r2243 - trunk/src/host/qemu-neo1973/hw
andrew at sita.openmoko.org
andrew at sita.openmoko.org
Wed Jun 13 19:13:53 CEST 2007
Author: andrew
Date: 2007-06-13 19:13:50 +0200 (Wed, 13 Jun 2007)
New Revision: 2243
Added:
trunk/src/host/qemu-neo1973/hw/bt-hci.c
trunk/src/host/qemu-neo1973/hw/bt.h
trunk/src/host/qemu-neo1973/hw/usb-bt.c
Log:
Add new files forgotten from last commit.
Added: trunk/src/host/qemu-neo1973/hw/bt-hci.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/bt-hci.c 2007-06-13 17:12:06 UTC (rev 2242)
+++ trunk/src/host/qemu-neo1973/hw/bt-hci.c 2007-06-13 17:13:50 UTC (rev 2243)
@@ -0,0 +1,1323 @@
+/*
+ * QEMU Bluetooth HCI logic.
+ *
+ * Copyright (C) 2007 OpenMoko, Inc.
+ * Written by Andrzej Zaborowski <andrew at openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ * MA 02110-1301 USA
+ */
+#include "vl.h"
+
+void bt_submit_lmp(struct bt_device_s *bt, int length, uint8_t *data)
+{
+ int resp, resplen, error, op, tr;
+ uint8_t respdata[17];
+ if (length < 1)
+ return;
+
+ tr = *data & 1;
+ op = *(data ++) >> 1;
+ resp = LMP_ACCEPTED;
+ resplen = 2;
+ respdata[1] = op;
+ error = 0;
+ length --;
+
+ if (op >= 0x7c) { /* Extended opcode */
+ op |= *(data ++) << 8;
+ resp = LMP_ACCEPTED_EXT;
+ resplen = 4;
+ respdata[0] = op >> 8;
+ respdata[1] = op & 0xff;
+ length --;
+ }
+
+ switch (op) {
+ case LMP_ACCEPTED:
+ /* data[0] Op code
+ */
+ if (length < 1) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = 0;
+ break;
+
+ case LMP_ACCEPTED_EXT:
+ /* data[0] Escape op code
+ * data[1] Extended op code
+ */
+ if (length < 2) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = 0;
+ break;
+
+ case LMP_NOT_ACCEPTED:
+ /* data[0] Op code
+ * data[1] Error code
+ */
+ if (length < 2) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = 0;
+ break;
+
+ case LMP_NOT_ACCEPTED_EXT:
+ /* data[0] Op code
+ * data[1] Extended op code
+ * data[2] Error code
+ */
+ if (length < 3) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = 0;
+ break;
+
+ case LMP_HOST_CONNECTION_REQ:
+ break;
+
+ case LMP_SETUP_COMPLETE:
+ resp = LMP_SETUP_COMPLETE;
+ resplen = 1;
+ bt->setup = 1;
+ break;
+
+ case LMP_DETACH:
+ /* data[0] Error code
+ */
+ if (length < 1) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ bt->setup = 0;
+ resp = 0;
+ break;
+
+ case LMP_SUPERVISION_TIMEOUT:
+ /* data[0,1] Supervision timeout
+ */
+ if (length < 2) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = 0;
+ break;
+
+ case LMP_QUALITY_OF_SERVICE:
+ resp = 0;
+ /* Fall through */
+ case LMP_QOS_REQ:
+ /* data[0,1] Poll interval
+ * data[2] N(BC)
+ */
+ if (length < 3) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ break;
+
+ case LMP_MAX_SLOT:
+ resp = 0;
+ /* Fall through */
+ case LMP_MAX_SLOT_REQ:
+ /* data[0] Max slots
+ */
+ if (length < 1) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ break;
+
+ case LMP_AU_RAND:
+ case LMP_IN_RAND:
+ case LMP_COMB_KEY:
+ /* data[0-15] Random number
+ */
+ if (length < 16) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ if (op == LMP_AU_RAND) {
+ if (bt->key_present) {
+ resp = LMP_SRES;
+ resplen = 5;
+ /* XXX: [Part H] Section 6.1 on page 801 */
+ } else {
+ error = HCI_PIN_OR_KEY_MISSING;
+ goto not_accepted;
+ }
+ } else if (op == LMP_IN_RAND) {
+ error = HCI_PAIRING_NOT_ALLOWED;
+ goto not_accepted;
+ } else {
+ /* XXX: [Part H] Section 3.2 on page 779 */
+ resp = LMP_UNIT_KEY;
+ resplen = 17;
+ memcpy(respdata + 1, bt->key, 16);
+
+ error = HCI_UNIT_LINK_KEY_USED;
+ goto not_accepted;
+ }
+ break;
+
+ case LMP_UNIT_KEY:
+ /* data[0-15] Key
+ */
+ if (length < 16) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ memcpy(bt->key, data, 16);
+ bt->key_present = 1;
+ break;
+
+ case LMP_SRES:
+ /* data[0-3] Authentication response
+ */
+ if (length < 4) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ break;
+
+ case LMP_CLKOFFSET_REQ:
+ resp = LMP_CLKOFFSET_RES;
+ resplen = 3;
+ respdata[1] = 0x33;
+ respdata[2] = 0x33;
+ break;
+
+ case LMP_CLKOFFSET_RES:
+ /* data[0,1] Clock offset
+ * (Slave to master only)
+ */
+ if (length < 2) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ break;
+
+ case LMP_VERSION_REQ:
+ case LMP_VERSION_RES:
+ /* data[0] VersNr
+ * data[1,2] CompId
+ * data[3,4] SubVersNr
+ */
+ if (length < 5) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ if (op == LMP_VERSION_REQ) {
+ resp = LMP_VERSION_RES;
+ resplen = 6;
+ respdata[1] = 0x20;
+ respdata[2] = 0xff;
+ respdata[3] = 0xff;
+ respdata[4] = 0xff;
+ respdata[5] = 0xff;
+ } else
+ resp = 0;
+ break;
+
+ case LMP_FEATURES_REQ:
+ case LMP_FEATURES_RES:
+ /* data[0-7] Features
+ */
+ if (length < 8) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ if (op == LMP_FEATURES_REQ) {
+ resp = LMP_FEATURES_RES;
+ resplen = 9;
+ respdata[1] = (bt->lmp_caps >> 0) & 0xff;
+ respdata[2] = (bt->lmp_caps >> 8) & 0xff;
+ respdata[3] = (bt->lmp_caps >> 16) & 0xff;
+ respdata[4] = (bt->lmp_caps >> 24) & 0xff;
+ respdata[5] = (bt->lmp_caps >> 32) & 0xff;
+ respdata[6] = (bt->lmp_caps >> 40) & 0xff;
+ respdata[7] = (bt->lmp_caps >> 48) & 0xff;
+ respdata[8] = (bt->lmp_caps >> 56) & 0xff;
+ } else
+ resp = 0;
+ break;
+
+ case LMP_NAME_REQ:
+ /* data[0] Name offset
+ */
+ if (length < 1) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = LMP_NAME_RES;
+ resplen = 17;
+ respdata[1] = data[0];
+ respdata[2] = strlen(bt->lmp_name);
+ memset(respdata + 3, 0x00, 14);
+ if (respdata[2] > respdata[1])
+ memcpy(respdata + 3, bt->lmp_name + respdata[1],
+ respdata[2] - respdata[1]);
+ break;
+
+ case LMP_NAME_RES:
+ /* data[0] Name offset
+ * data[1] Name length
+ * data[2-15] Name fragment
+ */
+ if (length < 16) {
+ error = HCI_UNSUPPORTED_LMP_PARAMETER_VALUE;
+ goto not_accepted;
+ }
+ resp = 0;
+ break;
+
+ default:
+ error = HCI_UNKNOWN_LMP_PDU;
+ /* Fall through */
+ not_accepted:
+ if (op >> 8) {
+ resp = LMP_NOT_ACCEPTED_EXT;
+ resplen = 5;
+ respdata[0] = op >> 8;
+ respdata[1] = op & 0xff;
+ respdata[2] = error;
+ } else {
+ resp = LMP_NOT_ACCEPTED;
+ resplen = 3;
+ respdata[0] = op & 0xff;
+ respdata[1] = error;
+ }
+ }
+
+ if (resp == 0)
+ return;
+
+ if (resp >> 8) {
+ respdata[0] = resp >> 8;
+ respdata[1] = resp & 0xff;
+ } else
+ respdata[0] = resp & 0xff;
+
+ respdata[0] <<= 1;
+ respdata[0] |= tr;
+}
+
+void bt_submit_raw_acl(struct bt_piconet_s *net, int length, uint8_t *data)
+{
+ struct bt_device_s *slave;
+ if (length < 1)
+ return;
+
+ slave = net->slave;
+
+ switch (data[0] & 3) {
+ case LLID_ACLC:
+ bt_submit_lmp(slave, length - 1, data + 1);
+ break;
+ case LLID_ACLU_START:
+#if 0
+ bt_sumbit_l2cap(slave, length - 1, data + 1, (data[0] >> 2) & 1);
+ breka;
+#endif
+ default:
+ case LLID_ACLU_CONT:
+ break;
+ }
+}
+
+/* XXX: handle endiannes */
+#define HNDL(raw) (raw)
+
+static const uint8_t bt_event_reserved_mask[8] = {
+ 0xff, 0x9f, 0xfb, 0xff, 0x07, 0x18, 0x00, 0x00,
+};
+
+static inline uint8_t *bt_hci_event_start(struct bt_hci_s *hci,
+ int evt, int len)
+{
+ uint8_t *packet, mask;
+ int mask_byte;
+ if (len > 255)
+ cpu_abort(cpu_single_env, "HCI event params too long (%ib)\n", len);
+
+ mask_byte = (evt - 1) >> 3;
+ mask = 1 << ((evt - 1) & 3);
+ if (mask & bt_event_reserved_mask[mask_byte] & ~hci->event_mask[mask_byte])
+ return 0;
+
+ packet = hci->evt_packet(hci->opaque);
+ packet[0] = evt;
+ packet[1] = len;
+ return &packet[2];
+}
+
+static inline void bt_hci_event(struct bt_hci_s *hci, int evt,
+ void *params, int len)
+{
+ uint8_t *packet = bt_hci_event_start(hci, evt, len);
+ if (!packet)
+ return;
+
+ if (len)
+ memcpy(packet, params, len);
+
+ hci->evt_submit(hci->opaque, len + 2);
+}
+
+static inline void bt_hci_event_status(struct bt_hci_s *hci, int status)
+{
+ evt_cmd_status params = {
+ .status = status,
+ .ncmd = 5,
+ .opcode = hci->last_cmd,
+ };
+
+ bt_hci_event(hci, EVT_CMD_STATUS, ¶ms, EVT_CMD_STATUS_SIZE);
+}
+
+static inline void bt_hci_event_complete(struct bt_hci_s *hci,
+ void *ret, int len)
+{
+ uint8_t *packet = bt_hci_event_start(hci, EVT_CMD_COMPLETE,
+ len + EVT_CMD_COMPLETE_SIZE);
+ evt_cmd_complete *params = (evt_cmd_complete *) packet;
+ if (!packet)
+ return;
+
+ params->ncmd = 5;
+ params->opcode = hci->last_cmd;
+ if (len)
+ memcpy(&packet[EVT_CMD_COMPLETE_SIZE], ret, len);
+
+ hci->evt_submit(hci->opaque, len + EVT_CMD_COMPLETE_SIZE + 2);
+}
+
+static void bt_hci_inquiry_done(void *opaque)
+{
+ struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
+ bt_hci_event(hci, EVT_INQUIRY_COMPLETE, 0, 0);
+}
+
+static void bt_hci_inquiry_result(struct bt_hci_s *hci,
+ struct bt_device_s *slave)
+{
+ inquiry_info params;
+
+ if (slave->acl_mode != acl_active)
+ return;
+
+ hci->lm.responses_left --;
+ hci->lm.responses ++;
+
+ params.num_responses = 1;
+ bacpy(¶ms.bdaddr, &slave->bd_addr);
+ params.pscan_rep_mode = 0x00; /* R0 */
+ params.pscan_period_mode = 0x00; /* P0 - deprecated */
+ params.pscan_mode = 0x00; /* Standard scan - deprecated */
+ params.dev_class[0] = slave->class[0];
+ params.dev_class[1] = slave->class[1];
+ params.dev_class[2] = slave->class[2];
+ params.clock_offset = slave->clkoff; /* XXX: Endianness */
+ bt_hci_event(hci, EVT_INQUIRY_RESULT, ¶ms, INQUIRY_INFO_SIZE);
+
+ if (hci->lm.periodic) {
+ qemu_mod_timer(hci->lm.inquiry_next, qemu_get_clock(vm_clock) +
+ muldiv64(hci->lm.inquiry_period << 7,
+ ticks_per_sec, 1000));
+ }
+}
+
+static void bt_hci_inquiry_start(struct bt_hci_s *hci, int length)
+{
+ struct bt_device_s *slave;
+
+ hci->lm.inquiry_length = length;
+ if (hci->lm.responses_left == 0)
+ hci->lm.responses_left --;
+ for (slave = hci->net->slave; slave; slave = slave->next)
+ bt_hci_inquiry_result(hci, slave);
+
+ if (hci->lm.responses_left)
+ qemu_mod_timer(hci->lm.inquiry_done, qemu_get_clock(vm_clock) +
+ muldiv64(hci->lm.inquiry_length << 7,
+ ticks_per_sec, 1000));
+ else
+ bt_hci_inquiry_done(hci);
+}
+
+static void bt_hci_inquiry_next(void *opaque)
+{
+ struct bt_hci_s *hci = (struct bt_hci_s *) opaque;
+
+ hci->lm.responses_left += hci->lm.responses;
+ hci->lm.responses = 0;
+ bt_hci_inquiry_start(hci, hci->lm.inquiry_length);
+}
+
+static inline int bt_hci_handle_bad(struct bt_hci_s *hci, uint16_t handle)
+{
+ return handle < HCI_HANDLE_OFFSET || handle >= HCI_HANDLE_OFFSET + 16 ||
+ !hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
+}
+
+static int bt_hci_connect(struct bt_hci_s *hci, bdaddr_t *bdaddr)
+{
+ struct bt_device_s *slave;
+ uint16_t handle;
+ evt_conn_complete params;
+
+ for (slave = hci->net->slave; slave; slave = slave->next)
+ if (slave->acl_mode == acl_active && !bacmp(&slave->bd_addr, bdaddr))
+ break;
+ if (!slave)
+ return -ENODEV;
+
+ slave->setup = 1;
+
+ /* Make a connection handle */
+ do {
+ while (hci->lm.handle[++ hci->lm.last_handle])
+ hci->lm.last_handle &= 15;
+ handle = hci->lm.last_handle | HCI_HANDLE_OFFSET;
+ } while (handle == hci->asb_handle || handle == hci->psb_handle);
+
+ hci->lm.handle[hci->lm.last_handle] = slave;
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ /* XXX: Send CONNCOMPLETE to slave */
