xref: /freebsd/sys/netgraph/bluetooth/hci/ng_hci_evnt.c (revision 184c1b943937986c81e1996d999d21626ec7a4ff)
1 /*
2  * ng_hci_evnt.c
3  */
4 
5 /*-
6  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
7  *
8  * Copyright (c) Maksim Yevmenkin <m_evmenkin@yahoo.com>
9  * All rights reserved.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  * $Id: ng_hci_evnt.c,v 1.6 2003/09/08 18:57:51 max Exp $
33  * $FreeBSD$
34  */
35 
36 #include <sys/param.h>
37 #include <sys/systm.h>
38 #include <sys/kernel.h>
39 #include <sys/endian.h>
40 #include <sys/malloc.h>
41 #include <sys/mbuf.h>
42 #include <sys/queue.h>
43 #include <netgraph/ng_message.h>
44 #include <netgraph/netgraph.h>
45 #include <netgraph/bluetooth/include/ng_bluetooth.h>
46 #include <netgraph/bluetooth/include/ng_hci.h>
47 #include <netgraph/bluetooth/hci/ng_hci_var.h>
48 #include <netgraph/bluetooth/hci/ng_hci_cmds.h>
49 #include <netgraph/bluetooth/hci/ng_hci_evnt.h>
50 #include <netgraph/bluetooth/hci/ng_hci_ulpi.h>
51 #include <netgraph/bluetooth/hci/ng_hci_misc.h>
52 
53 /******************************************************************************
54  ******************************************************************************
55  **                     HCI event processing module
56  ******************************************************************************
57  ******************************************************************************/
58 
59 /*
60  * Event processing routines
61  */
62 
63 static int inquiry_result             (ng_hci_unit_p, struct mbuf *);
64 static int con_compl                  (ng_hci_unit_p, struct mbuf *);
65 static int con_req                    (ng_hci_unit_p, struct mbuf *);
66 static int discon_compl               (ng_hci_unit_p, struct mbuf *);
67 static int encryption_change          (ng_hci_unit_p, struct mbuf *);
68 static int read_remote_features_compl (ng_hci_unit_p, struct mbuf *);
69 static int qos_setup_compl            (ng_hci_unit_p, struct mbuf *);
70 static int hardware_error             (ng_hci_unit_p, struct mbuf *);
71 static int role_change                (ng_hci_unit_p, struct mbuf *);
72 static int num_compl_pkts             (ng_hci_unit_p, struct mbuf *);
73 static int mode_change                (ng_hci_unit_p, struct mbuf *);
74 static int data_buffer_overflow       (ng_hci_unit_p, struct mbuf *);
75 static int read_clock_offset_compl    (ng_hci_unit_p, struct mbuf *);
76 static int qos_violation              (ng_hci_unit_p, struct mbuf *);
77 static int page_scan_mode_change      (ng_hci_unit_p, struct mbuf *);
78 static int page_scan_rep_mode_change  (ng_hci_unit_p, struct mbuf *);
79 static int sync_con_queue             (ng_hci_unit_p, ng_hci_unit_con_p, int);
80 static int send_data_packets          (ng_hci_unit_p, int, int);
81 static int le_event		      (ng_hci_unit_p, struct mbuf *);
