1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19 #include <stdint.h>
20 #include <string.h>
21 #include <errno.h>
22 #include <stdio.h>
23 #include "os/os.h"
24 #include "nimble/hci_common.h"
25 #include "nimble/ble_hci_trans.h"
26 #include "host/ble_gap.h"
27 #include "host/ble_monitor.h"
28 #include "ble_hs_priv.h"
29
30 _Static_assert(sizeof(struct hci_data_hdr) == BLE_HCI_DATA_HDR_SZ,
31 "struct hci_data_hdr must be 4 bytes");
32
33 typedef int ble_hs_hci_evt_fn(uint8_t event_code, const uint8_t *data,
34 unsigned int len);
35 static ble_hs_hci_evt_fn ble_hs_hci_evt_disconn_complete;
36 static ble_hs_hci_evt_fn ble_hs_hci_evt_encrypt_change;
37 static ble_hs_hci_evt_fn ble_hs_hci_evt_hw_error;
38 static ble_hs_hci_evt_fn ble_hs_hci_evt_num_completed_pkts;
39 static ble_hs_hci_evt_fn ble_hs_hci_evt_enc_key_refresh;
40 static ble_hs_hci_evt_fn ble_hs_hci_evt_le_meta;
41
42 typedef int ble_hs_hci_evt_le_fn(uint8_t subevent, const uint8_t *data,
43 unsigned int len);
44 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_conn_complete;
45 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_adv_rpt;
46 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_conn_upd_complete;
47 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_lt_key_req;
48 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_conn_parm_req;
49 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_data_len_changed;
50 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_dir_adv_rpt;
51 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_phy_update_complete;
52 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_ext_adv_rpt;
53 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_rd_rem_used_feat_complete;
54 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_scan_timeout;
55 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_adv_set_terminated;
56 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_periodic_adv_sync_estab;
57 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_periodic_adv_rpt;
58 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_periodic_adv_sync_lost;
59 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_scan_req_rcvd;
60 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_enh_conn_complete;
61 static ble_hs_hci_evt_le_fn ble_hs_hci_evt_le_periodic_adv_sync_transfer;
62
63 #define BLE_HS_HCI_EVT_TIMEOUT 50 /* Milliseconds. */
64
65 /** Dispatch table for incoming HCI events. Sorted by event code field. */
66 struct ble_hs_hci_evt_dispatch_entry {
67 uint8_t event_code;
68 ble_hs_hci_evt_fn *cb;
69 };
70
71 static const struct ble_hs_hci_evt_dispatch_entry ble_hs_hci_evt_dispatch[] = {
72 { BLE_HCI_EVCODE_LE_META, ble_hs_hci_evt_le_meta },
73 { BLE_HCI_EVCODE_NUM_COMP_PKTS, ble_hs_hci_evt_num_completed_pkts },
74 { BLE_HCI_EVCODE_DISCONN_CMP, ble_hs_hci_evt_disconn_complete },
75 { BLE_HCI_EVCODE_ENCRYPT_CHG, ble_hs_hci_evt_encrypt_change },
76 { BLE_HCI_EVCODE_ENC_KEY_REFRESH, ble_hs_hci_evt_enc_key_refresh },
77 { BLE_HCI_EVCODE_HW_ERROR, ble_hs_hci_evt_hw_error },
78 };
79
80 #define BLE_HS_HCI_EVT_DISPATCH_SZ \
81 (sizeof ble_hs_hci_evt_dispatch / sizeof ble_hs_hci_evt_dispatch[0])
82
83 static ble_hs_hci_evt_le_fn *const ble_hs_hci_evt_le_dispatch[] = {
84 [BLE_HCI_LE_SUBEV_CONN_COMPLETE] = ble_hs_hci_evt_le_conn_complete,
85 [BLE_HCI_LE_SUBEV_ADV_RPT] = ble_hs_hci_evt_le_adv_rpt,
86 [BLE_HCI_LE_SUBEV_CONN_UPD_COMPLETE] = ble_hs_hci_evt_le_conn_upd_complete,
87 [BLE_HCI_LE_SUBEV_LT_KEY_REQ] = ble_hs_hci_evt_le_lt_key_req,
88 [BLE_HCI_LE_SUBEV_REM_CONN_PARM_REQ] = ble_hs_hci_evt_le_conn_parm_req,
89 [BLE_HCI_LE_SUBEV_DATA_LEN_CHG] = ble_hs_hci_evt_le_data_len_changed,
90 [BLE_HCI_LE_SUBEV_ENH_CONN_COMPLETE] = ble_hs_hci_evt_le_enh_conn_complete,
