1 /*
2 *
3 * BlueZ - Bluetooth protocol stack for Linux
4 *
5 * Copyright (C) 2000-2002 Maxim Krasnyansky <maxk@qualcomm.com>
6 * Copyright (C) 2003-2010 Marcel Holtmann <marcel@holtmann.org>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22 *
23 */
24
25 #ifdef HAVE_CONFIG_H
26 #include <config.h>
27 #endif
28
29 #include <netinet/in.h>
30 #include <stdio.h>
31 #include <errno.h>
32 #include <ctype.h>
33 #include <fcntl.h>
34 #include <unistd.h>
35 #include <stdlib.h>
36 #include <stdint.h>
37 #include <string.h>
38 #include <signal.h>
39 #include <getopt.h>
40 #include <syslog.h>
41 #include <sys/time.h>
42 #include <sys/stat.h>
43 #include <sys/poll.h>
44 #include <sys/ioctl.h>
45 #include <sys/socket.h>
46 #include <sys/resource.h>
47
48 #include <bluetooth/bluetooth.h>
49 #include <bluetooth/hci.h>
50 #include <bluetooth/hci_lib.h>
51
52 #include <netdb.h>
53
54 #include <glib.h>
55
56 #define GHCI_DEV "/dev/ghci"
57
58 #define VHCI_DEV "/dev/vhci"
59 #define VHCI_UDEV "/dev/hci_vhci"
60
61 #define VHCI_MAX_CONN 12
62
63 #define VHCI_ACL_MTU 192
64 #define VHCI_ACL_MAX_PKT 8
65
66 struct vhci_device {
67 uint8_t features[8];
68 uint8_t name[248];
69 uint8_t dev_class[3];
70 uint8_t inq_mode;
71 uint8_t eir_fec;
72 uint8_t eir_data[HCI_MAX_EIR_LENGTH];
73 uint16_t acl_cnt;
74 bdaddr_t bdaddr;
75 int fd;
76 int dd;
77 GIOChannel *scan;
78 };
79
80 struct vhci_conn {
81 bdaddr_t dest;
82 uint16_t handle;
83 GIOChannel *chan;
84 };
85
86 struct vhci_link_info {
87 bdaddr_t bdaddr;
88 uint8_t dev_class[3];
89 uint8_t link_type;
90 uint8_t role;
91 } __attribute__ ((packed));
92
93 static struct vhci_device vdev;
94 static struct vhci_conn *vconn[VHCI_MAX_CONN];
95
96 struct btsnoop_hdr {
97 uint8_t id[8]; /* Identification Pattern */
98 uint32_t version; /* Version Number = 1 */
99 uint32_t type; /* Datalink Type */
100 } __attribute__ ((packed));
101 #define BTSNOOP_HDR_SIZE (sizeof(struct btsnoop_hdr))
102
103 struct btsnoop_pkt {
104 uint32_t size; /* Original Length */
105 uint32_t len; /* Included Length */
106 uint32_t flags; /* Packet Flags */
107 uint32_t drops; /* Cumulative Drops */
108 uint64_t ts; /* Timestamp microseconds */
109 uint8_t data[0]; /* Packet Data */
110 } __attribute__ ((packed));
111 #define BTSNOOP_PKT_SIZE (sizeof(struct btsnoop_pkt))
112
113 static uint8_t btsnoop_id[] = { 0x62, 0x74, 0x73, 0x6e, 0x6f, 0x6f, 0x70, 0x00 };
114
115 static GMainLoop *event_loop;
116
117 static volatile sig_atomic_t __io_canceled;
118
io_init(void)119 static inline void io_init(void)
120 {
121 __io_canceled = 0;
122 }
123
io_cancel(void)124 static inline void io_cancel(void)
125 {
126 __io_canceled = 1;
127 }
128
sig_term(int sig)129 static void sig_term(int sig)
130 {
131 io_cancel();
132 g_main_loop_quit(event_loop);
133 }
134
135 static gboolean io_acl_data(GIOChannel *chan, GIOCondition cond, gpointer data);
136 static gboolean io_conn_ind(GIOChannel *chan, GIOCondition cond, gpointer data);
137 static gboolean io_hci_data(GIOChannel *chan, GIOCondition cond, gpointer data);
138
read_n(int fd,void * buf,int len)139 static inline int read_n(int fd, void *buf, int len)
140 {
141 register int w, t = 0;
142
143 while (!__io_canceled && len > 0) {
144 if ((w = read(fd, buf, len)) < 0 ){
145 if( errno == EINTR || errno == EAGAIN )
146 continue;
147 return -1;
148 }
149 if (!w)
150 return 0;
151 len -= w; buf += w; t += w;
152 }
153 return t;
154 }
155
156 /* Write exactly len bytes (Signal safe)*/
write_n(int fd,void * buf,int len)157 static inline int write_n(int fd, void *buf, int len)
158 {
159 register int w, t = 0;
160
161 while (!__io_canceled && len > 0) {
162 if ((w = write(fd, buf, len)) < 0 ){
163 if( errno == EINTR || errno == EAGAIN )
164 continue;
165 return -1;
166 }
167 if (!w)
168 return 0;
169 len -= w; buf += w; t += w;
170 }
171 return t;
172 }
173
create_snoop(char * file)174 static int create_snoop(char *file)
175 {
176 struct btsnoop_hdr hdr;
177 int fd, len;
178
179 fd = open(file, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
180 if (fd < 0)
181 return fd;
