 if (!(hent = gethostbyname(str))) { 1028 fprintf(stderr, "Can't resolve %s\n", str); 1029 return -2; 1030 } 1031 1032 memcpy(&b, hent->h_addr, 4); 1033 *(uint16_t *) (&b.b[4]) = htons(atoi(ptr)); 1034 baswap(ba, &b); 1035 1036 return 0; 1037 } 1038 1039 fprintf(stderr, "Invalid address format\n"); 1040 1041 return -1; 1042 } 1043 1044 static void rewrite_bdaddr(unsigned char *buf, int len, bdaddr_t *bdaddr) 1045 { 1046 hci_event_hdr *eh; 1047 unsigned char *ptr = buf; 1048 int type; 1049 1050 if (!bdaddr) 1051 return; 1052 1053 if (!bacmp(bdaddr, BDADDR_ANY)) 1054 return; 1055 1056 type = *ptr++; 1057 1058 switch (type) { 1059 case HCI_EVENT_PKT: 1060 eh = (hci_event_hdr *) ptr; 1061 ptr += HCI_EVENT_HDR_SIZE; 1062 1063 if (eh->evt == EVT_CMD_COMPLETE) { 1064 evt_cmd_complete *cc = (void *) ptr; 1065 1066 ptr += EVT_CMD_COMPLETE_SIZE; 1067 1068 if (cc->opcode == htobs(cmd_opcode_pack(OGF_INFO_PARAM, 1069 OCF_READ_BD_ADDR))) { 1070 bacpy((bdaddr_t *) (ptr + 1), bdaddr); 1071 } 1072 } 1073 break; 1074 } 1075 } 1076 1077 static int run_proxy(int fd, int dev, bdaddr_t *bdaddr) 1078 { 1079 unsigned char buf[HCI_MAX_FRAME_SIZE + 1]; 1080 struct hci_dev_info di; 1081 struct hci_filter flt; 1082 struct pollfd p[2]; 1083 int dd, err, len, need_raw; 1084 1085 dd = hci_open_dev(dev); 1086 if (dd < 0) { 1087 syslog(LOG_ERR, "Can't open device hci%d: %s (%d)", 1088 dev, strerror(errno), errno); 1089 return 1; 1090 } 1091 1092 if (hci_devinfo(dev, &di) < 0) { 1093 syslog(LOG_ERR, "Can't get device info for hci%d: %s (%d)", 1094 dev, strerror(errno), errno); 1095 hci_close_dev(dd); 1096 return 1; 1097 } 1098 1099 need_raw = !hci_test_bit(HCI_RAW, &di.flags); 1100 1101 hci_filter_clear(&flt); 1102 hci_filter_all_ptypes(&flt); 1103 hci_filter_all_events(&flt); 1104 1105 if (setsockopt(dd, SOL_HCI, HCI_FILTER, &flt, sizeof(flt)) < 0) { 1106 syslog(LOG_ERR, "Can't set filter for hci%d: %s (%d)", 1107 dev, strerror(errno), errno); 1108 hci_close_dev(dd); 1109 return 1; 1110 } 1111 1112 if (need_raw) { 1113 if (ioctl(dd, HCISETRAW, 1) < 0) { 1114 syslog(LOG_ERR, "Can't set raw mode on hci%d: %s (%d)", 1115 dev, strerror(errno), errno); 1116 hci_close_dev(dd); 1117 return 1; 1118 } 1119 } 1120 1121 p[0].fd = fd; 1122 p[0].events = POLLIN; 1123 p[1].fd = dd; 1124 p[1].events = POLLIN; 1125 1126 while (!__io_canceled) { 1127 p[0].revents = 0; 1128 p[1].revents = 0; 1129 err = poll(p, 2, 500); 1130 if (err < 0) 1131 break; 1132 if (!err) 1133 continue; 1134 1135 if (p[0].revents & POLLIN) { 1136 len = read(fd, buf, sizeof(buf)); 1137 if (len > 0) { 1138 rewrite_bdaddr(buf, len, bdaddr); 1139 err = write(dd, buf, len); 1140 } 1141 } 1142 1143 if (p[1].revents & POLLIN) { 1144 len = read(dd, buf, sizeof(buf)); 1145 if (len > 0) { 1146 rewrite_bdaddr(buf, len, bdaddr); 1147 err = write(fd, buf, len); 1148 } 1149 } 1150 } 1151 1152 if (need_raw) { 1153 if (ioctl(dd, HCISETRAW, 0) < 0) 1154 syslog(LOG_ERR, "Can't clear raw mode on hci%d: %s (%d)", 1155 dev, strerror(errno), errno); 1156 } 1157 1158 hci_close_dev(dd); 1159 1160 syslog(LOG_INFO, "Exit"); 1161 1162 return 0; 1163 } 1164 1165 static void usage(void) 1166 { 1167 printf("hciemu - HCI emulator ver %s\n", VERSION); 1168 printf("Usage: \n"); 1169 printf("\thciemu [options] local_address\n" 1170 "Options:\n" 1171 "\t[-d device] use specified device\n" 1172 "\t[-b bdaddr] emulate specified address\n" 1173 "\t[-s file] create snoop file\n" 1174 "\t[-n] do not detach\n" 1175 "\t[-h] help, you are looking at it\n"); 1176 } 1177 1178 static struct option main_options[] = { 1179 { "device", 1, 0, 'd' }, 1180 { "bdaddr", 1, 0, 'b' }, 1181 { "snoop", 1, 0, 's' }, 1182 { "nodetach", 0, 0, 'n' }, 