xref: /freebsd/sys/netgraph/bluetooth/drivers/ubt/ng_ubt.c (revision bd66c1b43e33540205dbc1187c2f2a15c58b57ba)
1 /*
2  * ng_ubt.c
3  */
4 
5 /*-
6  * SPDX-License-Identifier: BSD-2-Clause
7  *
8  * Copyright (c) 2001-2009 Maksim Yevmenkin <m_evmenkin@yahoo.com>
9  * All rights reserved.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  * $Id: ng_ubt.c,v 1.16 2003/10/10 19:15:06 max Exp $
33  */
34 
35 /*
36  * NOTE: ng_ubt2 driver has a split personality. On one side it is
37  * a USB device driver and on the other it is a Netgraph node. This
38  * driver will *NOT* create traditional /dev/ enties, only Netgraph
39  * node.
40  *
41  * NOTE ON LOCKS USED: ng_ubt2 drives uses 2 locks (mutexes)
42  *
43  * 1) sc_if_mtx - lock for device's interface #0 and #1. This lock is used
44  *    by USB for any USB request going over device's interface #0 and #1,
45  *    i.e. interrupt, control, bulk and isoc. transfers.
46  *
47  * 2) sc_ng_mtx - this lock is used to protect shared (between USB, Netgraph
48  *    and Taskqueue) data, such as outgoing mbuf queues, task flags and hook
49  *    pointer. This lock *SHOULD NOT* be grabbed for a long time. In fact,
50  *    think of it as a spin lock.
51  *
52  * NOTE ON LOCKING STRATEGY: ng_ubt2 driver operates in 3 different contexts.
53  *
54  * 1) USB context. This is where all the USB related stuff happens. All
55  *    callbacks run in this context. All callbacks are called (by USB) with
56  *    appropriate interface lock held. It is (generally) allowed to grab
57  *    any additional locks.
58  *
59  * 2) Netgraph context. This is where all the Netgraph related stuff happens.
60  *    Since we mark node as WRITER, the Netgraph node will be "locked" (from
61  *    Netgraph point of view). Any variable that is only modified from the
62  *    Netgraph context does not require any additional locking. It is generally
63  *    *NOT* allowed to grab *ANY* additional locks. Whatever you do, *DO NOT*
64  *    grab any lock in the Netgraph context that could cause de-scheduling of
65  *    the Netgraph thread for significant amount of time. In fact, the only
66  *    lock that is allowed in the Netgraph context is the sc_ng_mtx lock.
67  *    Also make sure that any code that is called from the Netgraph context
68  *    follows the rule above.
69  *
70  * 3) Taskqueue context. This is where ubt_task runs. Since we are generally
71  *    NOT allowed to grab any lock that could cause de-scheduling in the
72  *    Netgraph context, and, USB requires us to grab interface lock before
73  *    doing things with transfers, it is safer to transition from the Netgraph
74  *    context to the Taskqueue context before we can call into USB subsystem.
75  *
76  * So, to put everything together, the rules are as follows.
77  *	It is OK to call from the USB context or the Taskqueue context into
78  * the Netgraph context (i.e. call NG_SEND_xxx functions). In other words
79  * it is allowed to call into the Netgraph context with locks held.
80  *	Is it *NOT* OK to call from the Netgraph context into the USB context,
81  * because USB requires us to grab interface locks, and, it is safer to
82  * avoid it. So, to make things safer we set task flags to indicate which
83  * actions we want to perform and schedule ubt_task which would run in the
84  * Taskqueue context.
85  *	Is is OK to call from the Taskqueue context into the USB context,
86  * and, ubt_task does just that (i.e. grabs appropriate interface locks
87  * before calling into USB).
88  *	Access to the outgoing queues, task flags and hook pointer is
89  * controlled by the sc_ng_mtx lock. It is an unavoidable evil. Again,
90  * sc_ng_mtx should really be a spin lock (and it is very likely to an
91  * equivalent of spin lock due to adaptive nature of FreeBSD mutexes).
92  *	All USB callbacks accept softc pointer as a private data. USB ensures
93  * that this pointer is valid.
94  */
95 
96 #include <sys/stdint.h>
97 #include <sys/stddef.h>
98 #include <sys/param.h>
99 #include <sys/queue.h>
100 #include <sys/types.h>
101 #include <sys/systm.h>
102 #include <sys/kernel.h>
103 #include <sys/bus.h>
104 #include <sys/module.h>
105 #include <sys/lock.h>
106 #include <sys/mutex.h>
107 #include <sys/condvar.h>
108 #include <sys/sysctl.h>
109 #include <sys/sx.h>
110 #include <sys/unistd.h>
111 #include <sys/callout.h>
112 #include <sys/malloc.h>
113 #include <sys/priv.h>
114 
115 #include "usbdevs.h"
116 #include <dev/usb/usb.h>
117 #include <dev/usb/usbdi.h>
118 #include <dev/usb/usbdi_util.h>
119 
120 #define	USB_DEBUG_VAR usb_debug
121 #include <dev/usb/usb_debug.h>
122 #include <dev/usb/usb_busdma.h>
123 
124 #include <sys/mbuf.h>
125 #include <sys/taskqueue.h>
126 
127 #include <netgraph/ng_message.h>
128 #include <netgraph/netgraph.h>
129 #include <netgraph/ng_parse.h>
130 #include <netgraph/bluetooth/include/ng_bluetooth.h>
131 #include <netgraph/bluetooth/include/ng_hci.h>
132 #include <netgraph/bluetooth/include/ng_ubt.h>
133 #include <netgraph/bluetooth/drivers/ubt/ng_ubt_var.h>
134 
135 static int		ubt_modevent(module_t, int, void *);
136 static device_probe_t	ubt_probe;
137 static device_attach_t	ubt_attach;
138 static device_detach_t	ubt_detach;
139 
140 static void		ubt_task_schedule(ubt_softc_p, int);
141 static task_fn_t	ubt_task;
142 
143 #define	ubt_xfer_start(sc, i)	usbd_transfer_start((sc)->sc_xfer[(i)])
144 
145 /* Netgraph methods */
146 static ng_constructor_t	ng_ubt_constructor;
147 static ng_shutdown_t	ng_ubt_shutdown;
148 static ng_newhook_t	ng_ubt_newhook;
149 static ng_connect_t	ng_ubt_connect;
150 static ng_disconnect_t	ng_ubt_disconnect;
151 static ng_rcvmsg_t	ng_ubt_rcvmsg;
152 static ng_rcvdata_t	ng_ubt_rcvdata;
153 
154 static int ng_usb_isoc_enable = 1;
155 
156 SYSCTL_INT(_net_bluetooth, OID_AUTO, usb_isoc_enable, CTLFLAG_RWTUN | CTLFLAG_MPSAFE,
157     &ng_usb_isoc_enable, 0, "enable isochronous transfers");
158 
159 /* Queue length */
160 static const struct ng_parse_struct_field	ng_ubt_node_qlen_type_fields[] =
161 {
162 	{ "queue", &ng_parse_int32_type, },
163 	{ "qlen",  &ng_parse_int32_type, },
164 	{ NULL, }
165 };
166 static const struct ng_parse_type		ng_ubt_node_qlen_type =
167 {
168 	&ng_parse_struct_type,
169 	&ng_ubt_node_qlen_type_fields
170 };
171 
172 /* Stat info */
173 static const struct ng_parse_struct_field	ng_ubt_node_stat_type_fields[] =
174 {
175 	{ "pckts_recv", &ng_parse_uint32_type, },
176 	{ "bytes_recv", &ng_parse_uint32_type, },
177 	{ "pckts_sent", &ng_parse_uint32_type, },
178 	{ "bytes_sent", &ng_parse_uint32_type, },
179 	{ "oerrors",    &ng_parse_uint32_type, },
180 	{ "ierrors",    &ng_parse_uint32_type, },
181 	{ NULL, }
182 };
183 static const struct ng_parse_type		ng_ubt_node_stat_type =
184 {
185 	&ng_parse_struct_type,
186 	&ng_ubt_node_stat_type_fields
187 };
188 
189 /* Netgraph node command list */
190 static const struct ng_cmdlist			ng_ubt_cmdlist[] =
191 {
192 	{
193 		NGM_UBT_COOKIE,
194 		NGM_UBT_NODE_SET_DEBUG,
195 		"set_debug",
196 		&ng_parse_uint16_type,
197 		NULL
198 	},
199 	{
200 		NGM_UBT_COOKIE,
201 		NGM_UBT_NODE_GET_DEBUG,
202 		"get_debug",
203 		NULL,
204 		&ng_parse_uint16_type
205 	},
206 	{
207 		NGM_UBT_COOKIE,
208 		NGM_UBT_NODE_SET_QLEN,
209 		"set_qlen",
210 		&ng_ubt_node_qlen_type,
211 		NULL
212 	},
213 	{
214 		NGM_UBT_COOKIE,
215 		NGM_UBT_NODE_GET_QLEN,
216 		"get_qlen",
217 		&ng_ubt_node_qlen_type,
218 		&ng_ubt_node_qlen_type
219 	},
220 	{
221 		NGM_UBT_COOKIE,
222 		NGM_UBT_NODE_GET_STAT,
223 		"get_stat",
224 		NULL,
225 		&ng_ubt_node_stat_type
226 	},
227 	{
228 		NGM_UBT_COOKIE,
229 		NGM_UBT_NODE_RESET_STAT,
230 		"reset_stat",
231 		NULL,
232 		NULL
233 	},
234 	{ 0, }
235 };
236 
237 /* Netgraph node type */
238 static struct ng_type	typestruct =
239 {
240 	.version = 	NG_ABI_VERSION,
241 	.name =		NG_UBT_NODE_TYPE,
242 	.constructor =	ng_ubt_constructor,
243 	.rcvmsg =	ng_ubt_rcvmsg,
244 	.shutdown =	ng_ubt_shutdown,
245 	.newhook =	ng_ubt_newhook,
246 	.connect =	ng_ubt_connect,
247 	.rcvdata =	ng_ubt_rcvdata,
248 	.disconnect =	ng_ubt_disconnect,
249 	.cmdlist =	ng_ubt_cmdlist
250 };
251 
252 /****************************************************************************
253  ****************************************************************************
254  **                              USB specific
255  ****************************************************************************
256  ****************************************************************************/
257 
258 /* USB methods */
259 static usb_callback_t	ubt_probe_intr_callback;
260 static usb_callback_t	ubt_ctrl_write_callback;
261 static usb_callback_t	ubt_intr_read_callback;
262 static usb_callback_t	ubt_bulk_read_callback;
263 static usb_callback_t	ubt_bulk_write_callback;
264 static usb_callback_t	ubt_isoc_read_callback;
265 static usb_callback_t	ubt_isoc_write_callback;
266 
267 static int		ubt_fwd_mbuf_up(ubt_softc_p, struct mbuf **);
268 static int		ubt_isoc_read_one_frame(struct usb_xfer *, int);
269 
270 /*
271  * USB config
272  *
273  * The following desribes usb transfers that could be submitted on USB device.
