Lines Matching refs:hci
2 * QEMU Bluetooth HCI logic.
415 /* HCI layer emulation */
421 * preserved though (for example if a real hci is used). */
432 static inline uint8_t *bt_hci_event_start(struct bt_hci_s *hci,
439 fprintf(stderr, "%s: HCI event params too long (%ib)\n",
446 if (mask & bt_event_reserved_mask[mask_byte] & ~hci->event_mask[mask_byte])
449 packet = hci->evt_packet(hci->opaque);
456 static inline void bt_hci_event(struct bt_hci_s *hci, int evt,
459 uint8_t *packet = bt_hci_event_start(hci, evt, len);
467 hci->evt_submit(hci->opaque, len + 2);
470 static inline void bt_hci_event_status(struct bt_hci_s *hci, int status)
475 .opcode = hci->last_cmd,
478 bt_hci_event(hci, EVT_CMD_STATUS, ¶ms, EVT_CMD_STATUS_SIZE);
481 static inline void bt_hci_event_complete(struct bt_hci_s *hci,
484 uint8_t *packet = bt_hci_event_start(hci, EVT_CMD_COMPLETE,
492 params->opcode = hci->last_cmd;
496 hci->evt_submit(hci->opaque, len + EVT_CMD_COMPLETE_SIZE + 2);
501 struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
504 if (!hci->lm.periodic)
505 hci->lm.inquire = 0;
510 * nearby Bluetooth devices that responded [so hci->responses].", but
512 bt_hci_event(hci, EVT_INQUIRY_COMPLETE, &status, 1);
515 static void bt_hci_inquiry_result_standard(struct bt_hci_s *hci,
531 bt_hci_event(hci, EVT_INQUIRY_RESULT, ¶ms, INQUIRY_INFO_SIZE);
534 static void bt_hci_inquiry_result_with_rssi(struct bt_hci_s *hci,
550 bt_hci_event(hci, EVT_INQUIRY_RESULT_WITH_RSSI,
554 static void bt_hci_inquiry_result(struct bt_hci_s *hci,
557 if (!slave->inquiry_scan || !hci->lm.responses_left)
560 hci->lm.responses_left --;
561 hci->lm.responses ++;
563 switch (hci->lm.inquiry_mode) {
565 bt_hci_inquiry_result_standard(hci, slave);
568 bt_hci_inquiry_result_with_rssi(hci, slave);
572 hci->lm.inquiry_mode);
583 static void bt_hci_inquiry_start(struct bt_hci_s *hci, int length)
587 hci->lm.inquiry_length = length;
588 for (slave = hci->device.net->slave; slave; slave = slave->next)
590 if (slave != &hci->device)
591 bt_hci_inquiry_result(hci, slave);
598 if (hci->lm.responses_left)
599 bt_hci_mod_timer_1280ms(hci->lm.inquiry_done, hci->lm.inquiry_length);
601 hci);
603 if (hci->lm.periodic)
604 bt_hci_mod_timer_1280ms(hci->lm.inquiry_next, hci->lm.inquiry_period);
609 struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
611 hci->lm.responses_left += hci->lm.responses;
612 hci->lm.responses = 0;
613 bt_hci_inquiry_start(hci, hci->lm.inquiry_length);
616 static inline int bt_hci_handle_bad(struct bt_hci_s *hci, uint16_t handle)
620 !hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
623 static inline int bt_hci_role_master(struct bt_hci_s *hci, uint16_t handle)
625 return !!(hci->lm.role_bmp & (1 << (handle & ~HCI_HANDLE_OFFSET)));
628 static inline struct bt_device_s *bt_hci_remote_dev(struct bt_hci_s *hci,
631 struct bt_link_s *link = hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
633 return bt_hci_role_master(hci, handle) ? link->slave : link->host;
637 static void bt_hci_lmp_link_establish(struct bt_hci_s *hci,
640 hci->lm.handle[hci->lm.last_handle].link = link;
644 hci->lm.role_bmp |= 1 << hci->lm.last_handle;
646 hci->lm.handle[hci->lm.last_handle].lmp_acl_data =
650 hci->lm.role_bmp &= ~(1 << hci->lm.last_handle);