+
+ params.status = HCI_SUCCESS;
+ params.handle = HNDL(handle);
+ bacpy(¶ms.bdaddr, &slave->bd_addr);
+ params.link_type = ACL_LINK;
+ params.encr_mode = 0x00; /* Encryption not required */
+ bt_hci_event(hci, EVT_CONN_COMPLETE, ¶ms, EVT_CONN_COMPLETE_SIZE);
+ return 0;
+}
+
+static int bt_hci_disconnect(struct bt_hci_s *hci, uint16_t handle, int reason)
+{
+ struct bt_device_s *slave;
+ evt_disconn_complete params;
+
+ if (bt_hci_handle_bad(hci, handle))
+ return -ENODEV;
+
+ slave = hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ /* XXX: send Disconnection Complete to remote dev. */
+ slave->setup = 0;
+ hci->lm.handle[handle & ~HCI_HANDLE_OFFSET] = 0;
+
+ params.status = HCI_SUCCESS;
+ params.handle = HNDL(handle);
+ params.reason = HCI_CONNECTION_TERMINATED;
+ bt_hci_event(hci, EVT_DISCONN_COMPLETE,
+ ¶ms, EVT_DISCONN_COMPLETE_SIZE);
+ return 0;
+}
+
+static int bt_hci_name_req(struct bt_hci_s *hci, bdaddr_t *bdaddr)
+{
+ struct bt_device_s *slave;
+ evt_remote_name_req_complete params;
+
+ for (slave = hci->net->slave; slave; slave = slave->next)
+ if (slave->acl_mode == acl_active && !bacmp(&slave->bd_addr, bdaddr))
+ break;
+ if (!slave)
+ return -ENODEV;
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ params.status = HCI_SUCCESS;
+ bacpy(¶ms.bdaddr, &slave->bd_addr);
+ snprintf(params.name, sizeof(params.name), "%s", slave->lmp_name);
+ bt_hci_event(hci, EVT_REMOTE_NAME_REQ_COMPLETE,
+ ¶ms, EVT_REMOTE_NAME_REQ_COMPLETE_SIZE);
+ return 0;
+}
+
+static int bt_hci_features_req(struct bt_hci_s *hci, uint16_t handle)
+{
+ struct bt_device_s *slave;
+ evt_read_remote_features_complete params;
+
+ if (bt_hci_handle_bad(hci, handle))
+ return -ENODEV;
+
+ slave = hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ params.status = HCI_SUCCESS;
+ params.status = HNDL(handle);
+ params.features[0] = (slave->lmp_caps >> 0) & 0xff;
+ params.features[1] = (slave->lmp_caps >> 8) & 0xff;
+ params.features[2] = (slave->lmp_caps >> 16) & 0xff;
+ params.features[3] = (slave->lmp_caps >> 24) & 0xff;
+ params.features[4] = (slave->lmp_caps >> 32) & 0xff;
+ params.features[5] = (slave->lmp_caps >> 40) & 0xff;
+ params.features[6] = (slave->lmp_caps >> 48) & 0xff;
+ params.features[7] = (slave->lmp_caps >> 56) & 0xff;
+ bt_hci_event(hci, EVT_READ_REMOTE_FEATURES_COMPLETE,
+ ¶ms, EVT_READ_REMOTE_FEATURES_COMPLETE_SIZE);
+ return 0;
+}
+
+static int bt_hci_version_req(struct bt_hci_s *hci, uint16_t handle)
+{
+ struct bt_device_s *slave;
+ evt_read_remote_version_complete params;
+
+ if (bt_hci_handle_bad(hci, handle))
+ return -ENODEV;
+
+ slave = hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ params.status = HCI_SUCCESS;
+ params.handle = HNDL(handle);
+ params.lmp_ver = 0x03;
+ params.manufacturer = 0xa000; /* XXX: Endianness */
+ params.lmp_subver = 0xa607; /* XXX: Endianness */
+ bt_hci_event(hci, EVT_READ_REMOTE_VERSION_COMPLETE,
+ ¶ms, EVT_READ_REMOTE_VERSION_COMPLETE_SIZE);
+ return 0;
+}
+
+static int bt_hci_clkoffset_req(struct bt_hci_s *hci, uint16_t handle)
+{
+ struct bt_device_s *slave;
+ evt_read_clock_offset_complete params;
+
+ if (bt_hci_handle_bad(hci, handle))
+ return -ENODEV;
+
+ slave = hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ params.status = HCI_SUCCESS;
+ params.handle = HNDL(handle);
+ params.clock_offset = slave->clkoff; /* XXX: Endianness */
+ bt_hci_event(hci, EVT_READ_CLOCK_OFFSET_COMPLETE,
+ ¶ms, EVT_READ_CLOCK_OFFSET_COMPLETE_SIZE);
+ return 0;
+}
+
+static void bt_hci_event_mode(struct bt_hci_s *hci, uint16_t handle,
+ int mode, int interval)
+{
+ evt_mode_change params = {
+ .status = HCI_SUCCESS,
+ .handle = HNDL(handle),
+ .mode = mode,
+ .interval = interval, /* XXX: Endianness */
+ };
+ bt_hci_event(hci, EVT_MODE_CHANGE, ¶ms, EVT_MODE_CHANGE_SIZE);
+}
+
+static int bt_hci_mode_change(struct bt_hci_s *hci, uint16_t handle,
+ int interval, int mode)
+{
+ struct bt_device_s *slave;
+
+ if (bt_hci_handle_bad(hci, handle))
+ return -ENODEV;
+ slave = hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
+ if (slave->acl_mode != acl_active) {
+ bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);
+ return 0;
+ }
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ slave->acl_mode = mode;
+ qemu_mod_timer(slave->acl_mode_timer, qemu_get_clock(vm_clock) +
+ muldiv64(interval * 625, ticks_per_sec, 1000000));
+ bt_hci_event_mode(hci, handle, mode, interval);
+ return 0;
+}
+
+static int bt_hci_mode_cancel(struct bt_hci_s *hci, uint16_t handle, int mode)
+{
+ struct bt_device_s *slave;
+
+ if (bt_hci_handle_bad(hci, handle))
+ return -ENODEV;
+ slave = hci->lm.handle[handle & ~HCI_HANDLE_OFFSET];
+ if (slave->acl_mode != mode) {
+ bt_hci_event_status(hci, HCI_COMMAND_DISALLOWED);
+ return 0;
+ }
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+
+ slave->acl_mode = acl_active;
+ qemu_del_timer(slave->acl_mode_timer);
+
+ bt_hci_event_mode(hci, handle, acl_active, 0);
+ return 0;
+}
+
+static void bt_hci_mode_tick(void *opaque)
+{
+ uint16_t handle;
+ struct bt_device_s **slave = (struct bt_device_s **) opaque;
+
+ handle = HCI_HANDLE_OFFSET | (
+ (slave - (*slave)->acl_hci->lm.handle) /
+ sizeof(struct bt_device_s *));
+
+ (*slave)->acl_mode = acl_active;
+ bt_hci_event_mode((*slave)->acl_hci, handle, acl_active, 0);
+}
+
+void bt_hci_reset(struct bt_hci_s *hci)
+{
+ hci->acl_len = 0;
+ hci->last_cmd = 0;
+
+ hci->event_mask[0] = 0xff;
+ hci->event_mask[1] = 0xff;
+ hci->event_mask[2] = 0xff;
+ hci->event_mask[3] = 0xff;
+ hci->event_mask[4] = 0xff;
+ hci->event_mask[5] = 0x1f;
+ hci->event_mask[6] = 0x00;
+ hci->event_mask[7] = 0x00;
+ hci->scan_enable = SCAN_DISABLED;
+ if (hci->local_name)
+ free((void *) hci->local_name);
+ hci->local_name = 0;
+ hci->local_class[0] = 0x00;
+ hci->local_class[1] = 0x00;
+ hci->local_class[2] = 0x00;
+ hci->voice_setting = 0x0000;
+
+ /* XXX: qemu_del_timer(sl->acl_mode_timer); for all slaves */
+ qemu_del_timer(hci->lm.inquiry_done);
+ qemu_del_timer(hci->lm.inquiry_next);
+
+ bt_hci_event_status(hci, HCI_SUCCESS);
+}
+
+static void bt_hci_read_local_version_rp(struct bt_hci_s *hci)
+{
+ read_local_version_rp lv = {
+ .status = HCI_SUCCESS,
+ .hci_ver = 0x03,
+ .hci_rev = 0xa607, /* XXX: Endianness */
+ .lmp_ver = 0x03,
+ .manufacturer = 0xa000, /* XXX: Endianness */
+ .lmp_subver = 0xa607, /* XXX: Endianness */
+ };
+
+ bt_hci_event_complete(hci, &lv, READ_LOCAL_VERSION_RP_SIZE);
+}
+
+static void bt_hci_read_local_commands_rp(struct bt_hci_s *hci)
+{
+ read_local_commands_rp lc = {
+ .status = HCI_SUCCESS,
+ .commands = {
+ 0xbf, 0x80, 0xf9, 0x03, 0xb2, 0xc0, 0x03, 0xc3,
+ 0x00, 0x0f, 0x80, 0x00, 0x00, 0x00, 0xe8, 0x13,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ };
+
+ bt_hci_event_complete(hci, &lc, READ_LOCAL_COMMANDS_RP_SIZE);
+}
+
+static void bt_hci_read_local_features_rp(struct bt_hci_s *hci)
+{
+ read_local_features_rp lf = {
+ .status = HCI_SUCCESS,
+ .features = {
+ 0x5f, 0x35, 0x85, 0x7e, 0x9b, 0x19, 0x00, 0x80,
+ },
+ };
+
+ bt_hci_event_complete(hci, &lf, READ_LOCAL_FEATURES_RP_SIZE);
+}
+
+static void bt_hci_read_local_ext_features_rp(struct bt_hci_s *hci, int page)
+{
+ read_local_ext_features_rp lef = {
+ .status = HCI_SUCCESS,
+ .page_num = page,
+ .max_page_num = 0x00,
+ .features = {
+ 0x5f, 0x35, 0x85, 0x7e, 0x9b, 0x19, 0x00, 0x80,
+ },
+ };
+ if (page)
+ memset(lef.features, 0, sizeof(lef.features));
+
+ bt_hci_event_complete(hci, &lef, READ_LOCAL_EXT_FEATURES_RP_SIZE);
+}
+
+static void bt_hci_read_buffer_size_rp(struct bt_hci_s *hci)
+{
+ read_buffer_size_rp bs = {
+ .status = HCI_SUCCESS,
+ .acl_mtu = 0x0180, /* XXX: Endianness */
+ .sco_mtu = 0x40,
+ .acl_max_pkt = 0x0008, /* XXX: Endianness */
+ .sco_max_pkt = 0x0008, /* XXX: Endianness */
+ };
+
+ bt_hci_event_complete(hci, &bs, READ_BUFFER_SIZE_RP_SIZE);
+}
+
+static void bt_hci_read_country_code_rp(struct bt_hci_s *hci)
+{
+ /* This event seems to be undocumented, this code is a guess */
+ struct {
+ uint8_t status;
+ uint8_t code;
+ } cc = { 0x00, 0x00 };
+
+ bt_hci_event_complete(hci, &cc, 2);
+}
+
+static void bt_hci_read_bd_addr_rp(struct bt_hci_s *hci)
+{
+ read_bd_addr_rp ba = {
+ .status = HCI_SUCCESS,
+ .bdaddr = {{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, }},
+ };
+
+ bt_hci_event_complete(hci, &ba, READ_BD_ADDR_RP_SIZE);
+}
+
+static int bt_hci_link_quality_rp(struct bt_hci_s *hci, uint16_t handle)
+{
+ read_link_quality_rp lq = {
+ .status = HCI_SUCCESS,
+ .handle = HNDL(handle),
+ .link_quality = 0xff,
+ };
+
+ if (bt_hci_handle_bad(hci, handle))
+ lq.status = HCI_NO_CONNECTION;
+
+ bt_hci_event_complete(hci, &lq, READ_LINK_QUALITY_RP_SIZE);
+ return 0;
+}
+
+/* Generate a Command Complete event with only the Status parameter */
+static inline void bt_hci_event_complete_status(struct bt_hci_s *hci,
+ uint8_t status)
+{
+ bt_hci_event_complete(hci, &status, 1);
+}
+
+static inline void bt_hci_event_complete_conn_cancel(struct bt_hci_s *hci,
+ bdaddr_t *bd_addr)
+{
+ int i;
+ create_conn_cancel_rp params = {
+ .status = HCI_NO_CONNECTION,
+ .bdaddr = BAINIT(bd_addr),
+ };
+
+ for (i = 0; i < 16; i ++)
+ if (hci->lm.handle[i] && !bacmp(&hci->lm.handle[i]->bd_addr, bd_addr))
+ params.status = HCI_ACL_CONNECTION_EXISTS;
+
+ bt_hci_event_complete(hci, ¶ms, CREATE_CONN_CANCEL_RP_SIZE);
+}
+
+static inline void bt_hci_event_auth_complete(struct bt_hci_s *hci,
+ uint16_t handle)
+{
+ evt_auth_complete params = {
+ .status = HCI_SUCCESS,
+ .handle = HNDL(handle),
+ };
+
+ bt_hci_event(hci, EVT_AUTH_COMPLETE, ¶ms, EVT_AUTH_COMPLETE_SIZE);
+}
+
+static inline void bt_hci_event_encrypt_change(struct bt_hci_s *hci,
+ uint16_t handle, uint8_t mode)
+{
+ evt_encrypt_change params = {
+ .status = HCI_SUCCESS,
+ .handle = HNDL(handle),
+ .encrypt = mode,
+ };
+
+ bt_hci_event(hci, EVT_ENCRYPT_CHANGE, ¶ms, EVT_ENCRYPT_CHANGE_SIZE);
+}
+
+static inline void bt_hci_event_complete_name_cancel(struct bt_hci_s *hci,
+ bdaddr_t *bd_addr)
+{
+ remote_name_req_cancel_rp params = {
+ .status = HCI_INVALID_PARAMETERS,
+ .bdaddr = BAINIT(bd_addr),
+ };
+
+ bt_hci_event_complete(hci, ¶ms, REMOTE_NAME_REQ_CANCEL_RP_SIZE);
+}
+
+static inline void bt_hci_event_read_remote_ext_features(struct bt_hci_s *hci,
+ uint16_t handle)
+{
+ evt_read_remote_ext_features_complete params = {
+ .status = HCI_UNSUPPORTED_FEATURE,
+ .handle = HNDL(handle),
+ /* Rest uninitialised */
+ };
+
+ bt_hci_event(hci, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE,
+ ¶ms, EVT_READ_REMOTE_EXT_FEATURES_COMPLETE_SIZE);
+}
+
+static inline void bt_hci_event_complete_lmp_handle(struct bt_hci_s *hci,
+ uint16_t handle)
+{
+ read_lmp_handle_rp params = {
+ .status = HCI_NO_CONNECTION,
+ .handle = HNDL(handle),
+ .reserved = 0,
+ /* Rest uninitialised */
+ };
+
+ bt_hci_event_complete(hci, ¶ms, READ_LMP_HANDLE_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_role_discovery(struct bt_hci_s *hci,
+ int status, uint16_t handle)
+{
+ role_discovery_rp params = {