274  *
275  * Interface 0 on the USB device must present the following endpoints
276  *	1) Interrupt endpoint to receive HCI events
277  *	2) Bulk IN endpoint to receive ACL data
278  *	3) Bulk OUT endpoint to send ACL data
279  *
280  * Interface 1 on the USB device must present the following endpoints
281  *	1) Isochronous IN endpoint to receive SCO data
282  *	2) Isochronous OUT endpoint to send SCO data
283  */
284 
285 static const struct usb_config		ubt_config[UBT_N_TRANSFER] =
286 {
287 	/*
288 	 * Interface #0
289  	 */
290 
291 	/* Outgoing bulk transfer - ACL packets */
292 	[UBT_IF_0_BULK_DT_WR] = {
293 		.type =		UE_BULK,
294 		.endpoint =	UE_ADDR_ANY,
295 		.direction =	UE_DIR_OUT,
296 		.if_index = 	0,
297 		.bufsize =	UBT_BULK_WRITE_BUFFER_SIZE,
298 		.flags =	{ .pipe_bof = 1, .force_short_xfer = 1, },
299 		.callback =	&ubt_bulk_write_callback,
300 	},
301 	/* Incoming bulk transfer - ACL packets */
302 	[UBT_IF_0_BULK_DT_RD] = {
303 		.type =		UE_BULK,
304 		.endpoint =	UE_ADDR_ANY,
305 		.direction =	UE_DIR_IN,
306 		.if_index = 	0,
307 		.bufsize =	UBT_BULK_READ_BUFFER_SIZE,
308 		.flags =	{ .pipe_bof = 1, .short_xfer_ok = 1, },
309 		.callback =	&ubt_bulk_read_callback,
310 	},
311 	/* Incoming interrupt transfer - HCI events */
312 	[UBT_IF_0_INTR_DT_RD] = {
313 		.type =		UE_INTERRUPT,
314 		.endpoint =	UE_ADDR_ANY,
315 		.direction =	UE_DIR_IN,
316 		.if_index = 	0,
317 		.flags =	{ .pipe_bof = 1, .short_xfer_ok = 1, },
318 		.bufsize =	UBT_INTR_BUFFER_SIZE,
319 		.callback =	&ubt_intr_read_callback,
320 	},
321 	/* Outgoing control transfer - HCI commands */
322 	[UBT_IF_0_CTRL_DT_WR] = {
323 		.type =		UE_CONTROL,
324 		.endpoint =	0x00,	/* control pipe */
325 		.direction =	UE_DIR_ANY,
326 		.if_index = 	0,
327 		.bufsize =	UBT_CTRL_BUFFER_SIZE,
328 		.callback =	&ubt_ctrl_write_callback,
329 		.timeout =	5000,	/* 5 seconds */
330 	},
331 
332 	/*
333 	 * Interface #1
334  	 */
335 
336 	/* Incoming isochronous transfer #1 - SCO packets */
337 	[UBT_IF_1_ISOC_DT_RD1] = {
338 		.type =		UE_ISOCHRONOUS,
339 		.endpoint =	UE_ADDR_ANY,
340 		.direction =	UE_DIR_IN,
341 		.if_index = 	1,
342 		.bufsize =	0,	/* use "wMaxPacketSize * frames" */
343 		.frames =	UBT_ISOC_NFRAMES,
344 		.flags =	{ .short_xfer_ok = 1, },
345 		.callback =	&ubt_isoc_read_callback,
346 	},
347 	/* Incoming isochronous transfer #2 - SCO packets */
348 	[UBT_IF_1_ISOC_DT_RD2] = {
349 		.type =		UE_ISOCHRONOUS,
350 		.endpoint =	UE_ADDR_ANY,
351 		.direction =	UE_DIR_IN,
352 		.if_index = 	1,
353 		.bufsize =	0,	/* use "wMaxPacketSize * frames" */
354 		.frames =	UBT_ISOC_NFRAMES,
355 		.flags =	{ .short_xfer_ok = 1, },
356 		.callback =	&ubt_isoc_read_callback,
357 	},
358 	/* Outgoing isochronous transfer #1 - SCO packets */
359 	[UBT_IF_1_ISOC_DT_WR1] = {
360 		.type =		UE_ISOCHRONOUS,
361 		.endpoint =	UE_ADDR_ANY,
362 		.direction =	UE_DIR_OUT,
363 		.if_index = 	1,
364 		.bufsize =	0,	/* use "wMaxPacketSize * frames" */
365 		.frames =	UBT_ISOC_NFRAMES,
366 		.flags =	{ .short_xfer_ok = 1, },
367 		.callback =	&ubt_isoc_write_callback,
368 	},
369 	/* Outgoing isochronous transfer #2 - SCO packets */
370 	[UBT_IF_1_ISOC_DT_WR2] = {
371 		.type =		UE_ISOCHRONOUS,
372 		.endpoint =	UE_ADDR_ANY,
373 		.direction =	UE_DIR_OUT,
374 		.if_index = 	1,
375 		.bufsize =	0,	/* use "wMaxPacketSize * frames" */
376 		.frames =	UBT_ISOC_NFRAMES,
377 		.flags =	{ .short_xfer_ok = 1, },
378 		.callback =	&ubt_isoc_write_callback,
379 	},
380 };
381 
382 /*
383  * If for some reason device should not be attached then put
384  * VendorID/ProductID pair into the list below. The format is
385  * as follows:
386  *
387  *	{ USB_VPI(VENDOR_ID, PRODUCT_ID, 0) },
388  *
389  * where VENDOR_ID and PRODUCT_ID are hex numbers.
390  */
391 
392 static const STRUCT_USB_HOST_ID ubt_ignore_devs[] =
393 {
394 	/* AVM USB Bluetooth-Adapter BlueFritz! v1.0 */
395 	{ USB_VPI(USB_VENDOR_AVM, 0x2200, 0) },
396 
397 	/* Atheros 3011 with sflash firmware */
398 	{ USB_VPI(0x0cf3, 0x3002, 0) },
399 	{ USB_VPI(0x0cf3, 0xe019, 0) },
400 	{ USB_VPI(0x13d3, 0x3304, 0) },
401 	{ USB_VPI(0x0930, 0x0215, 0) },
402 	{ USB_VPI(0x0489, 0xe03d, 0) },
403 	{ USB_VPI(0x0489, 0xe027, 0) },
404 
405 	/* Atheros AR9285 Malbec with sflash firmware */
406 	{ USB_VPI(0x03f0, 0x311d, 0) },
407 
408 	/* Atheros 3012 with sflash firmware */
409 	{ USB_VPI(0x0cf3, 0x3004, 0), USB_DEV_BCD_LTEQ(1) },
410 	{ USB_VPI(0x0cf3, 0x311d, 0), USB_DEV_BCD_LTEQ(1) },
411 	{ USB_VPI(0x13d3, 0x3375, 0), USB_DEV_BCD_LTEQ(1) },
412 	{ USB_VPI(0x04ca, 0x3005, 0), USB_DEV_BCD_LTEQ(1) },
413 	{ USB_VPI(0x04ca, 0x3006, 0), USB_DEV_BCD_LTEQ(1) },
414 	{ USB_VPI(0x04ca, 0x3008, 0), USB_DEV_BCD_LTEQ(1) },
415 	{ USB_VPI(0x13d3, 0x3362, 0), USB_DEV_BCD_LTEQ(1) },
416 	{ USB_VPI(0x0cf3, 0xe004, 0), USB_DEV_BCD_LTEQ(1) },
417 	{ USB_VPI(0x0930, 0x0219, 0), USB_DEV_BCD_LTEQ(1) },
418 	{ USB_VPI(0x0489, 0xe057, 0), USB_DEV_BCD_LTEQ(1) },
419 	{ USB_VPI(0x13d3, 0x3393, 0), USB_DEV_BCD_LTEQ(1) },
420 	{ USB_VPI(0x0489, 0xe04e, 0), USB_DEV_BCD_LTEQ(1) },
421 	{ USB_VPI(0x0489, 0xe056, 0), USB_DEV_BCD_LTEQ(1) },
422 
423 	/* Atheros AR5BBU12 with sflash firmware */
424 	{ USB_VPI(0x0489, 0xe02c, 0), USB_DEV_BCD_LTEQ(1) },
425 
426 	/* Atheros AR5BBU12 with sflash firmware */
427 	{ USB_VPI(0x0489, 0xe03c, 0), USB_DEV_BCD_LTEQ(1) },
428 	{ USB_VPI(0x0489, 0xe036, 0), USB_DEV_BCD_LTEQ(1) },
429 
430 	/* Intel Wireless controllers are handled in ng_ubt_intel.c */
431 	{ USB_VPI(USB_VENDOR_INTEL2, 0x07dc, 0) },
432 	{ USB_VPI(USB_VENDOR_INTEL2, 0x0a2a, 0) },
433 	{ USB_VPI(USB_VENDOR_INTEL2, 0x0aa7, 0) },
434 	{ USB_VPI(USB_VENDOR_INTEL2, 0x0a2b, 0) },
435 	{ USB_VPI(USB_VENDOR_INTEL2, 0x0aaa, 0) },
436 	{ USB_VPI(USB_VENDOR_INTEL2, 0x0025, 0) },
437 	{ USB_VPI(USB_VENDOR_INTEL2, 0x0026, 0) },
438 	{ USB_VPI(USB_VENDOR_INTEL2, 0x0029, 0) },
439 
440 	/*
441 	 * Some Intel controllers are not yet supported by ng_ubt_intel and
442 	 * should be ignored.