82 
83 /*
84  * Process HCI event packet
85  */
86 
87 int
88 ng_hci_process_event(ng_hci_unit_p unit, struct mbuf *event)
89 {
90 	ng_hci_event_pkt_t	*hdr = NULL;
91 	int			 error = 0;
92 
93 	/* Get event packet header */
94 	NG_HCI_M_PULLUP(event, sizeof(*hdr));
95 	if (event == NULL)
96 		return (ENOBUFS);
97 
98 	hdr = mtod(event, ng_hci_event_pkt_t *);
99 
100 	NG_HCI_INFO(
101 "%s: %s - got HCI event=%#x, length=%d\n",
102 		__func__, NG_NODE_NAME(unit->node), hdr->event, hdr->length);
103 
104 	/* Get rid of event header and process event */
105 	m_adj(event, sizeof(*hdr));
106 
107 	switch (hdr->event) {
108 	case NG_HCI_EVENT_INQUIRY_COMPL:
109 	case NG_HCI_EVENT_RETURN_LINK_KEYS:
110 	case NG_HCI_EVENT_PIN_CODE_REQ:
111 	case NG_HCI_EVENT_LINK_KEY_REQ:
112 	case NG_HCI_EVENT_LINK_KEY_NOTIFICATION:
113 	case NG_HCI_EVENT_LOOPBACK_COMMAND:
114 	case NG_HCI_EVENT_AUTH_COMPL:
115 	case NG_HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL:
116 	case NG_HCI_EVENT_MASTER_LINK_KEY_COMPL:
117 	case NG_HCI_EVENT_FLUSH_OCCUR:	/* XXX Do we have to handle it? */
118 	case NG_HCI_EVENT_MAX_SLOT_CHANGE:
119 	case NG_HCI_EVENT_CON_PKT_TYPE_CHANGED:
120 	case NG_HCI_EVENT_BT_LOGO:
121 	case NG_HCI_EVENT_VENDOR:
122 	case NG_HCI_EVENT_REMOTE_NAME_REQ_COMPL:
123 	case NG_HCI_EVENT_READ_REMOTE_VER_INFO_COMPL:
124 		/* These do not need post processing */
125 		NG_FREE_M(event);
126 		break;
127 	case NG_HCI_EVENT_LE:
128 		error = le_event(unit, event);
129 		break;
130 
131 	case NG_HCI_EVENT_INQUIRY_RESULT:
132 		error = inquiry_result(unit, event);
133 		break;
134 
135 	case NG_HCI_EVENT_CON_COMPL:
136 		error = con_compl(unit, event);
137 		break;
138 
139 	case NG_HCI_EVENT_CON_REQ:
140 		error = con_req(unit, event);
141 		break;
142 
143 	case NG_HCI_EVENT_DISCON_COMPL:
144 		error = discon_compl(unit, event);
145 		break;
146 
147 	case NG_HCI_EVENT_ENCRYPTION_CHANGE:
148 		error = encryption_change(unit, event);
149 		break;
150 
151 	case NG_HCI_EVENT_READ_REMOTE_FEATURES_COMPL:
152 		error = read_remote_features_compl(unit, event);
153 		break;
154 
155 	case NG_HCI_EVENT_QOS_SETUP_COMPL:
156 		error = qos_setup_compl(unit, event);
157 		break;
158 
159 	case NG_HCI_EVENT_COMMAND_COMPL:
160 		error = ng_hci_process_command_complete(unit, event);
161 		break;
162 
163 	case NG_HCI_EVENT_COMMAND_STATUS:
164 		error = ng_hci_process_command_status(unit, event);
165 		break;
166 
167 	case NG_HCI_EVENT_HARDWARE_ERROR:
168 		error = hardware_error(unit, event);
169 		break;
170 
171 	case NG_HCI_EVENT_ROLE_CHANGE:
172 		error = role_change(unit, event);
173 		break;
174 
175 	case NG_HCI_EVENT_NUM_COMPL_PKTS:
176 		error = num_compl_pkts(unit, event);
177 		break;
178 
179 	case NG_HCI_EVENT_MODE_CHANGE:
180 		error = mode_change(unit, event);
181 		break;
182 