91 [BLE_HCI_LE_SUBEV_DIRECT_ADV_RPT] = ble_hs_hci_evt_le_dir_adv_rpt,
92 [BLE_HCI_LE_SUBEV_PHY_UPDATE_COMPLETE] = ble_hs_hci_evt_le_phy_update_complete,
93 [BLE_HCI_LE_SUBEV_EXT_ADV_RPT] = ble_hs_hci_evt_le_ext_adv_rpt,
94 [BLE_HCI_LE_SUBEV_PERIODIC_ADV_SYNC_ESTAB] = ble_hs_hci_evt_le_periodic_adv_sync_estab,
95 [BLE_HCI_LE_SUBEV_PERIODIC_ADV_RPT] = ble_hs_hci_evt_le_periodic_adv_rpt,
96 [BLE_HCI_LE_SUBEV_PERIODIC_ADV_SYNC_LOST] = ble_hs_hci_evt_le_periodic_adv_sync_lost,
97 [BLE_HCI_LE_SUBEV_RD_REM_USED_FEAT] = ble_hs_hci_evt_le_rd_rem_used_feat_complete,
98 [BLE_HCI_LE_SUBEV_SCAN_TIMEOUT] = ble_hs_hci_evt_le_scan_timeout,
99 [BLE_HCI_LE_SUBEV_ADV_SET_TERMINATED] = ble_hs_hci_evt_le_adv_set_terminated,
100 [BLE_HCI_LE_SUBEV_SCAN_REQ_RCVD] = ble_hs_hci_evt_le_scan_req_rcvd,
101 [BLE_HCI_LE_SUBEV_PERIODIC_ADV_SYNC_TRANSFER] = ble_hs_hci_evt_le_periodic_adv_sync_transfer,
102 };
103
104 #define BLE_HS_HCI_EVT_LE_DISPATCH_SZ \
105 (sizeof ble_hs_hci_evt_le_dispatch / sizeof ble_hs_hci_evt_le_dispatch[0])
106
107 static const struct ble_hs_hci_evt_dispatch_entry *
ble_hs_hci_evt_dispatch_find(uint8_t event_code)108 ble_hs_hci_evt_dispatch_find(uint8_t event_code)
109 {
110 int i;
111
112 for (i = 0; i < BLE_HS_HCI_EVT_DISPATCH_SZ; i++) {
113 const struct ble_hs_hci_evt_dispatch_entry *entry = ble_hs_hci_evt_dispatch + i;
114
115 if (entry->event_code == event_code) {
116 return entry;
117 }
118 }
119
120 return NULL;
121 }
122
ble_hs_hci_evt_le_dispatch_find(uint8_t event_code)123 static ble_hs_hci_evt_le_fn *ble_hs_hci_evt_le_dispatch_find(uint8_t event_code)
124 {
125 if (event_code >= BLE_HS_HCI_EVT_LE_DISPATCH_SZ) {
126 return NULL;
127 }
128
129 return ble_hs_hci_evt_le_dispatch[event_code];
130 }
131
ble_hs_hci_evt_disconn_complete(uint8_t event_code,const uint8_t * data,unsigned int len)132 static int ble_hs_hci_evt_disconn_complete(uint8_t event_code, const uint8_t *data, unsigned int len)
133 {
134 const struct ble_hci_ev_disconn_cmp *ev = (const struct ble_hci_ev_disconn_cmp *)data;
135 const struct ble_hs_conn *conn;
136
137 if (len != sizeof(*ev)) {
138 return BLE_HS_ECONTROLLER;
139 }
140
141 ble_hs_lock();
142 conn = ble_hs_conn_find(le16toh(ev->conn_handle));
143 if (conn != NULL) {
144 ble_hs_hci_add_avail_pkts(conn->bhc_outstanding_pkts);
145 }
146
147 ble_hs_unlock();
148 ble_gap_rx_disconn_complete(ev);
149 /* The connection termination may have freed up some capacity in the
150 * controller for additional ACL data packets. Wake up any stalled
151 * connections.
152 */
153 ble_hs_wakeup_tx();
154 return 0;
155 }
156
ble_hs_hci_evt_encrypt_change(uint8_t event_code,const uint8_t * data,unsigned int len)157 static int ble_hs_hci_evt_encrypt_change(uint8_t event_code, const uint8_t *data, unsigned int len)
158 {
159 const struct ble_hci_ev_enrypt_chg *ev = (const struct ble_hci_ev_enrypt_chg *)data;
160
161 if (len != sizeof(*ev)) {
162 return BLE_HS_ECONTROLLER;
163 }
164
165 ble_sm_enc_change_rx(ev);
166 return 0;
167 }
168
ble_hs_hci_evt_hw_error(uint8_t event_code,const uint8_t * data,unsigned int len)169 static int ble_hs_hci_evt_hw_error(uint8_t event_code, const uint8_t *data, unsigned int len)
170 {
171 const struct ble_hci_ev_hw_error *ev = (const struct ble_hci_ev_hw_error *)data;
172
173 if (len != sizeof(*ev)) {
174 return BLE_HS_ECONTROLLER;
175 }
176
177 ble_hs_hw_error(ev->hw_code);
178 return 0;
179 }
180
ble_hs_hci_evt_enc_key_refresh(uint8_t event_code,const uint8_t * data,unsigned int len)181 static int ble_hs_hci_evt_enc_key_refresh(uint8_t event_code, const uint8_t *data, unsigned int len)
182 {
183 const struct ble_hci_ev_enc_key_refresh *ev = (const struct ble_hci_ev_enc_key_refresh *)data;