443 	 */
444 	{ USB_VPI(USB_VENDOR_INTEL2, 0x0032, 0) },
445 	{ USB_VPI(USB_VENDOR_INTEL2, 0x0033, 0) },
446 
447 	/* MediaTek MT7925 */
448 	{ USB_VPI(USB_VENDOR_AZUREWAVE, 0x3602, 0) },
449 	{ USB_VPI(USB_VENDOR_AZUREWAVE, 0x3604, 0) },
450 };
451 
452 /* List of supported bluetooth devices */
453 static const STRUCT_USB_HOST_ID ubt_devs[] =
454 {
455 	/* Generic Bluetooth class devices */
456 	{ USB_IFACE_CLASS(UDCLASS_WIRELESS),
457 	  USB_IFACE_SUBCLASS(UDSUBCLASS_RF),
458 	  USB_IFACE_PROTOCOL(UDPROTO_BLUETOOTH) },
459 
460 	/* AVM USB Bluetooth-Adapter BlueFritz! v2.0 */
461 	{ USB_VPI(USB_VENDOR_AVM, 0x3800, 0) },
462 
463 	/* Broadcom USB dongles, mostly BCM20702 and BCM20702A0 */
464 	{ USB_VENDOR(USB_VENDOR_BROADCOM),
465 	  USB_IFACE_CLASS(UICLASS_VENDOR),
466 	  USB_IFACE_SUBCLASS(UDSUBCLASS_RF),
467 	  USB_IFACE_PROTOCOL(UDPROTO_BLUETOOTH) },
468 
469 	/* Apple-specific (Broadcom) devices */
470 	{ USB_VENDOR(USB_VENDOR_APPLE),
471 	  USB_IFACE_CLASS(UICLASS_VENDOR),
472 	  USB_IFACE_SUBCLASS(UDSUBCLASS_RF),
473 	  USB_IFACE_PROTOCOL(UDPROTO_BLUETOOTH) },
474 
475 	/* Foxconn - Hon Hai */
476 	{ USB_VENDOR(USB_VENDOR_FOXCONN),
477 	  USB_IFACE_CLASS(UICLASS_VENDOR),
478 	  USB_IFACE_SUBCLASS(UDSUBCLASS_RF),
479 	  USB_IFACE_PROTOCOL(UDPROTO_BLUETOOTH) },
480 
481 	/* MediaTek MT76x0E */
482 	{ USB_VPI(USB_VENDOR_MEDIATEK, 0x763f, 0) },
483 
484 	/* Broadcom SoftSailing reporting vendor specific */
485 	{ USB_VPI(USB_VENDOR_BROADCOM, 0x21e1, 0) },
486 
487 	/* Apple MacBookPro 7,1 */
488 	{ USB_VPI(USB_VENDOR_APPLE, 0x8213, 0) },
489 
490 	/* Apple iMac11,1 */
491 	{ USB_VPI(USB_VENDOR_APPLE, 0x8215, 0) },
492 
493 	/* Apple MacBookPro6,2 */
494 	{ USB_VPI(USB_VENDOR_APPLE, 0x8218, 0) },
495 
496 	/* Apple MacBookAir3,1, MacBookAir3,2 */
497 	{ USB_VPI(USB_VENDOR_APPLE, 0x821b, 0) },
498 
499 	/* Apple MacBookAir4,1 */
500 	{ USB_VPI(USB_VENDOR_APPLE, 0x821f, 0) },
501 
502 	/* MacBookAir6,1 */
503 	{ USB_VPI(USB_VENDOR_APPLE, 0x828f, 0) },
504 
505 	/* Apple MacBookPro8,2 */
506 	{ USB_VPI(USB_VENDOR_APPLE, 0x821a, 0) },
507 
508 	/* Apple MacMini5,1 */
509 	{ USB_VPI(USB_VENDOR_APPLE, 0x8281, 0) },
510 
511 	/* Bluetooth Ultraport Module from IBM */
512 	{ USB_VPI(USB_VENDOR_TDK, 0x030a, 0) },
513 
514 	/* ALPS Modules with non-standard ID */
515 	{ USB_VPI(USB_VENDOR_ALPS, 0x3001, 0) },
516 	{ USB_VPI(USB_VENDOR_ALPS, 0x3002, 0) },
517 
518 	{ USB_VPI(USB_VENDOR_ERICSSON2, 0x1002, 0) },
519 
520 	/* Canyon CN-BTU1 with HID interfaces */
521 	{ USB_VPI(USB_VENDOR_CANYON, 0x0000, 0) },
522 
523 	/* Broadcom BCM20702A0 */
524 	{ USB_VPI(USB_VENDOR_ASUS, 0x17b5, 0) },
525 	{ USB_VPI(USB_VENDOR_ASUS, 0x17cb, 0) },
526 	{ USB_VPI(USB_VENDOR_LITEON, 0x2003, 0) },
527 	{ USB_VPI(USB_VENDOR_FOXCONN, 0xe042, 0) },
528 	{ USB_VPI(USB_VENDOR_DELL, 0x8197, 0) },
529 	{ USB_VPI(USB_VENDOR_BELKIN, 0x065a, 0) },
530 };
531 
532 /*
533  * Does a synchronous (waits for completion event) execution of HCI command.
534  * Size of both command and response buffers are passed in length field of
535  * corresponding structures in "Parameter Total Length" format i.e.
536  * not including HCI packet headers.
537  *
538  * Must not be used after USB transfers have been configured in attach routine.
539  */
540 
541 usb_error_t
542 ubt_do_hci_request(struct usb_device *udev, struct ubt_hci_cmd *cmd,
543     void *evt, usb_timeout_t timeout)
544 {
545 	static const struct usb_config ubt_probe_config = {
546 		.type = UE_INTERRUPT,
547 		.endpoint = UE_ADDR_ANY,
548 		.direction = UE_DIR_IN,
549 		.flags = { .pipe_bof = 1, .short_xfer_ok = 1 },
550 		.bufsize = UBT_INTR_BUFFER_SIZE,
551 		.callback = &ubt_probe_intr_callback,
552 	};
553 	struct usb_device_request req;
554 	struct usb_xfer *xfer[1];
555 	struct mtx mtx;
556 	usb_error_t error = USB_ERR_NORMAL_COMPLETION;
557 	uint8_t iface_index = 0;
558 
559 	/* Initialize a USB control request and then do it */
560 	bzero(&req, sizeof(req));
561 	req.bmRequestType = UBT_HCI_REQUEST;
562 	req.wIndex[0] = iface_index;
563 	USETW(req.wLength, UBT_HCI_CMD_SIZE(cmd));
564 
565 	error = usbd_do_request(udev, NULL, &req, cmd);
566 	if (error != USB_ERR_NORMAL_COMPLETION) {
567 		printf("ng_ubt: usbd_do_request error=%s\n",
568 			usbd_errstr(error));
569 		return (error);
570 	}
571 
572 	if (evt == NULL)
573 		return (USB_ERR_NORMAL_COMPLETION);
574 
575 	/* Initialize INTR endpoint xfer and wait for response */
576 	mtx_init(&mtx, "ubt pb", NULL, MTX_DEF | MTX_NEW);
577 
578 	error = usbd_transfer_setup(udev, &iface_index, xfer,
579 	    &ubt_probe_config, 1, evt, &mtx);
580 	if (error == USB_ERR_NORMAL_COMPLETION) {
581 		mtx_lock(&mtx);
582 		usbd_transfer_start(*xfer);
583 
584 		if (msleep_sbt(evt, &mtx, 0, "ubt pb", SBT_1MS * timeout,
585 				0, C_HARDCLOCK) == EWOULDBLOCK) {
586 			printf("ng_ubt: HCI command 0x%04x timed out\n",
587 				le16toh(cmd->opcode));
588 			error = USB_ERR_TIMEOUT;
589 		}
590 
591 		usbd_transfer_stop(*xfer);
592 		mtx_unlock(&mtx);
593 
594 		usbd_transfer_unsetup(xfer, 1);
595 	} else
596 		printf("ng_ubt: usbd_transfer_setup error=%s\n",
597 			usbd_errstr(error));
598 
599 	mtx_destroy(&mtx);
600 
601 	return (error);
602 }
603 
604 /*
605  * Probe for a USB Bluetooth device.
606  * USB context.
607  */
608 
609 static int
610 ubt_probe(device_t dev)
611 {
612 	struct usb_attach_arg	*uaa = device_get_ivars(dev);
613 	const struct usb_device_id *id;
614 
615 	if (uaa->usb_mode != USB_MODE_HOST)
616 		return (ENXIO);
617 
618 	if (usbd_lookup_id_by_uaa(ubt_ignore_devs,
619 			sizeof(ubt_ignore_devs), uaa) == 0)
620 		return (ENXIO);
621 
622 	id = usbd_lookup_id_by_info(ubt_devs,
623 	    sizeof(ubt_devs), &uaa->info);
624 	if (id == NULL)
625 		return (ENXIO);
626 
627 	if (uaa->info.bIfaceIndex != 0) {
628 		/* make sure we are matching the interface */
629 		if (id->match_flag_int_class &&
630 		    id->match_flag_int_subclass &&
631 		    id->match_flag_int_protocol)
632 			return (BUS_PROBE_GENERIC);
633 		else
634 			return (ENXIO);
635 	} else {
636 		return (BUS_PROBE_GENERIC);
637 	}
638 } /* ubt_probe */
639 
640 /*
641  * Attach the device.
642  * USB context.
643  */
644 
645 static int
646 ubt_attach(device_t dev)
647 {
648 	struct usb_attach_arg		*uaa = device_get_ivars(dev);
649 	struct ubt_softc		*sc = device_get_softc(dev);
650 	struct usb_endpoint_descriptor	*ed;
651 	struct usb_interface_descriptor *id;
652 	struct usb_interface		*iface[2];
653 	uint32_t			wMaxPacketSize;
654 	uint8_t				alt_index, i, j;
655 	uint8_t				iface_index[2];
656 
657 	device_set_usb_desc(dev);
658 
659 	iface_index[0] = uaa->info.bIfaceIndex;
660 	iface_index[1] = uaa->info.bIfaceIndex + 1;
661 
662 	iface[0] = usbd_get_iface(uaa->device, iface_index[0]);
663 	iface[1] = usbd_get_iface(uaa->device, iface_index[1]);
664 
665 	sc->sc_dev = dev;
666 	sc->sc_debug = NG_UBT_WARN_LEVEL;
667 
668 	/*
669 	 * Sanity checks.