652 hci->lm.handle[hci->lm.last_handle].lmp_acl_data =
659 hci->lm.handle[hci->lm.last_handle].acl_mode_timer =
664 static void bt_hci_lmp_link_teardown(struct bt_hci_s *hci, uint16_t handle)
667 hci->lm.handle[handle].link = NULL;
669 if (bt_hci_role_master(hci, handle)) {
670 qemu_del_timer(hci->lm.handle[handle].acl_mode_timer);
671 qemu_free_timer(hci->lm.handle[handle].acl_mode_timer);
675 static int bt_hci_connect(struct bt_hci_s *hci, bdaddr_t *bdaddr)
680 for (slave = hci->device.net->slave; slave; slave = slave->next)
683 if (!slave || slave == &hci->device)
686 bacpy(&hci->lm.awaiting_bdaddr[hci->lm.connecting ++], &slave->bd_addr);
689 link.host = &hci->device;
695 static void bt_hci_connection_reject(struct bt_hci_s *hci,
699 .slave = &hci->device,
708 static void bt_hci_connection_reject_event(struct bt_hci_s *hci,
718 bt_hci_event(hci, EVT_CONN_COMPLETE, ¶ms, EVT_CONN_COMPLETE_SIZE);
721 static void bt_hci_connection_accept(struct bt_hci_s *hci,
732 while (hci->lm.handle[++ hci->lm.last_handle].link && -- tries)
733 hci->lm.last_handle &= HCI_HANDLES_MAX - 1;
734 handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;
735 } while ((handle == hci->asb_handle || handle == hci->psb_handle) &&
740 bt_hci_connection_reject(hci, host, HCI_REJECTED_LIMITED_RESOURCES);
745 link->btlink.slave = &hci->device;
750 bt_hci_lmp_link_establish(hci, &link->btlink, 0);
758 bt_hci_event(hci, EVT_CONN_COMPLETE, ¶ms, EVT_CONN_COMPLETE_SIZE);
771 struct bt_hci_s *hci = hci_from_device(link->slave);
774 if (hci->conn_req_host) {
775 bt_hci_connection_reject(hci, link->host,
779 hci->conn_req_host = link->host;
782 /* TODO: kick the hci->conn_accept_timer, timeout after
783 * hci->conn_accept_tout * 0.625 msec */
788 bt_hci_event(hci, EVT_CONN_REQUEST, ¶ms, EVT_CONN_REQUEST_SIZE);
794 struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
796 if (!hci->conn_req_host)
810 static int bt_hci_lmp_connection_ready(struct bt_hci_s *hci,
815 for (i = 0; i < hci->lm.connecting; i ++)
816 if (!bacmp(&hci->lm.awaiting_bdaddr[i], bdaddr)) {
817 if (i < -- hci->lm.connecting)
818 bacpy(&hci->lm.awaiting_bdaddr[i],
819 &hci->lm.awaiting_bdaddr[hci->lm.connecting]);
828 struct bt_hci_s *hci = hci_from_device(link->host);
834 if (bt_hci_lmp_connection_ready(hci, &link->slave->bd_addr)) {
835 if (!hci->device.reject_reason)
842 if (hci->device.reject_reason) {
844 status = hci->device.reject_reason;
850 while (hci->lm.handle[++ hci->lm.last_handle].link && -- tries)
851 hci->lm.last_handle &= HCI_HANDLES_MAX - 1;
852 handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;
853 } while ((handle == hci->asb_handle || handle == hci->psb_handle) &&
864 bt_hci_lmp_link_establish(hci, link, 1);
872 bt_hci_event(hci, EVT_CONN_COMPLETE, ¶ms, EVT_CONN_COMPLETE_SIZE);
875 static void bt_hci_disconnect(struct bt_hci_s *hci,
879 hci->lm.handle[handle & ~HCI_HANDLE_OFFSET].link;
883 if (bt_hci_role_master(hci, handle)) {
899 bt_hci_lmp_link_teardown(hci, handle);
904 bt_hci_event(hci, EVT_DISCONN_COMPLETE,
911 struct bt_hci_s *hci = hci_from_device(link->host);
915 bt_hci_lmp_link_teardown(hci, handle);
919 params.reason = hci->device.reject_reason;
920 bt_hci_event(hci, EVT_DISCONN_COMPLETE,