184
185 if (len != sizeof(*ev)) {
186 return BLE_HS_ECONTROLLER;
187 }
188
189 ble_sm_enc_key_refresh_rx(ev);
190 return 0;
191 }
192
ble_hs_hci_evt_num_completed_pkts(uint8_t event_code,const uint8_t * data,unsigned int len)193 static int ble_hs_hci_evt_num_completed_pkts(uint8_t event_code, const uint8_t *data, unsigned int len)
194 {
195 const struct ble_hci_ev_num_comp_pkts *ev = (const struct ble_hci_ev_num_comp_pkts *)data;
196 struct ble_hs_conn *conn;
197 int i;
198
199 if (len != sizeof(*ev) + (ev->count * sizeof(ev->completed[0]))) {
200 return BLE_HS_ECONTROLLER;
201 }
202
203 for (i = 0; i < ev->count; i++) {
204 uint16_t num_pkts = le16toh(ev->completed[i].packets);
205 if (num_pkts > 0) {
206 ble_hs_lock();
207 conn = ble_hs_conn_find(le16toh(ev->completed[i].handle));
208 if (conn != NULL) {
209 if (conn->bhc_outstanding_pkts < num_pkts) {
210 ble_hs_sched_reset(BLE_HS_ECONTROLLER);
211 } else {
212 conn->bhc_outstanding_pkts -= num_pkts;
213 }
214
215 ble_hs_hci_add_avail_pkts(num_pkts);
216 }
217
218 ble_hs_unlock();
219 }
220 }
221
222 /* If any transmissions have stalled, wake them up now. */
223 ble_hs_wakeup_tx();
224 return 0;
225 }
226
ble_hs_hci_evt_le_meta(uint8_t event_code,const uint8_t * data,unsigned int len)227 static int ble_hs_hci_evt_le_meta(uint8_t event_code, const uint8_t *data, unsigned int len)
228 {
229 const struct ble_hci_ev_le_meta *ev = (const struct ble_hci_ev_le_meta *)data;
230 ble_hs_hci_evt_le_fn *fn;
231
232 if (len < sizeof(*ev)) {
233 return BLE_HS_ECONTROLLER;
234 }
235
236 fn = ble_hs_hci_evt_le_dispatch_find(ev->subevent);
237 if (fn) {
238 return fn(ev->subevent, data, len);
239 }
240
241 return 0;
242 }
243
244 #if MYNEWT_VAL(BLE_EXT_ADV)
245 static struct ble_gap_conn_complete pend_conn_complete;
246 #endif
247
ble_hs_hci_evt_le_enh_conn_complete(uint8_t subevent,const uint8_t * data,unsigned int len)248 static int ble_hs_hci_evt_le_enh_conn_complete(uint8_t subevent, const uint8_t *data, unsigned int len)
249 {
250 const struct ble_hci_ev_le_subev_enh_conn_complete *ev =
251 (const struct ble_hci_ev_le_subev_enh_conn_complete *)data;
252 struct ble_gap_conn_complete evt;
253
254 if (len != sizeof(*ev)) {
255 return BLE_HS_ECONTROLLER;
256 }
257
258 memset_s(&evt, sizeof(evt), 0, sizeof(evt));
259 evt.status = ev->status;
260
261 if (evt.status == BLE_ERR_SUCCESS) {
262 evt.connection_handle = le16toh(ev->conn_handle);
263 evt.role = ev->role;
264 evt.peer_addr_type = ev->peer_addr_type;
265 memcpy_s(evt.peer_addr, sizeof(evt.peer_addr), ev->peer_addr, BLE_DEV_ADDR_LEN);
266 memcpy_s(evt.local_rpa, sizeof(evt.local_rpa), ev->local_rpa, BLE_DEV_ADDR_LEN);
267 memcpy_s(evt.peer_rpa, sizeof(evt.peer_rpa), ev->peer_rpa, BLE_DEV_ADDR_LEN);
268 evt.conn_itvl = le16toh(ev->conn_itvl);
269 evt.conn_latency = le16toh(ev->conn_latency);
270 evt.supervision_timeout = le16toh(ev->supervision_timeout);
271 evt.master_clk_acc = ev->mca;
272 } else {
273 #if MYNEWT_VAL(BLE_HS_DEBUG)
274 evt.connection_handle = BLE_HS_CONN_HANDLE_NONE;
275 #endif
276 }
277
278 #if MYNEWT_VAL(BLE_EXT_ADV)
279
280 if (evt.status == BLE_ERR_DIR_ADV_TMO ||
281 evt.role == BLE_HCI_LE_CONN_COMPLETE_ROLE_SLAVE) {
282 /* store this until we get set terminated event with adv handle */
283 memcpy_s(&pend_conn_complete, sizeof(pend_conn_complete), &evt, sizeof(evt));
284 return 0;
285 }
286
287 #endif
288 return ble_gap_rx_conn_complete(&evt, 0);
289 }
290
ble_hs_hci_evt_le_conn_complete(uint8_t subevent,const uint8_t * data,unsigned int len)291 static int ble_hs_hci_evt_le_conn_complete(uint8_t subevent, const uint8_t *data, unsigned int len)
292 {
