xref: /freebsd/lib/libbluetooth/hci.c (revision f6a3b357e9be4c6423c85eff9a847163a0d307c8)
1 /*
2  * hci.c
3  */
4 
5 /*-
6  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
7  *
8  * Copyright (c) 2009 Maksim Yevmenkin <m_evmenkin@yahoo.com>
9  * All rights reserved.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  * $FreeBSD$
33  */
34 
35 #include <sys/types.h>
36 #include <sys/sysctl.h>
37 
38 #include <assert.h>
39 #define L2CAP_SOCKET_CHECKED
40 #include <bluetooth.h>
41 #include <inttypes.h>
42 #include <stdio.h>
43 #include <stdlib.h>
44 #include <string.h>
45 #include <time.h>
46 #include <unistd.h>
47 
48 #undef	MIN
49 #define	MIN(a, b)	(((a) < (b))? (a) : (b))
50 
51 static int    bt_devany_cb(int s, struct bt_devinfo const *di, void *xdevname);
52 static char * bt_dev2node (char const *devname, char *nodename, int nnlen);
53 static time_t bt_get_default_hci_command_timeout(void);
54 
55 int
56 bt_devopen(char const *devname)
57 {
58 	struct sockaddr_hci	ha;
59 	bdaddr_t		ba;
60 	int			s;
61 
62 	if (devname == NULL) {
63 		errno = EINVAL;
64 		return (-1);
65 	}
66 
67 	memset(&ha, 0, sizeof(ha));
68 	ha.hci_len = sizeof(ha);
69 	ha.hci_family = AF_BLUETOOTH;
70 
71 	if (bt_aton(devname, &ba)) {
72 		if (!bt_devname(ha.hci_node, &ba))
73 			return (-1);
74 	} else if (bt_dev2node(devname, ha.hci_node,
75 					sizeof(ha.hci_node)) == NULL) {
76 		errno = ENXIO;
77 		return (-1);
78 	}
79 
80 	s = socket(PF_BLUETOOTH, SOCK_RAW, BLUETOOTH_PROTO_HCI);
81 	if (s < 0)
82 		return (-1);
83 
84 	if (bind(s, (struct sockaddr *) &ha, sizeof(ha)) < 0 ||
85 	    connect(s, (struct sockaddr *) &ha, sizeof(ha)) < 0) {
86 		close(s);
87 		return (-1);
88 	}
89 
90 	return (s);
91 }
92 
93 int
94 bt_devclose(int s)
95 {
96 	return (close(s));
97 }
98 
99 int
100 bt_devsend(int s, uint16_t opcode, void *param, size_t plen)
101 {
102 	ng_hci_cmd_pkt_t	h;
103 	struct iovec		iv[2];
104 	int			ivn;
105 
106 	if ((plen == 0 && param != NULL) ||
107 	    (plen > 0 && param == NULL) ||
108 	    plen > UINT8_MAX) {
109 		errno = EINVAL;
110 		return (-1);
111 	}
112 
113 	iv[0].iov_base = &h;
114 	iv[0].iov_len = sizeof(h);
115 	ivn = 1;
116 
117 	h.type = NG_HCI_CMD_PKT;
118 	h.opcode = htole16(opcode);
119 	if (plen > 0) {
120 		h.length = plen;
121 
122 		iv[1].iov_base = param;
123 		iv[1].iov_len = plen;
124 		ivn = 2;
125 	} else
126 		h.length = 0;
127 
128 	while (writev(s, iv, ivn) < 0) {
129 		if (errno == EAGAIN || errno == EINTR)
130 			continue;
131 
132 		return (-1);
133 	}
134 
135 	return (0);
136 }
137 
138 ssize_t
139 bt_devrecv(int s, void *buf, size_t size, time_t to)
140 {
141 	ssize_t	n;
142 
143 	if (buf == NULL || size == 0) {
144 		errno = EINVAL;
145 		return (-1);
146 	}
147 
148 	if (to >= 0) {
149 		fd_set		rfd;