+ .status = status,
+ .handle = HNDL(handle),
+ .role = 0x00, /* Master */
+ };
+
+ bt_hci_event_complete(hci, ¶ms, ROLE_DISCOVERY_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_flush(struct bt_hci_s *hci,
+ int status, uint16_t handle)
+{
+ flush_rp params = {
+ .status = status,
+ .handle = HNDL(handle),
+ };
+
+ bt_hci_event_complete(hci, ¶ms, FLUSH_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_read_local_name(struct bt_hci_s *hci)
+{
+ read_local_name_rp params;
+ params.status = HCI_SUCCESS;
+ memset(params.name, 0, sizeof(params.name));
+ if (hci->local_name)
+ strncpy(params.name, hci->local_name, sizeof(params.name));
+
+ bt_hci_event_complete(hci, ¶ms, READ_LOCAL_NAME_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_read_scan_enable(struct bt_hci_s *hci)
+{
+ read_scan_enable_rp params = {
+ .status = HCI_SUCCESS,
+ .enable = hci->scan_enable,
+ };
+
+ bt_hci_event_complete(hci, ¶ms, READ_SCAN_ENABLE_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_read_local_class(struct bt_hci_s *hci)
+{
+ read_class_of_dev_rp params;
+ params.status = HCI_SUCCESS;
+ memcpy(params.dev_class, hci->local_class, sizeof(params.dev_class));
+
+ bt_hci_event_complete(hci, ¶ms, READ_CLASS_OF_DEV_RP_SIZE);
+}
+
+static inline void bt_hci_event_complete_voice_setting(struct bt_hci_s *hci)
+{
+ read_voice_setting_rp params = {
+ .status = HCI_SUCCESS,
+ .voice_setting = hci->voice_setting, /* XXX: Endianness */
+ };
+
+ bt_hci_event_complete(hci, ¶ms, READ_VOICE_SETTING_RP_SIZE);
+}
+
+void bt_submit_hci(struct bt_hci_s *hci, int length, uint8_t *data)
+{
+ uint16_t cmd;
+ int paramlen, i;
+
+ if (length < 3)
+ return;
+
+ hci->last_cmd = *(uint16_t *) data;
+
+ cmd = (data[1] << 8) | data[0];
+ paramlen = data[2];
+ if (cmd_opcode_ogf(cmd) == 0 || cmd_opcode_ocf(cmd) == 0) /* NOP */
+ return;
+
+ data += 3;
+ length -= 3;
+
+ if (paramlen > length)
+ return;
+
+#define PARAM(cmd, param) (((cmd *) data)->param)
+#define PARAMHANDLE(cmd) HNDL(((cmd *) data)->handle)
+ switch (cmd) {
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY):
+ hci->lm.inquire = 1;
+ hci->lm.periodic = 0;
+ hci->lm.responses_left = PARAM(inquiry_cp, num_rsp);
+ hci->lm.responses = 0;
+ bt_hci_event_status(hci, HCI_SUCCESS);
+ bt_hci_inquiry_start(hci, PARAM(inquiry_cp, length));
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY_CANCEL):
+ hci->lm.inquire = 0;
+ qemu_del_timer(hci->lm.inquiry_done);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_PERIODIC_INQUIRY):
+ hci->lm.inquire = 1;
+ hci->lm.periodic = 1;
+ hci->lm.responses_left = PARAM(periodic_inquiry_cp, num_rsp);
+ hci->lm.responses = 0;
+ hci->lm.inquiry_period = PARAM(periodic_inquiry_cp, max_period);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ bt_hci_inquiry_start(hci, PARAM(periodic_inquiry_cp, length));
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_EXIT_PERIODIC_INQUIRY):
+ hci->lm.inquire = 0;
+ qemu_del_timer(hci->lm.inquiry_done);
+ qemu_del_timer(hci->lm.inquiry_next);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_CREATE_CONN):
+ if (bt_hci_connect(hci, &PARAM(create_conn_cp, bdaddr)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_DISCONNECT):
+ if (bt_hci_disconnect(hci, PARAMHANDLE(disconnect_cp),
+ PARAM(disconnect_cp, reason)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_CREATE_CONN_CANCEL):
+ bt_hci_event_complete_conn_cancel(hci,
+ &PARAM(create_conn_cancel_cp, bdaddr));
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_AUTH_REQUESTED):
+ if (bt_hci_handle_bad(hci, PARAMHANDLE(auth_requested_cp)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ else {
+ bt_hci_event_status(hci, HCI_SUCCESS);
+ bt_hci_event_auth_complete(hci, PARAMHANDLE(auth_requested_cp));
+ }
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT):
+ if (bt_hci_handle_bad(hci, PARAMHANDLE(set_conn_encrypt_cp)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ else {
+ bt_hci_event_status(hci, HCI_SUCCESS);
+ bt_hci_event_encrypt_change(hci,
+ PARAMHANDLE(set_conn_encrypt_cp),
+ PARAM(set_conn_encrypt_cp, encrypt));
+ }
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_REMOTE_NAME_REQ):
+ if (bt_hci_name_req(hci, &PARAM(remote_name_req_cp, bdaddr)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_REMOTE_NAME_REQ_CANCEL):
+ bt_hci_event_complete_name_cancel(hci,
+ &PARAM(remote_name_req_cancel_cp, bdaddr));
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_FEATURES):
+ if (bt_hci_features_req(hci, PARAMHANDLE(read_remote_features_cp)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_EXT_FEATURES):
+ if (bt_hci_handle_bad(hci, PARAMHANDLE(read_remote_ext_features_cp)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ else {
+ bt_hci_event_status(hci, HCI_SUCCESS);
+ bt_hci_event_read_remote_ext_features(hci,
+ PARAMHANDLE(read_remote_ext_features_cp));
+ }
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_REMOTE_VERSION):
+ if (bt_hci_version_req(hci, PARAMHANDLE(read_remote_version_cp)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_CLOCK_OFFSET):
+ if (bt_hci_clkoffset_req(hci, PARAMHANDLE(read_clock_offset_cp)))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_READ_LMP_HANDLE):
+ bt_hci_event_complete_lmp_handle(hci, PARAMHANDLE(read_lmp_handle_cp));
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_POLICY, OCF_HOLD_MODE):
+ if (bt_hci_mode_change(hci, PARAMHANDLE(hold_mode_cp),
+ PARAM(hold_mode_cp, max_interval), acl_hold))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_POLICY, OCF_PARK_MODE):
+ if (bt_hci_mode_change(hci, PARAMHANDLE(park_mode_cp),
+ PARAM(park_mode_cp, max_interval), acl_parked))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_POLICY, OCF_EXIT_PARK_MODE):
+ if (bt_hci_mode_cancel(hci, PARAMHANDLE(exit_park_mode_cp),
+ acl_parked))
+ bt_hci_event_status(hci, HCI_NO_CONNECTION);
+ break;
+
+ case cmd_opcode_pack(OGF_LINK_POLICY, OCF_ROLE_DISCOVERY):
+ if (bt_hci_handle_bad(hci, PARAMHANDLE(role_discovery_cp)))
+ bt_hci_event_complete_role_discovery(hci,
+ HCI_NO_CONNECTION, PARAMHANDLE(role_discovery_cp));
+ else
+ bt_hci_event_complete_role_discovery(hci,
+ HCI_SUCCESS, PARAMHANDLE(role_discovery_cp));
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_SET_EVENT_MASK):
+ memcpy(hci->event_mask, PARAM(set_event_mask_cp, mask), 8);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_RESET):
+ bt_hci_reset(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_SET_EVENT_FLT):
+ /* Filters are not implemented */
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_FLUSH):
+ if (bt_hci_handle_bad(hci, PARAMHANDLE(flush_cp)))
+ bt_hci_event_complete_flush(hci,
+ HCI_NO_CONNECTION, PARAMHANDLE(flush_cp));
+ else {
+ bt_hci_event(hci, EVT_FLUSH_OCCURRED,
+ &PARAM(flush_cp, handle),
+ EVT_FLUSH_OCCURRED_SIZE);
+ bt_hci_event_complete_flush(hci,
+ HCI_SUCCESS, PARAMHANDLE(flush_cp));
+ }
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME):
+ if (hci->local_name)
+ free((void *) hci->local_name);
+ hci->local_name = strdup(PARAM(change_local_name_cp, name));
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_NAME):
+ bt_hci_event_complete_read_local_name(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_SCAN_ENABLE):
+ bt_hci_event_complete_read_scan_enable(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE):
+ hci->scan_enable = PARAM(write_scan_enable_cp, scan_enable);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_CLASS_OF_DEV):
+ bt_hci_event_complete_read_local_class(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV):
+ memcpy(hci->local_class, PARAM(write_class_of_dev_cp, dev_class), 3);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_VOICE_SETTING):
+ bt_hci_event_complete_voice_setting(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_VOICE_SETTING):
+ hci->voice_setting = PARAM(write_voice_setting_cp, voice_setting);
+ bt_hci_event_complete_status(hci, HCI_SUCCESS);
+ break;
+
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_HOST_NUMBER_OF_COMPLETED_PACKETS):
+ for (i = 0; i < data[0]; i ++)
+ if (bt_hci_handle_bad(hci,
+ data[i * 2 + 1] | (data[i * 2 + 2] << 16)))
+ bt_hci_event_complete_status(hci, HCI_INVALID_PARAMETERS);
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_VERSION):
+ bt_hci_read_local_version_rp(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_COMMANDS):
+ bt_hci_read_local_commands_rp(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_FEATURES):
+ bt_hci_read_local_features_rp(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_EXT_FEATURES):
+ bt_hci_read_local_ext_features_rp(hci,
+ PARAM(read_local_ext_features_cp, page_num));
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BUFFER_SIZE):
+ bt_hci_read_buffer_size_rp(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_COUNTRY_CODE):
+ bt_hci_read_country_code_rp(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BD_ADDR):
+ bt_hci_read_bd_addr_rp(hci);
+ break;
+
+ case cmd_opcode_pack(OGF_STATUS_PARAM, OCF_READ_LINK_QUALITY):
+ bt_hci_link_quality_rp(hci, PARAMHANDLE(read_link_quality_cp));
+ break;
+
+ default:
+ bt_hci_event_status(hci, HCI_UNKNOWN_COMMAND);
+ }
+}
+
+void bt_submit_acl(struct bt_hci_s *hci, int length, uint8_t *data)
+{
+ uint16_t handle;
+ int datalen, flags;
+
+ if (length < 4)
+ return;
+
+ handle = acl_handle((data[1] << 8) | data[0]);
+ flags = acl_flags((data[1] << 8) | data[0]);
+ datalen = (data[3] << 8) | data[2];
+ data += 4;
+ length -= 4;
+
+ if (datalen > length);
+ return;
+
+ switch (flags & 3) {
+ case ACL_CONT:
+ memcpy(hci->acl_buf + hci->acl_len, data + 4, datalen);
+ hci->acl_len += datalen;
+ break;
+ case ACL_START:
+ memcpy(hci->acl_buf, data + 4, datalen);
+ hci->acl_len = datalen;
+ break;
+ default:
+ return;
+ }
+
+ if (flags & ACL_ACTIVE_BCAST)
+ hci->asb_handle = handle;
+
+ if (flags & ACL_PICO_BCAST)
+ hci->psb_handle = handle;
+
+ /* TODO */
+}
+
+void bt_submit_sco(struct bt_hci_s *hci, int length, uint8_t *data)
+{
+ uint16_t handle;
+ int datalen;
+
+ if (length < 3)
+ return;
+
+ handle = acl_handle((data[1] << 8) | data[0]);
+ datalen = data[2];
+ data += 3;
+ length -= 3;
+
+ if (datalen > length);
+ return;
+
+ /* TODO */
+}
+
+void bt_hci_init(struct bt_hci_s *hci)
+{
+ hci->lm.inquiry_done = qemu_new_timer(vm_clock, bt_hci_inquiry_done, hci);
+ hci->lm.inquiry_next = qemu_new_timer(vm_clock, bt_hci_inquiry_next, hci);
+}
+
+void bt_hci_done(struct bt_hci_s *hci)
+{
+ if (hci->local_name)
+ free((void *) hci->local_name);
+
+ /* XXX: Send DISCONNECT to all slaves */
+ qemu_free_timer(hci->lm.inquiry_done);
+ qemu_free_timer(hci->lm.inquiry_next);
+}
Added: trunk/src/host/qemu-neo1973/hw/bt.h
===================================================================
--- trunk/src/host/qemu-neo1973/hw/bt.h 2007-06-13 17:12:06 UTC (rev 2242)
+++ trunk/src/host/qemu-neo1973/hw/bt.h 2007-06-13 17:13:50 UTC (rev 2243)
@@ -0,0 +1,1558 @@
+/*
+ * QEMU Bluetooth HCI helpers.
+ *
+ * Copyright (C) 2007 OpenMoko, Inc.