182
183 memcpy(hdr.id, btsnoop_id, sizeof(btsnoop_id));
184 hdr.version = htonl(1);
185 hdr.type = htonl(1002);
186
187 len = write(fd, &hdr, BTSNOOP_HDR_SIZE);
188 if (len < 0) {
189 close(fd);
190 return -EIO;
191 }
192
193 if (len != BTSNOOP_HDR_SIZE) {
194 close(fd);
195 return -1;
196 }
197
198 return fd;
199 }
200
write_snoop(int fd,int type,int incoming,unsigned char * buf,int len)201 static int write_snoop(int fd, int type, int incoming, unsigned char *buf, int len)
202 {
203 struct btsnoop_pkt pkt;
204 struct timeval tv;
205 uint32_t size = len;
206 uint64_t ts;
207
208 if (fd < 0)
209 return -1;
210
211 memset(&tv, 0, sizeof(tv));
212 gettimeofday(&tv, NULL);
213 ts = (tv.tv_sec - 946684800ll) * 1000000ll + tv.tv_usec;
214
215 pkt.size = htonl(size);
216 pkt.len = pkt.size;
217 pkt.flags = ntohl(incoming & 0x01);
218 pkt.drops = htonl(0);
219 pkt.ts = hton64(ts + 0x00E03AB44A676000ll);
220
221 if (type == HCI_COMMAND_PKT || type == HCI_EVENT_PKT)
222 pkt.flags |= ntohl(0x02);
223
224 if (write(fd, &pkt, BTSNOOP_PKT_SIZE) < 0)
225 return -errno;
226
227 if (write(fd, buf, size) < 0)
228 return -errno;
229
230 return 0;
231 }
232
conn_get_by_bdaddr(bdaddr_t * ba)233 static struct vhci_conn *conn_get_by_bdaddr(bdaddr_t *ba)
234 {
235 register int i;
236
237 for (i = 0; i < VHCI_MAX_CONN; i++)
238 if (!bacmp(&vconn[i]->dest, ba))
239 return vconn[i];
240
241 return NULL;
242 }
243
command_status(uint16_t ogf,uint16_t ocf,uint8_t status)244 static void command_status(uint16_t ogf, uint16_t ocf, uint8_t status)
245 {
246 uint8_t buf[HCI_MAX_FRAME_SIZE], *ptr = buf;
247 evt_cmd_status *cs;
248 hci_event_hdr *he;
249
250 /* Packet type */
251 *ptr++ = HCI_EVENT_PKT;
252
253 /* Event header */
254 he = (void *) ptr; ptr += HCI_EVENT_HDR_SIZE;
255
256 he->evt = EVT_CMD_STATUS;
257 he->plen = EVT_CMD_STATUS_SIZE;
258
259 cs = (void *) ptr; ptr += EVT_CMD_STATUS_SIZE;
260
261 cs->status = status;
262 cs->ncmd = 1;
263 cs->opcode = htobs(cmd_opcode_pack(ogf, ocf));
264
265 write_snoop(vdev.dd, HCI_EVENT_PKT, 1, buf, ptr - buf);
266
267 if (write(vdev.fd, buf, ptr - buf) < 0)
268 syslog(LOG_ERR, "Can't send event: %s(%d)",
269 strerror(errno), errno);
270 }
271
command_complete(uint16_t ogf,uint16_t ocf,int plen,void * data)272 static void command_complete(uint16_t ogf, uint16_t ocf, int plen, void *data)
273 {
274 uint8_t buf[HCI_MAX_FRAME_SIZE], *ptr = buf;
275 evt_cmd_complete *cc;
276 hci_event_hdr *he;
277
278 /* Packet type */
279 *ptr++ = HCI_EVENT_PKT;
280
281 /* Event header */
282 he = (void *) ptr; ptr += HCI_EVENT_HDR_SIZE;
283
284 he->evt = EVT_CMD_COMPLETE;
285 he->plen = EVT_CMD_COMPLETE_SIZE + plen;
286
287 cc = (void *) ptr; ptr += EVT_CMD_COMPLETE_SIZE;
288
289 cc->ncmd = 1;
290 cc->opcode = htobs(cmd_opcode_pack(ogf, ocf));
291
292 if (plen) {
293 memcpy(ptr, data, plen);
294 ptr += plen;
295 }
296
297 write_snoop(vdev.dd, HCI_EVENT_PKT, 1, buf, ptr - buf);
298
299 if (write(vdev.fd, buf, ptr - buf) < 0)
300 syslog(LOG_ERR, "Can't send event: %s(%d)",
301 strerror(errno), errno);
302 }
303
connect_request(struct vhci_conn * conn)304 static void connect_request(struct vhci_conn *conn)
305 {
306 uint8_t buf[HCI_MAX_FRAME_SIZE], *ptr = buf;
307 evt_conn_request *cr;
308 hci_event_hdr *he;
309
310 /* Packet type */
311 *ptr++ = HCI_EVENT_PKT;
312
313 /* Event header */
314 he = (void *) ptr; ptr += HCI_EVENT_HDR_SIZE;
315
316 he->evt = EVT_CONN_REQUEST;
317 he->plen = EVT_CONN_REQUEST_SIZE;
318
319 cr = (void *) ptr; ptr += EVT_CONN_REQUEST_SIZE;
320
321 bacpy(&cr->bdaddr, &conn->dest);
322 memset(&cr->dev_class, 0, sizeof(cr->dev_class));
323 cr->link_type = ACL_LINK;
324
325 write_snoop(vdev.dd, HCI_EVENT_PKT, 1, buf, ptr - buf);
326
327 if (write(vdev.fd, buf, ptr - buf) < 0)
328 syslog(LOG_ERR, "Can't send event: %s (%d)",
329 strerror(errno), errno);
330 }
331
connect_complete(struct vhci_conn * conn)332 static void connect_complete(struct vhci_conn *conn)
333 {
334 uint8_t buf[HCI_MAX_FRAME_SIZE], *ptr = buf;
335 evt_conn_complete *cc;
336 hci_event_hdr *he;
337
338 /* Packet type */