183 	case NG_HCI_EVENT_DATA_BUFFER_OVERFLOW:
184 		error = data_buffer_overflow(unit, event);
185 		break;
186 
187 	case NG_HCI_EVENT_READ_CLOCK_OFFSET_COMPL:
188 		error = read_clock_offset_compl(unit, event);
189 		break;
190 
191 	case NG_HCI_EVENT_QOS_VIOLATION:
192 		error = qos_violation(unit, event);
193 		break;
194 
195 	case NG_HCI_EVENT_PAGE_SCAN_MODE_CHANGE:
196 		error = page_scan_mode_change(unit, event);
197 		break;
198 
199 	case NG_HCI_EVENT_PAGE_SCAN_REP_MODE_CHANGE:
200 		error = page_scan_rep_mode_change(unit, event);
201 		break;
202 
203 	default:
204 		NG_FREE_M(event);
205 		error = EINVAL;
206 		break;
207 	}
208 
209 	return (error);
210 } /* ng_hci_process_event */
211 
212 /*
213  * Send ACL and/or SCO data to the unit driver
214  */
215 
216 void
217 ng_hci_send_data(ng_hci_unit_p unit)
218 {
219 	int	count;
220 
221 	/* Send ACL data */
222 	NG_HCI_BUFF_ACL_AVAIL(unit->buffer, count);
223 
224 	NG_HCI_INFO(
225 "%s: %s - sending ACL data packets, count=%d\n",
226 		__func__, NG_NODE_NAME(unit->node), count);
227 
228 	if (count > 0) {
229 		count = send_data_packets(unit, NG_HCI_LINK_ACL, count);
230 		NG_HCI_STAT_ACL_SENT(unit->stat, count);
231 		NG_HCI_BUFF_ACL_USE(unit->buffer, count);
232 	}
233 
234 	/* Send SCO data */
235 	NG_HCI_BUFF_SCO_AVAIL(unit->buffer, count);
236 
237 	NG_HCI_INFO(
238 "%s: %s - sending SCO data packets, count=%d\n",
239 		__func__, NG_NODE_NAME(unit->node), count);
240 
241 	if (count > 0) {
242 		count = send_data_packets(unit, NG_HCI_LINK_SCO, count);
243 		NG_HCI_STAT_SCO_SENT(unit->stat, count);
244 		NG_HCI_BUFF_SCO_USE(unit->buffer, count);
245 	}
246 } /* ng_hci_send_data */
247 
248 /*
249  * Send data packets to the lower layer.
250  */
251 
252 static int
253 send_data_packets(ng_hci_unit_p unit, int link_type, int limit)
254 {
255 	ng_hci_unit_con_p	con = NULL, winner = NULL;
256 	int			reallink_type;
257 	item_p			item = NULL;
258 	int			min_pending, total_sent, sent, error, v;
259 
260 	for (total_sent = 0; limit > 0; ) {
261 		min_pending = 0x0fffffff;
262 		winner = NULL;
263 
264 		/*
265 		 * Find the connection that has has data to send
266 		 * and the smallest number of pending packets
267 		 */
268 
269 		LIST_FOREACH(con, &unit->con_list, next) {
270 			reallink_type = (con->link_type == NG_HCI_LINK_SCO)?
271 				NG_HCI_LINK_SCO: NG_HCI_LINK_ACL;
272 			if (reallink_type != link_type){
273 				continue;
274 			}
275 			if (NG_BT_ITEMQ_LEN(&con->conq) == 0)
276 				continue;
277 
278 			if (con->pending < min_pending) {
279 				winner = con;
280 				min_pending = con->pending;
281 			}
282 		}
283 
284 	        if (winner == NULL)
285 			break;
286 
287 		/*
288 		 * OK, we have a winner now send as much packets as we can
289 		 * Count the number of packets we have sent and then sync
290 		 * winner connection queue.