670 	 */
671 
672 	if (iface[0] == NULL || iface[1] == NULL ||
673 	    iface[0]->idesc == NULL || iface[1]->idesc == NULL) {
674 		UBT_ALERT(sc, "could not get two interfaces\n");
675 		return (ENXIO);
676 	}
677 
678 	/*
679 	 * Create Netgraph node
680 	 */
681 
682 	if (ng_make_node_common(&typestruct, &sc->sc_node) != 0) {
683 		UBT_ALERT(sc, "could not create Netgraph node\n");
684 		return (ENXIO);
685 	}
686 
687 	/* Name Netgraph node */
688 	if (ng_name_node(sc->sc_node, device_get_nameunit(dev)) != 0) {
689 		UBT_ALERT(sc, "could not name Netgraph node\n");
690 		NG_NODE_UNREF(sc->sc_node);
691 		return (ENXIO);
692 	}
693 	NG_NODE_SET_PRIVATE(sc->sc_node, sc);
694 	NG_NODE_FORCE_WRITER(sc->sc_node);
695 
696 	/*
697 	 * Initialize device softc structure
698 	 */
699 
700 	/* initialize locks */
701 	mtx_init(&sc->sc_ng_mtx, "ubt ng", NULL, MTX_DEF);
702 	mtx_init(&sc->sc_if_mtx, "ubt if", NULL, MTX_DEF | MTX_RECURSE);
703 
704 	/* initialize packet queues */
705 	NG_BT_MBUFQ_INIT(&sc->sc_cmdq, UBT_DEFAULT_QLEN);
706 	NG_BT_MBUFQ_INIT(&sc->sc_aclq, UBT_DEFAULT_QLEN);
707 	NG_BT_MBUFQ_INIT(&sc->sc_scoq, UBT_DEFAULT_QLEN);
708 
709 	/* initialize glue task */
710 	TASK_INIT(&sc->sc_task, 0, ubt_task, sc);
711 
712 	/*
713 	 * Configure Bluetooth USB device. Discover all required USB
714 	 * interfaces and endpoints.
715 	 *
716 	 * USB device must present two interfaces:
717 	 * 1) Interface 0 that has 3 endpoints
718 	 *	1) Interrupt endpoint to receive HCI events
719 	 *	2) Bulk IN endpoint to receive ACL data
720 	 *	3) Bulk OUT endpoint to send ACL data
721 	 *
722 	 * 2) Interface 1 then has 2 endpoints
723 	 *	1) Isochronous IN endpoint to receive SCO data
724  	 *	2) Isochronous OUT endpoint to send SCO data
725 	 *
726 	 * Interface 1 (with isochronous endpoints) has several alternate
727 	 * configurations with different packet size.
728 	 */
729 
730 	/*
731 	 * For interface #1 search alternate settings, and find
732 	 * the descriptor with the largest wMaxPacketSize
733 	 */
734 
735 	wMaxPacketSize = 0;
736 	alt_index = 0;
737 	i = 0;
738 	j = 0;
739 	ed = NULL;
740 
741 	/*
742 	 * Search through all the descriptors looking for the largest
743 	 * packet size:
744 	 */
745 	while ((ed = (struct usb_endpoint_descriptor *)usb_desc_foreach(
746 	    usbd_get_config_descriptor(uaa->device),
747 	    (struct usb_descriptor *)ed))) {
748 		if ((ed->bDescriptorType == UDESC_INTERFACE) &&
749 		    (ed->bLength >= sizeof(*id))) {
750 			id = (struct usb_interface_descriptor *)ed;
751 			i = (id->bInterfaceNumber == iface[1]->idesc->bInterfaceNumber);
752 			j = id->bAlternateSetting;
753 		}
754 
755 		if ((ed->bDescriptorType == UDESC_ENDPOINT) &&
756 		    (ed->bLength >= sizeof(*ed)) &&
757 		    (i != 0)) {
758 			uint32_t temp;
759 
760 			temp = usbd_get_max_frame_length(
761 			    ed, NULL, usbd_get_speed(uaa->device));
762 			if (temp > wMaxPacketSize) {
763 				wMaxPacketSize = temp;
764 				alt_index = j;
765 			}
766 		}
767 	}
768 
769 	/* Set alt configuration on interface #1 only if we found it */
770 	if (wMaxPacketSize > 0 &&
771 	    usbd_set_alt_interface_index(uaa->device, iface_index[1], alt_index)) {
772 		UBT_ALERT(sc, "could not set alternate setting %d " \
773 			"for interface 1!\n", alt_index);
774 		goto detach;
775 	}
776 
777 	/* Setup transfers for both interfaces */
778 	if (usbd_transfer_setup(uaa->device, iface_index, sc->sc_xfer, ubt_config,
779 			ng_usb_isoc_enable ? UBT_N_TRANSFER : UBT_IF_1_ISOC_DT_RD1,
780 			sc, &sc->sc_if_mtx)) {
781 		UBT_ALERT(sc, "could not allocate transfers\n");
782 		goto detach;
783 	}
784 
785 	/* Claim second interface belonging to the Bluetooth part */
786 	usbd_set_parent_iface(uaa->device, iface_index[1], uaa->info.bIfaceIndex);
787 
788 	return (0); /* success */
789 
790 detach:
791 	ubt_detach(dev);
792 
793 	return (ENXIO);
794 } /* ubt_attach */
795 
796 /*
797  * Detach the device.
798  * USB context.
799  */
800 
801 int
802 ubt_detach(device_t dev)
803 {
804 	struct ubt_softc	*sc = device_get_softc(dev);
805 	node_p			node = sc->sc_node;
806 
807 	/* Destroy Netgraph node */
808 	if (node != NULL) {
809 		sc->sc_node = NULL;
810 		NG_NODE_REALLY_DIE(node);
811 		ng_rmnode_self(node);
812 	}
813 
814 	/* Make sure ubt_task in gone */
815 	taskqueue_drain(taskqueue_swi, &sc->sc_task);
816 
817 	/* Free USB transfers, if any */
818 	usbd_transfer_unsetup(sc->sc_xfer, UBT_N_TRANSFER);
819 
820 	/* Destroy queues */
821 	UBT_NG_LOCK(sc);
822 	NG_BT_MBUFQ_DESTROY(&sc->sc_cmdq);
823 	NG_BT_MBUFQ_DESTROY(&sc->sc_aclq);
824 	NG_BT_MBUFQ_DESTROY(&sc->sc_scoq);
825 	UBT_NG_UNLOCK(sc);
826 
827 	mtx_destroy(&sc->sc_if_mtx);
828 	mtx_destroy(&sc->sc_ng_mtx);
829 
830 	return (0);
831 } /* ubt_detach */
832 
833 /*
834  * Called when incoming interrupt transfer (HCI event) has completed, i.e.
835  * HCI event was received from the device during device probe stage.
836  * USB context.
837  */
838 
839 static void
840 ubt_probe_intr_callback(struct usb_xfer *xfer, usb_error_t error)
841 {
842 	struct ubt_hci_event	*evt = usbd_xfer_softc(xfer);
843 	struct usb_page_cache	*pc;
844 	int			actlen;
845 
846 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
847 
848 	switch (USB_GET_STATE(xfer)) {
849 	case USB_ST_TRANSFERRED:
850 		if (actlen > UBT_HCI_EVENT_SIZE(evt))
851 			actlen = UBT_HCI_EVENT_SIZE(evt);
852 		pc = usbd_xfer_get_frame(xfer, 0);
853 		usbd_copy_out(pc, 0, evt, actlen);
854 		/* OneShot mode */
855 		wakeup(evt);
856 		break;
857 
858         case USB_ST_SETUP:
859 submit_next:
860 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
861 		usbd_transfer_submit(xfer);
862 		break;
863 
864 	default:
865 		if (error != USB_ERR_CANCELLED) {
866 			printf("ng_ubt: interrupt transfer failed: %s\n",
867 				usbd_errstr(error));
868 			/* Try clear stall first */
869 			usbd_xfer_set_stall(xfer);
870 			goto submit_next;
871 		}
872 		break;
873 	}
874 } /* ubt_probe_intr_callback */
875 
876 /*
877  * Called when outgoing control request (HCI command) has completed, i.e.
878  * HCI command was sent to the device.
879  * USB context.
880  */
881 
882 static void
883 ubt_ctrl_write_callback(struct usb_xfer *xfer, usb_error_t error)
884 {
885 	struct ubt_softc		*sc = usbd_xfer_softc(xfer);
886 	struct usb_device_request	req;
887 	struct mbuf			*m;
888 	struct usb_page_cache		*pc;
889 	int				actlen;
890 
891 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
892 
893 	switch (USB_GET_STATE(xfer)) {
894 	case USB_ST_TRANSFERRED:
895 		UBT_INFO(sc, "sent %d bytes to control pipe\n", actlen);
896 		UBT_STAT_BYTES_SENT(sc, actlen);
897 		UBT_STAT_PCKTS_SENT(sc);
898 		/* FALLTHROUGH */
899 
900 	case USB_ST_SETUP:
901 send_next:
902 		/* Get next command mbuf, if any */
903 		UBT_NG_LOCK(sc);
904 		NG_BT_MBUFQ_DEQUEUE(&sc->sc_cmdq, m);
905 		UBT_NG_UNLOCK(sc);
906 
907 		if (m == NULL) {
908 			UBT_INFO(sc, "HCI command queue is empty\n");
909 			break;	/* transfer complete */
910 		}
911 
912 		/* Initialize a USB control request and then schedule it */
913 		bzero(&req, sizeof(req));
914 		req.bmRequestType = UBT_HCI_REQUEST;
915 		USETW(req.wLength, m->m_pkthdr.len);
916 
917 		UBT_INFO(sc, "Sending control request, " \
918 			"bmRequestType=0x%02x, wLength=%d\n",
919 			req.bmRequestType, UGETW(req.wLength));
920 
921 		pc = usbd_xfer_get_frame(xfer, 0);
922 		usbd_copy_in(pc, 0, &req, sizeof(req));
923 		pc = usbd_xfer_get_frame(xfer, 1);
924 		usbd_m_copy_in(pc, 0, m, 0, m->m_pkthdr.len);
925 
926 		usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
927 		usbd_xfer_set_frame_len(xfer, 1, m->m_pkthdr.len);
928 		usbd_xfer_set_frames(xfer, 2);
929 
930 		NG_FREE_M(m);
931 
932 		usbd_transfer_submit(xfer);
933 		break;
934 
935 	default: /* Error */
936 		if (error != USB_ERR_CANCELLED) {
937 			UBT_WARN(sc, "control transfer failed: %s\n",
938 				usbd_errstr(error));
939 
940 			UBT_STAT_OERROR(sc);
941 			goto send_next;
942 		}
943 
944 		/* transfer cancelled */
945 		break;
946 	}
947 } /* ubt_ctrl_write_callback */
948 
949 /*
950  * Called when incoming interrupt transfer (HCI event) has completed, i.e.