339 *ptr++ = HCI_EVENT_PKT;
340
341 /* Event header */
342 he = (void *) ptr; ptr += HCI_EVENT_HDR_SIZE;
343
344 he->evt = EVT_CONN_COMPLETE;
345 he->plen = EVT_CONN_COMPLETE_SIZE;
346
347 cc = (void *) ptr; ptr += EVT_CONN_COMPLETE_SIZE;
348
349 bacpy(&cc->bdaddr, &conn->dest);
350 cc->status = 0x00;
351 cc->handle = htobs(conn->handle);
352 cc->link_type = ACL_LINK;
353 cc->encr_mode = 0x00;
354
355 write_snoop(vdev.dd, HCI_EVENT_PKT, 1, buf, ptr - buf);
356
357 if (write(vdev.fd, buf, ptr - buf) < 0)
358 syslog(LOG_ERR, "Can't send event: %s (%d)",
359 strerror(errno), errno);
360 }
361
disconn_complete(struct vhci_conn * conn)362 static void disconn_complete(struct vhci_conn *conn)
363 {
364 uint8_t buf[HCI_MAX_FRAME_SIZE], *ptr = buf;
365 evt_disconn_complete *dc;
366 hci_event_hdr *he;
367
368 /* Packet type */
369 *ptr++ = HCI_EVENT_PKT;
370
371 /* Event header */
372 he = (void *) ptr; ptr += HCI_EVENT_HDR_SIZE;
373
374 he->evt = EVT_DISCONN_COMPLETE;
375 he->plen = EVT_DISCONN_COMPLETE_SIZE;
376
377 dc = (void *) ptr; ptr += EVT_DISCONN_COMPLETE_SIZE;
378
379 dc->status = 0x00;
380 dc->handle = htobs(conn->handle);
381 dc->reason = 0x00;
382
383 write_snoop(vdev.dd, HCI_EVENT_PKT, 1, buf, ptr - buf);
384
385 if (write(vdev.fd, buf, ptr - buf) < 0)
386 syslog(LOG_ERR, "Can't send event: %s (%d)",
387 strerror(errno), errno);
388
389 vdev.acl_cnt = 0;
390 }
391
num_completed_pkts(struct vhci_conn * conn)392 static void num_completed_pkts(struct vhci_conn *conn)
393 {
394 uint8_t buf[HCI_MAX_FRAME_SIZE], *ptr = buf;
395 evt_num_comp_pkts *np;
396 hci_event_hdr *he;
397
398 /* Packet type */
399 *ptr++ = HCI_EVENT_PKT;
400
401 /* Event header */
402 he = (void *) ptr; ptr += HCI_EVENT_HDR_SIZE;
403
404 he->evt = EVT_NUM_COMP_PKTS;
405 he->plen = EVT_NUM_COMP_PKTS_SIZE;
406
407 np = (void *) ptr; ptr += EVT_NUM_COMP_PKTS_SIZE;
408 np->num_hndl = 1;
409
410 *((uint16_t *) ptr) = htobs(conn->handle); ptr += 2;
411 *((uint16_t *) ptr) = htobs(vdev.acl_cnt); ptr += 2;
412
413 write_snoop(vdev.dd, HCI_EVENT_PKT, 1, buf, ptr - buf);
414
415 if (write(vdev.fd, buf, ptr - buf) < 0)
416 syslog(LOG_ERR, "Can't send event: %s (%d)",
417 strerror(errno), errno);
418 }
419
scan_enable(uint8_t * data)420 static int scan_enable(uint8_t *data)
421 {
422 struct sockaddr_in sa;
423 GIOChannel *sk_io;
424 bdaddr_t ba;
425 int sk, opt;
426
427 if (!(*data & SCAN_PAGE)) {
428 if (vdev.scan) {
429 g_io_channel_shutdown(vdev.scan, TRUE, NULL);
430 vdev.scan = NULL;
431 }
432 return 0;
433 }
434
435 if (vdev.scan)
436 return 0;
437
438 if ((sk = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
439 syslog(LOG_ERR, "Can't create socket: %s (%d)",
440 strerror(errno), errno);
441 return 1;
442 }
443
444 opt = 1;
445 setsockopt(sk, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
446
447 baswap(&ba, &vdev.bdaddr);
448 sa.sin_family = AF_INET;
449 memcpy(&sa.sin_addr.s_addr, &ba, sizeof(sa.sin_addr.s_addr));
450 sa.sin_port = *(uint16_t *) &ba.b[4];
451 if (bind(sk, (struct sockaddr *) &sa, sizeof(sa))) {
452 syslog(LOG_ERR, "Can't bind socket: %s (%d)",
453 strerror(errno), errno);
454 goto failed;
455 }
456
457 if (listen(sk, 10)) {
458 syslog(LOG_ERR, "Can't listen on socket: %s (%d)",
459 strerror(errno), errno);
460 goto failed;
461 }
462
463 sk_io = g_io_channel_unix_new(sk);
464 g_io_add_watch(sk_io, G_IO_IN | G_IO_NVAL, io_conn_ind, NULL);
465 vdev.scan = sk_io;
466 return 0;
467
468 failed:
469 close(sk);
470 return 1;
471 }
472
accept_connection(uint8_t * data)473 static void accept_connection(uint8_t *data)
474 {
475 accept_conn_req_cp *cp = (void *) data;
476 struct vhci_conn *conn;
477
478 if (!(conn = conn_get_by_bdaddr(&cp->bdaddr)))
479 return;
480
481 connect_complete(conn);
482
483 g_io_add_watch(conn->chan, G_IO_IN | G_IO_NVAL | G_IO_HUP,
484 io_acl_data, (gpointer) conn);
485 }
486
close_connection(struct vhci_conn * conn)487 static void close_connection(struct vhci_conn *conn)
488 {
489 char addr[18];
490
491 ba2str(&conn->dest, addr);
492 syslog(LOG_INFO, "Closing connection %s handle %d",