150 		struct timeval	tv;
151 
152 		FD_ZERO(&rfd);
153 		FD_SET(s, &rfd);
154 
155 		tv.tv_sec = to;
156 		tv.tv_usec = 0;
157 
158 		while ((n = select(s + 1, &rfd, NULL, NULL, &tv)) < 0) {
159 			if (errno == EAGAIN || errno == EINTR)
160 				continue;
161 
162 			return (-1);
163 		}
164 
165 		if (n == 0) {
166 			errno = ETIMEDOUT;
167 			return (-1);
168 		}
169 
170 		assert(FD_ISSET(s, &rfd));
171 	}
172 
173 	while ((n = read(s, buf, size)) < 0) {
174 		if (errno == EAGAIN || errno == EINTR)
175 			continue;
176 
177 		return (-1);
178 	}
179 
180 	switch (*((uint8_t *) buf)) {
181 	case NG_HCI_CMD_PKT: {
182 		ng_hci_cmd_pkt_t	*h = (ng_hci_cmd_pkt_t *) buf;
183 
184 		if (n >= sizeof(*h) && n == (sizeof(*h) + h->length))
185 			return (n);
186 		} break;
187 
188 	case NG_HCI_ACL_DATA_PKT: {
189 		ng_hci_acldata_pkt_t	*h = (ng_hci_acldata_pkt_t *) buf;
190 
191 		if (n >= sizeof(*h) && n == (sizeof(*h) + le16toh(h->length)))
192 			return (n);
193 		} break;
194 
195 	case NG_HCI_SCO_DATA_PKT: {
196 		ng_hci_scodata_pkt_t	*h = (ng_hci_scodata_pkt_t *) buf;
197 
198 		if (n >= sizeof(*h) && n == (sizeof(*h) + h->length))
199 			return (n);
200 		} break;
201 
202 	case NG_HCI_EVENT_PKT: {
203 		ng_hci_event_pkt_t	*h = (ng_hci_event_pkt_t *) buf;
204 
205 		if (n >= sizeof(*h) && n == (sizeof(*h) + h->length))
206 			return (n);
207 		} break;
208 	}
209 
210 	errno = EIO;
211 	return (-1);
212 }
213 
214 int
215 bt_devreq(int s, struct bt_devreq *r, time_t to)
216 {
217 	uint8_t				buf[320]; /* more than enough */
218 	ng_hci_event_pkt_t		*e = (ng_hci_event_pkt_t *) buf;
219 	ng_hci_command_compl_ep		*cc = (ng_hci_command_compl_ep *)(e+1);
220 	ng_hci_command_status_ep	*cs = (ng_hci_command_status_ep*)(e+1);
221 	struct bt_devfilter		old, new;
222 	time_t				t_end;
223 	uint16_t			opcode;
224 	ssize_t				n;
225 	int				error;
226 
227 	if (s < 0 || r == NULL || to < 0) {
228 		errno = EINVAL;
229 		return (-1);
230 	}
231 
232 	if ((r->rlen == 0 && r->rparam != NULL) ||
233 	    (r->rlen > 0 && r->rparam == NULL)) {
234 		errno = EINVAL;
235 		return (-1);
236 	}
237 
238 	memset(&new, 0, sizeof(new));
239 	bt_devfilter_pkt_set(&new, NG_HCI_EVENT_PKT);
240 	bt_devfilter_evt_set(&new, NG_HCI_EVENT_COMMAND_COMPL);
241 	bt_devfilter_evt_set(&new, NG_HCI_EVENT_COMMAND_STATUS);
242 	if (r->event != 0)
243 		bt_devfilter_evt_set(&new, r->event);
244 
245 	if (bt_devfilter(s, &new, &old) < 0)
246 		return (-1);
247 
248 	error = 0;
249 
250 	n = bt_devsend(s, r->opcode, r->cparam, r->clen);
251 	if (n < 0) {
252 		error = errno;
253 		goto out;
254 	}
255 
256 	opcode = htole16(r->opcode);
257 	t_end = time(NULL) + to;
258 
259 	do {
260 		to = t_end - time(NULL);
261 		if (to < 0)
262 			to = 0;
263 
264 		n = bt_devrecv(s, buf, sizeof(buf), to);