+ * Written by Andrzej Zaborowski <andrew at openedhand.com>
+ *
+ * Useful definitions taken from BlueZ project's include/hci.h
+ *
+ * Copyright (C) 2000-2001 Qualcomm Incorporated
+ * Copyright (C) 2002-2003 Maxim Krasnyansky <maxk at qualcomm.com>
+ * Copyright (C) 2002-2006 Marcel Holtmann <marcel at holtmann.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ * MA 02110-1301 USA
+ */
+
+/* BD Address */
+typedef struct {
+ uint8_t b[6];
+} __attribute__((packed)) bdaddr_t;
+
+#define BDADDR_ANY (&(bdaddr_t) {{0, 0, 0, 0, 0, 0}})
+#define BDADDR_ALL (&(bdaddr_t) {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}})
+#define BDADDR_LOCAL (&(bdaddr_t) {{0, 0, 0, 0xff, 0xff, 0xff}})
+
+/* Copy, swap, convert BD Address */
+static inline int bacmp(const bdaddr_t *ba1, const bdaddr_t *ba2)
+{
+ return memcmp(ba1, ba2, sizeof(bdaddr_t));
+}
+static inline void bacpy(bdaddr_t *dst, const bdaddr_t *src)
+{
+ memcpy(dst, src, sizeof(bdaddr_t));
+}
+
+#define BAINIT(orig) { .b = { \
+ orig->b[0], orig->b[1], orig->b[2], orig->b[3], orig->b[4], orig->b[5], \
+}, }
+
+struct bt_device_s;
+struct bt_piconet_s;
+struct bt_hci_s;
+
+struct bt_piconet_s {
+ struct bt_device_s *slave;
+};
+
+struct bt_device_s {
+ int lt_addr;
+ bdaddr_t bd_addr;
+ int mtu;
+ int setup;
+
+ uint64_t lmp_caps;
+ uint8_t key[16];
+ int key_present;
+ const char *lmp_name;
+ uint8_t class[3];
+
+ struct bt_device_s *next;
+
+ enum {
+ acl_active,
+ acl_hold,
+ acl_sniff,
+ acl_parked,
+ } acl_mode;
+ QEMUTimer *acl_mode_timer;
+ struct bt_hci_s *acl_hci;
+ uint16_t clkoff;
+};
+
+#define LLID_ACLU_CONT 0x1
+#define LLID_ACLU_START 0x2
+#define LLID_ACLC 0x3
+
+#define LMP_NAME_REQ 0x0001
+#define LMP_NAME_RES 0x0002
+#define LMP_ACCEPTED 0x0003
+#define LMP_NOT_ACCEPTED 0x0004
+#define LMP_CLKOFFSET_REQ 0x0005
+#define LMP_CLKOFFSET_RES 0x0006
+#define LMP_DETACH 0x0007
+#define LMP_IN_RAND 0x0008
+#define LMP_COMB_KEY 0x0009
+#define LMP_UNIT_KEY 0x000a
+#define LMP_AU_RAND 0x000b
+#define LMP_SRES 0x000c
+#define LMP_TEMP_RAND 0x000d
+#define LMP_TEMP_KEY 0x000e
+#define LMP_CRYPT_MODE_REQ 0x000f
+#define LMP_CRYPT_KEY_SIZE_REQ 0x0010
+#define LMP_START_ENCRYPT_REQ 0x0011
+#define LMP_STOP_ENCRYPT_REQ 0x0012
+#define LMP_SWITCH_REQ 0x0013
+#define LMP_HOLD 0x0014
+#define LMP_HOLD_REQ 0x0015
+#define LMP_SNIFF_REQ 0x0017
+#define LMP_UNSNIFF_REQ 0x0018
+#define LMP_LMP_PARK_REQ 0x0019
+#define LMP_SET_BCAST_SCAN_WND 0x001b
+#define LMP_MODIFY_BEACON 0x001c
+#define LMP_UNPARK_BD_ADDR_REQ 0x001d
+#define LMP_UNPARK_PM_ADDR_REQ 0x001e
+#define LMP_INCR_POWER_REQ 0x001f
+#define LMP_DECR_POWER_REQ 0x0020
+#define LMP_MAX_POWER 0x0021
+#define LMP_MIN_POWER 0x0022
+#define LMP_AUTO_RATE 0x0023
+#define LMP_PREFERRED_RATE 0x0024
+#define LMP_VERSION_REQ 0x0025
+#define LMP_VERSION_RES 0x0026
+#define LMP_FEATURES_REQ 0x0027
+#define LMP_FEATURES_RES 0x0028
+#define LMP_QUALITY_OF_SERVICE 0x0029
+#define LMP_QOS_REQ 0x002a
+#define LMP_RM_SCO_LINK_REQ 0x002b
+#define LMP_SCO_LINK_REQ 0x002c
+#define LMP_MAX_SLOT 0x002d
+#define LMP_MAX_SLOT_REQ 0x002e
+#define LMP_TIMING_ACCURACY_REQ 0x002f
+#define LMP_TIMING_ACCURACY_RES 0x0030
+#define LMP_SETUP_COMPLETE 0x0031
+#define LMP_USE_SEMIPERM_KEY 0x0032
+#define LMP_HOST_CONNECTION_REQ 0x0033
+#define LMP_SLOT_OFFSET 0x0034
+#define LMP_PAGE_MODE_REQ 0x0035
+#define LMP_PAGE_SCAN_MODE_REQ 0x0036
+#define LMP_SUPERVISION_TIMEOUT 0x0037
+#define LMP_TEST_ACTIVATE 0x0038
+#define LMP_TEST_CONTROL 0x0039
+#define LMP_CRYPT_KEY_MASK_REQ 0x003a
+#define LMP_CRYPT_KEY_MASK_RES 0x003b
+#define LMP_SET_AFH 0x003c
+#define LMP_ACCEPTED_EXT 0x7f01
+#define LMP_NOT_ACCEPTED_EXT 0x7f02
+#define LMP_FEATURES_REQ_EXT 0x7f03
+#define LMP_FEATURES_RES_EXT 0x7f04
+#define LMP_PACKET_TYPE_TBL_REQ 0x7f0b
+#define LMP_ESCO_LINK_REQ 0x7f0c
+#define LMP_RM_ESCO_LINK_REQ 0x7f0d
+#define LMP_CHANNEL_CLASS_REQ 0x7f10
+#define LMP_CHANNEL_CLASS 0x7f11
+
+struct bt_hci_s {
+ void *opaque;
+ struct bt_piconet_s *net;
+
+ uint8_t *(*evt_packet)(void *opaque);
+ void (*evt_submit)(void *opaque, int len);
+ void (*acl_submit)(void *opaque, uint8_t *data, int len);
+ void (*sco_submit)(void *opaque, uint8_t *data, int len);
+
+ uint8_t acl_buf[4096];
+ int acl_len;
+
+ uint16_t asb_handle;
+ uint16_t psb_handle;
+
+ int last_cmd;
+
+ struct {
+ int inquire;
+ int periodic;
+ int responses_left;
+ int responses;
+ QEMUTimer *inquiry_done;
+ QEMUTimer *inquiry_next;
+ int inquiry_length;
+ int inquiry_period;
+
+#define HCI_HANDLE_OFFSET 0x20
+ struct bt_device_s *handle[16];
+ int last_handle;
+ } lm;
+
+ uint8_t event_mask[8];
+ const char *local_name;
+ uint8_t scan_enable;
+ uint8_t local_class[3];
+ uint16_t voice_setting;
+};
+
+void bt_hci_reset(struct bt_hci_s *hci);
+void bt_hci_init(struct bt_hci_s *hci);
+void bt_hci_done(struct bt_hci_s *hci);
+void bt_submit_hci(struct bt_hci_s *hci, int length, uint8_t *data);
+void bt_submit_acl(struct bt_hci_s *hci, int length, uint8_t *data);
+void bt_submit_sco(struct bt_hci_s *hci, int length, uint8_t *data);
+
+/* HCI Packet types */
+#define HCI_COMMAND_PKT 0x01
+#define HCI_ACLDATA_PKT 0x02
+#define HCI_SCODATA_PKT 0x03
+#define HCI_EVENT_PKT 0x04
+#define HCI_VENDOR_PKT 0xff
+
+/* HCI Packet types */
+#define HCI_2DH1 0x0002
+#define HCI_3DH1 0x0004
+#define HCI_DM1 0x0008
+#define HCI_DH1 0x0010
+#define HCI_2DH3 0x0100
+#define HCI_3DH3 0x0200
+#define HCI_DM3 0x0400
+#define HCI_DH3 0x0800
+#define HCI_2DH5 0x1000
+#define HCI_3DH5 0x2000
+#define HCI_DM5 0x4000
+#define HCI_DH5 0x8000
+
+#define HCI_HV1 0x0020
+#define HCI_HV2 0x0040
+#define HCI_HV3 0x0080
+
+#define HCI_EV3 0x0008
+#define HCI_EV4 0x0010
+#define HCI_EV5 0x0020
+#define HCI_2EV3 0x0040
+#define HCI_3EV3 0x0080
+#define HCI_2EV5 0x0100
+#define HCI_3EV5 0x0200
+
+#define SCO_PTYPE_MASK (HCI_HV1 | HCI_HV2 | HCI_HV3)
+#define ACL_PTYPE_MASK (HCI_DM1 | HCI_DH1 | HCI_DM3 | HCI_DH3 | HCI_DM5 | HCI_DH5)
+
+/* HCI Error codes */
+#define HCI_SUCCESS 0x00
+#define HCI_UNKNOWN_COMMAND 0x01
+#define HCI_NO_CONNECTION 0x02
+#define HCI_HARDWARE_FAILURE 0x03
+#define HCI_PAGE_TIMEOUT 0x04
+#define HCI_AUTHENTICATION_FAILURE 0x05
+#define HCI_PIN_OR_KEY_MISSING 0x06
+#define HCI_MEMORY_FULL 0x07
+#define HCI_CONNECTION_TIMEOUT 0x08
+#define HCI_MAX_NUMBER_OF_CONNECTIONS 0x09
+#define HCI_MAX_NUMBER_OF_SCO_CONNECTIONS 0x0a
+#define HCI_ACL_CONNECTION_EXISTS 0x0b
+#define HCI_COMMAND_DISALLOWED 0x0c
+#define HCI_REJECTED_LIMITED_RESOURCES 0x0d
+#define HCI_REJECTED_SECURITY 0x0e
+#define HCI_REJECTED_PERSONAL 0x0f
+#define HCI_HOST_TIMEOUT 0x10
+#define HCI_UNSUPPORTED_FEATURE 0x11
+#define HCI_INVALID_PARAMETERS 0x12
+#define HCI_OE_USER_ENDED_CONNECTION 0x13
+#define HCI_OE_LOW_RESOURCES 0x14
+#define HCI_OE_POWER_OFF 0x15
+#define HCI_CONNECTION_TERMINATED 0x16
+#define HCI_REPEATED_ATTEMPTS 0x17
+#define HCI_PAIRING_NOT_ALLOWED 0x18
+#define HCI_UNKNOWN_LMP_PDU 0x19
+#define HCI_UNSUPPORTED_REMOTE_FEATURE 0x1a
+#define HCI_SCO_OFFSET_REJECTED 0x1b
+#define HCI_SCO_INTERVAL_REJECTED 0x1c
+#define HCI_AIR_MODE_REJECTED 0x1d
+#define HCI_INVALID_LMP_PARAMETERS 0x1e
+#define HCI_UNSPECIFIED_ERROR 0x1f
+#define HCI_UNSUPPORTED_LMP_PARAMETER_VALUE 0x20
+#define HCI_ROLE_CHANGE_NOT_ALLOWED 0x21
+#define HCI_LMP_RESPONSE_TIMEOUT 0x22
+#define HCI_LMP_ERROR_TRANSACTION_COLLISION 0x23
+#define HCI_LMP_PDU_NOT_ALLOWED 0x24
+#define HCI_ENCRYPTION_MODE_NOT_ACCEPTED 0x25
+#define HCI_UNIT_LINK_KEY_USED 0x26
+#define HCI_QOS_NOT_SUPPORTED 0x27
+#define HCI_INSTANT_PASSED 0x28
+#define HCI_PAIRING_NOT_SUPPORTED 0x29
+#define HCI_TRANSACTION_COLLISION 0x2a
+#define HCI_QOS_UNACCEPTABLE_PARAMETER 0x2c
+#define HCI_QOS_REJECTED 0x2d
+#define HCI_CLASSIFICATION_NOT_SUPPORTED 0x2e
+#define HCI_INSUFFICIENT_SECURITY 0x2f
+#define HCI_PARAMETER_OUT_OF_RANGE 0x30
+#define HCI_ROLE_SWITCH_PENDING 0x32
+#define HCI_SLOT_VIOLATION 0x34
+#define HCI_ROLE_SWITCH_FAILED 0x35
+
+/* ACL flags */
+#define ACL_CONT 0x01
+#define ACL_START 0x02
+#define ACL_ACTIVE_BCAST 0x04
+#define ACL_PICO_BCAST 0x08
+
+/* Baseband links */
+#define SCO_LINK 0x00
+#define ACL_LINK 0x01
+
+/* LMP features */
+#define LMP_3SLOT 0x01
+#define LMP_5SLOT 0x02
+#define LMP_ENCRYPT 0x04
+#define LMP_SOFFSET 0x08
+#define LMP_TACCURACY 0x10
+#define LMP_RSWITCH 0x20
+#define LMP_HOLD_MODE 0x40
+#define LMP_SNIFF_MODE 0x80
+
+#define LMP_PARK 0x01
+#define LMP_RSSI 0x02
+#define LMP_QUALITY 0x04
+#define LMP_SCO 0x08
+#define LMP_HV2 0x10
+#define LMP_HV3 0x20
+#define LMP_ULAW 0x40
+#define LMP_ALAW 0x80
+
+#define LMP_CVSD 0x01
+#define LMP_PSCHEME 0x02
+#define LMP_PCONTROL 0x04
+#define LMP_TRSP_SCO 0x08
+#define LMP_BCAST_ENC 0x80
+
+#define LMP_EDR_ACL_2M 0x02
+#define LMP_EDR_ACL_3M 0x04
+#define LMP_ENH_ISCAN 0x08
+#define LMP_ILACE_ISCAN 0x10
+#define LMP_ILACE_PSCAN 0x20
+#define LMP_RSSI_INQ 0x40
+#define LMP_ESCO 0x80
+
+#define LMP_EV4 0x01
+#define LMP_EV5 0x02
+#define LMP_AFH_CAP_SLV 0x08
+#define LMP_AFH_CLS_SLV 0x10
+#define LMP_EDR_3SLOT 0x80
+
+#define LMP_EDR_5SLOT 0x01
+#define LMP_SNIFF_SUBR 0x02
+#define LMP_AFH_CAP_MST 0x08
+#define LMP_AFH_CLS_MST 0x10
+#define LMP_EDR_ESCO_2M 0x20
+#define LMP_EDR_ESCO_3M 0x40
+#define LMP_EDR_3S_ESCO 0x80
+
+#define LMP_EXT_INQ 0x01
+
+#define LMP_EXT_FEAT 0x80
+
+/* Link policies */
+#define HCI_LP_RSWITCH 0x0001
+#define HCI_LP_HOLD 0x0002
+#define HCI_LP_SNIFF 0x0004
+#define HCI_LP_PARK 0x0008
+
+/* Link mode */
+#define HCI_LM_ACCEPT 0x8000
+#define HCI_LM_MASTER 0x0001
+#define HCI_LM_AUTH 0x0002
+#define HCI_LM_ENCRYPT 0x0004
+#define HCI_LM_TRUSTED 0x0008
+#define HCI_LM_RELIABLE 0x0010
+#define HCI_LM_SECURE 0x0020
+
+/* ----- HCI Commands ----- */
+
+/* Link Control */
+#define OGF_LINK_CTL 0x01
+
+#define OCF_INQUIRY 0x0001
+typedef struct {
+ uint8_t lap[3];
+ uint8_t length; /* 1.28s units */
+ uint8_t num_rsp;
+} __attribute__ ((packed)) inquiry_cp;
+#define INQUIRY_CP_SIZE 5
+
+typedef struct {
+ uint8_t status;
+ bdaddr_t bdaddr;
+} __attribute__ ((packed)) status_bdaddr_rp;
+#define STATUS_BDADDR_RP_SIZE 7
+
+#define OCF_INQUIRY_CANCEL 0x0002
+
+#define OCF_PERIODIC_INQUIRY 0x0003
+typedef struct {
+ uint16_t max_period; /* 1.28s units */
+ uint16_t min_period; /* 1.28s units */
+ uint8_t lap[3];
+ uint8_t length; /* 1.28s units */
+ uint8_t num_rsp;
+} __attribute__ ((packed)) periodic_inquiry_cp;