951  * HCI event was received from the device.
952  * USB context.
953  */
954 
955 static void
956 ubt_intr_read_callback(struct usb_xfer *xfer, usb_error_t error)
957 {
958 	struct ubt_softc	*sc = usbd_xfer_softc(xfer);
959 	struct mbuf		*m;
960 	ng_hci_event_pkt_t	*hdr;
961 	struct usb_page_cache	*pc;
962 	int			actlen;
963 
964 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
965 
966 	m = NULL;
967 
968 	switch (USB_GET_STATE(xfer)) {
969 	case USB_ST_TRANSFERRED:
970 		/* Allocate a new mbuf */
971 		MGETHDR(m, M_NOWAIT, MT_DATA);
972 		if (m == NULL) {
973 			UBT_STAT_IERROR(sc);
974 			goto submit_next;
975 		}
976 
977 		if (!(MCLGET(m, M_NOWAIT))) {
978 			UBT_STAT_IERROR(sc);
979 			goto submit_next;
980 		}
981 
982 		/* Add HCI packet type */
983 		*mtod(m, uint8_t *)= NG_HCI_EVENT_PKT;
984 		m->m_pkthdr.len = m->m_len = 1;
985 
986 		if (actlen > MCLBYTES - 1)
987 			actlen = MCLBYTES - 1;
988 
989 		pc = usbd_xfer_get_frame(xfer, 0);
990 		usbd_copy_out(pc, 0, mtod(m, uint8_t *) + 1, actlen);
991 		m->m_pkthdr.len += actlen;
992 		m->m_len += actlen;
993 
994 		UBT_INFO(sc, "got %d bytes from interrupt pipe\n",
995 			actlen);
996 
997 		/* Validate packet and send it up the stack */
998 		if (m->m_pkthdr.len < (int)sizeof(*hdr)) {
999 			UBT_INFO(sc, "HCI event packet is too short\n");
1000 
1001 			UBT_STAT_IERROR(sc);
1002 			goto submit_next;
1003 		}
1004 
1005 		hdr = mtod(m, ng_hci_event_pkt_t *);
1006 		if (hdr->length != (m->m_pkthdr.len - sizeof(*hdr))) {
1007 			UBT_ERR(sc, "Invalid HCI event packet size, " \
1008 				"length=%d, pktlen=%d\n",
1009 				hdr->length, m->m_pkthdr.len);
1010 
1011 			UBT_STAT_IERROR(sc);
1012 			goto submit_next;
1013 		}
1014 
1015 		UBT_INFO(sc, "got complete HCI event frame, pktlen=%d, " \
1016 			"length=%d\n", m->m_pkthdr.len, hdr->length);
1017 
1018 		UBT_STAT_PCKTS_RECV(sc);
1019 		UBT_STAT_BYTES_RECV(sc, m->m_pkthdr.len);
1020 
1021 		ubt_fwd_mbuf_up(sc, &m);
1022 		/* m == NULL at this point */
1023 		/* FALLTHROUGH */
1024 
1025 	case USB_ST_SETUP:
1026 submit_next:
1027 		NG_FREE_M(m); /* checks for m != NULL */
1028 
1029 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
1030 		usbd_transfer_submit(xfer);
1031 		break;
1032 
1033 	default: /* Error */
1034 		if (error != USB_ERR_CANCELLED) {
1035 			UBT_WARN(sc, "interrupt transfer failed: %s\n",
1036 				usbd_errstr(error));
1037 
1038 			/* Try to clear stall first */
1039 			usbd_xfer_set_stall(xfer);
1040 			goto submit_next;
1041 		}
1042 			/* transfer cancelled */
1043 		break;
1044 	}
1045 } /* ubt_intr_read_callback */
1046 
1047 /*
1048  * Called when incoming bulk transfer (ACL packet) has completed, i.e.
1049  * ACL packet was received from the device.
1050  * USB context.
1051  */
1052 
1053 static void
1054 ubt_bulk_read_callback(struct usb_xfer *xfer, usb_error_t error)
1055 {
1056 	struct ubt_softc	*sc = usbd_xfer_softc(xfer);
1057 	struct mbuf		*m;
1058 	ng_hci_acldata_pkt_t	*hdr;
1059 	struct usb_page_cache	*pc;
1060 	int len;
1061 	int actlen;
1062 
1063 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
1064 
1065 	m = NULL;
1066 
1067 	switch (USB_GET_STATE(xfer)) {
1068 	case USB_ST_TRANSFERRED:
1069 		/* Allocate new mbuf */
1070 		MGETHDR(m, M_NOWAIT, MT_DATA);
1071 		if (m == NULL) {
1072 			UBT_STAT_IERROR(sc);
1073 			goto submit_next;
1074 		}
1075 
1076 		if (!(MCLGET(m, M_NOWAIT))) {
1077 			UBT_STAT_IERROR(sc);
1078 			goto submit_next;
1079 		}
1080 
1081 		/* Add HCI packet type */
1082 		*mtod(m, uint8_t *)= NG_HCI_ACL_DATA_PKT;
1083 		m->m_pkthdr.len = m->m_len = 1;
1084 
1085 		if (actlen > MCLBYTES - 1)
1086 			actlen = MCLBYTES - 1;
1087 
1088 		pc = usbd_xfer_get_frame(xfer, 0);
1089 		usbd_copy_out(pc, 0, mtod(m, uint8_t *) + 1, actlen);
1090 		m->m_pkthdr.len += actlen;
1091 		m->m_len += actlen;
1092 
1093 		UBT_INFO(sc, "got %d bytes from bulk-in pipe\n",
1094 			actlen);
1095 
1096 		/* Validate packet and send it up the stack */
1097 		if (m->m_pkthdr.len < (int)sizeof(*hdr)) {
1098 			UBT_INFO(sc, "HCI ACL packet is too short\n");
1099 
1100 			UBT_STAT_IERROR(sc);
1101 			goto submit_next;
1102 		}
1103 
1104 		hdr = mtod(m, ng_hci_acldata_pkt_t *);
1105 		len = le16toh(hdr->length);
1106 		if (len != (int)(m->m_pkthdr.len - sizeof(*hdr))) {
1107 			UBT_ERR(sc, "Invalid ACL packet size, length=%d, " \
1108 				"pktlen=%d\n", len, m->m_pkthdr.len);
1109 
1110 			UBT_STAT_IERROR(sc);
1111 			goto submit_next;
1112 		}
1113 
1114 		UBT_INFO(sc, "got complete ACL data packet, pktlen=%d, " \
1115 			"length=%d\n", m->m_pkthdr.len, len);
1116 
1117 		UBT_STAT_PCKTS_RECV(sc);
1118 		UBT_STAT_BYTES_RECV(sc, m->m_pkthdr.len);
1119 
1120 		ubt_fwd_mbuf_up(sc, &m);
1121 		/* m == NULL at this point */
1122 		/* FALLTHOUGH */
1123 
1124 	case USB_ST_SETUP:
1125 submit_next:
1126 		NG_FREE_M(m); /* checks for m != NULL */
1127 
1128 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
1129 		usbd_transfer_submit(xfer);
1130 		break;
1131 
1132 	default: /* Error */
1133 		if (error != USB_ERR_CANCELLED) {
1134 			UBT_WARN(sc, "bulk-in transfer failed: %s\n",
1135 				usbd_errstr(error));
1136 
1137 			/* Try to clear stall first */
1138 			usbd_xfer_set_stall(xfer);
1139 			goto submit_next;
1140 		}
1141 			/* transfer cancelled */
1142 		break;
1143 	}
1144 } /* ubt_bulk_read_callback */
1145 
1146 /*
1147  * Called when outgoing bulk transfer (ACL packet) has completed, i.e.
1148  * ACL packet was sent to the device.
1149  * USB context.
1150  */
1151 
1152 static void
1153 ubt_bulk_write_callback(struct usb_xfer *xfer, usb_error_t error)
1154 {
1155 	struct ubt_softc	*sc = usbd_xfer_softc(xfer);
1156 	struct mbuf		*m;
1157 	struct usb_page_cache	*pc;
1158 	int			actlen;
1159 
1160 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
1161 
1162 	switch (USB_GET_STATE(xfer)) {
1163 	case USB_ST_TRANSFERRED:
1164 		UBT_INFO(sc, "sent %d bytes to bulk-out pipe\n", actlen);
1165 		UBT_STAT_BYTES_SENT(sc, actlen);
1166 		UBT_STAT_PCKTS_SENT(sc);
1167 		/* FALLTHROUGH */
1168 
1169 	case USB_ST_SETUP:
1170 send_next:
1171 		/* Get next mbuf, if any */
1172 		UBT_NG_LOCK(sc);
1173 		NG_BT_MBUFQ_DEQUEUE(&sc->sc_aclq, m);
1174 		UBT_NG_UNLOCK(sc);
1175 
1176 		if (m == NULL) {
1177 			UBT_INFO(sc, "ACL data queue is empty\n");
1178 			break; /* transfer completed */
1179 		}
1180 
1181 		/*
1182 		 * Copy ACL data frame back to a linear USB transfer buffer
1183 		 * and schedule transfer
1184 		 */
1185 
1186 		pc = usbd_xfer_get_frame(xfer, 0);
1187 		usbd_m_copy_in(pc, 0, m, 0, m->m_pkthdr.len);
1188 		usbd_xfer_set_frame_len(xfer, 0, m->m_pkthdr.len);
1189 
1190 		UBT_INFO(sc, "bulk-out transfer has been started, len=%d\n",
1191 			m->m_pkthdr.len);
1192 
1193 		NG_FREE_M(m);
1194 
1195 		usbd_transfer_submit(xfer);
1196 		break;
1197 
1198 	default: /* Error */
1199 		if (error != USB_ERR_CANCELLED) {
1200 			UBT_WARN(sc, "bulk-out transfer failed: %s\n",
1201 				usbd_errstr(error));
1202 
1203 			UBT_STAT_OERROR(sc);
1204 
1205 			/* try to clear stall first */
1206 			usbd_xfer_set_stall(xfer);
1207 			goto send_next;
1208 		}
1209 			/* transfer cancelled */
1210 		break;
1211 	}
1212 } /* ubt_bulk_write_callback */
1213 
1214 /*
1215  * Called when incoming isoc transfer (SCO packet) has completed, i.e.