291 		 */
292 
293 		for (sent = 0; limit > 0; limit --, total_sent ++, sent ++) {
294 			NG_BT_ITEMQ_DEQUEUE(&winner->conq, item);
295 			if (item == NULL)
296 				break;
297 
298 			NG_HCI_INFO(
299 "%s: %s - sending data packet, handle=%d, len=%d\n",
300 				__func__, NG_NODE_NAME(unit->node),
301 				winner->con_handle, NGI_M(item)->m_pkthdr.len);
302 
303 			/* Check if driver hook still there */
304 			v = (unit->drv != NULL && NG_HOOK_IS_VALID(unit->drv));
305 			if (!v || (unit->state & NG_HCI_UNIT_READY) !=
306 					NG_HCI_UNIT_READY) {
307 				NG_HCI_ERR(
308 "%s: %s - could not send data. Hook \"%s\" is %svalid, state=%#x\n",
309 					__func__, NG_NODE_NAME(unit->node),
310 					NG_HCI_HOOK_DRV, ((v)? "" : "not "),
311 					unit->state);
312 
313 				NG_FREE_ITEM(item);
314 				error = ENOTCONN;
315 			} else {
316 				v = NGI_M(item)->m_pkthdr.len;
317 
318 				/* Give packet to raw hook */
319 				ng_hci_mtap(unit, NGI_M(item));
320 
321 				/* ... and forward item to the driver */
322 				NG_FWD_ITEM_HOOK(error, item, unit->drv);
323 			}
324 
325 			if (error != 0) {
326 				NG_HCI_ERR(
327 "%s: %s - could not send data packet, handle=%d, error=%d\n",
328 					__func__, NG_NODE_NAME(unit->node),
329 					winner->con_handle, error);
330 				break;
331 			}
332 
333 			winner->pending ++;
334 			NG_HCI_STAT_BYTES_SENT(unit->stat, v);
335 		}
336 
337 		/*
338 		 * Sync connection queue for the winner
339 		 */
340 		sync_con_queue(unit, winner, sent);
341 	}
342 
343 	return (total_sent);
344 } /* send_data_packets */
345 
346 /*
347  * Send flow control messages to the upper layer
348  */
349 
350 static int
351 sync_con_queue(ng_hci_unit_p unit, ng_hci_unit_con_p con, int completed)
352 {
353 	hook_p				 hook = NULL;
354 	struct ng_mesg			*msg = NULL;
355 	ng_hci_sync_con_queue_ep	*state = NULL;
356 	int				 error;
357 
358 	hook = (con->link_type != NG_HCI_LINK_SCO)? unit->acl : unit->sco;
359 	if (hook == NULL || NG_HOOK_NOT_VALID(hook))
360 		return (ENOTCONN);
361 
362 	NG_MKMESSAGE(msg, NGM_HCI_COOKIE, NGM_HCI_SYNC_CON_QUEUE,
363 		sizeof(*state), M_NOWAIT);
364 	if (msg == NULL)
365 		return (ENOMEM);
366 
367 	state = (ng_hci_sync_con_queue_ep *)(msg->data);
368 	state->con_handle = con->con_handle;
369 	state->completed = completed;
370 
371 	NG_SEND_MSG_HOOK(error, unit->node, msg, hook, 0);
372 
373 	return (error);
374 } /* sync_con_queue */
375 /* le meta event */
376 /* Inquiry result event */
377 static int
378 le_advertizing_report(ng_hci_unit_p unit, struct mbuf *event)
379 {
380 	ng_hci_le_advertising_report_ep	*ep = NULL;
381 	ng_hci_neighbor_p		 n = NULL;
382 	bdaddr_t			 bdaddr;
383 	int				 error = 0;
384 	int				 num_reports = 0;
385 	u_int8_t event_type;
386 	u_int8_t addr_type;
387 
388 	NG_HCI_M_PULLUP(event, sizeof(*ep));
389 	if (event == NULL)
390 		return (ENOBUFS);
391 
392 	ep = mtod(event, ng_hci_le_advertising_report_ep *);
393 	num_reports = ep->num_reports;
394 	m_adj(event, sizeof(*ep));
395 	ep = NULL;
396 
397 	for (; num_reports > 0; num_reports --) {
398 		/* Get remote unit address */
399 		NG_HCI_M_PULLUP(event, sizeof(u_int8_t));
400 		event_type = *mtod(event, u_int8_t *);
401 		m_adj(event, sizeof(u_int8_t));
402 		NG_HCI_M_PULLUP(event, sizeof(u_int8_t));