293 const struct ble_hci_ev_le_subev_conn_complete *ev = (const struct ble_hci_ev_le_subev_conn_complete *)data;
294 struct ble_gap_conn_complete evt;
295
296 if (len != sizeof(*ev)) {
297 return BLE_HS_ECONTROLLER;
298 }
299
300 memset_s(&evt, sizeof(evt), 0, sizeof(evt));
301 evt.status = ev->status;
302
303 if (evt.status == BLE_ERR_SUCCESS) {
304 evt.connection_handle = le16toh(ev->conn_handle);
305 evt.role = ev->role;
306 evt.peer_addr_type = ev->peer_addr_type;
307 memcpy_s(evt.peer_addr, sizeof(evt.peer_addr), ev->peer_addr, BLE_DEV_ADDR_LEN);
308 evt.conn_itvl = le16toh(ev->conn_itvl);
309 evt.conn_latency = le16toh(ev->conn_latency);
310 evt.supervision_timeout = le16toh(ev->supervision_timeout);
311 evt.master_clk_acc = ev->mca;
312 } else {
313 #if MYNEWT_VAL(BLE_HS_DEBUG)
314 evt.connection_handle = BLE_HS_CONN_HANDLE_NONE;
315 #endif
316 }
317
318 #if MYNEWT_VAL(BLE_EXT_ADV)
319
320 if (evt.status == BLE_ERR_DIR_ADV_TMO ||
321 evt.role == BLE_HCI_LE_CONN_COMPLETE_ROLE_SLAVE) {
322 /* store this until we get set terminated event with adv handle */
323 memcpy_s(&pend_conn_complete, sizeof(pend_conn_complete), &evt, sizeof(evt));
324 return 0;
325 }
326
327 #endif
328 return ble_gap_rx_conn_complete(&evt, 0);
329 }
330
ble_hs_hci_evt_le_adv_rpt_first_pass(const uint8_t * data,unsigned int len)331 static int ble_hs_hci_evt_le_adv_rpt_first_pass(const uint8_t *data, unsigned int len)
332 {
333 const struct ble_hci_ev_le_subev_adv_rpt *ev = (const struct ble_hci_ev_le_subev_adv_rpt *)data;
334 const struct adv_report *rpt;
335 int i;
336
337 if (len < sizeof(*ev)) {
338 return BLE_HS_ECONTROLLER;
339 }
340
341 len -= sizeof(*ev);
342 data += sizeof(*ev);
343
344 if (ev->num_reports < BLE_HCI_LE_ADV_RPT_NUM_RPTS_MIN ||
345 ev->num_reports > BLE_HCI_LE_ADV_RPT_NUM_RPTS_MAX) {
346 return BLE_HS_EBADDATA;
347 }
348
349 for (i = 0; i < ev->num_reports; i++) {
350 /* extra byte for RSSI after adv data */
351 if (len < sizeof(*rpt) + 1) {
352 return BLE_HS_ECONTROLLER;
353 }
354
355 rpt = (const struct adv_report *)data;
356 len -= sizeof(*rpt) + 1;
357 data += sizeof(rpt) + 1;
358
359 if (rpt->data_len > len) {
360 return BLE_HS_ECONTROLLER;
361 }
362
363 len -= rpt->data_len;
364 data += rpt->data_len;
365 }
366
367 /* Make sure length was correct */
368 if (len) {
369 return BLE_HS_ECONTROLLER;
370 }
371
372 return 0;
373 }
374
ble_hs_hci_evt_le_adv_rpt(uint8_t subevent,const uint8_t * data,unsigned int len)375 static int ble_hs_hci_evt_le_adv_rpt(uint8_t subevent, const uint8_t *data, unsigned int len)
376 {
377 const struct ble_hci_ev_le_subev_adv_rpt *ev = (const struct ble_hci_ev_le_subev_adv_rpt *)data;
378 struct ble_gap_disc_desc desc = {0};
379 const struct adv_report *rpt;
380 int rc;
381 int i;
382 /* Validate the event is formatted correctly */
383 rc = ble_hs_hci_evt_le_adv_rpt_first_pass(data, len);
384 if (rc != 0) {
385 return rc;
386 }
387
388 data += sizeof(*ev);
389 desc.direct_addr = *BLE_ADDR_ANY;
390
391 for (i = 0; i < ev->num_reports; i++) {
392 rpt = (const struct adv_report *)data;
393 data += sizeof(rpt) + rpt->data_len + 1;
394 desc.event_type = rpt->type;
395 desc.addr.type = rpt->addr_type;
396 memcpy_s(desc.addr.val, sizeof(desc.addr.val), rpt->addr, BLE_DEV_ADDR_LEN);
397 desc.length_data = rpt->data_len;
398 desc.data = rpt->data;
399 desc.rssi = rpt->data[rpt->data_len];
400 ble_gap_rx_adv_report(&desc);
401 }
402
403 return 0;
404 }
405
ble_hs_hci_evt_le_dir_adv_rpt(uint8_t subevent,const uint8_t * data,unsigned int len)406 static int ble_hs_hci_evt_le_dir_adv_rpt(uint8_t subevent, const uint8_t *data, unsigned int len)
407 {
408 const struct ble_hci_ev_le_subev_direct_adv_rpt *ev = (const struct ble_hci_ev_le_subev_direct_adv_rpt *)data;