927 struct bt_hci_s *hci = hci_from_device(btlink->slave);
933 bt_hci_lmp_link_teardown(hci, handle);
937 params.reason = hci->device.reject_reason;
938 bt_hci_event(hci, EVT_DISCONN_COMPLETE,
942 static int bt_hci_name_req(struct bt_hci_s *hci, bdaddr_t *bdaddr)
948 for (slave = hci->device.net->slave; slave; slave = slave->next)
954 bt_hci_event_status(hci, HCI_SUCCESS);
961 bt_hci_event(hci, EVT_REMOTE_NAME_REQ_COMPLETE,
967 static int bt_hci_features_req(struct bt_hci_s *hci, uint16_t handle)
972 if (bt_hci_handle_bad(hci, handle))
975 slave = bt_hci_remote_dev(hci, handle);
977 bt_hci_event_status(hci, HCI_SUCCESS);
989 bt_hci_event(hci, EVT_READ_REMOTE_FEATURES_COMPLETE,
995 static int bt_hci_version_req(struct bt_hci_s *hci, uint16_t handle)
999 if (bt_hci_handle_bad(hci, handle))
1002 bt_hci_remote_dev(hci, handle);
1004 bt_hci_event_status(hci, HCI_SUCCESS);
1011 bt_hci_event(hci, EVT_READ_REMOTE_VERSION_COMPLETE,
1017 static int bt_hci_clkoffset_req(struct bt_hci_s *hci, uint16_t handle)
1022 if (bt_hci_handle_bad(hci, handle))
1025 slave = bt_hci_remote_dev(hci, handle);
1027 bt_hci_event_status(hci, HCI_SUCCESS);
1033 bt_hci_event(hci, EVT_READ_CLOCK_OFFSET_COMPLETE,
1039 static void bt_hci_event_mode(struct bt_hci_s *hci, struct bt_link_s *link,
1049 bt_hci_event(hci, EVT_MODE_CHANGE, ¶ms, EVT_MODE_CHANGE_SIZE);
1052 static void bt_hci_lmp_mode_change_master(struct bt_hci_s *hci,
1058 bt_hci_event_mode(hci, link, link->handle);
1066 struct bt_hci_s *hci = hci_from_device(btlink->slave);
1068 bt_hci_event_mode(hci, btlink, link->handle);
1071 static int bt_hci_mode_change(struct bt_hci_s *hci, uint16_t handle,
1076 if (bt_hci_handle_bad(hci, handle) || !bt_hci_role_master(hci, handle))
1079 link = &hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
1081 bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);
1085 bt_hci_event_status(hci, HCI_SUCCESS);
1089 bt_hci_lmp_mode_change_master(hci, link->link, mode, interval);
1094 static int bt_hci_mode_cancel(struct bt_hci_s *hci, uint16_t handle, int mode)
1098 if (bt_hci_handle_bad(hci, handle) || !bt_hci_role_master(hci, handle))
1101 link = &hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
1103 bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);
1108 bt_hci_event_status(hci, HCI_SUCCESS);
1111 bt_hci_lmp_mode_change_master(hci, link->link, acl_active, 0);
1119 struct bt_hci_s *hci = hci_from_device(link->host);
1121 bt_hci_lmp_mode_change_master(hci, link, acl_active, 0);
1124 static void bt_hci_reset(struct bt_hci_s *hci)
1126 hci->acl_len = 0;
1127 hci->last_cmd = 0;
1128 hci->lm.connecting = 0;
1130 hci->event_mask[0] = 0xff;
1131 hci->event_mask[1] = 0xff;
1132 hci->event_mask[2] = 0xff;
1133 hci->event_mask[3] = 0xff;
1134 hci->event_mask[4] = 0xff;
1135 hci->event_mask[5] = 0x1f;
1136 hci->event_mask[6] = 0x00;
1137 hci->event_mask[7] = 0x00;
1138 hci->device.inquiry_scan = 0;
1139 hci->device.page_scan = 0;
1140 if (hci->device.lmp_name)
1141 hci->device.lmp_name);
1142 hci->device.lmp_name = NULL;
1143 hci->device.class[0] = 0x00;
1144 hci->device.class[1] = 0x00;
1145 hci->device.class[2] = 0x00;
1146 hci->voice_setting = 0x0000;
1147 hci->conn_accept_tout = 0x1f40;
1148 hci->lm.inquiry_mode = 0x00;
1150 hci->psb_handle = 0x000;