1183 { "help", 0, 0, 'h' }, 1184 { 0 } 1185 }; 1186 1187 int main(int argc, char *argv[]) 1188 { 1189 struct sigaction sa; 1190 GIOChannel *dev_io; 1191 char *device = NULL, *snoop = NULL; 1192 bdaddr_t bdaddr; 1193 int fd, dd, opt, detach = 1, dev = -1; 1194 1195 bacpy(&bdaddr, BDADDR_ANY); 1196 1197 while ((opt=getopt_long(argc, argv, "d:b:s:nh", main_options, NULL)) != EOF) { 1198 switch(opt) { 1199 case 'd': 1200 device = strdup(optarg); 1201 break; 1202 1203 case 'b': 1204 str2ba(optarg, &bdaddr); 1205 break; 1206 1207 case 's': 1208 snoop = strdup(optarg); 1209 break; 1210 1211 case 'n': 1212 detach = 0; 1213 break; 1214 1215 case 'h': 1216 default: 1217 usage(); 1218 exit(0); 1219 } 1220 } 1221 1222 argc -= optind; 1223 argv += optind; 1224 optind = 0; 1225 1226 if (argc < 1) { 1227 usage(); 1228 exit(1); 1229 } 1230 1231 if (strlen(argv[0]) > 3 && !strncasecmp(argv[0], "hci", 3)) { 1232 dev = hci_devid(argv[0]); 1233 if (dev < 0) { 1234 perror("Invalid device"); 1235 exit(1); 1236 } 1237 } else { 1238 if (getbdaddrbyname(argv[0], &vdev.bdaddr) < 0) 1239 exit(1); 1240 } 1241 1242 if (detach) { 1243 if (daemon(0, 0)) { 1244 perror("Can't start daemon"); 1245 exit(1); 1246 } 1247 } 1248 1249 /* Start logging to syslog and stderr */ 1250 openlog("hciemu", LOG_PID | LOG_NDELAY | LOG_PERROR, LOG_DAEMON); 1251 syslog(LOG_INFO, "HCI emulation daemon ver %s started", VERSION); 1252 1253 memset(&sa, 0, sizeof(sa)); 1254 sa.sa_flags = SA_NOCLDSTOP; 1255 sa.sa_handler = SIG_IGN; 1256 sigaction(SIGCHLD, &sa, NULL); 1257 sigaction(SIGPIPE, &sa, NULL); 1258 1259 sa.sa_handler = sig_term; 1260 sigaction(SIGTERM, &sa, NULL); 1261 sigaction(SIGINT, &sa, NULL); 1262 1263 io_init(); 1264 1265 if (!device && dev >= 0) 1266 device = strdup(GHCI_DEV); 1267 1268 /* Open and create virtual HCI device */ 1269 if (device) { 1270 fd = open(device, O_RDWR); 1271 if (fd < 0) { 1272 syslog(LOG_ERR, "Can't open device %s: %s (%d)", 1273 device, strerror(errno), errno); 1274 free(device); 1275 exit(1); 1276 } 1277 free(device); 1278 } else { 1279 fd = open(VHCI_DEV, O_RDWR); 1280 if (fd < 0) { 1281 fd = open(VHCI_UDEV, O_RDWR); 1282 if (fd < 0) { 1283 syslog(LOG_ERR, "Can't open device %s: %s (%d)", 1284 VHCI_DEV, strerror(errno), errno); 1285 exit(1); 1286 } 1287 } 1288 } 1289 1290 /* Create snoop file */ 1291 if (snoop) { 1292 dd = create_snoop(snoop); 1293 if (dd < 0) 1294 syslog(LOG_ERR, "Can't create snoop file %s: %s (%d)", 1295 snoop, strerror(errno), errno); 1296 free(snoop); 1297 } else 1298 dd = -1; 1299 1300 /* Create event loop */ 1301 event_loop = g_main_loop_new(NULL, FALSE); 1302 1303 if (dev >= 0) 1304 return run_proxy(fd, dev, &bdaddr); 1305 1306 /* Device settings */ 1307 vdev.features[0] = 0xff; 1308 vdev.features[1] = 0xff; 1309 vdev.features[2] = 0x8f; 1310 vdev.features[3] = 0xfe; 1311 vdev.features[4] = 0x9b; 1312 vdev.features[5] = 0xf9; 1313 vdev.features[6] = 0x01; 1314 vdev.features[7] = 0x80; 1315 1316 memset(vdev.name, 0, sizeof(vdev.name)); 1317 strncpy((char *) vdev.name, "BlueZ (Virtual HCI)", 1318 sizeof(vdev.name) - 1); 1319 1320 vdev.dev_class[0] = 0x00; 1321 vdev.dev_class[1] = 0x00; 1322 vdev.dev_class[2] = 0x00; 1323 1324 vdev.inq_mode = 0x00; 1325 vdev.eir_fec = 0x00; 1326 memset(vdev.eir_data, 0, sizeof(vdev.eir_data)); 1327 1328 vdev.fd = fd; 1329 vdev.dd = dd; 1330 1331 dev_io = g_io_channel_unix_new(fd); 1332 g_io_add_watch(dev_io, G_IO_IN, io_hci_data, NULL); 1333 1334 setpriority(PRIO_PROCESS, 0, -19); 1335 1336 /* Start event processor */ 1337 g_main_loop_run(event_loop); 1338 1339 close(fd); 1340 1341 if (dd >= 0) 1342 close(dd); 1343 1344 syslog(LOG_INFO, "Exit"); 1345 1346 return 0; 1347 } 1348