265 		if (n < 0) {
266 			error = errno;
267 			goto out;
268 		}
269 
270 		if (e->type != NG_HCI_EVENT_PKT) {
271 			error = EIO;
272 			goto out;
273 		}
274 
275 		n -= sizeof(*e);
276 
277 		switch (e->event) {
278 		case NG_HCI_EVENT_COMMAND_COMPL:
279 			if (cc->opcode == opcode) {
280 				n -= sizeof(*cc);
281 
282 				if (r->rlen >= n) {
283 					r->rlen = n;
284 					memcpy(r->rparam, cc + 1, r->rlen);
285 				}
286 
287 				goto out;
288 			}
289 			break;
290 
291 		case NG_HCI_EVENT_COMMAND_STATUS:
292 			if (cs->opcode == opcode) {
293 				if (r->event != NG_HCI_EVENT_COMMAND_STATUS) {
294 					if (cs->status != 0) {
295 						error = EIO;
296 						goto out;
297 					}
298 				} else {
299 					if (r->rlen >= n) {
300 						r->rlen = n;
301 						memcpy(r->rparam, cs, r->rlen);
302 					}
303 
304 					goto out;
305 				}
306 			}
307 			break;
308 
309 		default:
310 			if (e->event == r->event) {
311 				if (r->rlen >= n) {
312 					r->rlen = n;
313 					memcpy(r->rparam, e + 1, r->rlen);
314 				}
315 
316 				goto out;
317 			}
318 			break;
319 		}
320 	} while (to > 0);
321 
322 	error = ETIMEDOUT;
323 out:
324 	bt_devfilter(s, &old, NULL);
325 
326 	if (error != 0) {
327 		errno = error;
328 		return (-1);
329 	}
330 
331 	return (0);
332 }
333 
334 int
335 bt_devfilter(int s, struct bt_devfilter const *new, struct bt_devfilter *old)
336 {
337 	struct ng_btsocket_hci_raw_filter	f;
338 	socklen_t				len;
339 
340 	if (new == NULL && old == NULL) {
341 		errno = EINVAL;
342 		return (-1);
343 	}
344 
345 	if (old != NULL) {
346 		len = sizeof(f);
347 		if (getsockopt(s, SOL_HCI_RAW, SO_HCI_RAW_FILTER, &f, &len) < 0)
348 			return (-1);
349 
350 		memset(old, 0, sizeof(*old));
351 		memcpy(old->packet_mask, &f.packet_mask,
352 			MIN(sizeof(old->packet_mask), sizeof(f.packet_mask)));
353 		memcpy(old->event_mask, &f.event_mask,
354 			MIN(sizeof(old->event_mask), sizeof(f.packet_mask)));
355 	}
356 
357 	if (new != NULL) {
358 		memset(&f, 0, sizeof(f));
359 		memcpy(&f.packet_mask, new->packet_mask,
360 			MIN(sizeof(f.packet_mask), sizeof(new->event_mask)));
361 		memcpy(&f.event_mask, new->event_mask,
362 			MIN(sizeof(f.event_mask), sizeof(new->event_mask)));
363 
364 		len = sizeof(f);
365 		if (setsockopt(s, SOL_HCI_RAW, SO_HCI_RAW_FILTER, &f, len) < 0)
366 			return (-1);
367 	}
368 
369 	return (0);
370 }
371 
372 void
373 bt_devfilter_pkt_set(struct bt_devfilter *filter, uint8_t type)
374 {
375 	bit_set(filter->packet_mask, type - 1);
376 }
377 
378 void
379 bt_devfilter_pkt_clr(struct bt_devfilter *filter, uint8_t type)
380 {
381 	bit_clear(filter->packet_mask, type - 1);
382 }
383 
384 int
385 bt_devfilter_pkt_tst(struct bt_devfilter const *filter, uint8_t type)
386 {
387 	return (bit_test(filter->packet_mask, type - 1));