1151 hci->asb_handle = 0x000;
1154 qemu_del_timer(hci->lm.inquiry_done);
1155 qemu_del_timer(hci->lm.inquiry_next);
1156 qemu_del_timer(hci->conn_accept_timer);
1159 static void bt_hci_read_local_version_rp(struct bt_hci_s *hci)
1170 bt_hci_event_complete(hci, &lv, READ_LOCAL_VERSION_RP_SIZE);
1173 static void bt_hci_read_local_commands_rp(struct bt_hci_s *hci)
1179 /* Also, keep in sync with hci->device.lmp_caps in bt_new_hci */
1191 bt_hci_event_complete(hci, &lc, READ_LOCAL_COMMANDS_RP_SIZE);
1194 static void bt_hci_read_local_features_rp(struct bt_hci_s *hci)
1199 (hci->device.lmp_caps >> 0) & 0xff,
1200 (hci->device.lmp_caps >> 8) & 0xff,
1201 (hci->device.lmp_caps >> 16) & 0xff,
1202 (hci->device.lmp_caps >> 24) & 0xff,
1203 (hci->device.lmp_caps >> 32) & 0xff,
1204 (hci->device.lmp_caps >> 40) & 0xff,
1205 (hci->device.lmp_caps >> 48) & 0xff,
1206 (hci->device.lmp_caps >> 56) & 0xff,
1210 bt_hci_event_complete(hci, &lf, READ_LOCAL_FEATURES_RP_SIZE);
1213 static void bt_hci_read_local_ext_features_rp(struct bt_hci_s *hci, int page)
1227 bt_hci_event_complete(hci, &lef, READ_LOCAL_EXT_FEATURES_RP_SIZE);
1230 static void bt_hci_read_buffer_size_rp(struct bt_hci_s *hci)
1233 /* This can be made configurable, for one standard USB dongle HCI
1243 bt_hci_event_complete(hci, &bs, READ_BUFFER_SIZE_RP_SIZE);
1247 static void bt_hci_read_country_code_rp(struct bt_hci_s *hci)
1254 bt_hci_event_complete(hci, &cc, READ_COUNTRY_CODE_RP_SIZE);
1259 static void bt_hci_read_bd_addr_rp(struct bt_hci_s *hci)
1263 .bdaddr = BAINIT(&hci->device.bd_addr),
1266 bt_hci_event_complete(hci, &ba, READ_BD_ADDR_RP_SIZE);
1269 static int bt_hci_link_quality_rp(struct bt_hci_s *hci, uint16_t handle)
1277 if (bt_hci_handle_bad(hci, handle))
1280 bt_hci_event_complete(hci, &lq, READ_LINK_QUALITY_RP_SIZE);
1285 static inline void bt_hci_event_complete_status(struct bt_hci_s *hci,
1288 bt_hci_event_complete(hci, &status, 1);
1291 static inline void bt_hci_event_complete_conn_cancel(struct bt_hci_s *hci,
1299 bt_hci_event_complete(hci, ¶ms, CREATE_CONN_CANCEL_RP_SIZE);
1302 static inline void bt_hci_event_auth_complete(struct bt_hci_s *hci,
1310 bt_hci_event(hci, EVT_AUTH_COMPLETE, ¶ms, EVT_AUTH_COMPLETE_SIZE);
1313 static inline void bt_hci_event_encrypt_change(struct bt_hci_s *hci,
1322 bt_hci_event(hci, EVT_ENCRYPT_CHANGE, ¶ms, EVT_ENCRYPT_CHANGE_SIZE);
1325 static inline void bt_hci_event_complete_name_cancel(struct bt_hci_s *hci,
1333 bt_hci_event_complete(hci, ¶ms, REMOTE_NAME_REQ_CANCEL_RP_SIZE);
1336 static inline void bt_hci_event_read_remote_ext_features(struct bt_hci_s *hci,
1345 bt_hci_event(hci, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE,
1349 static inline void bt_hci_event_complete_lmp_handle(struct bt_hci_s *hci,
1359 bt_hci_event_complete(hci, ¶ms, READ_LMP_HANDLE_RP_SIZE);
1362 static inline void bt_hci_event_complete_role_discovery(struct bt_hci_s *hci,
1371 bt_hci_event_complete(hci, ¶ms, ROLE_DISCOVERY_RP_SIZE);
1374 static inline void bt_hci_event_complete_flush(struct bt_hci_s *hci,
1382 bt_hci_event_complete(hci, ¶ms, FLUSH_RP_SIZE);
1385 static inline void bt_hci_event_complete_read_local_name(struct bt_hci_s *hci)
1390 if (hci->device.lmp_name)
1391 strncpy(params.name, hci->device.lmp_name, sizeof(params.name));