1216  * SCO packet was received from the device.
1217  * USB context.
1218  */
1219 
1220 static void
1221 ubt_isoc_read_callback(struct usb_xfer *xfer, usb_error_t error)
1222 {
1223 	struct ubt_softc	*sc = usbd_xfer_softc(xfer);
1224 	int			n;
1225 	int actlen, nframes;
1226 
1227 	usbd_xfer_status(xfer, &actlen, NULL, NULL, &nframes);
1228 
1229 	switch (USB_GET_STATE(xfer)) {
1230 	case USB_ST_TRANSFERRED:
1231 		for (n = 0; n < nframes; n ++)
1232 			if (ubt_isoc_read_one_frame(xfer, n) < 0)
1233 				break;
1234 		/* FALLTHROUGH */
1235 
1236 	case USB_ST_SETUP:
1237 read_next:
1238 		for (n = 0; n < nframes; n ++)
1239 			usbd_xfer_set_frame_len(xfer, n,
1240 			    usbd_xfer_max_framelen(xfer));
1241 
1242 		usbd_transfer_submit(xfer);
1243 		break;
1244 
1245 	default: /* Error */
1246                 if (error != USB_ERR_CANCELLED) {
1247                         UBT_STAT_IERROR(sc);
1248                         goto read_next;
1249                 }
1250 
1251 		/* transfer cancelled */
1252 		break;
1253 	}
1254 } /* ubt_isoc_read_callback */
1255 
1256 /*
1257  * Helper function. Called from ubt_isoc_read_callback() to read
1258  * SCO data from one frame.
1259  * USB context.
1260  */
1261 
1262 static int
1263 ubt_isoc_read_one_frame(struct usb_xfer *xfer, int frame_no)
1264 {
1265 	struct ubt_softc	*sc = usbd_xfer_softc(xfer);
1266 	struct usb_page_cache	*pc;
1267 	struct mbuf		*m;
1268 	int			len, want, got, total;
1269 
1270 	/* Get existing SCO reassembly buffer */
1271 	pc = usbd_xfer_get_frame(xfer, 0);
1272 	m = sc->sc_isoc_in_buffer;
1273 	total = usbd_xfer_frame_len(xfer, frame_no);
1274 
1275 	/* While we have data in the frame */
1276 	while (total > 0) {
1277 		if (m == NULL) {
1278 			/* Start new reassembly buffer */
1279 			MGETHDR(m, M_NOWAIT, MT_DATA);
1280 			if (m == NULL) {
1281 				UBT_STAT_IERROR(sc);
1282 				return (-1);	/* XXX out of sync! */
1283 			}
1284 
1285 			if (!(MCLGET(m, M_NOWAIT))) {
1286 				UBT_STAT_IERROR(sc);
1287 				NG_FREE_M(m);
1288 				return (-1);	/* XXX out of sync! */
1289 			}
1290 
1291 			/* Expect SCO header */
1292 			*mtod(m, uint8_t *) = NG_HCI_SCO_DATA_PKT;
1293 			m->m_pkthdr.len = m->m_len = got = 1;
1294 			want = sizeof(ng_hci_scodata_pkt_t);
1295 		} else {
1296 			/*
1297 			 * Check if we have SCO header and if so
1298 			 * adjust amount of data we want
1299 			 */
1300 			got = m->m_pkthdr.len;
1301 			want = sizeof(ng_hci_scodata_pkt_t);
1302 
1303 			if (got >= want)
1304 				want += mtod(m, ng_hci_scodata_pkt_t *)->length;
1305 		}
1306 
1307 		/* Append frame data to the SCO reassembly buffer */
1308 		len = total;
1309 		if (got + len > want)
1310 			len = want - got;
1311 
1312 		usbd_copy_out(pc, frame_no * usbd_xfer_max_framelen(xfer),
1313 			mtod(m, uint8_t *) + m->m_pkthdr.len, len);
1314 
1315 		m->m_pkthdr.len += len;
1316 		m->m_len += len;
1317 		total -= len;
1318 
1319 		/* Check if we got everything we wanted, if not - continue */
1320 		if (got != want)
1321 			continue;
1322 
1323 		/* If we got here then we got complete SCO frame */
1324 		UBT_INFO(sc, "got complete SCO data frame, pktlen=%d, " \
1325 			"length=%d\n", m->m_pkthdr.len,
1326 			mtod(m, ng_hci_scodata_pkt_t *)->length);
1327 
1328 		UBT_STAT_PCKTS_RECV(sc);
1329 		UBT_STAT_BYTES_RECV(sc, m->m_pkthdr.len);
1330 
1331 		ubt_fwd_mbuf_up(sc, &m);
1332 		/* m == NULL at this point */
1333 	}
1334 
1335 	/* Put SCO reassembly buffer back */
1336 	sc->sc_isoc_in_buffer = m;
1337 
1338 	return (0);
1339 } /* ubt_isoc_read_one_frame */
1340 
1341 /*
1342  * Called when outgoing isoc transfer (SCO packet) has completed, i.e.
1343  * SCO packet was sent to the device.
1344  * USB context.
1345  */
1346 
1347 static void
1348 ubt_isoc_write_callback(struct usb_xfer *xfer, usb_error_t error)
1349 {
1350 	struct ubt_softc	*sc = usbd_xfer_softc(xfer);
1351 	struct usb_page_cache	*pc;
1352 	struct mbuf		*m;
1353 	int			n, space, offset;
1354 	int			actlen, nframes;
1355 
1356 	usbd_xfer_status(xfer, &actlen, NULL, NULL, &nframes);
1357 	pc = usbd_xfer_get_frame(xfer, 0);
1358 
1359 	switch (USB_GET_STATE(xfer)) {
1360 	case USB_ST_TRANSFERRED:
1361 		UBT_INFO(sc, "sent %d bytes to isoc-out pipe\n", actlen);
1362 		UBT_STAT_BYTES_SENT(sc, actlen);
1363 		UBT_STAT_PCKTS_SENT(sc);
1364 		/* FALLTHROUGH */
1365 
1366 	case USB_ST_SETUP:
1367 send_next:
1368 		offset = 0;
1369 		space = usbd_xfer_max_framelen(xfer) * nframes;
1370 		m = NULL;
1371 
1372 		while (space > 0) {
1373 			if (m == NULL) {
1374 				UBT_NG_LOCK(sc);
1375 				NG_BT_MBUFQ_DEQUEUE(&sc->sc_scoq, m);
1376 				UBT_NG_UNLOCK(sc);
1377 
1378 				if (m == NULL)
1379 					break;
1380 			}
1381 
1382 			n = min(space, m->m_pkthdr.len);
1383 			if (n > 0) {
1384 				usbd_m_copy_in(pc, offset, m,0, n);
1385 				m_adj(m, n);
1386 
1387 				offset += n;
1388 				space -= n;
1389 			}
1390 
1391 			if (m->m_pkthdr.len == 0)
1392 				NG_FREE_M(m); /* sets m = NULL */
1393 		}
1394 
1395 		/* Put whatever is left from mbuf back on queue */
1396 		if (m != NULL) {
1397 			UBT_NG_LOCK(sc);
1398 			NG_BT_MBUFQ_PREPEND(&sc->sc_scoq, m);
1399 			UBT_NG_UNLOCK(sc);
1400 		}
1401 
1402 		/*
1403 		 * Calculate sizes for isoc frames.
1404 		 * Note that offset could be 0 at this point (i.e. we have
1405 		 * nothing to send). That is fine, as we have isoc. transfers
1406 		 * going in both directions all the time. In this case it
1407 		 * would be just empty isoc. transfer.
1408 		 */
1409 
1410 		for (n = 0; n < nframes; n ++) {
1411 			usbd_xfer_set_frame_len(xfer, n,
1412 			    min(offset, usbd_xfer_max_framelen(xfer)));
1413 			offset -= usbd_xfer_frame_len(xfer, n);
1414 		}
1415 
1416 		usbd_transfer_submit(xfer);
1417 		break;
1418 
1419 	default: /* Error */
1420 		if (error != USB_ERR_CANCELLED) {
1421 			UBT_STAT_OERROR(sc);
1422 			goto send_next;
1423 		}
1424 
1425 		/* transfer cancelled */
1426 		break;
1427 	}
1428 }
1429 
1430 /*
1431  * Utility function to forward provided mbuf upstream (i.e. up the stack).
1432  * Modifies value of the mbuf pointer (sets it to NULL).
1433  * Save to call from any context.
1434  */
1435 
1436 static int
1437 ubt_fwd_mbuf_up(ubt_softc_p sc, struct mbuf **m)
1438 {
1439 	hook_p	hook;
1440 	int	error;
1441 
1442 	/*
1443 	 * Close the race with Netgraph hook newhook/disconnect methods.
1444 	 * Save the hook pointer atomically. Two cases are possible:
1445 	 *
1446 	 * 1) The hook pointer is NULL. It means disconnect method got
1447 	 *    there first. In this case we are done.
1448 	 *
1449 	 * 2) The hook pointer is not NULL. It means that hook pointer
1450 	 *    could be either in valid or invalid (i.e. in the process
1451 	 *    of disconnect) state. In any case grab an extra reference
1452 	 *    to protect the hook pointer.
1453 	 *
1454 	 * It is ok to pass hook in invalid state to NG_SEND_DATA_ONLY() as
1455 	 * it checks for it. Drop extra reference after NG_SEND_DATA_ONLY().
1456 	 */
1457 
1458 	UBT_NG_LOCK(sc);
1459 	if ((hook = sc->sc_hook) != NULL)
1460 		NG_HOOK_REF(hook);
1461 	UBT_NG_UNLOCK(sc);
1462 
1463 	if (hook == NULL) {
1464 		NG_FREE_M(*m);
1465 		return (ENETDOWN);
1466 	}
1467 
1468 	NG_SEND_DATA_ONLY(error, hook, *m);
1469 	NG_HOOK_UNREF(hook);
1470 
1471 	if (error != 0)
1472 		UBT_STAT_IERROR(sc);
1473 
1474 	return (error);
1475 } /* ubt_fwd_mbuf_up */
1476 
1477 /****************************************************************************
1478  ****************************************************************************
1479  **                                 Glue
1480  ****************************************************************************
1481  ****************************************************************************/
1482 
1483 /*
1484  * Schedule glue task. Should be called with sc_ng_mtx held.