388 }
389 
390 void
391 bt_devfilter_evt_set(struct bt_devfilter *filter, uint8_t event)
392 {
393 	bit_set(filter->event_mask, event - 1);
394 }
395 
396 void
397 bt_devfilter_evt_clr(struct bt_devfilter *filter, uint8_t event)
398 {
399 	bit_clear(filter->event_mask, event - 1);
400 }
401 
402 int
403 bt_devfilter_evt_tst(struct bt_devfilter const *filter, uint8_t event)
404 {
405 	return (bit_test(filter->event_mask, event - 1));
406 }
407 
408 int
409 bt_devinquiry(char const *devname, time_t length, int num_rsp,
410 		struct bt_devinquiry **ii)
411 {
412 	uint8_t				buf[320];
413 	char				_devname[HCI_DEVNAME_SIZE];
414 	struct bt_devfilter		f;
415 	ng_hci_inquiry_cp		*cp = (ng_hci_inquiry_cp *) buf;
416 	ng_hci_event_pkt_t		*e = (ng_hci_event_pkt_t *) buf;
417 	ng_hci_inquiry_result_ep	*ep = (ng_hci_inquiry_result_ep *)(e+1);
418 	ng_hci_inquiry_response		*ir;
419 	struct bt_devinquiry		*i;
420 	int				s, n;
421 
422 	if (ii == NULL) {
423 		errno = EINVAL;
424 		return (-1);
425 	}
426 
427 	if (devname == NULL) {
428 		memset(_devname, 0, sizeof(_devname));
429 		devname = _devname;
430 
431 		n = bt_devenum(bt_devany_cb, _devname);
432 		if (n <= 0) {
433 			if (n == 0)
434 				*ii = NULL;
435 
436 			return (n);
437 		}
438 	}
439 
440 	s = bt_devopen(devname);
441 	if (s < 0)
442 		return (-1);
443 
444 	if (bt_devfilter(s, NULL, &f) < 0) {
445 		bt_devclose(s);
446 		return (-1);
447 	}
448 
449 	bt_devfilter_evt_set(&f, NG_HCI_EVENT_INQUIRY_COMPL);
450 	bt_devfilter_evt_set(&f, NG_HCI_EVENT_INQUIRY_RESULT);
451 
452 	if (bt_devfilter(s, &f, NULL) < 0) {
453 		bt_devclose(s);
454 		return (-1);
455 	}
456 
457 	/* Always use GIAC LAP */
458 	cp->lap[0] = 0x33;
459 	cp->lap[1] = 0x8b;
460 	cp->lap[2] = 0x9e;
461 
462 	/*
463 	 * Calculate inquire length in 1.28 second units
464 	 * v2.x specification says that 1.28 -> 61.44 seconds
465 	 * range is acceptable
466 	 */
467 
468 	if (length <= 0)
469 		length = 5;
470 	else if (length == 1)
471 		length = 2;
472 	else if (length > 62)
473 		length = 62;
474 
475 	cp->inquiry_length = (uint8_t)((length * 100) / 128);
476 
477 	if (num_rsp <= 0 || num_rsp > 255)
478 		num_rsp = 8;
479 	cp->num_responses = (uint8_t) num_rsp;
480 
481 	i = *ii = calloc(num_rsp, sizeof(struct bt_devinquiry));
482 	if (i == NULL) {
483 		bt_devclose(s);
484 		errno = ENOMEM;
485 		return (-1);
486 	}
487 
488 	if (bt_devsend(s,
489 		NG_HCI_OPCODE(NG_HCI_OGF_LINK_CONTROL, NG_HCI_OCF_INQUIRY),
490 			cp, sizeof(*cp)) < 0) {
491 		free(i);
492 		bt_devclose(s);
493 		return (-1);
494 	}
495 
496 wait_for_more:
497 
498 	n = bt_devrecv(s, buf, sizeof(buf), length);
499 	if (n < 0) {
500 		free(i);
501 		bt_devclose(s);
502 		return (-1);
503 	}
504 
505 	if (n < sizeof(ng_hci_event_pkt_t)) {