409 struct ble_gap_disc_desc desc = {0};
410 int i;
411
412 if (len < sizeof(*ev) || len != ev->num_reports * sizeof(ev->reports[0])) {
413 return BLE_HS_ECONTROLLER;
414 }
415
416 /* Data fields not present in a direct advertising report. */
417 desc.data = NULL;
418 desc.length_data = 0;
419
420 for (i = 0; i < ev->num_reports; i++) {
421 desc.event_type = ev->reports[i].type;
422 desc.addr.type = ev->reports[i].addr_type;
423 memcpy_s(desc.addr.val, sizeof(desc.addr.val), ev->reports[i].addr, BLE_DEV_ADDR_LEN);
424 desc.direct_addr.type = ev->reports[i].dir_addr_type;
425 memcpy_s(desc.direct_addr.val, sizeof(desc.direct_addr.val), ev->reports[i].dir_addr, BLE_DEV_ADDR_LEN);
426 desc.rssi = ev->reports[i].rssi;
427 ble_gap_rx_adv_report(&desc);
428 }
429
430 return 0;
431 }
432
ble_hs_hci_evt_le_rd_rem_used_feat_complete(uint8_t subevent,const uint8_t * data,unsigned int len)433 static int ble_hs_hci_evt_le_rd_rem_used_feat_complete(uint8_t subevent, const uint8_t *data, unsigned int len)
434 {
435 const struct ble_hci_ev_le_subev_rd_rem_used_feat *ev = (const struct ble_hci_ev_le_subev_rd_rem_used_feat *)data;
436
437 if (len != sizeof(*ev)) {
438 return BLE_HS_ECONTROLLER;
439 }
440
441 ble_gap_rx_rd_rem_sup_feat_complete(ev);
442 return 0;
443 }
444
445 #if MYNEWT_VAL(BLE_EXT_ADV) && NIMBLE_BLE_SCAN
ble_hs_hci_decode_legacy_type(uint16_t evt_type)446 static int ble_hs_hci_decode_legacy_type(uint16_t evt_type)
447 {
448 switch (evt_type) {
449 case BLE_HCI_LEGACY_ADV_EVTYPE_ADV_IND:
450 return BLE_HCI_ADV_RPT_EVTYPE_ADV_IND;
451
452 case BLE_HCI_LEGACY_ADV_EVTYPE_ADV_DIRECT_IND:
453 return BLE_HCI_ADV_RPT_EVTYPE_DIR_IND;
454
455 case BLE_HCI_LEGACY_ADV_EVTYPE_ADV_SCAN_IND:
456 return BLE_HCI_ADV_RPT_EVTYPE_SCAN_IND;
457
458 case BLE_HCI_LEGACY_ADV_EVTYPE_ADV_NONCON_IND:
459 return BLE_HCI_ADV_RPT_EVTYPE_NONCONN_IND;
460
461 case BLE_HCI_LEGACY_ADV_EVTYPE_SCAN_RSP_ADV_IND:
462 return BLE_HCI_ADV_RPT_EVTYPE_SCAN_RSP;
463
464 default:
465 return -1;
466 }
467 }
468 #endif
469
ble_hs_hci_evt_le_ext_adv_rpt(uint8_t subevent,const uint8_t * data,unsigned int len)470 static int ble_hs_hci_evt_le_ext_adv_rpt(uint8_t subevent, const uint8_t *data, unsigned int len)
471 {
472 #if MYNEWT_VAL(BLE_EXT_ADV) && NIMBLE_BLE_SCAN
473 const struct ble_hci_ev_le_subev_ext_adv_rpt *ev = (const struct ble_hci_ev_le_subev_ext_adv_rpt *)data;
474 const struct ext_adv_report *report;
475 struct ble_gap_ext_disc_desc desc;
476 int i;
477 int legacy_event_type;
478
479 if (len < sizeof(*ev)) {
480 return BLE_HS_EBADDATA;
481 }
482
483 if (ev->num_reports < BLE_HCI_LE_ADV_RPT_NUM_RPTS_MIN ||
484 ev->num_reports > BLE_HCI_LE_ADV_RPT_NUM_RPTS_MAX) {
485 return BLE_HS_EBADDATA;
486 }
487
488 /* properly validate len of the event */
489 report = &ev->reports[0];
490
491 for (i = 0; i < ev->num_reports; i++) {
492 memset_s(&desc, sizeof(desc), 0, sizeof(desc));
493 desc.props = (report->evt_type) & 0x1F;
494 if (desc.props & BLE_HCI_ADV_LEGACY_MASK) {
495 legacy_event_type = ble_hs_hci_decode_legacy_type(report->evt_type);
496 if (legacy_event_type < 0) {
497 report = (const void *) &report->data[report->data_len];
498 continue;
499 }
500
501 desc.legacy_event_type = legacy_event_type;
502 desc.data_status = BLE_GAP_EXT_ADV_DATA_STATUS_COMPLETE;
503 } else {
504 switch (report->evt_type & BLE_HCI_ADV_DATA_STATUS_MASK) {
505 case BLE_HCI_ADV_DATA_STATUS_COMPLETE:
506 desc.data_status = BLE_GAP_EXT_ADV_DATA_STATUS_COMPLETE;
507 break;
508
509 case BLE_HCI_ADV_DATA_STATUS_INCOMPLETE:
510 desc.data_status = BLE_GAP_EXT_ADV_DATA_STATUS_INCOMPLETE;
511 break;
512
513 case BLE_HCI_ADV_DATA_STATUS_TRUNCATED:
514 desc.data_status = BLE_GAP_EXT_ADV_DATA_STATUS_TRUNCATED;