+#define PERIODIC_INQUIRY_CP_SIZE 9
+
+#define OCF_EXIT_PERIODIC_INQUIRY 0x0004
+
+#define OCF_CREATE_CONN 0x0005
+typedef struct {
+ bdaddr_t bdaddr;
+ uint16_t pkt_type;
+ uint8_t pscan_rep_mode;
+ uint8_t pscan_mode;
+ uint16_t clock_offset;
+ uint8_t role_switch;
+} __attribute__ ((packed)) create_conn_cp;
+#define CREATE_CONN_CP_SIZE 13
+
+#define OCF_DISCONNECT 0x0006
+typedef struct {
+ uint16_t handle;
+ uint8_t reason;
+} __attribute__ ((packed)) disconnect_cp;
+#define DISCONNECT_CP_SIZE 3
+
+#define OCF_ADD_SCO 0x0007
+typedef struct {
+ uint16_t handle;
+ uint16_t pkt_type;
+} __attribute__ ((packed)) add_sco_cp;
+#define ADD_SCO_CP_SIZE 4
+
+#define OCF_CREATE_CONN_CANCEL 0x0008
+typedef struct {
+ uint8_t status;
+ bdaddr_t bdaddr;
+} __attribute__ ((packed)) create_conn_cancel_cp;
+#define CREATE_CONN_CANCEL_CP_SIZE 6
+
+typedef struct {
+ uint8_t status;
+ bdaddr_t bdaddr;
+} __attribute__ ((packed)) create_conn_cancel_rp;
+#define CREATE_CONN_CANCEL_RP_SIZE 7
+
+#define OCF_ACCEPT_CONN_REQ 0x0009
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t role;
+} __attribute__ ((packed)) accept_conn_req_cp;
+#define ACCEPT_CONN_REQ_CP_SIZE 7
+
+#define OCF_REJECT_CONN_REQ 0x000A
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t reason;
+} __attribute__ ((packed)) reject_conn_req_cp;
+#define REJECT_CONN_REQ_CP_SIZE 7
+
+#define OCF_LINK_KEY_REPLY 0x000B
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t link_key[16];
+} __attribute__ ((packed)) link_key_reply_cp;
+#define LINK_KEY_REPLY_CP_SIZE 22
+
+#define OCF_LINK_KEY_NEG_REPLY 0x000C
+
+#define OCF_PIN_CODE_REPLY 0x000D
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t pin_len;
+ uint8_t pin_code[16];
+} __attribute__ ((packed)) pin_code_reply_cp;
+#define PIN_CODE_REPLY_CP_SIZE 23
+
+#define OCF_PIN_CODE_NEG_REPLY 0x000E
+
+#define OCF_SET_CONN_PTYPE 0x000F
+typedef struct {
+ uint16_t handle;
+ uint16_t pkt_type;
+} __attribute__ ((packed)) set_conn_ptype_cp;
+#define SET_CONN_PTYPE_CP_SIZE 4
+
+#define OCF_AUTH_REQUESTED 0x0011
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) auth_requested_cp;
+#define AUTH_REQUESTED_CP_SIZE 2
+
+#define OCF_SET_CONN_ENCRYPT 0x0013
+typedef struct {
+ uint16_t handle;
+ uint8_t encrypt;
+} __attribute__ ((packed)) set_conn_encrypt_cp;
+#define SET_CONN_ENCRYPT_CP_SIZE 3
+
+#define OCF_CHANGE_CONN_LINK_KEY 0x0015
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) change_conn_link_key_cp;
+#define CHANGE_CONN_LINK_KEY_CP_SIZE 2
+
+#define OCF_MASTER_LINK_KEY 0x0017
+typedef struct {
+ uint8_t key_flag;
+} __attribute__ ((packed)) master_link_key_cp;
+#define MASTER_LINK_KEY_CP_SIZE 1
+
+#define OCF_REMOTE_NAME_REQ 0x0019
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t pscan_rep_mode;
+ uint8_t pscan_mode;
+ uint16_t clock_offset;
+} __attribute__ ((packed)) remote_name_req_cp;
+#define REMOTE_NAME_REQ_CP_SIZE 10
+
+#define OCF_REMOTE_NAME_REQ_CANCEL 0x001A
+typedef struct {
+ bdaddr_t bdaddr;
+} __attribute__ ((packed)) remote_name_req_cancel_cp;
+#define REMOTE_NAME_REQ_CANCEL_CP_SIZE 6
+
+typedef struct {
+ uint8_t status;
+ bdaddr_t bdaddr;
+} __attribute__ ((packed)) remote_name_req_cancel_rp;
+#define REMOTE_NAME_REQ_CANCEL_RP_SIZE 7
+
+#define OCF_READ_REMOTE_FEATURES 0x001B
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) read_remote_features_cp;
+#define READ_REMOTE_FEATURES_CP_SIZE 2
+
+#define OCF_READ_REMOTE_EXT_FEATURES 0x001C
+typedef struct {
+ uint16_t handle;
+ uint8_t page_num;
+} __attribute__ ((packed)) read_remote_ext_features_cp;
+#define READ_REMOTE_EXT_FEATURES_CP_SIZE 3
+
+#define OCF_READ_REMOTE_VERSION 0x001D
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) read_remote_version_cp;
+#define READ_REMOTE_VERSION_CP_SIZE 2
+
+#define OCF_READ_CLOCK_OFFSET 0x001F
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) read_clock_offset_cp;
+#define READ_CLOCK_OFFSET_CP_SIZE 2
+
+#define OCF_READ_LMP_HANDLE 0x0020
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) read_lmp_handle_cp;
+#define READ_LMP_HANDLE_CP_SIZE 2
+
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t lmp_handle;
+ uint32_t reserved;
+} __attribute__ ((packed)) read_lmp_handle_rp;
+#define READ_LMP_HANDLE_RP_SIZE 8
+
+#define OCF_SETUP_SYNC_CONN 0x0028
+typedef struct {
+ uint16_t handle;
+ uint32_t tx_bandwith;
+ uint32_t rx_bandwith;
+ uint16_t max_latency;
+ uint16_t voice_setting;
+ uint8_t retrans_effort;
+ uint16_t pkt_type;
+} __attribute__ ((packed)) setup_sync_conn_cp;
+#define SETUP_SYNC_CONN_CP_SIZE 17
+
+#define OCF_ACCEPT_SYNC_CONN_REQ 0x0029
+typedef struct {
+ bdaddr_t bdaddr;
+ uint32_t tx_bandwith;
+ uint32_t rx_bandwith;
+ uint16_t max_latency;
+ uint16_t voice_setting;
+ uint8_t retrans_effort;
+ uint16_t pkt_type;
+} __attribute__ ((packed)) accept_sync_conn_req_cp;
+#define ACCEPT_SYNC_CONN_REQ_CP_SIZE 21
+
+#define OCF_REJECT_SYNC_CONN_REQ 0x002A
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t reason;
+} __attribute__ ((packed)) reject_sync_conn_req_cp;
+#define REJECT_SYNC_CONN_REQ_CP_SIZE 7
+
+/* Link Policy */
+#define OGF_LINK_POLICY 0x02
+
+#define OCF_HOLD_MODE 0x0001
+typedef struct {
+ uint16_t handle;
+ uint16_t max_interval;
+ uint16_t min_interval;
+} __attribute__ ((packed)) hold_mode_cp;
+#define HOLD_MODE_CP_SIZE 6
+
+#define OCF_SNIFF_MODE 0x0003
+typedef struct {
+ uint16_t handle;
+ uint16_t max_interval;
+ uint16_t min_interval;
+ uint16_t attempt;
+ uint16_t timeout;
+} __attribute__ ((packed)) sniff_mode_cp;
+#define SNIFF_MODE_CP_SIZE 10
+
+#define OCF_EXIT_SNIFF_MODE 0x0004
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) exit_sniff_mode_cp;
+#define EXIT_SNIFF_MODE_CP_SIZE 2
+
+#define OCF_PARK_MODE 0x0005
+typedef struct {
+ uint16_t handle;
+ uint16_t max_interval;
+ uint16_t min_interval;
+} __attribute__ ((packed)) park_mode_cp;
+#define PARK_MODE_CP_SIZE 6
+
+#define OCF_EXIT_PARK_MODE 0x0006
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) exit_park_mode_cp;
+#define EXIT_PARK_MODE_CP_SIZE 2
+
+#define OCF_QOS_SETUP 0x0007
+typedef struct {
+ uint8_t service_type; /* 1 = best effort */
+ uint32_t token_rate; /* Byte per seconds */
+ uint32_t peak_bandwidth; /* Byte per seconds */
+ uint32_t latency; /* Microseconds */
+ uint32_t delay_variation; /* Microseconds */
+} __attribute__ ((packed)) hci_qos;
+#define HCI_QOS_CP_SIZE 17
+typedef struct {
+ uint16_t handle;
+ uint8_t flags; /* Reserved */
+ hci_qos qos;
+} __attribute__ ((packed)) qos_setup_cp;
+#define QOS_SETUP_CP_SIZE (3 + HCI_QOS_CP_SIZE)
+
+#define OCF_ROLE_DISCOVERY 0x0009
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) role_discovery_cp;
+#define ROLE_DISCOVERY_CP_SIZE 2
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t role;
+} __attribute__ ((packed)) role_discovery_rp;
+#define ROLE_DISCOVERY_RP_SIZE 4
+
+#define OCF_SWITCH_ROLE 0x000B
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t role;
+} __attribute__ ((packed)) switch_role_cp;
+#define SWITCH_ROLE_CP_SIZE 7
+
+#define OCF_READ_LINK_POLICY 0x000C
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) read_link_policy_cp;
+#define READ_LINK_POLICY_CP_SIZE 2
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint16_t policy;
+} __attribute__ ((packed)) read_link_policy_rp;
+#define READ_LINK_POLICY_RP_SIZE 5
+
+#define OCF_WRITE_LINK_POLICY 0x000D
+typedef struct {
+ uint16_t handle;
+ uint16_t policy;
+} __attribute__ ((packed)) write_link_policy_cp;
+#define WRITE_LINK_POLICY_CP_SIZE 4
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+} __attribute__ ((packed)) write_link_policy_rp;
+#define WRITE_LINK_POLICY_RP_SIZE 3
+
+#define OCF_READ_DEFAULT_LINK_POLICY 0x000E
+
+#define OCF_WRITE_DEFAULT_LINK_POLICY 0x000F
+
+#define OCF_FLOW_SPECIFICATION 0x0010
+
+#define OCF_SNIFF_SUBRATE 0x0011
+typedef struct {
+ uint16_t handle;
+ uint16_t max_remote_latency;
+ uint16_t max_local_latency;
+ uint16_t min_remote_timeout;
+ uint16_t min_local_timeout;
+} __attribute__ ((packed)) sniff_subrate_cp;
+#define SNIFF_SUBRATE_CP_SIZE 10
+
+/* Host Controller and Baseband */
+#define OGF_HOST_CTL 0x03
+
+#define OCF_SET_EVENT_MASK 0x0001
+typedef struct {
+ uint8_t mask[8];
+} __attribute__ ((packed)) set_event_mask_cp;
+#define SET_EVENT_MASK_CP_SIZE 8
+
+#define OCF_RESET 0x0003
+
+#define OCF_SET_EVENT_FLT 0x0005
+typedef struct {
+ uint8_t flt_type;
+ uint8_t cond_type;
+ uint8_t condition[0];
+} __attribute__ ((packed)) set_event_flt_cp;
+#define SET_EVENT_FLT_CP_SIZE 2
+
+/* Filter types */
+#define FLT_CLEAR_ALL 0x00
+#define FLT_INQ_RESULT 0x01
+#define FLT_CONN_SETUP 0x02
+/* INQ_RESULT Condition types */
+#define INQ_RESULT_RETURN_ALL 0x00
+#define INQ_RESULT_RETURN_CLASS 0x01
+#define INQ_RESULT_RETURN_BDADDR 0x02
+/* CONN_SETUP Condition types */
+#define CONN_SETUP_ALLOW_ALL 0x00
+#define CONN_SETUP_ALLOW_CLASS 0x01
+#define CONN_SETUP_ALLOW_BDADDR 0x02
+/* CONN_SETUP Conditions */
+#define CONN_SETUP_AUTO_OFF 0x01
+#define CONN_SETUP_AUTO_ON 0x02
+
+#define OCF_FLUSH 0x0008
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) flush_cp;
+#define FLUSH_CP_SIZE 2
+
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+} __attribute__ ((packed)) flush_rp;
+#define FLUSH_RP_SIZE 3
+
+#define OCF_READ_PIN_TYPE 0x0009
+typedef struct {
+ uint8_t status;
+ uint8_t pin_type;
+} __attribute__ ((packed)) read_pin_type_rp;
+#define READ_PIN_TYPE_RP_SIZE 2
+
+#define OCF_WRITE_PIN_TYPE 0x000A
+typedef struct {
+ uint8_t pin_type;
+} __attribute__ ((packed)) write_pin_type_cp;
+#define WRITE_PIN_TYPE_CP_SIZE 1
+
+#define OCF_CREATE_NEW_UNIT_KEY 0x000B
+
+#define OCF_READ_STORED_LINK_KEY 0x000D
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t read_all;
+} __attribute__ ((packed)) read_stored_link_key_cp;
+#define READ_STORED_LINK_KEY_CP_SIZE 7
+typedef struct {
+ uint8_t status;
+ uint16_t max_keys;
+ uint16_t num_keys;
+} __attribute__ ((packed)) read_stored_link_key_rp;
+#define READ_STORED_LINK_KEY_RP_SIZE 5
+
+#define OCF_WRITE_STORED_LINK_KEY 0x0011
+typedef struct {
+ uint8_t num_keys;
+ /* variable length part */
+} __attribute__ ((packed)) write_stored_link_key_cp;
+#define WRITE_STORED_LINK_KEY_CP_SIZE 1
+typedef struct {
+ uint8_t status;
+ uint8_t num_keys;
+} __attribute__ ((packed)) write_stored_link_key_rp;