1485  * Netgraph context.
1486  */
1487 
1488 static void
1489 ubt_task_schedule(ubt_softc_p sc, int action)
1490 {
1491 	mtx_assert(&sc->sc_ng_mtx, MA_OWNED);
1492 
1493 	/*
1494 	 * Try to handle corner case when "start all" and "stop all"
1495 	 * actions can both be set before task is executed.
1496 	 *
1497 	 * The rules are
1498 	 *
1499 	 * sc_task_flags	action		new sc_task_flags
1500 	 * ------------------------------------------------------
1501 	 * 0			start		start
1502 	 * 0			stop		stop
1503 	 * start		start		start
1504 	 * start		stop		stop
1505 	 * stop			start		stop|start
1506 	 * stop			stop		stop
1507 	 * stop|start		start		stop|start
1508 	 * stop|start		stop		stop
1509 	 */
1510 
1511 	if (action != 0) {
1512 		if ((action & UBT_FLAG_T_STOP_ALL) != 0)
1513 			sc->sc_task_flags &= ~UBT_FLAG_T_START_ALL;
1514 
1515 		sc->sc_task_flags |= action;
1516 	}
1517 
1518 	if (sc->sc_task_flags & UBT_FLAG_T_PENDING)
1519 		return;
1520 
1521 	if (taskqueue_enqueue(taskqueue_swi, &sc->sc_task) == 0) {
1522 		sc->sc_task_flags |= UBT_FLAG_T_PENDING;
1523 		return;
1524 	}
1525 
1526 	/* XXX: i think this should never happen */
1527 } /* ubt_task_schedule */
1528 
1529 /*
1530  * Glue task. Examines sc_task_flags and does things depending on it.
1531  * Taskqueue context.
1532  */
1533 
1534 static void
1535 ubt_task(void *context, int pending)
1536 {
1537 	ubt_softc_p	sc = context;
1538 	int		task_flags, i;
1539 
1540 	UBT_NG_LOCK(sc);
1541 	task_flags = sc->sc_task_flags;
1542 	sc->sc_task_flags = 0;
1543 	UBT_NG_UNLOCK(sc);
1544 
1545 	/*
1546 	 * Stop all USB transfers synchronously.
1547 	 * Stop interface #0 and #1 transfers at the same time and in the
1548 	 * same loop. usbd_transfer_drain() will do appropriate locking.
1549 	 */
1550 
1551 	if (task_flags & UBT_FLAG_T_STOP_ALL)
1552 		for (i = 0; i < UBT_N_TRANSFER; i ++)
1553 			usbd_transfer_drain(sc->sc_xfer[i]);
1554 
1555 	/* Start incoming interrupt and bulk, and all isoc. USB transfers */
1556 	if (task_flags & UBT_FLAG_T_START_ALL) {
1557 		/*
1558 		 * Interface #0
1559 		 */
1560 
1561 		mtx_lock(&sc->sc_if_mtx);
1562 
1563 		ubt_xfer_start(sc, UBT_IF_0_INTR_DT_RD);
1564 		ubt_xfer_start(sc, UBT_IF_0_BULK_DT_RD);
1565 
1566 		/*
1567 		 * Interface #1
1568 		 * Start both read and write isoc. transfers by default.
1569 		 * Get them going all the time even if we have nothing
1570 		 * to send to avoid any delays.
1571 		 */
1572 
1573 		ubt_xfer_start(sc, UBT_IF_1_ISOC_DT_RD1);
1574 		ubt_xfer_start(sc, UBT_IF_1_ISOC_DT_RD2);
1575 		ubt_xfer_start(sc, UBT_IF_1_ISOC_DT_WR1);
1576 		ubt_xfer_start(sc, UBT_IF_1_ISOC_DT_WR2);
1577 
1578 		mtx_unlock(&sc->sc_if_mtx);
1579 	}
1580 
1581  	/* Start outgoing control transfer */
1582 	if (task_flags & UBT_FLAG_T_START_CTRL) {
1583 		mtx_lock(&sc->sc_if_mtx);
1584 		ubt_xfer_start(sc, UBT_IF_0_CTRL_DT_WR);
1585 		mtx_unlock(&sc->sc_if_mtx);
1586 	}
1587 
1588 	/* Start outgoing bulk transfer */
1589 	if (task_flags & UBT_FLAG_T_START_BULK) {
1590 		mtx_lock(&sc->sc_if_mtx);
1591 		ubt_xfer_start(sc, UBT_IF_0_BULK_DT_WR);
1592 		mtx_unlock(&sc->sc_if_mtx);
1593 	}
1594 } /* ubt_task */
1595 
1596 /****************************************************************************
1597  ****************************************************************************
1598  **                        Netgraph specific
1599  ****************************************************************************
1600  ****************************************************************************/
1601 
1602 /*
1603  * Netgraph node constructor. Do not allow to create node of this type.
1604  * Netgraph context.
1605  */
1606 
1607 static int
1608 ng_ubt_constructor(node_p node)
1609 {
1610 	return (EINVAL);
1611 } /* ng_ubt_constructor */
1612 
1613 /*
1614  * Netgraph node destructor. Destroy node only when device has been detached.
1615  * Netgraph context.
1616  */
1617 
1618 static int
1619 ng_ubt_shutdown(node_p node)
1620 {
1621 	if (node->nd_flags & NGF_REALLY_DIE) {
1622 		/*
1623                  * We came here because the USB device is being
1624 		 * detached, so stop being persistent.
1625                  */
1626 		NG_NODE_SET_PRIVATE(node, NULL);
1627 		NG_NODE_UNREF(node);
1628 	} else
1629 		NG_NODE_REVIVE(node); /* tell ng_rmnode we are persisant */
1630 
1631 	return (0);
1632 } /* ng_ubt_shutdown */
1633 
1634 /*
1635  * Create new hook. There can only be one.
1636  * Netgraph context.
1637  */
1638 
1639 static int
1640 ng_ubt_newhook(node_p node, hook_p hook, char const *name)
1641 {
1642 	struct ubt_softc	*sc = NG_NODE_PRIVATE(node);
1643 
1644 	if (strcmp(name, NG_UBT_HOOK) != 0)
1645 		return (EINVAL);
1646 
1647 	UBT_NG_LOCK(sc);
1648 	if (sc->sc_hook != NULL) {
1649 		UBT_NG_UNLOCK(sc);
1650 
1651 		return (EISCONN);
1652 	}
1653 
1654 	sc->sc_hook = hook;
1655 	UBT_NG_UNLOCK(sc);
1656 
1657 	return (0);
1658 } /* ng_ubt_newhook */
1659 
1660 /*
1661  * Connect hook. Start incoming USB transfers.
1662  * Netgraph context.
1663  */
1664 
1665 static int
1666 ng_ubt_connect(hook_p hook)
1667 {
1668 	struct ubt_softc	*sc = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
1669 
1670 	NG_HOOK_FORCE_QUEUE(NG_HOOK_PEER(hook));
1671 
1672 	UBT_NG_LOCK(sc);
1673 	ubt_task_schedule(sc, UBT_FLAG_T_START_ALL);
1674 	UBT_NG_UNLOCK(sc);
1675 
1676 	return (0);
1677 } /* ng_ubt_connect */
1678 
1679 /*
1680  * Disconnect hook.
1681  * Netgraph context.
1682  */
1683 
1684 static int
1685 ng_ubt_disconnect(hook_p hook)
1686 {
1687 	struct ubt_softc	*sc = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
1688 
1689 	UBT_NG_LOCK(sc);
1690 
1691 	if (hook != sc->sc_hook) {
1692 		UBT_NG_UNLOCK(sc);
1693 
1694 		return (EINVAL);
1695 	}
1696 
1697 	sc->sc_hook = NULL;
1698 
1699 	/* Kick off task to stop all USB xfers */
1700 	ubt_task_schedule(sc, UBT_FLAG_T_STOP_ALL);
1701 
1702 	/* Drain queues */
1703 	NG_BT_MBUFQ_DRAIN(&sc->sc_cmdq);
1704 	NG_BT_MBUFQ_DRAIN(&sc->sc_aclq);
1705 	NG_BT_MBUFQ_DRAIN(&sc->sc_scoq);
1706 
1707 	UBT_NG_UNLOCK(sc);
1708 
1709 	return (0);
1710 } /* ng_ubt_disconnect */
1711 
1712 /*
1713  * Process control message.
1714  * Netgraph context.