493 addr, conn->handle);
494
495 g_io_channel_shutdown(conn->chan, TRUE, NULL);
496 g_io_channel_unref(conn->chan);
497
498 vconn[conn->handle - 1] = NULL;
499 disconn_complete(conn);
500 free(conn);
501 }
502
disconnect(uint8_t * data)503 static void disconnect(uint8_t *data)
504 {
505 disconnect_cp *cp = (void *) data;
506 struct vhci_conn *conn;
507 uint16_t handle;
508
509 handle = btohs(cp->handle);
510
511 if (handle > VHCI_MAX_CONN)
512 return;
513
514 if (!(conn = vconn[handle-1]))
515 return;
516
517 close_connection(conn);
518 }
519
create_connection(uint8_t * data)520 static void create_connection(uint8_t *data)
521 {
522 create_conn_cp *cp = (void *) data;
523 struct vhci_link_info info;
524 struct vhci_conn *conn;
525 struct sockaddr_in sa;
526 int h, sk, opt;
527 bdaddr_t ba;
528
529 for (h = 0; h < VHCI_MAX_CONN; h++)
530 if (!vconn[h])
531 goto do_connect;
532
533 syslog(LOG_ERR, "Too many connections");
534 return;
535
536 do_connect:
537 if ((sk = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
538 syslog(LOG_ERR, "Can't create socket: %s (%d)",
539 strerror(errno), errno);
540 return;
541 }
542
543 opt = 1;
544 setsockopt(sk, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
545
546 baswap(&ba, &vdev.bdaddr);
547 sa.sin_family = AF_INET;
548 sa.sin_addr.s_addr = INADDR_ANY; // *(uint32_t *) &ba;
549 sa.sin_port = 0; // *(uint16_t *) &ba.b[4];
550 if (bind(sk, (struct sockaddr *) &sa, sizeof(sa))) {
551 syslog(LOG_ERR, "Can't bind socket: %s (%d)",
552 strerror(errno), errno);
553 close(sk);
554 return;
555 }
556
557 baswap(&ba, &cp->bdaddr);
558 sa.sin_family = AF_INET;
559 memcpy(&sa.sin_addr.s_addr, &ba, sizeof(sa.sin_addr.s_addr));
560 sa.sin_port = *(uint16_t *) &ba.b[4];
561 if (connect(sk, (struct sockaddr *) &sa, sizeof(sa)) < 0) {
562 syslog(LOG_ERR, "Can't connect: %s (%d)",
563 strerror(errno), errno);
564 close(sk);
565 return;
566 }
567
568 /* Send info */
569 memset(&info, 0, sizeof(info));
570 bacpy(&info.bdaddr, &vdev.bdaddr);
571 info.link_type = ACL_LINK;
572 info.role = 1;
573 write_n(sk, (void *) &info, sizeof(info));
574
575 if (!(conn = malloc(sizeof(*conn)))) {
576 syslog(LOG_ERR, "Can't alloc new connection: %s (%d)",
577 strerror(errno), errno);
578 close(sk);
579 return;
580 }
581
582 memcpy((uint8_t *) &ba, (uint8_t *) &sa.sin_addr, 4);
583 memcpy((uint8_t *) &ba.b[4], (uint8_t *) &sa.sin_port, 2);
584 baswap(&conn->dest, &ba);
585
586 vconn[h] = conn;
587 conn->handle = h + 1;
588 conn->chan = g_io_channel_unix_new(sk);
589
590 connect_complete(conn);
591 g_io_add_watch(conn->chan, G_IO_IN | G_IO_NVAL | G_IO_HUP,
592 io_acl_data, (gpointer) conn);
593 return;
594 }
595
hci_link_control(uint16_t ocf,int plen,uint8_t * data)596 static void hci_link_control(uint16_t ocf, int plen, uint8_t *data)
597 {
598 uint8_t status;
599
600 const uint16_t ogf = OGF_LINK_CTL;
601
602 switch (ocf) {
603 case OCF_CREATE_CONN:
604 command_status(ogf, ocf, 0x00);
605 create_connection(data);
606 break;
607
608 case OCF_ACCEPT_CONN_REQ:
609 command_status(ogf, ocf, 0x00);
610 accept_connection(data);
611 break;
612
613 case OCF_DISCONNECT:
614 command_status(ogf, ocf, 0x00);
615 disconnect(data);
616 break;
617
618 default:
619 status = 0x01;
620 command_complete(ogf, ocf, 1, &status);
621 break;
622 }
623 }
624
hci_link_policy(uint16_t ocf,int plen,uint8_t * data)625 static void hci_link_policy(uint16_t ocf, int plen, uint8_t *data)
626 {
627 uint8_t status;
628
629 const uint16_t ogf = OGF_INFO_PARAM;
630
631 switch (ocf) {
632 default:
633 status = 0x01;
634 command_complete(ogf, ocf, 1, &status);
635 break;
636 }
637 }
638
hci_host_control(uint16_t ocf,int plen,uint8_t * data)639 static void hci_host_control(uint16_t ocf, int plen, uint8_t *data)
640 {
641 read_local_name_rp ln;
642 read_class_of_dev_rp cd;
643 read_inquiry_mode_rp im;
644 read_ext_inquiry_response_rp ir;
645 uint8_t status;
646
647 const uint16_t ogf = OGF_HOST_CTL;
648
649 switch (ocf) {
650 case OCF_RESET:
651 status = 0x00;
652 command_complete(ogf, ocf, 1, &status);
653 break;
654