515 break;
516
517 default:
518 assert(false);
519 }
520 }
521
522 desc.addr.type = report->addr_type;
523 memcpy_s(desc.addr.val, sizeof(desc.addr.val), report->addr, 6); // 6:size
524 desc.length_data = report->data_len;
525 desc.data = report->data;
526 desc.rssi = report->rssi;
527 desc.tx_power = report->tx_power;
528 memcpy_s(desc.direct_addr.val, sizeof(desc.direct_addr.val), report->dir_addr, 6); // 6:size
529 desc.direct_addr.type = report->dir_addr_type;
530 desc.sid = report->sid;
531 desc.prim_phy = report->pri_phy;
532 desc.sec_phy = report->sec_phy;
533 desc.periodic_adv_itvl = report->periodic_itvl;
534 ble_gap_rx_ext_adv_report(&desc);
535 report = (const void *) &report->data[report->data_len];
536 }
537
538 #endif
539 return 0;
540 }
541
ble_hs_hci_evt_le_periodic_adv_sync_estab(uint8_t subevent,const uint8_t * data,unsigned int len)542 static int ble_hs_hci_evt_le_periodic_adv_sync_estab(uint8_t subevent, const uint8_t *data, unsigned int len)
543 {
544 #if MYNEWT_VAL(BLE_PERIODIC_ADV)
545 const struct ble_hci_ev_le_subev_periodic_adv_sync_estab *ev =
546 (const struct ble_hci_ev_le_subev_periodic_adv_sync_estab *)data;
547
548 if (len != sizeof(*ev)) {
549 return BLE_HS_ECONTROLLER;
550 }
551
552 ble_gap_rx_peroidic_adv_sync_estab(ev);
553 #endif
554 return 0;
555 }
556
ble_hs_hci_evt_le_periodic_adv_rpt(uint8_t subevent,const uint8_t * data,unsigned int len)557 static int ble_hs_hci_evt_le_periodic_adv_rpt(uint8_t subevent, const uint8_t *data, unsigned int len)
558 {
559 #if MYNEWT_VAL(BLE_PERIODIC_ADV)
560 const struct ble_hci_ev_le_subev_periodic_adv_rpt *ev = (const struct ble_hci_ev_le_subev_periodic_adv_rpt *)data;
561
562 if (len < sizeof(*ev) || len != (sizeof(*ev) + ev->data_len)) {
563 return BLE_HS_EBADDATA;
564 }
565
566 ble_gap_rx_periodic_adv_rpt(ev);
567 #endif
568 return 0;
569 }
570
ble_hs_hci_evt_le_periodic_adv_sync_lost(uint8_t subevent,const uint8_t * data,unsigned int len)571 static int ble_hs_hci_evt_le_periodic_adv_sync_lost(uint8_t subevent, const uint8_t *data, unsigned int len)
572 {
573 #if MYNEWT_VAL(BLE_PERIODIC_ADV)
574 const struct ble_hci_ev_le_subev_periodic_adv_sync_lost *ev =
575 (const struct ble_hci_ev_le_subev_periodic_adv_sync_lost *)data;
576
577 if (len != sizeof(*ev)) {
578 return BLE_HS_EBADDATA;
579 }
580
581 ble_gap_rx_periodic_adv_sync_lost(ev);
582 #endif
583 return 0;
584 }
585
ble_hs_hci_evt_le_periodic_adv_sync_transfer(uint8_t subevent,const uint8_t * data,unsigned int len)586 static int ble_hs_hci_evt_le_periodic_adv_sync_transfer(uint8_t subevent, const uint8_t *data, unsigned int len)
587 {
588 #if MYNEWT_VAL(BLE_PERIODIC_ADV_SYNC_TRANSFER)
589 const struct ble_hci_ev_le_subev_periodic_adv_sync_transfer *ev =
590 (const struct ble_hci_ev_le_subev_periodic_adv_sync_transfer *)data;
591
592 if (len != sizeof(*ev)) {
593 return BLE_HS_EBADDATA;
594 }
595
596 ble_gap_rx_periodic_adv_sync_transfer(ev);
597 #endif
598 return 0;
599 }
600
ble_hs_hci_evt_le_scan_timeout(uint8_t subevent,const uint8_t * data,unsigned int len)601 static int ble_hs_hci_evt_le_scan_timeout(uint8_t subevent, const uint8_t *data, unsigned int len)
602 {
603 #if MYNEWT_VAL(BLE_EXT_ADV) && NIMBLE_BLE_SCAN
604 const struct ble_hci_ev_le_subev_scan_timeout *ev = (const struct ble_hci_ev_le_subev_scan_timeout *)data;
605
606 if (len != sizeof(*ev)) {
607 return BLE_HS_EBADDATA;
608 }
609
610 ble_gap_rx_le_scan_timeout();
611 #endif
612 return 0;
613 }
614
ble_hs_hci_evt_le_adv_set_terminated(uint8_t subevent,const uint8_t * data,unsigned int len)615 static int ble_hs_hci_evt_le_adv_set_terminated(uint8_t subevent, const uint8_t *data, unsigned int len)
616 {
617 #if MYNEWT_VAL(BLE_EXT_ADV)