506 		free(i);
507 		bt_devclose(s);
508 		errno = EIO;
509 		return (-1);
510 	}
511 
512 	switch (e->event) {
513 	case NG_HCI_EVENT_INQUIRY_COMPL:
514 		break;
515 
516 	case NG_HCI_EVENT_INQUIRY_RESULT:
517 		ir = (ng_hci_inquiry_response *)(ep + 1);
518 
519 		for (n = 0; n < MIN(ep->num_responses, num_rsp); n ++) {
520 			bdaddr_copy(&i->bdaddr, &ir->bdaddr);
521 			i->pscan_rep_mode = ir->page_scan_rep_mode;
522 			i->pscan_period_mode = ir->page_scan_period_mode;
523 			memcpy(i->dev_class, ir->uclass, sizeof(i->dev_class));
524 			i->clock_offset = le16toh(ir->clock_offset);
525 
526 			ir ++;
527 			i ++;
528 			num_rsp --;
529 		}
530 		/* FALLTHROUGH */
531 
532 	default:
533 		goto wait_for_more;
534 		/* NOT REACHED */
535 	}
536 
537 	bt_devclose(s);
538 
539 	return (i - *ii);
540 }
541 
542 char *
543 bt_devremote_name(char const *devname, const bdaddr_t *remote, time_t to,
544     uint16_t clk_off, uint8_t ps_rep_mode, uint8_t ps_mode)
545 {
546 	char				 _devname[HCI_DEVNAME_SIZE];
547 	struct bt_devreq		 r;
548 	ng_hci_remote_name_req_cp	 cp;
549 	ng_hci_remote_name_req_compl_ep	 ep;
550 	int				 s;
551 	char				*remote_name = NULL;
552 
553 	if (remote == NULL || to < 0) {
554 		errno = EINVAL;
555 		goto out;
556 	}
557 
558 	if (to == 0) {
559 		to = bt_get_default_hci_command_timeout();
560 		if (to < 0)
561 			goto out;
562 	}
563 	to++;
564 
565 	if (devname == NULL) {
566 		memset(_devname, 0, sizeof(_devname));
567 		devname = _devname;
568 		if (bt_devenum(bt_devany_cb, _devname) <= 0)
569 			goto out;
570         }
571 
572 	memset(&r, 0, sizeof(r));
573 	memset(&cp, 0, sizeof(cp));
574 	memset(&ep, 0, sizeof(ep));
575 	cp.clock_offset = htole16(clk_off);
576 	cp.page_scan_rep_mode = ps_rep_mode;
577 	cp.page_scan_mode = ps_mode;
578 	bdaddr_copy(&cp.bdaddr, remote);
579 	r.opcode = NG_HCI_OPCODE(NG_HCI_OGF_LINK_CONTROL,
580 				 NG_HCI_OCF_REMOTE_NAME_REQ);
581 	r.event = NG_HCI_EVENT_REMOTE_NAME_REQ_COMPL;
582 	r.cparam = &cp;
583 	r.clen = sizeof(cp);
584 	r.rparam = &ep;
585 	r.rlen = sizeof(ep);
586 
587 	s = bt_devopen(devname);
588 	if (s < 0)
589 		goto out;
590 
591 	if (bt_devreq(s, &r, to) == 0 || ep.status == 0x00)
592 		remote_name = strndup((const char *)&ep.name, sizeof(ep.name));
593 
594 	bt_devclose(s);
595 out:
596 	return (remote_name);
597 }
598 
599 int
600 bt_devinfo(struct bt_devinfo *di)
601 {
602 	union {
603 		struct ng_btsocket_hci_raw_node_state		r0;
604 		struct ng_btsocket_hci_raw_node_bdaddr		r1;
605 		struct ng_btsocket_hci_raw_node_features	r2;
606 		struct ng_btsocket_hci_raw_node_buffer		r3;
607 		struct ng_btsocket_hci_raw_node_stat		r4;
608 		struct ng_btsocket_hci_raw_node_link_policy_mask r5;
609 		struct ng_btsocket_hci_raw_node_packet_mask	r6;