655 case OCF_SET_EVENT_FLT:
656 status = 0x00;
657 command_complete(ogf, ocf, 1, &status);
658 break;
659
660 case OCF_CHANGE_LOCAL_NAME:
661 status = 0x00;
662 memcpy(vdev.name, data, sizeof(vdev.name));
663 command_complete(ogf, ocf, 1, &status);
664 break;
665
666 case OCF_READ_LOCAL_NAME:
667 ln.status = 0x00;
668 memcpy(ln.name, vdev.name, sizeof(ln.name));
669 command_complete(ogf, ocf, sizeof(ln), &ln);
670 break;
671
672 case OCF_WRITE_CONN_ACCEPT_TIMEOUT:
673 case OCF_WRITE_PAGE_TIMEOUT:
674 status = 0x00;
675 command_complete(ogf, ocf, 1, &status);
676 break;
677
678 case OCF_WRITE_SCAN_ENABLE:
679 status = scan_enable(data);
680 command_complete(ogf, ocf, 1, &status);
681 break;
682
683 case OCF_WRITE_AUTH_ENABLE:
684 status = 0x00;
685 command_complete(ogf, ocf, 1, &status);
686 break;
687
688 case OCF_WRITE_ENCRYPT_MODE:
689 status = 0x00;
690 command_complete(ogf, ocf, 1, &status);
691 break;
692
693 case OCF_READ_CLASS_OF_DEV:
694 cd.status = 0x00;
695 memcpy(cd.dev_class, vdev.dev_class, 3);
696 command_complete(ogf, ocf, sizeof(cd), &cd);
697 break;
698
699 case OCF_WRITE_CLASS_OF_DEV:
700 status = 0x00;
701 memcpy(vdev.dev_class, data, 3);
702 command_complete(ogf, ocf, 1, &status);
703 break;
704
705 case OCF_READ_INQUIRY_MODE:
706 im.status = 0x00;
707 im.mode = vdev.inq_mode;
708 command_complete(ogf, ocf, sizeof(im), &im);
709 break;
710
711 case OCF_WRITE_INQUIRY_MODE:
712 status = 0x00;
713 vdev.inq_mode = data[0];
714 command_complete(ogf, ocf, 1, &status);
715 break;
716
717 case OCF_READ_EXT_INQUIRY_RESPONSE:
718 ir.status = 0x00;
719 ir.fec = vdev.eir_fec;
720 memcpy(ir.data, vdev.eir_data, HCI_MAX_EIR_LENGTH);
721 command_complete(ogf, ocf, sizeof(ir), &ir);
722 break;
723
724 case OCF_WRITE_EXT_INQUIRY_RESPONSE:
725 status = 0x00;
726 vdev.eir_fec = data[0];
727 memcpy(vdev.eir_data, data + 1, HCI_MAX_EIR_LENGTH);
728 command_complete(ogf, ocf, 1, &status);
729 break;
730
731 default:
732 status = 0x01;
733 command_complete(ogf, ocf, 1, &status);
734 break;
735 }
736 }
737
hci_info_param(uint16_t ocf,int plen,uint8_t * data)738 static void hci_info_param(uint16_t ocf, int plen, uint8_t *data)
739 {
740 read_local_version_rp lv;
741 read_local_features_rp lf;
742 read_local_ext_features_rp ef;
743 read_buffer_size_rp bs;
744 read_bd_addr_rp ba;
745 uint8_t status;
746
747 const uint16_t ogf = OGF_INFO_PARAM;
748
749 switch (ocf) {
750 case OCF_READ_LOCAL_VERSION:
751 lv.status = 0x00;
752 lv.hci_ver = 0x03;
753 lv.hci_rev = htobs(0x0000);
754 lv.lmp_ver = 0x03;
755 lv.manufacturer = htobs(29);
756 lv.lmp_subver = htobs(0x0000);
757 command_complete(ogf, ocf, sizeof(lv), &lv);
758 break;
759
760 case OCF_READ_LOCAL_FEATURES:
761 lf.status = 0x00;
762 memcpy(lf.features, vdev.features, 8);
763 command_complete(ogf, ocf, sizeof(lf), &lf);
764 break;
765
766 case OCF_READ_LOCAL_EXT_FEATURES:
767 ef.status = 0x00;
768 if (*data == 0) {
769 ef.page_num = 0;
770 ef.max_page_num = 0;
771 memcpy(ef.features, vdev.features, 8);
772 } else {
773 ef.page_num = *data;
774 ef.max_page_num = 0;
775 memset(ef.features, 0, 8);
776 }
777 command_complete(ogf, ocf, sizeof(ef), &ef);
778 break;
779
780 case OCF_READ_BUFFER_SIZE:
781 bs.status = 0x00;
782 bs.acl_mtu = htobs(VHCI_ACL_MTU);
783 bs.sco_mtu = 0;
784 bs.acl_max_pkt = htobs(VHCI_ACL_MAX_PKT);
785 bs.sco_max_pkt = htobs(0);
786 command_complete(ogf, ocf, sizeof(bs), &bs);
787 break;
788
789 case OCF_READ_BD_ADDR:
790 ba.status = 0x00;
791 bacpy(&ba.bdaddr, &vdev.bdaddr);
792 command_complete(ogf, ocf, sizeof(ba), &ba);
793 break;
794
795 default:
796 status = 0x01;
797 command_complete(ogf, ocf, 1, &status);
798 break;
799 }
800 }
801
hci_command(uint8_t * data)802 static void hci_command(uint8_t *data)
803 {
804 hci_command_hdr *ch;
805 uint8_t *ptr = data;
806 uint16_t ogf, ocf;
807
808 ch = (hci_command_hdr *) ptr;
809 ptr += HCI_COMMAND_HDR_SIZE;
810
811 ch->opcode = btohs(ch->opcode);
812 ogf = cmd_opcode_ogf(ch->opcode);
813 ocf = cmd_opcode_ocf(ch->opcode);
814
815 switch (ogf) {
816 case OGF_LINK_CTL:
817 hci_link_control(ocf, ch->plen, ptr);