618 const struct ble_hci_ev_le_subev_adv_set_terminated *ev =
619 (const struct ble_hci_ev_le_subev_adv_set_terminated *)data;
620
621 if (len != sizeof(*ev)) {
622 return BLE_HS_ECONTROLLER;
623 }
624
625 if (ev->status == 0) {
626 /* ignore return code as we need to terminate advertising set anyway */
627 ble_gap_rx_conn_complete(&pend_conn_complete, ev->adv_handle);
628 }
629
630 ble_gap_rx_adv_set_terminated(ev);
631 #endif
632 return 0;
633 }
634
ble_hs_hci_evt_le_scan_req_rcvd(uint8_t subevent,const uint8_t * data,unsigned int len)635 static int ble_hs_hci_evt_le_scan_req_rcvd(uint8_t subevent, const uint8_t *data, unsigned int len)
636 {
637 #if MYNEWT_VAL(BLE_EXT_ADV)
638 const struct ble_hci_ev_le_subev_scan_req_rcvd *ev = (const struct ble_hci_ev_le_subev_scan_req_rcvd *)data;
639
640 if (len != sizeof(*ev)) {
641 return BLE_HS_ECONTROLLER;
642 }
643
644 ble_gap_rx_scan_req_rcvd(ev);
645 #endif
646 return 0;
647 }
648
ble_hs_hci_evt_le_conn_upd_complete(uint8_t subevent,const uint8_t * data,unsigned int len)649 static int ble_hs_hci_evt_le_conn_upd_complete(uint8_t subevent, const uint8_t *data, unsigned int len)
650 {
651 const struct ble_hci_ev_le_subev_conn_upd_complete *ev =
652 (const struct ble_hci_ev_le_subev_conn_upd_complete *)data;
653
654 if (len != sizeof(*ev)) {
655 return BLE_HS_ECONTROLLER;
656 }
657
658 if (ev->status == 0) {
659 BLE_HS_DBG_ASSERT(le16toh(ev->conn_itvl) >= BLE_HCI_CONN_ITVL_MIN);
660 BLE_HS_DBG_ASSERT(le16toh(ev->conn_itvl) <= BLE_HCI_CONN_ITVL_MAX);
661 BLE_HS_DBG_ASSERT(le16toh(ev->conn_latency) >= BLE_HCI_CONN_LATENCY_MIN);
662 BLE_HS_DBG_ASSERT(le16toh(ev->conn_latency) <= BLE_HCI_CONN_LATENCY_MAX);
663 BLE_HS_DBG_ASSERT(le16toh(ev->supervision_timeout) >= BLE_HCI_CONN_SPVN_TIMEOUT_MIN);
664 BLE_HS_DBG_ASSERT(le16toh(ev->supervision_timeout) <= BLE_HCI_CONN_SPVN_TIMEOUT_MAX);
665 }
666
667 ble_gap_rx_update_complete(ev);
668 return 0;
669 }
670
ble_hs_hci_evt_le_lt_key_req(uint8_t subevent,const uint8_t * data,unsigned int len)671 static int ble_hs_hci_evt_le_lt_key_req(uint8_t subevent, const uint8_t *data, unsigned int len)
672 {
673 const struct ble_hci_ev_le_subev_lt_key_req *ev = (const struct ble_hci_ev_le_subev_lt_key_req *)data;
674
675 if (len != sizeof(*ev)) {
676 return BLE_HS_ECONTROLLER;
677 }
678
679 ble_sm_ltk_req_rx(ev);
680 return 0;
681 }
682
ble_hs_hci_evt_le_conn_parm_req(uint8_t subevent,const uint8_t * data,unsigned int len)683 static int ble_hs_hci_evt_le_conn_parm_req(uint8_t subevent, const uint8_t *data, unsigned int len)
684 {
685 const struct ble_hci_ev_le_subev_rem_conn_param_req *ev =
686 (const struct ble_hci_ev_le_subev_rem_conn_param_req *)data;
687
688 if (len != sizeof(*ev)) {
689 return BLE_HS_ECONTROLLER;
690 }
691
692 BLE_HS_DBG_ASSERT(le16toh(ev->min_interval) >= BLE_HCI_CONN_ITVL_MIN);
693 BLE_HS_DBG_ASSERT(le16toh(ev->max_interval) <= BLE_HCI_CONN_ITVL_MAX);
694 BLE_HS_DBG_ASSERT(le16toh(ev->max_interval) >= le16toh(ev->min_interval));
695 BLE_HS_DBG_ASSERT(le16toh(ev->latency) >= BLE_HCI_CONN_LATENCY_MIN);
696 BLE_HS_DBG_ASSERT(le16toh(ev->latency) <= BLE_HCI_CONN_LATENCY_MAX);
697 BLE_HS_DBG_ASSERT(le16toh(ev->timeout) >= BLE_HCI_CONN_SPVN_TIMEOUT_MIN);
698 BLE_HS_DBG_ASSERT(le16toh(ev->timeout) <= BLE_HCI_CONN_SPVN_TIMEOUT_MAX);
699 ble_gap_rx_param_req(ev);
700 return 0;
701 }
ble_hs_hci_evt_le_data_len_changed(uint8_t subevent,const uint8_t * data,unsigned int len)702 static int ble_hs_hci_evt_le_data_len_changed(uint8_t subevent, const uint8_t *data, unsigned int len)
703 {
704 const struct ble_hci_ev_le_subev_data_len_chg *ev = (const struct ble_hci_ev_le_subev_data_len_chg *)data;
705 struct ble_hs_conn *conn;
706
707 if (len != sizeof(*ev)) {