1393 bt_hci_event_complete(hci, ¶ms, READ_LOCAL_NAME_RP_SIZE);
1397 struct bt_hci_s *hci)
1401 .timeout = cpu_to_le16(hci->conn_accept_tout),
1404 bt_hci_event_complete(hci, ¶ms, READ_CONN_ACCEPT_TIMEOUT_RP_SIZE);
1407 static inline void bt_hci_event_complete_read_scan_enable(struct bt_hci_s *hci)
1412 (hci->device.inquiry_scan ? SCAN_INQUIRY : 0) |
1413 (hci->device.page_scan ? SCAN_PAGE : 0),
1416 bt_hci_event_complete(hci, ¶ms, READ_SCAN_ENABLE_RP_SIZE);
1419 static inline void bt_hci_event_complete_read_local_class(struct bt_hci_s *hci)
1424 memcpy(params.dev_class, hci->device.class, sizeof(params.dev_class));
1426 bt_hci_event_complete(hci, ¶ms, READ_CLASS_OF_DEV_RP_SIZE);
1429 static inline void bt_hci_event_complete_voice_setting(struct bt_hci_s *hci)
1433 .voice_setting = hci->voice_setting, /* Note: no swapping */
1436 bt_hci_event_complete(hci, ¶ms, READ_VOICE_SETTING_RP_SIZE);
1440 struct bt_hci_s *hci)
1444 .mode = hci->lm.inquiry_mode,
1447 bt_hci_event_complete(hci, ¶ms, READ_INQUIRY_MODE_RP_SIZE);
1450 static inline void bt_hci_event_num_comp_pkts(struct bt_hci_s *hci,
1460 bt_hci_event(hci, EVT_NUM_COMP_PKTS, params, EVT_NUM_COMP_PKTS_SIZE(1));
1466 struct bt_hci_s *hci = hci_from_info(info);
1473 memcpy(&hci->last_cmd, data, 2);
1497 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1501 hci->lm.inquire = 1;
1502 hci->lm.periodic = 0;
1503 hci->lm.responses_left = PARAM(inquiry, num_rsp) ?: INT_MAX;
1504 hci->lm.responses = 0;
1505 bt_hci_event_status(hci, HCI_SUCCESS);
1506 bt_hci_inquiry_start(hci, PARAM(inquiry, length));
1510 if (!hci->lm.inquire || hci->lm.periodic) {
1516 bt_hci_event_complete_status(hci, HCI_COMMAND_DISALLOWED);
1520 hci->lm.inquire = 0;
1521 qemu_del_timer(hci->lm.inquiry_done);
1522 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1535 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1539 hci->lm.inquire = 1;
1540 hci->lm.periodic = 1;
1541 hci->lm.responses_left = PARAM(periodic_inquiry, num_rsp);
1542 hci->lm.responses = 0;
1543 hci->lm.inquiry_period = PARAM16(periodic_inquiry, max_period);
1544 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1545 bt_hci_inquiry_start(hci, PARAM(periodic_inquiry, length));
1549 if (!hci->lm.inquire || !hci->lm.periodic) {
1555 bt_hci_event_complete_status(hci, HCI_COMMAND_DISALLOWED);
1558 hci->lm.inquire = 0;
1559 qemu_del_timer(hci->lm.inquiry_done);
1560 qemu_del_timer(hci->lm.inquiry_next);
1561 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1567 if (hci->lm.connecting >= HCI_HANDLES_MAX) {
1568 bt_hci_event_status(hci, HCI_REJECTED_LIMITED_RESOURCES);
1571 bt_hci_event_status(hci, HCI_SUCCESS);
1573 if (bt_hci_connect(hci, &PARAM(create_conn, bdaddr)))
1574 bt_hci_connection_reject_event(hci, &PARAM(create_conn, bdaddr));
1580 if (bt_hci_handle_bad(hci, PARAMHANDLE(disconnect))) {
1581 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1585 bt_hci_event_status(hci, HCI_SUCCESS);
1586 bt_hci_disconnect(hci, PARAMHANDLE(disconnect),
1593 if (bt_hci_lmp_connection_ready(hci,
1596 if (bt_hci_role_master(hci, i) && hci->lm.handle[i].link &&
1597 !bacmp(&hci->lm.handle[i].link->slave->bd_addr,
1601 bt_hci_event_complete_conn_cancel(hci, i < HCI_HANDLES_MAX ?