+#define READ_WRITE_LINK_KEY_RP_SIZE 2
+
+#define OCF_DELETE_STORED_LINK_KEY 0x0012
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t delete_all;
+} __attribute__ ((packed)) delete_stored_link_key_cp;
+#define DELETE_STORED_LINK_KEY_CP_SIZE 7
+typedef struct {
+ uint8_t status;
+ uint16_t num_keys;
+} __attribute__ ((packed)) delete_stored_link_key_rp;
+#define DELETE_STORED_LINK_KEY_RP_SIZE 3
+
+#define OCF_CHANGE_LOCAL_NAME 0x0013
+typedef struct {
+ uint8_t name[248];
+} __attribute__ ((packed)) change_local_name_cp;
+#define CHANGE_LOCAL_NAME_CP_SIZE 248
+
+#define OCF_READ_LOCAL_NAME 0x0014
+typedef struct {
+ uint8_t status;
+ uint8_t name[248];
+} __attribute__ ((packed)) read_local_name_rp;
+#define READ_LOCAL_NAME_RP_SIZE 249
+
+#define OCF_READ_CONN_ACCEPT_TIMEOUT 0x0015
+typedef struct {
+ uint8_t status;
+ uint16_t timeout;
+} __attribute__ ((packed)) read_conn_accept_timeout_rp;
+#define READ_CONN_ACCEPT_TIMEOUT_RP_SIZE 3
+
+#define OCF_WRITE_CONN_ACCEPT_TIMEOUT 0x0016
+typedef struct {
+ uint16_t timeout;
+} __attribute__ ((packed)) write_conn_accept_timeout_cp;
+#define WRITE_CONN_ACCEPT_TIMEOUT_CP_SIZE 2
+
+#define OCF_READ_PAGE_TIMEOUT 0x0017
+typedef struct {
+ uint8_t status;
+ uint16_t timeout;
+} __attribute__ ((packed)) read_page_timeout_rp;
+#define READ_PAGE_TIMEOUT_RP_SIZE 3
+
+#define OCF_WRITE_PAGE_TIMEOUT 0x0018
+typedef struct {
+ uint16_t timeout;
+} __attribute__ ((packed)) write_page_timeout_cp;
+#define WRITE_PAGE_TIMEOUT_CP_SIZE 2
+
+#define OCF_READ_SCAN_ENABLE 0x0019
+typedef struct {
+ uint8_t status;
+ uint8_t enable;
+} __attribute__ ((packed)) read_scan_enable_rp;
+#define READ_SCAN_ENABLE_RP_SIZE 2
+
+#define OCF_WRITE_SCAN_ENABLE 0x001A
+typedef struct {
+ uint8_t scan_enable;
+} __attribute__ ((packed)) write_scan_enable_cp;
+#define WRITE_SCAN_ENABLE_CP_SIZE 1
+ #define SCAN_DISABLED 0x00
+ #define SCAN_INQUIRY 0x01
+ #define SCAN_PAGE 0x02
+
+#define OCF_READ_PAGE_ACTIVITY 0x001B
+typedef struct {
+ uint8_t status;
+ uint16_t interval;
+ uint16_t window;
+} __attribute__ ((packed)) read_page_activity_rp;
+#define READ_PAGE_ACTIVITY_RP_SIZE 5
+
+#define OCF_WRITE_PAGE_ACTIVITY 0x001C
+typedef struct {
+ uint16_t interval;
+ uint16_t window;
+} __attribute__ ((packed)) write_page_activity_cp;
+#define WRITE_PAGE_ACTIVITY_CP_SIZE 4
+
+#define OCF_READ_INQ_ACTIVITY 0x001D
+typedef struct {
+ uint8_t status;
+ uint16_t interval;
+ uint16_t window;
+} __attribute__ ((packed)) read_inq_activity_rp;
+#define READ_INQ_ACTIVITY_RP_SIZE 5
+
+#define OCF_WRITE_INQ_ACTIVITY 0x001E
+typedef struct {
+ uint16_t interval;
+ uint16_t window;
+} __attribute__ ((packed)) write_inq_activity_cp;
+#define WRITE_INQ_ACTIVITY_CP_SIZE 4
+
+#define OCF_READ_AUTH_ENABLE 0x001F
+
+#define OCF_WRITE_AUTH_ENABLE 0x0020
+ #define AUTH_DISABLED 0x00
+ #define AUTH_ENABLED 0x01
+
+#define OCF_READ_ENCRYPT_MODE 0x0021
+
+#define OCF_WRITE_ENCRYPT_MODE 0x0022
+ #define ENCRYPT_DISABLED 0x00
+ #define ENCRYPT_P2P 0x01
+ #define ENCRYPT_BOTH 0x02
+
+#define OCF_READ_CLASS_OF_DEV 0x0023
+typedef struct {
+ uint8_t status;
+ uint8_t dev_class[3];
+} __attribute__ ((packed)) read_class_of_dev_rp;
+#define READ_CLASS_OF_DEV_RP_SIZE 4
+
+#define OCF_WRITE_CLASS_OF_DEV 0x0024
+typedef struct {
+ uint8_t dev_class[3];
+} __attribute__ ((packed)) write_class_of_dev_cp;
+#define WRITE_CLASS_OF_DEV_CP_SIZE 3
+
+#define OCF_READ_VOICE_SETTING 0x0025
+typedef struct {
+ uint8_t status;
+ uint16_t voice_setting;
+} __attribute__ ((packed)) read_voice_setting_rp;
+#define READ_VOICE_SETTING_RP_SIZE 3
+
+#define OCF_WRITE_VOICE_SETTING 0x0026
+typedef struct {
+ uint16_t voice_setting;
+} __attribute__ ((packed)) write_voice_setting_cp;
+#define WRITE_VOICE_SETTING_CP_SIZE 2
+
+#define OCF_READ_AUTOMATIC_FLUSH_TIMEOUT 0x0027
+
+#define OCF_WRITE_AUTOMATIC_FLUSH_TIMEOUT 0x0028
+
+#define OCF_READ_NUM_BROADCAST_RETRANS 0x0029
+
+#define OCF_WRITE_NUM_BROADCAST_RETRANS 0x002A
+
+#define OCF_READ_HOLD_MODE_ACTIVITY 0x002B
+
+#define OCF_WRITE_HOLD_MODE_ACTIVITY 0x002C
+
+#define OCF_READ_TRANSMIT_POWER_LEVEL 0x002D
+typedef struct {
+ uint16_t handle;
+ uint8_t type;
+} __attribute__ ((packed)) read_transmit_power_level_cp;
+#define READ_TRANSMIT_POWER_LEVEL_CP_SIZE 3
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ int8_t level;
+} __attribute__ ((packed)) read_transmit_power_level_rp;
+#define READ_TRANSMIT_POWER_LEVEL_RP_SIZE 4
+
+#define OCF_HOST_BUFFER_SIZE 0x0033
+typedef struct {
+ uint16_t acl_mtu;
+ uint8_t sco_mtu;
+ uint16_t acl_max_pkt;
+ uint16_t sco_max_pkt;
+} __attribute__ ((packed)) host_buffer_size_cp;
+#define HOST_BUFFER_SIZE_CP_SIZE 7
+
+#define OCF_HOST_NUMBER_OF_COMPLETED_PACKETS 0x0035
+
+#define OCF_READ_LINK_SUPERVISION_TIMEOUT 0x0036
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint16_t link_sup_to;
+} __attribute__ ((packed)) read_link_supervision_timeout_rp;
+#define READ_LINK_SUPERVISION_TIMEOUT_RP_SIZE 5
+
+#define OCF_WRITE_LINK_SUPERVISION_TIMEOUT 0x0037
+typedef struct {
+ uint16_t handle;
+ uint16_t link_sup_to;
+} __attribute__ ((packed)) write_link_supervision_timeout_cp;
+#define WRITE_LINK_SUPERVISION_TIMEOUT_CP_SIZE 4
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+} __attribute__ ((packed)) write_link_supervision_timeout_rp;
+#define WRITE_LINK_SUPERVISION_TIMEOUT_RP_SIZE 3
+
+#define OCF_READ_NUM_SUPPORTED_IAC 0x0038
+
+#define MAX_IAC_LAP 0x40
+#define OCF_READ_CURRENT_IAC_LAP 0x0039
+typedef struct {
+ uint8_t status;
+ uint8_t num_current_iac;
+ uint8_t lap[MAX_IAC_LAP][3];
+} __attribute__ ((packed)) read_current_iac_lap_rp;
+#define READ_CURRENT_IAC_LAP_RP_SIZE 2+3*MAX_IAC_LAP
+
+#define OCF_WRITE_CURRENT_IAC_LAP 0x003A
+typedef struct {
+ uint8_t num_current_iac;
+ uint8_t lap[MAX_IAC_LAP][3];
+} __attribute__ ((packed)) write_current_iac_lap_cp;
+#define WRITE_CURRENT_IAC_LAP_CP_SIZE 1+3*MAX_IAC_LAP
+
+#define OCF_READ_PAGE_SCAN_PERIOD_MODE 0x003B
+
+#define OCF_WRITE_PAGE_SCAN_PERIOD_MODE 0x003C
+
+#define OCF_READ_PAGE_SCAN_MODE 0x003D
+
+#define OCF_WRITE_PAGE_SCAN_MODE 0x003E
+
+#define OCF_SET_AFH_CLASSIFICATION 0x003F
+typedef struct {
+ uint8_t map[10];
+} __attribute__ ((packed)) set_afh_classification_cp;
+#define SET_AFH_CLASSIFICATION_CP_SIZE 10
+typedef struct {
+ uint8_t status;
+} __attribute__ ((packed)) set_afh_classification_rp;
+#define SET_AFH_CLASSIFICATION_RP_SIZE 1
+
+#define OCF_READ_INQUIRY_SCAN_TYPE 0x0042
+typedef struct {
+ uint8_t status;
+ uint8_t type;
+} __attribute__ ((packed)) read_inquiry_scan_type_rp;
+#define READ_INQUIRY_SCAN_TYPE_RP_SIZE 2
+
+#define OCF_WRITE_INQUIRY_SCAN_TYPE 0x0043
+typedef struct {
+ uint8_t type;
+} __attribute__ ((packed)) write_inquiry_scan_type_cp;
+#define WRITE_INQUIRY_SCAN_TYPE_CP_SIZE 1
+typedef struct {
+ uint8_t status;
+} __attribute__ ((packed)) write_inquiry_scan_type_rp;
+#define WRITE_INQUIRY_SCAN_TYPE_RP_SIZE 1
+
+#define OCF_READ_INQUIRY_MODE 0x0044
+typedef struct {
+ uint8_t status;
+ uint8_t mode;
+} __attribute__ ((packed)) read_inquiry_mode_rp;
+#define READ_INQUIRY_MODE_RP_SIZE 2
+
+#define OCF_WRITE_INQUIRY_MODE 0x0045
+typedef struct {
+ uint8_t mode;
+} __attribute__ ((packed)) write_inquiry_mode_cp;
+#define WRITE_INQUIRY_MODE_CP_SIZE 1
+typedef struct {
+ uint8_t status;
+} __attribute__ ((packed)) write_inquiry_mode_rp;
+#define WRITE_INQUIRY_MODE_RP_SIZE 1
+
+#define OCF_READ_PAGE_SCAN_TYPE 0x0046
+
+#define OCF_WRITE_PAGE_SCAN_TYPE 0x0047
+
+#define OCF_READ_AFH_MODE 0x0048
+typedef struct {
+ uint8_t status;
+ uint8_t mode;
+} __attribute__ ((packed)) read_afh_mode_rp;
+#define READ_AFH_MODE_RP_SIZE 2
+
+#define OCF_WRITE_AFH_MODE 0x0049
+typedef struct {
+ uint8_t mode;
+} __attribute__ ((packed)) write_afh_mode_cp;
+#define WRITE_AFH_MODE_CP_SIZE 1
+typedef struct {
+ uint8_t status;
+} __attribute__ ((packed)) write_afh_mode_rp;
+#define WRITE_AFH_MODE_RP_SIZE 1
+
+#define OCF_READ_EXT_INQUIRY_RESPONSE 0x0051
+typedef struct {
+ uint8_t status;
+ uint8_t fec;
+ uint8_t data[240];
+} __attribute__ ((packed)) read_ext_inquiry_response_rp;
+#define READ_EXT_INQUIRY_RESPONSE_RP_SIZE 242
+
+#define OCF_WRITE_EXT_INQUIRY_RESPONSE 0x0052
+typedef struct {
+ uint8_t fec;
+ uint8_t data[240];
+} __attribute__ ((packed)) write_ext_inquiry_response_cp;
+#define WRITE_EXT_INQUIRY_RESPONSE_CP_SIZE 241
+typedef struct {
+ uint8_t status;
+} __attribute__ ((packed)) write_ext_inquiry_response_rp;
+#define WRITE_EXT_INQUIRY_RESPONSE_RP_SIZE 1
+
+/* Informational Parameters */
+#define OGF_INFO_PARAM 0x04
+
+#define OCF_READ_LOCAL_VERSION 0x0001
+typedef struct {
+ uint8_t status;
+ uint8_t hci_ver;
+ uint16_t hci_rev;
+ uint8_t lmp_ver;
+ uint16_t manufacturer;
+ uint16_t lmp_subver;
+} __attribute__ ((packed)) read_local_version_rp;
+#define READ_LOCAL_VERSION_RP_SIZE 9
+
+#define OCF_READ_LOCAL_COMMANDS 0x0002
+typedef struct {
+ uint8_t status;
+ uint8_t commands[64];
+} __attribute__ ((packed)) read_local_commands_rp;
+#define READ_LOCAL_COMMANDS_RP_SIZE 65
+
+#define OCF_READ_LOCAL_FEATURES 0x0003
+typedef struct {
+ uint8_t status;
+ uint8_t features[8];
+} __attribute__ ((packed)) read_local_features_rp;
+#define READ_LOCAL_FEATURES_RP_SIZE 9
+
+#define OCF_READ_LOCAL_EXT_FEATURES 0x0004
+typedef struct {
+ uint8_t page_num;
+} __attribute__ ((packed)) read_local_ext_features_cp;
+#define READ_LOCAL_EXT_FEATURES_CP_SIZE 1
+typedef struct {
+ uint8_t status;
+ uint8_t page_num;
+ uint8_t max_page_num;
+ uint8_t features[8];
+} __attribute__ ((packed)) read_local_ext_features_rp;
+#define READ_LOCAL_EXT_FEATURES_RP_SIZE 11
+
+#define OCF_READ_BUFFER_SIZE 0x0005
+typedef struct {
+ uint8_t status;
+ uint16_t acl_mtu;
+ uint8_t sco_mtu;
+ uint16_t acl_max_pkt;
+ uint16_t sco_max_pkt;
+} __attribute__ ((packed)) read_buffer_size_rp;
+#define READ_BUFFER_SIZE_RP_SIZE 8
+
+#define OCF_READ_COUNTRY_CODE 0x0007
+
+#define OCF_READ_BD_ADDR 0x0009
+typedef struct {
+ uint8_t status;
+ bdaddr_t bdaddr;
+} __attribute__ ((packed)) read_bd_addr_rp;
+#define READ_BD_ADDR_RP_SIZE 7
+
+/* Status params */
+#define OGF_STATUS_PARAM 0x05
+
+#define OCF_READ_FAILED_CONTACT_COUNTER 0x0001
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t counter;
+} __attribute__ ((packed)) read_failed_contact_counter_rp;
+#define READ_FAILED_CONTACT_COUNTER_RP_SIZE 4
+
+#define OCF_RESET_FAILED_CONTACT_COUNTER 0x0002