708 return BLE_HS_ECONTROLLER;
709 }
710
711 BLE_HS_DBG_ASSERT(le16toh(ev->max_tx_octets) >= BLE_HCI_SET_DATALEN_TX_OCTETS_MIN);
712 BLE_HS_DBG_ASSERT(le16toh(ev->max_tx_octets) <= BLE_HCI_SET_DATALEN_TX_OCTETS_MAX);
713 BLE_HS_DBG_ASSERT(le16toh(ev->max_rx_octets) >= BLE_HCI_SET_DATALEN_TX_OCTETS_MIN);
714 BLE_HS_DBG_ASSERT(le16toh(ev->max_rx_octets) <= BLE_HCI_SET_DATALEN_TX_OCTETS_MAX);
715 conn = ble_hs_conn_find(le16toh(ev->conn_handle));
716 if (conn == NULL) {
717 return BLE_HS_ENOTCONN;
718 }
719
720 conn->tx_ll_mtu = le16toh(ev->max_tx_octets);
721 return 0;
722 }
723
ble_hs_hci_evt_le_phy_update_complete(uint8_t subevent,const uint8_t * data,unsigned int len)724 static int ble_hs_hci_evt_le_phy_update_complete(uint8_t subevent, const uint8_t *data, unsigned int len)
725 {
726 const struct ble_hci_ev_le_subev_phy_update_complete *ev =
727 (const struct ble_hci_ev_le_subev_phy_update_complete *)data;
728
729 if (len != sizeof(*ev)) {
730 return BLE_HS_ECONTROLLER;
731 }
732
733 ble_gap_rx_phy_update_complete(ev);
734 return 0;
735 }
736
ble_hs_hci_evt_process(const struct ble_hci_ev * ev)737 int ble_hs_hci_evt_process(const struct ble_hci_ev *ev)
738 {
739 const struct ble_hs_hci_evt_dispatch_entry *entry;
740 int rc;
741 /* Count events received */
742 STATS_INC(ble_hs_stats, hci_event);
743 entry = ble_hs_hci_evt_dispatch_find(ev->opcode);
744 if (entry == NULL) {
745 STATS_INC(ble_hs_stats, hci_unknown_event);
746 rc = BLE_HS_ENOTSUP;
747 } else {
748 rc = entry->cb(ev->opcode, ev->data, ev->length);
749 }
750
751 ble_hci_trans_buf_free((uint8_t *) ev);
752 return rc;
753 }
754
755 /**
756 * Called when a data packet is received from the controller. This function
757 * consumes the supplied mbuf, regardless of the outcome.
758 *
759 * @param om The incoming data packet, beginning with the
760 * HCI ACL data header.
761 *
762 * @return 0 on success; nonzero on failure.
763 */
ble_hs_hci_evt_acl_process(struct os_mbuf * om)764 int ble_hs_hci_evt_acl_process(struct os_mbuf *om)
765 {
766 struct os_mbuf *om_tmp = om;
767 struct hci_data_hdr hci_hdr;
768 struct ble_hs_conn *conn;
769 ble_l2cap_rx_fn *rx_cb;
770 uint16_t conn_handle;
771 int reject_cid;
772 int rc;
773 rc = ble_hs_hci_util_data_hdr_strip(om_tmp, &hci_hdr);
774 if (rc != 0) {
775 goto err;
776 }
777
778 #if (BLETEST_THROUGHPUT_TEST == 0)
779 #if !BLE_MONITOR
780 BLE_HS_LOG(DEBUG, "ble_hs_hci_evt_acl_process(): conn_handle=%u pb=%x "
781 "len=%u data=",
782 BLE_HCI_DATA_HANDLE(hci_hdr.hdh_handle_pb_bc),
783 BLE_HCI_DATA_PB(hci_hdr.hdh_handle_pb_bc),
784 hci_hdr.hdh_len);
785 ble_hs_log_mbuf(om_tmp);
786 BLE_HS_LOG(DEBUG, "\r\n");
787 #endif
788 #endif
789
790 if (hci_hdr.hdh_len != OS_MBUF_PKTHDR(om_tmp)->omp_len) {
791 rc = BLE_HS_EBADDATA;
792 goto err;
793 }
794
795 conn_handle = BLE_HCI_DATA_HANDLE(hci_hdr.hdh_handle_pb_bc);
796 ble_hs_lock();
797 conn = ble_hs_conn_find(conn_handle);
798 if (conn == NULL) {
799 /* Peer not connected; quietly discard packet. */
800 rc = BLE_HS_ENOTCONN;
801 reject_cid = -1;
802 } else {
803 /* Forward ACL data to L2CAP. */
804 rc = ble_l2cap_rx(conn, &hci_hdr, om_tmp, &rx_cb, &reject_cid);
805 om_tmp = NULL;
806 }
807
808 ble_hs_unlock();
809
810 switch (rc) {
811 case 0:
812 /* Final fragment received. */
813 BLE_HS_DBG_ASSERT(rx_cb != NULL);
814 rc = rx_cb(conn->bhc_rx_chan);
815 ble_l2cap_remove_rx(conn, conn->bhc_rx_chan);
816 break;
817
818 case BLE_HS_EAGAIN:
819 /* More fragments on the way. */
820 break;
821
822 default:
823 if (reject_cid != -1) {
824 ble_l2cap_sig_reject_invalid_cid_tx(conn_handle, 0, 0, reject_cid);
825 }
826
827 goto err;
828 }
829
830 return 0;
831 err:
832 os_mbuf_free_chain(om_tmp);
833 return rc;
834 }