1605 bt_hci_event_complete_conn_cancel(hci, HCI_SUCCESS,
1612 if (!hci->conn_req_host ||
1614 &hci->conn_req_host->bd_addr)) {
1615 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1619 bt_hci_event_status(hci, HCI_SUCCESS);
1620 bt_hci_connection_accept(hci, hci->conn_req_host);
1621 hci->conn_req_host = NULL;
1627 if (!hci->conn_req_host ||
1629 &hci->conn_req_host->bd_addr)) {
1630 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1634 bt_hci_event_status(hci, HCI_SUCCESS);
1635 bt_hci_connection_reject(hci, hci->conn_req_host,
1637 bt_hci_connection_reject_event(hci, &hci->conn_req_host->bd_addr);
1638 hci->conn_req_host = NULL;
1644 if (bt_hci_handle_bad(hci, PARAMHANDLE(auth_requested)))
1645 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1647 bt_hci_event_status(hci, HCI_SUCCESS);
1648 bt_hci_event_auth_complete(hci, PARAMHANDLE(auth_requested));
1655 if (bt_hci_handle_bad(hci, PARAMHANDLE(set_conn_encrypt)))
1656 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1658 bt_hci_event_status(hci, HCI_SUCCESS);
1659 bt_hci_event_encrypt_change(hci,
1668 if (bt_hci_name_req(hci, &PARAM(remote_name_req, bdaddr)))
1669 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1675 bt_hci_event_complete_name_cancel(hci,
1682 if (bt_hci_features_req(hci, PARAMHANDLE(read_remote_features)))
1683 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1689 if (bt_hci_handle_bad(hci, PARAMHANDLE(read_remote_ext_features)))
1690 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1692 bt_hci_event_status(hci, HCI_SUCCESS);
1693 bt_hci_event_read_remote_ext_features(hci,
1701 if (bt_hci_version_req(hci, PARAMHANDLE(read_remote_version)))
1702 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1708 if (bt_hci_clkoffset_req(hci, PARAMHANDLE(read_clock_offset)))
1709 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1716 bt_hci_event_complete_lmp_handle(hci, PARAMHANDLE(read_lmp_handle));
1728 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1732 if (bt_hci_mode_change(hci, PARAMHANDLE(hold_mode),
1735 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1746 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1750 if (bt_hci_mode_change(hci, PARAMHANDLE(park_mode),
1753 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1759 if (bt_hci_mode_cancel(hci, PARAMHANDLE(exit_park_mode),
1761 bt_hci_event_status(hci, HCI_NO_CONNECTION);
1767 if (bt_hci_handle_bad(hci, PARAMHANDLE(role_discovery)))
1768 bt_hci_event_complete_role_discovery(hci,
1771 bt_hci_event_complete_role_discovery(hci,
1773 bt_hci_role_master(hci,
1780 memcpy(hci->event_mask, PARAM(set_event_mask, mask), 8);
1781 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1785 bt_hci_reset(hci);
1786 bt_hci_event_status(hci, HCI_SUCCESS);
1796 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1802 if (bt_hci_handle_bad(hci, PARAMHANDLE(flush)))
1803 bt_hci_event_complete_flush(hci,
1807 bt_hci_event(hci, EVT_FLUSH_OCCURRED,
1810 bt_hci_event_complete_flush(hci,
1818 if (hci->device.lmp_name)
1819 qemu_free((void *) hci->device.lmp_name);
1820 hci->device.lmp_name = qemu_strndup(PARAM(change_local_name, name),
1822 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1826 bt_hci_event_complete_read_local_name(hci);
1830 bt_hci_event_complete_read_conn_accept_timeout(hci);