610 		struct ng_btsocket_hci_raw_node_role_switch	r7;
611 		struct ng_btsocket_hci_raw_node_debug		r8;
612 	}						rp;
613 	struct sockaddr_hci				ha;
614 	socklen_t					halen;
615 	int						s, rval;
616 
617 	if (di == NULL) {
618 		errno = EINVAL;
619 		return (-1);
620 	}
621 
622 	s = bt_devopen(di->devname);
623 	if (s < 0)
624 		return (-1);
625 
626 	rval = -1;
627 
628 	halen = sizeof(ha);
629 	if (getsockname(s, (struct sockaddr *) &ha, &halen) < 0)
630 		goto bad;
631 	strlcpy(di->devname, ha.hci_node, sizeof(di->devname));
632 
633 	if (ioctl(s, SIOC_HCI_RAW_NODE_GET_STATE, &rp.r0, sizeof(rp.r0)) < 0)
634 		goto bad;
635 	di->state = rp.r0.state;
636 
637 	if (ioctl(s, SIOC_HCI_RAW_NODE_GET_BDADDR, &rp.r1, sizeof(rp.r1)) < 0)
638 		goto bad;
639 	bdaddr_copy(&di->bdaddr, &rp.r1.bdaddr);
640 
641 	if (ioctl(s, SIOC_HCI_RAW_NODE_GET_FEATURES, &rp.r2, sizeof(rp.r2)) < 0)
642 		goto bad;
643 	memcpy(di->features, rp.r2.features, sizeof(di->features));
644 
645 	if (ioctl(s, SIOC_HCI_RAW_NODE_GET_BUFFER, &rp.r3, sizeof(rp.r3)) < 0)
646 		goto bad;
647 	di->cmd_free = rp.r3.buffer.cmd_free;
648 	di->sco_size = rp.r3.buffer.sco_size;
649 	di->sco_pkts = rp.r3.buffer.sco_pkts;
650 	di->sco_free = rp.r3.buffer.sco_free;
651 	di->acl_size = rp.r3.buffer.acl_size;
652 	di->acl_pkts = rp.r3.buffer.acl_pkts;
653 	di->acl_free = rp.r3.buffer.acl_free;
654 
655 	if (ioctl(s, SIOC_HCI_RAW_NODE_GET_STAT, &rp.r4, sizeof(rp.r4)) < 0)
656 		goto bad;
657 	di->cmd_sent = rp.r4.stat.cmd_sent;
658 	di->evnt_recv = rp.r4.stat.evnt_recv;
659 	di->acl_recv = rp.r4.stat.acl_recv;
660 	di->acl_sent = rp.r4.stat.acl_sent;
661 	di->sco_recv = rp.r4.stat.sco_recv;
662 	di->sco_sent = rp.r4.stat.sco_sent;
663 	di->bytes_recv = rp.r4.stat.bytes_recv;
664 	di->bytes_sent = rp.r4.stat.bytes_sent;
665 
666 	if (ioctl(s, SIOC_HCI_RAW_NODE_GET_LINK_POLICY_MASK,
667 			&rp.r5, sizeof(rp.r5)) < 0)
668 		goto bad;
669 	di->link_policy_info = rp.r5.policy_mask;
670 
671 	if (ioctl(s, SIOC_HCI_RAW_NODE_GET_PACKET_MASK,
672 			&rp.r6, sizeof(rp.r6)) < 0)
673 		goto bad;
674 	di->packet_type_info = rp.r6.packet_mask;
675 
676 	 if (ioctl(s, SIOC_HCI_RAW_NODE_GET_ROLE_SWITCH,
677 			&rp.r7, sizeof(rp.r7)) < 0)
678 		goto bad;
679 	di->role_switch_info = rp.r7.role_switch;
680 
681 	if (ioctl(s, SIOC_HCI_RAW_NODE_GET_DEBUG, &rp.r8, sizeof(rp.r8)) < 0)
682 		goto bad;
683 	di->debug = rp.r8.debug;
684 
685 	rval = 0;
686 bad:
687 	bt_devclose(s);
688 
689 	return (rval);
690 }
691 
692 int
693 bt_devenum(bt_devenum_cb_t cb, void *arg)
694 {
695 	struct ng_btsocket_hci_raw_node_list_names	rp;
696 	struct bt_devinfo				di;
697 	struct sockaddr_hci				ha;
698 	int						s, i, count;
699 
700 	rp.num_names = HCI_DEVMAX;
701 	rp.names = (struct nodeinfo *) calloc(rp.num_names,
702 						sizeof(struct nodeinfo));