818 break;
819
820 case OGF_LINK_POLICY:
821 hci_link_policy(ocf, ch->plen, ptr);
822 break;
823
824 case OGF_HOST_CTL:
825 hci_host_control(ocf, ch->plen, ptr);
826 break;
827
828 case OGF_INFO_PARAM:
829 hci_info_param(ocf, ch->plen, ptr);
830 break;
831 }
832 }
833
hci_acl_data(uint8_t * data)834 static void hci_acl_data(uint8_t *data)
835 {
836 hci_acl_hdr *ah = (void *) data;
837 struct vhci_conn *conn;
838 uint16_t handle;
839 int fd;
840
841 handle = acl_handle(btohs(ah->handle));
842
843 if (handle > VHCI_MAX_CONN || !(conn = vconn[handle - 1])) {
844 syslog(LOG_ERR, "Bad connection handle %d", handle);
845 return;
846 }
847
848 fd = g_io_channel_unix_get_fd(conn->chan);
849 if (write_n(fd, data, btohs(ah->dlen) + HCI_ACL_HDR_SIZE) < 0) {
850 close_connection(conn);
851 return;
852 }
853
854 if (++vdev.acl_cnt > VHCI_ACL_MAX_PKT - 1) {
855 /* Send num of complete packets event */
856 num_completed_pkts(conn);
857 vdev.acl_cnt = 0;
858 }
859 }
860
io_acl_data(GIOChannel * chan,GIOCondition cond,gpointer data)861 static gboolean io_acl_data(GIOChannel *chan, GIOCondition cond, gpointer data)
862 {
863 struct vhci_conn *conn = (struct vhci_conn *) data;
864 unsigned char buf[HCI_MAX_FRAME_SIZE], *ptr;
865 hci_acl_hdr *ah;
866 uint16_t flags;
867 int fd, len;
868
869 if (cond & G_IO_NVAL) {
870 g_io_channel_unref(chan);
871 return FALSE;
872 }
873
874 if (cond & G_IO_HUP) {
875 close_connection(conn);
876 return FALSE;
877 }
878
879 fd = g_io_channel_unix_get_fd(chan);
880
881 ptr = buf + 1;
882 if (read_n(fd, ptr, HCI_ACL_HDR_SIZE) <= 0) {
883 close_connection(conn);
884 return FALSE;
885 }
886
887 ah = (void *) ptr;
888 ptr += HCI_ACL_HDR_SIZE;
889
890 len = btohs(ah->dlen);
891 if (read_n(fd, ptr, len) <= 0) {
892 close_connection(conn);
893 return FALSE;
894 }
895
896 buf[0] = HCI_ACLDATA_PKT;
897
898 flags = acl_flags(btohs(ah->handle));
899 ah->handle = htobs(acl_handle_pack(conn->handle, flags));
900 len += HCI_ACL_HDR_SIZE + 1;
901
902 write_snoop(vdev.dd, HCI_ACLDATA_PKT, 1, buf, len);
903
904 if (write(vdev.fd, buf, len) < 0)
905 return FALSE;
906
907 return TRUE;
908 }
909
io_conn_ind(GIOChannel * chan,GIOCondition cond,gpointer data)910 static gboolean io_conn_ind(GIOChannel *chan, GIOCondition cond, gpointer data)
911 {
912 struct vhci_link_info info;
913 struct vhci_conn *conn;
914 struct sockaddr_in sa;
915 socklen_t len;
916 int sk, nsk, h;
917
918 if (cond & G_IO_NVAL)
919 return FALSE;
920
921 sk = g_io_channel_unix_get_fd(chan);
922
923 len = sizeof(sa);
924 if ((nsk = accept(sk, (struct sockaddr *) &sa, &len)) < 0)
925 return TRUE;
926
927 if (read_n(nsk, &info, sizeof(info)) < 0) {
928 syslog(LOG_ERR, "Can't read link info");
929 return TRUE;
930 }
931
932 if (!(conn = malloc(sizeof(*conn)))) {
933 syslog(LOG_ERR, "Can't alloc new connection");
934 close(nsk);
935 return TRUE;
936 }
937
938 bacpy(&conn->dest, &info.bdaddr);
939
940 for (h = 0; h < VHCI_MAX_CONN; h++)
941 if (!vconn[h])
942 goto accepted;
943
944 syslog(LOG_ERR, "Too many connections");
945 free(conn);
946 close(nsk);
947 return TRUE;
948
949 accepted:
950 vconn[h] = conn;
951 conn->handle = h + 1;
952 conn->chan = g_io_channel_unix_new(nsk);
953 connect_request(conn);
954
955 return TRUE;
956 }
957
io_hci_data(GIOChannel * chan,GIOCondition cond,gpointer data)958 static gboolean io_hci_data(GIOChannel *chan, GIOCondition cond, gpointer data)
959 {
960 unsigned char buf[HCI_MAX_FRAME_SIZE], *ptr;
961 int type;
962 ssize_t len;
963 int fd;
964
965 ptr = buf;
966
967 fd = g_io_channel_unix_get_fd(chan);
968
969 len = read(fd, buf, sizeof(buf));
970 if (len < 0) {
971 if (errno == EAGAIN)
972 return TRUE;
973
974 syslog(LOG_ERR, "Read failed: %s (%d)", strerror(errno), errno);
975 g_io_channel_unref(chan);
976 g_main_loop_quit(event_loop);
977 return FALSE;
978 }
979
980 type = *ptr++;
981
982 write_snoop(vdev.dd, type, 0, buf, len);
983
984 switch (type) {
985 case HCI_COMMAND_PKT:
986 hci_command(ptr);
987 break;
988
989 case HCI_ACLDATA_PKT:
990 hci_acl_data(ptr);
991 break;
992
993 default:
994 syslog(LOG_ERR, "Unknown packet type 0x%2.2x", type);
995 break;
996 }
997
998 return TRUE;
999 }
1000
getbdaddrbyname(char * str,bdaddr_t * ba)1001 static int getbdaddrbyname(char *str, bdaddr_t *ba)
1002 {
1003 int i, n, len;
1004
1005 len = strlen(str);
1006
1007 /* Check address format */
1008 for (i = 0, n = 0; i < len; i++)
1009 if (str[i] == ':')
1010 n++;
1011
1012 if (n == 5) {
1013 /* BD address */
1014 str2ba(str, ba);
1015 return 0;
1016 }
1017
1018 if (n == 1) {
1019 /* IP address + port */
1020 struct hostent *hent;
1021 bdaddr_t b;
1022 char *ptr;
1023
1024 ptr = strchr(str, ':');
1025 *ptr++ = 0;
1026
1027 if (!(hent = gethostbyname(str))) {
1028 fprintf(stderr, "Can't resolve %s\n", str);
1029 return -2;
1030 }
1031
1032 memcpy(&b, hent->h_addr, 4);
1033 *(uint16_t *) (&b.b[4]) = htons(atoi(ptr));
1034 baswap(ba, &b);
1035
1036 return 0;
1037 }
1038
1039 fprintf(stderr, "Invalid address format\n");
1040
1041 return -1;
1042 }
1043
rewrite_bdaddr(unsigned char * buf,int len,bdaddr_t * bdaddr)1044 static void rewrite_bdaddr(unsigned char *buf, int len, bdaddr_t *bdaddr)
1045 {
1046 hci_event_hdr *eh;
1047 unsigned char *ptr = buf;
1048 int type;
1049
1050 if (!bdaddr)
1051 return;
1052
1053 if (!bacmp(bdaddr, BDADDR_ANY))
1054 return;
1055
1056 type = *ptr++;
1057
1058 switch (type) {
1059 case HCI_EVENT_PKT:
1060 eh = (hci_event_hdr *) ptr;
1061 ptr += HCI_EVENT_HDR_SIZE;
1062
1063 if (eh->evt == EVT_CMD_COMPLETE) {
1064 evt_cmd_complete *cc = (void *) ptr;
1065
1066 ptr += EVT_CMD_COMPLETE_SIZE;
1067
1068 if (cc->opcode == htobs(cmd_opcode_pack(OGF_INFO_PARAM,
1069 OCF_READ_BD_ADDR))) {
1070 bacpy((bdaddr_t *) (ptr + 1), bdaddr);
1071 }
1072 }
1073 break;
1074 }
1075 }
1076
run_proxy(int fd,int dev,bdaddr_t * bdaddr)1077 static int run_proxy(int fd, int dev, bdaddr_t *bdaddr)
1078 {
1079 unsigned char buf[HCI_MAX_FRAME_SIZE + 1];
1080 struct hci_dev_info di;
1081 struct hci_filter flt;
1082 struct pollfd p[2];
1083 int dd, err, len, need_raw;
1084
1085 dd = hci_open_dev(dev);
1086 if (dd < 0) {
1087 syslog(LOG_ERR, "Can't open device hci%d: %s (%d)",
1088 dev, strerror(errno), errno);
1089 return 1;
1090 }
1091
1092 if (hci_devinfo(dev, &di) < 0) {
1093 syslog(LOG_ERR, "Can't get device info for hci%d: %s (%d)",
1094 dev, strerror(errno), errno);
1095 hci_close_dev(dd);
1096 return 1;
1097 }
1098
1099 need_raw = !hci_test_bit(HCI_RAW, &di.flags);
1100
1101 hci_filter_clear(&flt);
1102 hci_filter_all_ptypes(&flt);
1103 hci_filter_all_events(&flt);
1104
1105 if (setsockopt(dd, SOL_HCI, HCI_FILTER, &flt, sizeof(flt)) < 0) {
1106 syslog(LOG_ERR, "Can't set filter for hci%d: %s (%d)",
1107 dev, strerror(errno), errno);
1108 hci_close_dev(dd);
1109 return 1;
1110 }
1111
1112 if (need_raw) {
1113 if (ioctl(dd, HCISETRAW, 1) < 0) {
1114 syslog(LOG_ERR, "Can't set raw mode on hci%d: %s (%d)",
1115 dev, strerror(errno), errno);
1116 hci_close_dev(dd);
1117 return 1;
1118 }
1119 }
1120
1121 p[0].fd = fd;
1122 p[0].events = POLLIN;
1123 p[1].fd = dd;
1124 p[1].events = POLLIN;
1125
1126 while (!__io_canceled) {
1127 p[0].revents = 0;
1128 p[1].revents = 0;
1129 err = poll(p, 2, 500);
1130 if (err < 0)
1131 break;
1132 if (!err)
1133 continue;
1134
1135 if (p[0].revents & POLLIN) {
1136 len = read(fd, buf, sizeof(buf));
1137 if (len > 0) {
1138 rewrite_bdaddr(buf, len, bdaddr);
1139 err = write(dd, buf, len);
1140 }
1141 }
1142
1143 if (p[1].revents & POLLIN) {
1144 len = read(dd, buf, sizeof(buf));
1145 if (len > 0) {
1146 rewrite_bdaddr(buf, len, bdaddr);
1147 err = write(fd, buf, len);
1148 }
1149 }
1150 }
1151
1152 if (need_raw) {
1153 if (ioctl(dd, HCISETRAW, 0) < 0)
1154 syslog(LOG_ERR, "Can't clear raw mode on hci%d: %s (%d)",
1155 dev, strerror(errno), errno);
1156 }
1157
1158 hci_close_dev(dd);
1159
1160 syslog(LOG_INFO, "Exit");
1161
1162 return 0;
1163 }
1164
usage(void)1165 static void usage(void)
1166 {
1167 printf("hciemu - HCI emulator ver %s\n", VERSION);
1168 printf("Usage: \n");
1169 printf("\thciemu [options] local_address\n"
1170 "Options:\n"
1171 "\t[-d device] use specified device\n"