1839 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1843 hci->conn_accept_tout = PARAM16(write_conn_accept_timeout, timeout);
1844 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1848 bt_hci_event_complete_read_scan_enable(hci);
1855 hci->device.inquiry_scan =
1857 hci->device.page_scan =
1859 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1863 bt_hci_event_complete_read_local_class(hci);
1869 memcpy(hci->device.class, PARAM(write_class_of_dev, dev_class),
1871 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1875 bt_hci_event_complete_voice_setting(hci);
1881 hci->voice_setting = PARAM(write_voice_setting, voice_setting);
1882 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1890 if (bt_hci_handle_bad(hci,
1892 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1899 bt_hci_event_complete_read_inquiry_mode(hci);
1909 bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
1913 hci->lm.inquiry_mode = PARAM(write_inquiry_mode, mode);
1914 bt_hci_event_complete_status(hci, HCI_SUCCESS);
1918 bt_hci_read_local_version_rp(hci);
1922 bt_hci_read_local_commands_rp(hci);
1926 bt_hci_read_local_features_rp(hci);
1932 bt_hci_read_local_ext_features_rp(hci,
1937 bt_hci_read_buffer_size_rp(hci);
1941 bt_hci_read_country_code_rp(hci);
1945 bt_hci_read_bd_addr_rp(hci);
1951 bt_hci_link_quality_rp(hci, PARAMHANDLE(read_link_quality));
1955 bt_hci_event_status(hci, HCI_UNKNOWN_COMMAND);
1959 fprintf(stderr, "%s: HCI packet too short (%iB)\n",
1961 bt_hci_event_status(hci, HCI_INVALID_PARAMETERS);
1970 static inline void bt_hci_lmp_acl_data(struct bt_hci_s *hci, uint16_t handle,
1973 struct hci_acl_hdr *pkt = (void *) hci->acl_buf;
1978 if (len + HCI_ACL_HDR_SIZE > sizeof(hci->acl_buf)) {
1983 memcpy(hci->acl_buf + HCI_ACL_HDR_SIZE, data, len);
1988 hci->info.acl_recv(hci->info.opaque,
1989 hci->acl_buf, len + HCI_ACL_HDR_SIZE);
2011 struct bt_hci_s *hci = hci_from_info(info);
2028 if (bt_hci_handle_bad(hci, handle)) {
2042 link = hci->lm.handle[handle].link;
2045 if (!hci->asb_handle)
2046 hci->asb_handle = handle;
2047 else if (handle != hci->asb_handle) {
2058 if (!hci->psb_handle)
2059 hci->psb_handle = handle;
2060 else if (handle != hci->psb_handle) {
2071 bt_hci_event_num_comp_pkts(hci, handle | HCI_HANDLE_OFFSET, 1);
2073 /* Do this last as it can trigger further events even in this HCI */
2074 hci->lm.handle[handle].lmp_acl_data(link, data,
2081 struct bt_hci_s *hci = hci_from_info(info);
2092 if (bt_hci_handle_bad(hci, handle)) {
2130 struct bt_hci_s *hci = hci_from_info(info);
2132 bacpy(&hci->device.bd_addr, (const bdaddr_t *) bd_addr);
2139 struct bt_hci_s *hci = hci_from_device(dev);
2141 bt_hci_done(&hci->info);
2185 struct bt_hci_s *hci = hci_from_info(info);
2188 bt_device_done(&hci->device);
2190 if (hci->device.lmp_name)
2191 qemu_free((void *) hci->device.lmp_name);
2196 if (hci->conn_req_host) {
2197 bt_hci_connection_reject(hci,
2198 hci->conn_req_host, HCI_OE_POWER_OFF);
2204 if (!bt_hci_handle_bad(hci, handle))
2205 bt_hci_disconnect(hci, handle, HCI_OE_POWER_OFF);
2209 * an accept or a reject, so we should also check if hci->lm.connecting
2210 * is non-zero and if so, avoid freeing the hci but otherwise disappear
2214 * hci->lm.awaiting_bdaddr[] is empty. */
2216 qemu_free_timer(hci->lm.inquiry_done);
2217 qemu_free_timer(hci->lm.inquiry_next);
2218 qemu_free_timer(hci->conn_accept_timer);
2220 qemu_free(hci);