403 		addr_type = *mtod(event, u_int8_t *);
404 		m_adj(event, sizeof(u_int8_t));
405 
406 		m_copydata(event, 0, sizeof(bdaddr), (caddr_t) &bdaddr);
407 		m_adj(event, sizeof(bdaddr));
408 
409 		/* Lookup entry in the cache */
410 		n = ng_hci_get_neighbor(unit, &bdaddr, (addr_type) ? NG_HCI_LINK_LE_RANDOM:NG_HCI_LINK_LE_PUBLIC);
411 		if (n == NULL) {
412 			/* Create new entry */
413 			n = ng_hci_new_neighbor(unit);
414 			if (n == NULL) {
415 				error = ENOMEM;
416 				break;
417 			}
418 			bcopy(&bdaddr, &n->bdaddr, sizeof(n->bdaddr));
419 			n->addrtype = (addr_type)? NG_HCI_LINK_LE_RANDOM :
420 			  NG_HCI_LINK_LE_PUBLIC;
421 
422 		} else
423 			getmicrotime(&n->updated);
424 
425 		{
426 			/*
427 			 * TODO: Make these information
428 			 * Available from userland.
429 			 */
430 			u_int8_t length_data;
431 
432 			event = m_pullup(event, sizeof(u_int8_t));
433 			if(event == NULL){
434 				NG_HCI_WARN("%s: Event datasize Pullup Failed\n", __func__);
435 				goto out;
436 			}
437 			length_data = *mtod(event, u_int8_t *);
438 			m_adj(event, sizeof(u_int8_t));
439 			n->extinq_size = (length_data < NG_HCI_EXTINQ_MAX)?
440 				length_data : NG_HCI_EXTINQ_MAX;
441 
442 			/*Advertizement data*/
443 			event = m_pullup(event, n->extinq_size);
444 			if(event == NULL){
445 				NG_HCI_WARN("%s: Event data pullup Failed\n", __func__);
446 				goto out;
447 			}
448 			m_copydata(event, 0, n->extinq_size, n->extinq_data);
449 			m_adj(event, n->extinq_size);
450 			event = m_pullup(event, sizeof(char ));
451 			/*Get RSSI*/
452 			if(event == NULL){
453 				NG_HCI_WARN("%s: Event rssi pull up Failed\n", __func__);
454 
455 				goto out;
456 			}
457 			n->page_scan_mode = *mtod(event, char *);
458 			m_adj(event, sizeof(u_int8_t));
459 		}
460 	}
461  out:
462 	NG_FREE_M(event);
463 
464 	return (error);
465 } /* inquiry_result */
466 
467 static int le_connection_complete(ng_hci_unit_p unit, struct mbuf *event)
468 {
469 	int			 error = 0;
470 
471 	ng_hci_le_connection_complete_ep	*ep = NULL;
472 	ng_hci_unit_con_p	 con = NULL;
473 	int link_type;
474 	uint8_t uclass[3] = {0,0,0};//dummy uclass
475 
476 	NG_HCI_M_PULLUP(event, sizeof(*ep));
477 	if (event == NULL)
478 		return (ENOBUFS);
479 
480 	ep = mtod(event, ng_hci_le_connection_complete_ep *);
481 	link_type = (ep->address_type)? NG_HCI_LINK_LE_RANDOM :
482 	  NG_HCI_LINK_LE_PUBLIC;
483 	/*
484 	 * Find the first connection descriptor that matches the following:
485 	 *
486 	 * 1) con->link_type == link_type
487 	 * 2) con->state == NG_HCI_CON_W4_CONN_COMPLETE
488 	 * 3) con->bdaddr == ep->address
489 	 */
490 	LIST_FOREACH(con, &unit->con_list, next)
491 		if (con->link_type == link_type &&
492 		    con->state == NG_HCI_CON_W4_CONN_COMPLETE &&
493 		    bcmp(&con->bdaddr, &ep->address, sizeof(bdaddr_t)) == 0)
494 			break;
495 
496 	/*
497 	 * Two possible cases:
498 	 *
499 	 * 1) We have found connection descriptor. That means upper layer has
500 	 *    requested this connection via LP_CON_REQ message. In this case
501 	 *    connection must have timeout set. If ng_hci_con_untimeout() fails
502 	 *    then timeout message already went into node's queue. In this case
503 	 *    ignore Connection_Complete event and let timeout deal with it.