703 	if (rp.names == NULL) {
704 		errno = ENOMEM;
705 		return (-1);
706 	}
707 
708 	memset(&ha, 0, sizeof(ha));
709 	ha.hci_len = sizeof(ha);
710 	ha.hci_family = AF_BLUETOOTH;
711 	ha.hci_node[0] = 'x';
712 
713 	s = socket(PF_BLUETOOTH, SOCK_RAW, BLUETOOTH_PROTO_HCI);
714 	if (s < 0) {
715 		free(rp.names);
716 
717 		return (-1);
718 	}
719 
720 	if (bind(s, (struct sockaddr *) &ha, sizeof(ha)) < 0 ||
721 	    connect(s, (struct sockaddr *) &ha, sizeof(ha)) < 0 ||
722 	    ioctl(s, SIOC_HCI_RAW_NODE_LIST_NAMES, &rp, sizeof(rp)) < 0) {
723 		close(s);
724 		free(rp.names);
725 
726 		return (-1);
727 	}
728 
729 	for (count = 0, i = 0; i < rp.num_names; i ++) {
730 		strlcpy(di.devname, rp.names[i].name, sizeof(di.devname));
731 		if (bt_devinfo(&di) < 0)
732 			continue;
733 
734 		count ++;
735 
736 		if (cb == NULL)
737 			continue;
738 
739 		strlcpy(ha.hci_node, rp.names[i].name, sizeof(ha.hci_node));
740 		if (bind(s, (struct sockaddr *) &ha, sizeof(ha)) < 0 ||
741 		    connect(s, (struct sockaddr *) &ha, sizeof(ha)) < 0)
742 			continue;
743 
744 		if ((*cb)(s, &di, arg) > 0)
745 			break;
746 	}
747 
748 	close (s);
749 	free(rp.names);
750 
751 	return (count);
752 }
753 
754 static int
755 bt_devany_cb(int s, struct bt_devinfo const *di, void *xdevname)
756 {
757 	strlcpy((char *) xdevname, di->devname, HCI_DEVNAME_SIZE);
758 	return (1);
759 }
760 
761 static char *
762 bt_dev2node(char const *devname, char *nodename, int nnlen)
763 {
764 	static char const *	 bt_dev_prefix[] = {
765 		"btccc",	/* 3Com Bluetooth PC-CARD */
766 		"h4",		/* UART/serial Bluetooth devices */
767 		"ubt",		/* Bluetooth USB devices */
768 		NULL		/* should be last */
769 	};
770 
771 	static char		_nodename[HCI_DEVNAME_SIZE];
772 	char const		**p;
773 	char			*ep;
774 	int			plen, unit;
775 
776 	if (nodename == NULL) {
777 		nodename = _nodename;
778 		nnlen = HCI_DEVNAME_SIZE;
779 	}
780 
781 	for (p = bt_dev_prefix; *p != NULL; p ++) {
782 		plen = strlen(*p);
783 		if (strncmp(devname, *p, plen) != 0)
784 			continue;
785 
786 		unit = strtoul(devname + plen, &ep, 10);
787 		if (*ep != '\0' &&
788 		    strcmp(ep, "hci") != 0 &&
789 		    strcmp(ep, "l2cap") != 0)
790 			return (NULL);	/* can't make sense of device name */
791 
792 		snprintf(nodename, nnlen, "%s%uhci", *p, unit);
793 
794 		return (nodename);
795 	}
796 
797 	return (NULL);
798 }
799 
800 static time_t
801 bt_get_default_hci_command_timeout(void)
802 {
803 	int	to;
804 	size_t	to_size = sizeof(to);
805 
806 	if (sysctlbyname("net.bluetooth.hci.command_timeout",
807 			 &to, &to_size, NULL, 0) < 0)
808 		return (-1);
809 
810 	/* Should not happen */
811 	if (to <= 0) {
812 		errno = ERANGE;
813 		return (-1);
814 	}
815 
816 	return ((time_t)to);
817 }
818