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+} __attribute__ ((packed)) reset_failed_contact_counter_rp;
+#define RESET_FAILED_CONTACT_COUNTER_RP_SIZE 4
+
+#define OCF_READ_LINK_QUALITY 0x0003
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) read_link_quality_cp;
+#define READ_LINK_QUALITY_CP_SIZE 4
+
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t link_quality;
+} __attribute__ ((packed)) read_link_quality_rp;
+#define READ_LINK_QUALITY_RP_SIZE 4
+
+#define OCF_READ_RSSI 0x0005
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ int8_t rssi;
+} __attribute__ ((packed)) read_rssi_rp;
+#define READ_RSSI_RP_SIZE 4
+
+#define OCF_READ_AFH_MAP 0x0006
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t mode;
+ uint8_t map[10];
+} __attribute__ ((packed)) read_afh_map_rp;
+#define READ_AFH_MAP_RP_SIZE 14
+
+#define OCF_READ_CLOCK 0x0007
+typedef struct {
+ uint16_t handle;
+ uint8_t which_clock;
+} __attribute__ ((packed)) read_clock_cp;
+#define READ_CLOCK_CP_SIZE 3
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint32_t clock;
+ uint16_t accuracy;
+} __attribute__ ((packed)) read_clock_rp;
+#define READ_CLOCK_RP_SIZE 9
+
+/* Testing commands */
+#define OGF_TESTING_CMD 0x3e
+
+/* Vendor specific commands */
+#define OGF_VENDOR_CMD 0x3f
+
+/* ---- HCI Events ---- */
+
+#define EVT_INQUIRY_COMPLETE 0x01
+
+#define EVT_INQUIRY_RESULT 0x02
+typedef struct {
+ uint8_t num_responses;
+ bdaddr_t bdaddr;
+ uint8_t pscan_rep_mode;
+ uint8_t pscan_period_mode;
+ uint8_t pscan_mode;
+ uint8_t dev_class[3];
+ uint16_t clock_offset;
+} __attribute__ ((packed)) inquiry_info;
+#define INQUIRY_INFO_SIZE 14
+
+#define EVT_CONN_COMPLETE 0x03
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ bdaddr_t bdaddr;
+ uint8_t link_type;
+ uint8_t encr_mode;
+} __attribute__ ((packed)) evt_conn_complete;
+#define EVT_CONN_COMPLETE_SIZE 13
+
+#define EVT_CONN_REQUEST 0x04
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t dev_class[3];
+ uint8_t link_type;
+} __attribute__ ((packed)) evt_conn_request;
+#define EVT_CONN_REQUEST_SIZE 10
+
+#define EVT_DISCONN_COMPLETE 0x05
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t reason;
+} __attribute__ ((packed)) evt_disconn_complete;
+#define EVT_DISCONN_COMPLETE_SIZE 4
+
+#define EVT_AUTH_COMPLETE 0x06
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+} __attribute__ ((packed)) evt_auth_complete;
+#define EVT_AUTH_COMPLETE_SIZE 3
+
+#define EVT_REMOTE_NAME_REQ_COMPLETE 0x07
+typedef struct {
+ uint8_t status;
+ bdaddr_t bdaddr;
+ uint8_t name[248];
+} __attribute__ ((packed)) evt_remote_name_req_complete;
+#define EVT_REMOTE_NAME_REQ_COMPLETE_SIZE 255
+
+#define EVT_ENCRYPT_CHANGE 0x08
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t encrypt;
+} __attribute__ ((packed)) evt_encrypt_change;
+#define EVT_ENCRYPT_CHANGE_SIZE 5
+
+#define EVT_CHANGE_CONN_LINK_KEY_COMPLETE 0x09
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+} __attribute__ ((packed)) evt_change_conn_link_key_complete;
+#define EVT_CHANGE_CONN_LINK_KEY_COMPLETE_SIZE 3
+
+#define EVT_MASTER_LINK_KEY_COMPLETE 0x0A
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t key_flag;
+} __attribute__ ((packed)) evt_master_link_key_complete;
+#define EVT_MASTER_LINK_KEY_COMPLETE_SIZE 4
+
+#define EVT_READ_REMOTE_FEATURES_COMPLETE 0x0B
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t features[8];
+} __attribute__ ((packed)) evt_read_remote_features_complete;
+#define EVT_READ_REMOTE_FEATURES_COMPLETE_SIZE 11
+
+#define EVT_READ_REMOTE_VERSION_COMPLETE 0x0C
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t lmp_ver;
+ uint16_t manufacturer;
+ uint16_t lmp_subver;
+} __attribute__ ((packed)) evt_read_remote_version_complete;
+#define EVT_READ_REMOTE_VERSION_COMPLETE_SIZE 8
+
+#define EVT_QOS_SETUP_COMPLETE 0x0D
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t flags; /* Reserved */
+ hci_qos qos;
+} __attribute__ ((packed)) evt_qos_setup_complete;
+#define EVT_QOS_SETUP_COMPLETE_SIZE (4 + HCI_QOS_CP_SIZE)
+
+#define EVT_CMD_COMPLETE 0x0E
+typedef struct {
+ uint8_t ncmd;
+ uint16_t opcode;
+} __attribute__ ((packed)) evt_cmd_complete;
+#define EVT_CMD_COMPLETE_SIZE 3
+
+#define EVT_CMD_STATUS 0x0F
+typedef struct {
+ uint8_t status;
+ uint8_t ncmd;
+ uint16_t opcode;
+} __attribute__ ((packed)) evt_cmd_status;
+#define EVT_CMD_STATUS_SIZE 4
+
+#define EVT_HARDWARE_ERROR 0x10
+typedef struct {
+ uint8_t code;
+} __attribute__ ((packed)) evt_hardware_error;
+#define EVT_HARDWARE_ERROR_SIZE 1
+
+#define EVT_FLUSH_OCCURRED 0x11
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) evt_flush_occured;
+#define EVT_FLUSH_OCCURRED_SIZE 2
+
+#define EVT_ROLE_CHANGE 0x12
+typedef struct {
+ uint8_t status;
+ bdaddr_t bdaddr;
+ uint8_t role;
+} __attribute__ ((packed)) evt_role_change;
+#define EVT_ROLE_CHANGE_SIZE 8
+
+#define EVT_NUM_COMP_PKTS 0x13
+typedef struct {
+ uint8_t num_hndl;
+ /* variable length part */
+} __attribute__ ((packed)) evt_num_comp_pkts;
+#define EVT_NUM_COMP_PKTS_SIZE 1
+
+#define EVT_MODE_CHANGE 0x14
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t mode;
+ uint16_t interval;
+} __attribute__ ((packed)) evt_mode_change;
+#define EVT_MODE_CHANGE_SIZE 6
+
+#define EVT_RETURN_LINK_KEYS 0x15
+typedef struct {
+ uint8_t num_keys;
+ /* variable length part */
+} __attribute__ ((packed)) evt_return_link_keys;
+#define EVT_RETURN_LINK_KEYS_SIZE 1
+
+#define EVT_PIN_CODE_REQ 0x16
+typedef struct {
+ bdaddr_t bdaddr;
+} __attribute__ ((packed)) evt_pin_code_req;
+#define EVT_PIN_CODE_REQ_SIZE 6
+
+#define EVT_LINK_KEY_REQ 0x17
+typedef struct {
+ bdaddr_t bdaddr;
+} __attribute__ ((packed)) evt_link_key_req;
+#define EVT_LINK_KEY_REQ_SIZE 6
+
+#define EVT_LINK_KEY_NOTIFY 0x18
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t link_key[16];
+ uint8_t key_type;
+} __attribute__ ((packed)) evt_link_key_notify;
+#define EVT_LINK_KEY_NOTIFY_SIZE 23
+
+#define EVT_LOOPBACK_COMMAND 0x19
+
+#define EVT_DATA_BUFFER_OVERFLOW 0x1A
+typedef struct {
+ uint8_t link_type;
+} __attribute__ ((packed)) evt_data_buffer_overflow;
+#define EVT_DATA_BUFFER_OVERFLOW_SIZE 1
+
+#define EVT_MAX_SLOTS_CHANGE 0x1B
+typedef struct {
+ uint16_t handle;
+ uint8_t max_slots;
+} __attribute__ ((packed)) evt_max_slots_change;
+#define EVT_MAX_SLOTS_CHANGE_SIZE 3
+
+#define EVT_READ_CLOCK_OFFSET_COMPLETE 0x1C
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint16_t clock_offset;
+} __attribute__ ((packed)) evt_read_clock_offset_complete;
+#define EVT_READ_CLOCK_OFFSET_COMPLETE_SIZE 5
+
+#define EVT_CONN_PTYPE_CHANGED 0x1D
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint16_t ptype;
+} __attribute__ ((packed)) evt_conn_ptype_changed;
+#define EVT_CONN_PTYPE_CHANGED_SIZE 5
+
+#define EVT_QOS_VIOLATION 0x1E
+typedef struct {
+ uint16_t handle;
+} __attribute__ ((packed)) evt_qos_violation;
+#define EVT_QOS_VIOLATION_SIZE 2
+
+#define EVT_PSCAN_REP_MODE_CHANGE 0x20
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t pscan_rep_mode;
+} __attribute__ ((packed)) evt_pscan_rep_mode_change;
+#define EVT_PSCAN_REP_MODE_CHANGE_SIZE 7
+
+#define EVT_FLOW_SPEC_COMPLETE 0x21
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t flags;
+ uint8_t direction;
+ hci_qos qos;
+} __attribute__ ((packed)) evt_flow_spec_complete;
+#define EVT_FLOW_SPEC_COMPLETE_SIZE (5 + HCI_QOS_CP_SIZE)
+
+#define EVT_INQUIRY_RESULT_WITH_RSSI 0x22
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t pscan_rep_mode;
+ uint8_t pscan_period_mode;
+ uint8_t dev_class[3];
+ uint16_t clock_offset;
+ int8_t rssi;
+} __attribute__ ((packed)) inquiry_info_with_rssi;
+#define INQUIRY_INFO_WITH_RSSI_SIZE 14
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t pscan_rep_mode;
+ uint8_t pscan_period_mode;
+ uint8_t pscan_mode;
+ uint8_t dev_class[3];
+ uint16_t clock_offset;
+ int8_t rssi;
+} __attribute__ ((packed)) inquiry_info_with_rssi_and_pscan_mode;
+#define INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE 15
+
+#define EVT_READ_REMOTE_EXT_FEATURES_COMPLETE 0x23
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t page_num;
+ uint8_t max_page_num;
+ uint8_t features[8];
+} __attribute__ ((packed)) evt_read_remote_ext_features_complete;
+#define EVT_READ_REMOTE_EXT_FEATURES_COMPLETE_SIZE 13
+
+#define EVT_SYNC_CONN_COMPLETE 0x2C
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ bdaddr_t bdaddr;
+ uint8_t link_type;
+ uint8_t trans_interval;
+ uint8_t retrans_window;
+ uint16_t rx_pkt_len;
+ uint16_t tx_pkt_len;
+ uint8_t air_mode;
+} __attribute__ ((packed)) evt_sync_conn_complete;
+#define EVT_SYNC_CONN_COMPLETE_SIZE 17
+
+#define EVT_SYNC_CONN_CHANGED 0x2D
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint8_t trans_interval;
+ uint8_t retrans_window;
+ uint16_t rx_pkt_len;
+ uint16_t tx_pkt_len;
+} __attribute__ ((packed)) evt_sync_conn_changed;
+#define EVT_SYNC_CONN_CHANGED_SIZE 9
+
+#define EVT_SNIFF_SUBRATE 0x2E
+typedef struct {
+ uint8_t status;
+ uint16_t handle;
+ uint16_t max_remote_latency;
+ uint16_t max_local_latency;
+ uint16_t min_remote_timeout;
+ uint16_t min_local_timeout;
+} __attribute__ ((packed)) evt_sniff_subrate;
+#define EVT_SNIFF_SUBRATE_SIZE 11
+
+#define EVT_EXTENDED_INQUIRY_RESULT 0x2F
+typedef struct {
+ bdaddr_t bdaddr;
+ uint8_t pscan_rep_mode;
+ uint8_t pscan_period_mode;
+ uint8_t dev_class[3];
+ uint16_t clock_offset;
+ int8_t rssi;
+ uint8_t data[240];
+} __attribute__ ((packed)) extended_inquiry_info;
+#define EXTENDED_INQUIRY_INFO_SIZE 254
+
+#define EVT_TESTING 0xFE
+
+#define EVT_VENDOR 0xFF
+
+/* Command opcode pack/unpack */
+#define cmd_opcode_pack(ogf, ocf) (uint16_t)((ocf & 0x03ff)|(ogf << 10))
+#define cmd_opcode_ogf(op) (op >> 10)
+#define cmd_opcode_ocf(op) (op & 0x03ff)
+
+/* ACL handle and flags pack/unpack */
+#define acl_handle_pack(h, f) (uint16_t)(((h) & 0x0fff)|((f) << 12))
+#define acl_handle(h) ((h) & 0x0fff)
+#define acl_flags(h) ((h) >> 12)
Added: trunk/src/host/qemu-neo1973/hw/usb-bt.c
===================================================================
--- trunk/src/host/qemu-neo1973/hw/usb-bt.c 2007-06-13 17:12:06 UTC (rev 2242)
+++ trunk/src/host/qemu-neo1973/hw/usb-bt.c 2007-06-13 17:13:50 UTC (rev 2243)
@@ -0,0 +1,530 @@
+/*
+ * QEMU Bluetooth HCI USB Transport Layer
+ *
+ * Copyright (C) 2007 OpenMoko, Inc.