1715  */
1716 
1717 static int
1718 ng_ubt_rcvmsg(node_p node, item_p item, hook_p lasthook)
1719 {
1720 	struct ubt_softc	*sc = NG_NODE_PRIVATE(node);
1721 	struct ng_mesg		*msg, *rsp = NULL;
1722 	struct ng_bt_mbufq	*q;
1723 	int			error = 0, queue, qlen;
1724 
1725 	NGI_GET_MSG(item, msg);
1726 
1727 	switch (msg->header.typecookie) {
1728 	case NGM_GENERIC_COOKIE:
1729 		switch (msg->header.cmd) {
1730 		case NGM_TEXT_STATUS:
1731 			NG_MKRESPONSE(rsp, msg, NG_TEXTRESPONSE, M_NOWAIT);
1732 			if (rsp == NULL) {
1733 				error = ENOMEM;
1734 				break;
1735 			}
1736 
1737 			snprintf(rsp->data, NG_TEXTRESPONSE,
1738 				"Hook: %s\n" \
1739 				"Task flags: %#x\n" \
1740 				"Debug: %d\n" \
1741 				"CMD queue: [have:%d,max:%d]\n" \
1742 				"ACL queue: [have:%d,max:%d]\n" \
1743 				"SCO queue: [have:%d,max:%d]",
1744 				(sc->sc_hook != NULL) ? NG_UBT_HOOK : "",
1745 				sc->sc_task_flags,
1746 				sc->sc_debug,
1747 				sc->sc_cmdq.len,
1748 				sc->sc_cmdq.maxlen,
1749 				sc->sc_aclq.len,
1750 				sc->sc_aclq.maxlen,
1751 				sc->sc_scoq.len,
1752 				sc->sc_scoq.maxlen);
1753 			break;
1754 
1755 		default:
1756 			error = EINVAL;
1757 			break;
1758 		}
1759 		break;
1760 
1761 	case NGM_UBT_COOKIE:
1762 		switch (msg->header.cmd) {
1763 		case NGM_UBT_NODE_SET_DEBUG:
1764 			if (msg->header.arglen != sizeof(ng_ubt_node_debug_ep)){
1765 				error = EMSGSIZE;
1766 				break;
1767 			}
1768 
1769 			sc->sc_debug = *((ng_ubt_node_debug_ep *) (msg->data));
1770 			break;
1771 
1772 		case NGM_UBT_NODE_GET_DEBUG:
1773 			NG_MKRESPONSE(rsp, msg, sizeof(ng_ubt_node_debug_ep),
1774 			    M_NOWAIT);
1775 			if (rsp == NULL) {
1776 				error = ENOMEM;
1777 				break;
1778 			}
1779 
1780 			*((ng_ubt_node_debug_ep *) (rsp->data)) = sc->sc_debug;
1781 			break;
1782 
1783 		case NGM_UBT_NODE_SET_QLEN:
1784 			if (msg->header.arglen != sizeof(ng_ubt_node_qlen_ep)) {
1785 				error = EMSGSIZE;
1786 				break;
1787 			}
1788 
1789 			queue = ((ng_ubt_node_qlen_ep *) (msg->data))->queue;
1790 			qlen = ((ng_ubt_node_qlen_ep *) (msg->data))->qlen;
1791 
1792 			switch (queue) {
1793 			case NGM_UBT_NODE_QUEUE_CMD:
1794 				q = &sc->sc_cmdq;
1795 				break;
1796 
1797 			case NGM_UBT_NODE_QUEUE_ACL:
1798 				q = &sc->sc_aclq;
1799 				break;
1800 
1801 			case NGM_UBT_NODE_QUEUE_SCO:
1802 				q = &sc->sc_scoq;
1803 				break;
1804 
1805 			default:
1806 				error = EINVAL;
1807 				goto done;
1808 				/* NOT REACHED */
1809 			}
1810 
1811 			q->maxlen = qlen;
1812 			break;
1813 
1814 		case NGM_UBT_NODE_GET_QLEN:
1815 			if (msg->header.arglen != sizeof(ng_ubt_node_qlen_ep)) {
1816 				error = EMSGSIZE;
1817 				break;
1818 			}
1819 
1820 			queue = ((ng_ubt_node_qlen_ep *) (msg->data))->queue;
1821 
1822 			switch (queue) {
1823 			case NGM_UBT_NODE_QUEUE_CMD:
1824 				q = &sc->sc_cmdq;
1825 				break;
1826 
1827 			case NGM_UBT_NODE_QUEUE_ACL:
1828 				q = &sc->sc_aclq;
1829 				break;
1830 
1831 			case NGM_UBT_NODE_QUEUE_SCO:
1832 				q = &sc->sc_scoq;
1833 				break;
1834 
1835 			default:
1836 				error = EINVAL;
1837 				goto done;
1838 				/* NOT REACHED */
1839 			}
1840 
1841 			NG_MKRESPONSE(rsp, msg, sizeof(ng_ubt_node_qlen_ep),
1842 				M_NOWAIT);
1843 			if (rsp == NULL) {
1844 				error = ENOMEM;
1845 				break;
1846 			}
1847 
1848 			((ng_ubt_node_qlen_ep *) (rsp->data))->queue = queue;
1849 			((ng_ubt_node_qlen_ep *) (rsp->data))->qlen = q->maxlen;
1850 			break;
1851 
1852 		case NGM_UBT_NODE_GET_STAT:
1853 			NG_MKRESPONSE(rsp, msg, sizeof(ng_ubt_node_stat_ep),
1854 			    M_NOWAIT);
1855 			if (rsp == NULL) {
1856 				error = ENOMEM;
1857 				break;
1858 			}
1859 
1860 			bcopy(&sc->sc_stat, rsp->data,
1861 				sizeof(ng_ubt_node_stat_ep));
1862 			break;
1863 
1864 		case NGM_UBT_NODE_RESET_STAT:
1865 			UBT_STAT_RESET(sc);
1866 			break;
1867 
1868 		default:
1869 			error = EINVAL;
1870 			break;
1871 		}
1872 		break;
1873 
1874 	default:
1875 		error = EINVAL;
1876 		break;
1877 	}
1878 done:
1879 	NG_RESPOND_MSG(error, node, item, rsp);
1880 	NG_FREE_MSG(msg);
1881 
1882 	return (error);
1883 } /* ng_ubt_rcvmsg */
1884 
1885 /*
1886  * Process data.
1887  * Netgraph context.
1888  */
1889 
1890 static int
1891 ng_ubt_rcvdata(hook_p hook, item_p item)
1892 {
1893 	struct ubt_softc	*sc = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
1894 	struct mbuf		*m;
1895 	struct ng_bt_mbufq	*q;
1896 	int			action, error = 0;
1897 
1898 	if (hook != sc->sc_hook) {
1899 		error = EINVAL;
1900 		goto done;
1901 	}
1902 
1903 	/* Deatch mbuf and get HCI frame type */
1904 	NGI_GET_M(item, m);
1905 
1906 	/*
1907 	 * Minimal size of the HCI frame is 4 bytes: 1 byte frame type,
1908 	 * 2 bytes connection handle and at least 1 byte of length.
1909 	 * Panic on data frame that has size smaller than 4 bytes (it
1910 	 * should not happen)
1911 	 */
1912 
1913 	if (m->m_pkthdr.len < 4)
1914 		panic("HCI frame size is too small! pktlen=%d\n",
1915 			m->m_pkthdr.len);
1916 
1917 	/* Process HCI frame */
1918 	switch (*mtod(m, uint8_t *)) {	/* XXX call m_pullup ? */
1919 	case NG_HCI_CMD_PKT:
1920 		if (m->m_pkthdr.len - 1 > (int)UBT_CTRL_BUFFER_SIZE)
1921 			panic("HCI command frame size is too big! " \
1922 				"buffer size=%zd, packet len=%d\n",
1923 				UBT_CTRL_BUFFER_SIZE, m->m_pkthdr.len);
1924 
1925 		q = &sc->sc_cmdq;
1926 		action = UBT_FLAG_T_START_CTRL;
1927 		break;
1928 
1929 	case NG_HCI_ACL_DATA_PKT:
1930 		if (m->m_pkthdr.len - 1 > UBT_BULK_WRITE_BUFFER_SIZE)
1931 			panic("ACL data frame size is too big! " \
1932 				"buffer size=%d, packet len=%d\n",
1933 				UBT_BULK_WRITE_BUFFER_SIZE, m->m_pkthdr.len);
1934 
1935 		q = &sc->sc_aclq;
1936 		action = UBT_FLAG_T_START_BULK;
1937 		break;
1938 
1939 	case NG_HCI_SCO_DATA_PKT:
1940 		q = &sc->sc_scoq;
1941 		action = 0;
1942 		break;
1943 
1944 	default:
1945 		UBT_ERR(sc, "Dropping unsupported HCI frame, type=0x%02x, " \
1946 			"pktlen=%d\n", *mtod(m, uint8_t *), m->m_pkthdr.len);
1947 
1948 		NG_FREE_M(m);
1949 		error = EINVAL;
1950 		goto done;
1951 		/* NOT REACHED */
1952 	}
1953 
1954 	UBT_NG_LOCK(sc);
1955 	if (NG_BT_MBUFQ_FULL(q)) {
1956 		NG_BT_MBUFQ_DROP(q);
1957 		UBT_NG_UNLOCK(sc);
1958 
1959 		UBT_ERR(sc, "Dropping HCI frame 0x%02x, len=%d. Queue full\n",
1960 			*mtod(m, uint8_t *), m->m_pkthdr.len);
1961 
1962 		NG_FREE_M(m);
1963 	} else {
1964 		/* Loose HCI packet type, enqueue mbuf and kick off task */
1965 		m_adj(m, sizeof(uint8_t));
1966 		NG_BT_MBUFQ_ENQUEUE(q, m);
1967 		ubt_task_schedule(sc, action);
1968 		UBT_NG_UNLOCK(sc);
1969 	}
1970 done:
1971 	NG_FREE_ITEM(item);
1972 
1973 	return (error);
1974 } /* ng_ubt_rcvdata */
1975 
1976 /****************************************************************************
1977  ****************************************************************************
1978  **                              Module
1979  ****************************************************************************
1980  ****************************************************************************/
1981 
1982 /*
1983  * Load/Unload the driver module
1984  */
1985 
1986 static int
1987 ubt_modevent(module_t mod, int event, void *data)
1988 {
1989 	int	error;
1990 
1991 	switch (event) {
1992 	case MOD_LOAD:
1993 		error = ng_newtype(&typestruct);
1994 		if (error != 0)
1995 			printf("%s: Could not register Netgraph node type, " \
1996 				"error=%d\n", NG_UBT_NODE_TYPE, error);
1997 		break;
1998 
1999 	case MOD_UNLOAD:
2000 		error = ng_rmtype(&typestruct);
2001 		break;
2002 
2003 	default:
2004 		error = EOPNOTSUPP;
2005 		break;
2006 	}
2007 
2008 	return (error);
2009 } /* ubt_modevent */
2010 
2011 static device_method_t	ubt_methods[] =
2012 {
2013 	DEVMETHOD(device_probe,	ubt_probe),
2014 	DEVMETHOD(device_attach, ubt_attach),
2015 	DEVMETHOD(device_detach, ubt_detach),
2016 	DEVMETHOD_END
2017 };
2018 
2019 driver_t		ubt_driver =
2020 {
2021 	.name =	   "ubt",
2022 	.methods = ubt_methods,
2023 	.size =	   sizeof(struct ubt_softc),
2024 };
2025 
2026 DRIVER_MODULE(ng_ubt, uhub, ubt_driver, ubt_modevent, 0);
2027 MODULE_VERSION(ng_ubt, NG_BLUETOOTH_VERSION);
2028 MODULE_DEPEND(ng_ubt, netgraph, NG_ABI_VERSION, NG_ABI_VERSION, NG_ABI_VERSION);
2029 MODULE_DEPEND(ng_ubt, ng_hci, NG_BLUETOOTH_VERSION, NG_BLUETOOTH_VERSION, NG_BLUETOOTH_VERSION);
2030 MODULE_DEPEND(ng_ubt, ng_bluetooth, NG_BLUETOOTH_VERSION, NG_BLUETOOTH_VERSION, NG_BLUETOOTH_VERSION);
2031 MODULE_DEPEND(ng_ubt, usb, 1, 1, 1);
2032 USB_PNP_HOST_INFO(ubt_devs);
2033