1172 "\t[-b bdaddr] emulate specified address\n"
1173 "\t[-s file] create snoop file\n"
1174 "\t[-n] do not detach\n"
1175 "\t[-h] help, you are looking at it\n");
1176 }
1177
1178 static struct option main_options[] = {
1179 { "device", 1, 0, 'd' },
1180 { "bdaddr", 1, 0, 'b' },
1181 { "snoop", 1, 0, 's' },
1182 { "nodetach", 0, 0, 'n' },
1183 { "help", 0, 0, 'h' },
1184 { 0 }
1185 };
1186
main(int argc,char * argv[])1187 int main(int argc, char *argv[])
1188 {
1189 struct sigaction sa;
1190 GIOChannel *dev_io;
1191 char *device = NULL, *snoop = NULL;
1192 bdaddr_t bdaddr;
1193 int fd, dd, opt, detach = 1, dev = -1;
1194
1195 bacpy(&bdaddr, BDADDR_ANY);
1196
1197 while ((opt=getopt_long(argc, argv, "d:b:s:nh", main_options, NULL)) != EOF) {
1198 switch(opt) {
1199 case 'd':
1200 device = strdup(optarg);
1201 break;
1202
1203 case 'b':
1204 str2ba(optarg, &bdaddr);
1205 break;
1206
1207 case 's':
1208 snoop = strdup(optarg);
1209 break;
1210
1211 case 'n':
1212 detach = 0;
1213 break;
1214
1215 case 'h':
1216 default:
1217 usage();
1218 exit(0);
1219 }
1220 }
1221
1222 argc -= optind;
1223 argv += optind;
1224 optind = 0;
1225
1226 if (argc < 1) {
1227 usage();
1228 exit(1);
1229 }
1230
1231 if (strlen(argv[0]) > 3 && !strncasecmp(argv[0], "hci", 3)) {
1232 dev = hci_devid(argv[0]);
1233 if (dev < 0) {
1234 perror("Invalid device");
1235 exit(1);
1236 }
1237 } else {
1238 if (getbdaddrbyname(argv[0], &vdev.bdaddr) < 0)
1239 exit(1);
1240 }
1241
1242 if (detach) {
1243 if (daemon(0, 0)) {
1244 perror("Can't start daemon");
1245 exit(1);
1246 }
1247 }
1248
1249 /* Start logging to syslog and stderr */
1250 openlog("hciemu", LOG_PID | LOG_NDELAY | LOG_PERROR, LOG_DAEMON);
1251 syslog(LOG_INFO, "HCI emulation daemon ver %s started", VERSION);
1252
1253 memset(&sa, 0, sizeof(sa));
1254 sa.sa_flags = SA_NOCLDSTOP;
1255 sa.sa_handler = SIG_IGN;
1256 sigaction(SIGCHLD, &sa, NULL);
1257 sigaction(SIGPIPE, &sa, NULL);
1258
1259 sa.sa_handler = sig_term;
1260 sigaction(SIGTERM, &sa, NULL);
1261 sigaction(SIGINT, &sa, NULL);
1262
1263 io_init();
1264
1265 if (!device && dev >= 0)
1266 device = strdup(GHCI_DEV);
1267
1268 /* Open and create virtual HCI device */
1269 if (device) {
1270 fd = open(device, O_RDWR);
1271 if (fd < 0) {
1272 syslog(LOG_ERR, "Can't open device %s: %s (%d)",
1273 device, strerror(errno), errno);
1274 free(device);
1275 exit(1);
1276 }
1277 free(device);
1278 } else {
1279 fd = open(VHCI_DEV, O_RDWR);
1280 if (fd < 0) {
1281 fd = open(VHCI_UDEV, O_RDWR);
1282 if (fd < 0) {
1283 syslog(LOG_ERR, "Can't open device %s: %s (%d)",
1284 VHCI_DEV, strerror(errno), errno);
1285 exit(1);
1286 }
1287 }
1288 }
1289
1290 /* Create snoop file */
1291 if (snoop) {
1292 dd = create_snoop(snoop);
1293 if (dd < 0)
1294 syslog(LOG_ERR, "Can't create snoop file %s: %s (%d)",
1295 snoop, strerror(errno), errno);
1296 free(snoop);
1297 } else
1298 dd = -1;
1299
1300 /* Create event loop */
1301 event_loop = g_main_loop_new(NULL, FALSE);
1302
1303 if (dev >= 0)
1304 return run_proxy(fd, dev, &bdaddr);
1305
1306 /* Device settings */
1307 vdev.features[0] = 0xff;
1308 vdev.features[1] = 0xff;
1309 vdev.features[2] = 0x8f;
1310 vdev.features[3] = 0xfe;
1311 vdev.features[4] = 0x9b;
1312 vdev.features[5] = 0xf9;
1313 vdev.features[6] = 0x01;
1314 vdev.features[7] = 0x80;
1315
1316 memset(vdev.name, 0, sizeof(vdev.name));
1317 strncpy((char *) vdev.name, "BlueZ (Virtual HCI)",
1318 sizeof(vdev.name) - 1);
1319
1320 vdev.dev_class[0] = 0x00;
1321 vdev.dev_class[1] = 0x00;
1322 vdev.dev_class[2] = 0x00;
1323
1324 vdev.inq_mode = 0x00;
1325 vdev.eir_fec = 0x00;
1326 memset(vdev.eir_data, 0, sizeof(vdev.eir_data));
1327
1328 vdev.fd = fd;
1329 vdev.dd = dd;
1330
1331 dev_io = g_io_channel_unix_new(fd);
1332 g_io_add_watch(dev_io, G_IO_IN, io_hci_data, NULL);
1333
1334 setpriority(PRIO_PROCESS, 0, -19);
1335
1336 /* Start event processor */
1337 g_main_loop_run(event_loop);
1338
1339 close(fd);
1340
1341 if (dd >= 0)
1342 close(dd);
1343
1344 syslog(LOG_INFO, "Exit");
1345
1346 return 0;
1347 }
1348