+ * Written by Andrzej Zaborowski <andrew at openedhand.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
+ * MA 02111-1307 USA
+ */
+#include "vl.h"
+
+struct USBBtState {
+ int altsetting;
+ USBDevice dev;
+ struct bt_hci_s hci;
+
+ int config;
+
+#define EVT_FIFO_LEN_MASK 15
+ struct {
+ int start, len;
+ uint8_t pkt[262];
+ } evt_fifo[EVT_FIFO_LEN_MASK + 1];
+ int evt_start, evt_len;
+};
+
+#define USB_EVT_EP 1
+#define USB_ACL_EP 2
+#define USB_SCO_EP 3
+
+static const uint8_t qemu_bt_dev_descriptor[] = {
+ 0x12, /* u8 bLength; */
+ 0x01, /* u8 bDescriptorType; Device */
+ 0x00, 0x02, /* u16 bcdUSB; v1.0 */
+
+ 0xe0, /* u8 bDeviceClass; Wireless */
+ 0x01, /* u8 bDeviceSubClass; Radio Frequency */
+ 0x01, /* u8 bDeviceProtocol; Bluetooth */
+ 0x40, /* u8 bMaxPacketSize0; 64 Bytes */
+
+ 0x12, 0x0a, /* u16 idVendor; */
+ 0x01, 0x00, /* u16 idProduct; Bluetooth Dongle (HCI mode) */
+ 0x58, 0x19, /* u16 bcdDevice */
+
+ 0x00, /* u8 iManufacturer; */
+ 0x00, /* u8 iProduct; */
+ 0x00, /* u8 iSerialNumber; */
+ 0x01, /* u8 bNumConfigurations; */
+};
+
+static const uint8_t qemu_bt_config_descriptor[] = {
+ /* one configuration */
+ 0x09, /* u8 bLength; */
+ 0x02, /* u8 bDescriptorType; Configuration */
+ 0xb1, 0x00, /* u16 wTotalLength; */
+ 0x02, /* u8 bNumInterfaces; (2) */
+ 0x01, /* u8 bConfigurationValue; */
+ 0x00, /* u8 iConfiguration; */
+ 0x80, /* u8 bmAttributes;
+ Bit 7: must be set,
+ 6: Self-powered,
+ 5: Remote wakeup,
+ 4..0: resvd */
+ 0x00, /* u8 MaxPower; */
+
+ /* USB 1.1:
+ * USB 2.0, single TT organization (mandatory):
+ * one interface, protocol 0
+ *
+ * USB 2.0, multiple TT organization (optional):
+ * two interfaces, protocols 1 (like single TT)
+ * and 2 (multiple TT mode) ... config is
+ * sometimes settable
+ * NOT IMPLEMENTED
+ */
+
+ /* interface one */
+ 0x09, /* u8 if_bLength; */
+ 0x04, /* u8 if_bDescriptorType; Interface */
+ 0x00, /* u8 if_bInterfaceNumber; */
+ 0x00, /* u8 if_bAlternateSetting; */
+ 0x03, /* u8 if_bNumEndpoints; */
+ 0xe0, /* u8 if_bInterfaceClass; Wireless */
+ 0x01, /* u8 if_bInterfaceSubClass; Radio Frequency */
+ 0x01, /* u8 if_bInterfaceProtocol; Bluetooth */
+ 0x00, /* u8 if_iInterface; */
+
+ /* endpoint one */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_IN | USB_EVT_EP, /* u8 ep_bEndpointAddress; */
+ 0x03, /* u8 ep_bmAttributes; Interrupt */
+ 0x10, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* endpoint two */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_OUT | USB_ACL_EP, /* u8 ep_bEndpointAddress; */
+ 0x02, /* u8 ep_bmAttributes; Bulk */
+ 0x40, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x0a, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* endpoint three */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_IN | USB_ACL_EP, /* u8 ep_bEndpointAddress; */
+ 0x02, /* u8 ep_bmAttributes; Bulk */
+ 0x40, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x0a, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* interface two setting one */
+ 0x09, /* u8 if_bLength; */
+ 0x04, /* u8 if_bDescriptorType; Interface */
+ 0x01, /* u8 if_bInterfaceNumber; */
+ 0x00, /* u8 if_bAlternateSetting; */
+ 0x02, /* u8 if_bNumEndpoints; */
+ 0xe0, /* u8 if_bInterfaceClass; Wireless */
+ 0x01, /* u8 if_bInterfaceSubClass; Radio Frequency */
+ 0x01, /* u8 if_bInterfaceProtocol; Bluetooth */
+ 0x00, /* u8 if_iInterface; */
+
+ /* endpoint one */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_OUT | USB_SCO_EP, /* u8 ep_bEndpointAddress; */
+ 0x01, /* u8 ep_bmAttributes; Isochronous */
+ 0x00, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* endpoint two */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_IN | USB_SCO_EP, /* u8 ep_bEndpointAddress; */
+ 0x01, /* u8 ep_bmAttributes; Isochronous */
+ 0x00, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* interface two setting two */
+ 0x09, /* u8 if_bLength; */
+ 0x04, /* u8 if_bDescriptorType; Interface */
+ 0x01, /* u8 if_bInterfaceNumber; */
+ 0x01, /* u8 if_bAlternateSetting; */
+ 0x02, /* u8 if_bNumEndpoints; */
+ 0xe0, /* u8 if_bInterfaceClass; Wireless */
+ 0x01, /* u8 if_bInterfaceSubClass; Radio Frequency */
+ 0x01, /* u8 if_bInterfaceProtocol; Bluetooth */
+ 0x00, /* u8 if_iInterface; */
+
+ /* endpoint one */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_OUT | USB_SCO_EP, /* u8 ep_bEndpointAddress; */
+ 0x01, /* u8 ep_bmAttributes; Isochronous */
+ 0x09, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* endpoint two */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_IN | USB_SCO_EP, /* u8 ep_bEndpointAddress; */
+ 0x01, /* u8 ep_bmAttributes; Isochronous */
+ 0x09, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* interface two setting three */
+ 0x09, /* u8 if_bLength; */
+ 0x04, /* u8 if_bDescriptorType; Interface */
+ 0x01, /* u8 if_bInterfaceNumber; */
+ 0x02, /* u8 if_bAlternateSetting; */
+ 0x02, /* u8 if_bNumEndpoints; */
+ 0xe0, /* u8 if_bInterfaceClass; Wireless */
+ 0x01, /* u8 if_bInterfaceSubClass; Radio Frequency */
+ 0x01, /* u8 if_bInterfaceProtocol; Bluetooth */
+ 0x00, /* u8 if_iInterface; */
+
+ /* endpoint one */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_OUT | USB_SCO_EP, /* u8 ep_bEndpointAddress; */
+ 0x01, /* u8 ep_bmAttributes; Isochronous */
+ 0x11, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* endpoint two */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_IN | USB_SCO_EP, /* u8 ep_bEndpointAddress; */
+ 0x01, /* u8 ep_bmAttributes; Isochronous */
+ 0x11, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* interface two setting four */
+ 0x09, /* u8 if_bLength; */
+ 0x04, /* u8 if_bDescriptorType; Interface */
+ 0x01, /* u8 if_bInterfaceNumber; */
+ 0x03, /* u8 if_bAlternateSetting; */
+ 0x02, /* u8 if_bNumEndpoints; */
+ 0xe0, /* u8 if_bInterfaceClass; Wireless */
+ 0x01, /* u8 if_bInterfaceSubClass; Radio Frequency */
+ 0x01, /* u8 if_bInterfaceProtocol; Bluetooth */
+ 0x00, /* u8 if_iInterface; */
+
+ /* endpoint one */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_OUT | USB_SCO_EP, /* u8 ep_bEndpointAddress; */
+ 0x01, /* u8 ep_bmAttributes; Isochronous */
+ 0x19, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* endpoint two */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_IN | USB_SCO_EP, /* u8 ep_bEndpointAddress; */
+ 0x01, /* u8 ep_bmAttributes; Isochronous */
+ 0x19, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* interface two setting five */
+ 0x09, /* u8 if_bLength; */
+ 0x04, /* u8 if_bDescriptorType; Interface */
+ 0x01, /* u8 if_bInterfaceNumber; */
+ 0x04, /* u8 if_bAlternateSetting; */
+ 0x02, /* u8 if_bNumEndpoints; */
+ 0xe0, /* u8 if_bInterfaceClass; Wireless */
+ 0x01, /* u8 if_bInterfaceSubClass; Radio Frequency */
+ 0x01, /* u8 if_bInterfaceProtocol; Bluetooth */
+ 0x00, /* u8 if_iInterface; */
+
+ /* endpoint one */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_OUT | USB_SCO_EP, /* u8 ep_bEndpointAddress; */
+ 0x01, /* u8 ep_bmAttributes; Isochronous */
+ 0x21, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* endpoint two */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_IN | USB_SCO_EP, /* u8 ep_bEndpointAddress; */
+ 0x01, /* u8 ep_bmAttributes; Isochronous */
+ 0x21, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* interface two setting six */
+ 0x09, /* u8 if_bLength; */
+ 0x04, /* u8 if_bDescriptorType; Interface */
+ 0x01, /* u8 if_bInterfaceNumber; */
+ 0x05, /* u8 if_bAlternateSetting; */
+ 0x02, /* u8 if_bNumEndpoints; */
+ 0xe0, /* u8 if_bInterfaceClass; Wireless */
+ 0x01, /* u8 if_bInterfaceSubClass; Radio Frequency */
+ 0x01, /* u8 if_bInterfaceProtocol; Bluetooth */
+ 0x00, /* u8 if_iInterface; */
+
+ /* endpoint one */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_OUT | USB_SCO_EP, /* u8 ep_bEndpointAddress; */
+ 0x01, /* u8 ep_bmAttributes; Isochronous */
+ 0x31, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+
+ /* endpoint two */
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ USB_DIR_IN | USB_SCO_EP, /* u8 ep_bEndpointAddress; */
+ 0x01, /* u8 ep_bmAttributes; Isochronous */
+ 0x31, 0x00, /* u16 ep_wMaxPacketSize; */
+ 0x01, /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+};
+
+static void usb_bt_handle_reset(USBDevice *dev)
+{
+ struct USBBtState *s = (struct USBBtState *) dev->opaque;
+ s->altsetting = 0;
+}
+
+static int usb_bt_handle_control(USBDevice *dev, int request, int value,
+ int index, int length, uint8_t *data)
+{
+ struct USBBtState *s = (struct USBBtState *) dev->opaque;
+ int ret = 0;
+ printf("setup token req %x val %x idx %x len %x\n", request, value, index, length);////
+
+ switch (request) {
+ case DeviceRequest | USB_REQ_GET_STATUS:
+ case InterfaceRequest | USB_REQ_GET_STATUS:
+ case EndpointRequest | USB_REQ_GET_STATUS:
+ data[0] = (1 << USB_DEVICE_SELF_POWERED) |
+ (dev->remote_wakeup << USB_DEVICE_REMOTE_WAKEUP);
+ data[1] = 0x00;
+ ret = 2;
+ break;
+ case DeviceOutRequest | USB_REQ_CLEAR_FEATURE:
+ case InterfaceOutRequest | USB_REQ_CLEAR_FEATURE:
+ case EndpointOutRequest | USB_REQ_CLEAR_FEATURE:
+ if (value == USB_DEVICE_REMOTE_WAKEUP) {
+ dev->remote_wakeup = 0;
+ } else {
+ goto fail;
+ }
+ ret = 0;
+ break;
+ case DeviceOutRequest | USB_REQ_SET_FEATURE:
+ case InterfaceOutRequest | USB_REQ_SET_FEATURE:
+ case EndpointOutRequest | USB_REQ_SET_FEATURE:
+ if (value == USB_DEVICE_REMOTE_WAKEUP) {
+ dev->remote_wakeup = 1;
+ } else {
+ goto fail;
+ }
+ ret = 0;
+ break;
+ case DeviceOutRequest | USB_REQ_SET_ADDRESS:
+ dev->addr = value;
+ ret = 0;
+ break;
+ case DeviceRequest | USB_REQ_GET_DESCRIPTOR:
+ switch (value >> 8) {
+ case USB_DT_DEVICE:
+ ret = sizeof(qemu_bt_dev_descriptor);
+ memcpy(data, qemu_bt_dev_descriptor, ret);
+ break;
+ case USB_DT_CONFIG:
+ ret = sizeof(qemu_bt_config_descriptor);
+ memcpy(data, qemu_bt_config_descriptor, ret);
+ break;
+ case USB_DT_STRING:
+ switch(value & 0xff) {
+ case 0:
+ /* language ids */
+ data[0] = 4;
+ data[1] = 3;
+ data[2] = 0x09;
+ data[3] = 0x04;
+ ret = 4;
+ break;
+ default:
+ goto fail;
+ }
+ break;
+ default:
+ goto fail;
+ }
+ break;
+ case DeviceRequest | USB_REQ_GET_CONFIGURATION:
+ data[0] = qemu_bt_config_descriptor[0x5];
+ ret = 1;
+ s->config = 0;
+ break;
+ case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
+ ret = 0;
+ if (value != qemu_bt_config_descriptor[0x5] && value != 0) {
+ printf("%s: Wrong SET_CONFIGURATION request (%i)\n",
+ __FUNCTION__, value);
+ goto fail;
+ }
+ s->config = 1;
+ s->evt_len = 0;
+ bt_hci_reset(&s->hci);
+ break;
+ case InterfaceRequest | USB_REQ_GET_INTERFACE:
+ if (value != 0 || (index & ~1) || length != 1)
+ goto fail;
+ if (index == 1)
+ data[0] = s->altsetting;
+ else
+ data[0] = 0;
+ ret = 1;
+ break;
+ case InterfaceOutRequest | USB_REQ_SET_INTERFACE:
+ if ((index & ~1) || length != 0 ||
+ (index == 1 && (value < 0 || value > 4)) ||
+ (index == 0 && value != 0)) {
+ printf("%s: Wrong SET_INTERFACE request (%i, %i)\n",
+ __FUNCTION__, index, value);
+ goto fail;
+ }
+ s->altsetting = value;
+ ret = 0;
+ break;
+ case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_DEVICE) << 8):
+ if (s->config)
+ bt_submit_hci(&s->hci, length, data);
+ break;
+ default:
+ fail:
+ ret = USB_RET_STALL;
+ break;
+ }
+ return ret;
+}
+
+static int usb_bt_event_dequeue(struct USBBtState *s, USBPacket *p)
+{
+ int pkt, ret;
+ if (!s->evt_len)
+ return 0;
+
+ pkt = s->evt_start;
+ ret = MIN(p->len, s->evt_fifo[pkt].len);
+
+ if (!ret) {
+ s->evt_len --;
+ s->evt_start ++;
+ s->evt_start &= EVT_FIFO_LEN_MASK;
+ }
+
+ memcpy(p->data, s->evt_fifo[pkt].pkt + s->evt_fifo[pkt].start, ret);
+ s->evt_fifo[pkt].start += ret;
+ s->evt_fifo[pkt].len -= ret;
+
+ return ret;
+}
+
+static int usb_bt_handle_data(USBDevice *dev, USBPacket *p)
+{
+ struct USBBtState *s = (struct USBBtState *) dev->opaque;
+ int ret = 0;
+
+ if (!s->config)
+ goto fail;
+
+ switch (p->pid) {
+ case USB_TOKEN_IN:
+ switch (p->devep & 0xf) {
+ case USB_EVT_EP:
+ ret = usb_bt_event_dequeue(s, p);
+ break;
+
+ default:
+ goto fail;
+ }
+ break;
+
+ case USB_TOKEN_OUT:
+ switch (p->devep & 0xf) {
+ case USB_ACL_EP:
+ bt_submit_acl(&s->hci, p->len, p->data);
+ break;
+ case USB_SCO_EP:
+ bt_submit_sco(&s->hci, p->len, p->data);
+ break;
+
+ default:
+ goto fail;
+ }
+ break;
+
+ default:
+ fail:
+ ret = USB_RET_STALL;
+ break;
+ }
+ return ret;
+}
+
+static void usb_bt_handle_destroy(USBDevice *dev)
+{
+ struct USBBtState *s = (struct USBBtState *) dev->opaque;
+
+ bt_hci_done(&s->hci);
+ qemu_free(s);
+}
+
+static uint8_t *usb_bt_evt_packet(void *opaque)
+{
+ struct USBBtState *s = (struct USBBtState *) opaque;
+ return s->evt_fifo[(s->evt_start + s->evt_len) & EVT_FIFO_LEN_MASK].pkt;
+}
+
+static void usb_bt_evt_submit(void *opaque, int len)
+{
+ struct USBBtState *s = (struct USBBtState *) opaque;
+ s->evt_fifo[(s->evt_start + s->evt_len) & EVT_FIFO_LEN_MASK].start = 0;
+ s->evt_fifo[(s->evt_start + s->evt_len ++) & EVT_FIFO_LEN_MASK].len = len;
+}
+
+static void usb_bt_acl_submit(void *opaque, uint8_t *data, int len)
+{
+ struct USBBtState *s = (struct USBBtState *) opaque;
+}
+
+static void usb_bt_sco_submit(void *opaque, uint8_t *data, int len)
+{
+ struct USBBtState *s = (struct USBBtState *) opaque;
+}
+
+USBDevice *usb_bt_init(struct bt_piconet_s *net)
+{
+ struct USBBtState *s;
+
+ s = qemu_mallocz(sizeof(struct USBBtState));
+ if (!s)
+ return NULL;
+ s->dev.opaque = s;
+ s->dev.speed = USB_SPEED_HIGH;
+ s->dev.handle_packet = usb_generic_handle_packet;
+ pstrcpy(s->dev.devname, sizeof(s->dev.devname), "QEMU BT dongle");
+
+ s->dev.handle_reset = usb_bt_handle_reset;
+ s->dev.handle_control = usb_bt_handle_control;
+ s->dev.handle_data = usb_bt_handle_data;
+ s->dev.handle_destroy = usb_bt_handle_destroy;
+
+ bt_hci_init(&s->hci);
+ s->hci.evt_packet = usb_bt_evt_packet;
+ s->hci.evt_submit = usb_bt_evt_submit;
+ s->hci.acl_submit = usb_bt_acl_submit;
+ s->hci.sco_submit = usb_bt_sco_submit;
+ s->hci.opaque = s;
+ s->hci.net = net;
+
+ return &s->dev;
+}
More information about the commitlog
mailing list