504 	 *
505 	 * 2) We do not have connection descriptor. That means upper layer
506 	 *    nas not requested this connection , (less likely) we gave up
507 	 *    on this connection (timeout) or as node act as slave role.
508 	 *    The most likely scenario is that
509 	 *    we have received LE_Create_Connection command
510 	 *    from the RAW hook
511 	 */
512 
513 	if (con == NULL) {
514 		if (ep->status != 0)
515 			goto out;
516 
517 		con = ng_hci_new_con(unit, link_type);
518 		if (con == NULL) {
519 			error = ENOMEM;
520 			goto out;
521 		}
522 
523 		con->state = NG_HCI_CON_W4_LP_CON_RSP;
524 		ng_hci_con_timeout(con);
525 
526 		bcopy(&ep->address, &con->bdaddr, sizeof(con->bdaddr));
527 		error = ng_hci_lp_con_ind(con, uclass);
528 		if (error != 0) {
529 			ng_hci_con_untimeout(con);
530 			ng_hci_free_con(con);
531 		}
532 
533 	} else if ((error = ng_hci_con_untimeout(con)) != 0)
534 			goto out;
535 
536 	/*
537 	 * Update connection descriptor and send notification
538 	 * to the upper layers.
539 	 */
540 
541 	con->con_handle = NG_HCI_CON_HANDLE(le16toh(ep->handle));
542 	con->encryption_mode = NG_HCI_ENCRYPTION_MODE_NONE;
543 
544 	ng_hci_lp_con_cfm(con, ep->status);
545 
546 	/* Adjust connection state */
547 	if (ep->status != 0)
548 		ng_hci_free_con(con);
549 	else {
550 		con->state = NG_HCI_CON_OPEN;
551 
552 		/*
553 		 * Change link policy for the ACL connections. Enable all
554 		 * supported link modes. Enable Role switch as well if
555 		 * device supports it.
556 		 */
557 	}
558 
559 out:
560 	NG_FREE_M(event);
561 
562 	return (error);
563 
564 }
565 
566 static int le_connection_update(ng_hci_unit_p unit, struct mbuf *event)
567 {
568 	int error = 0;
569 	/*TBD*/
570 
571 	NG_FREE_M(event);
572 	return error;
573 
574 }
575 static int
576 le_event(ng_hci_unit_p unit, struct mbuf *event)
577 {
578 	int error = 0;
579 	ng_hci_le_ep *lep;
580 
581 	NG_HCI_M_PULLUP(event, sizeof(*lep));
582 	if(event ==NULL){
583 		return ENOBUFS;
584 	}
585 	lep = mtod(event, ng_hci_le_ep *);
586 	m_adj(event, sizeof(*lep));
587 	switch(lep->subevent_code){
588 	case NG_HCI_LEEV_CON_COMPL:
589 		le_connection_complete(unit, event);
590 		break;
591 	case NG_HCI_LEEV_ADVREP:
592 		le_advertizing_report(unit, event);
593 		break;
594 	case NG_HCI_LEEV_CON_UPDATE_COMPL:
595 		le_connection_update(unit, event);
596 		break;
597 	case NG_HCI_LEEV_READ_REMOTE_FEATURES_COMPL:
598 		//TBD
599 	  /*FALLTHROUGH*/
600 	case NG_HCI_LEEV_LONG_TERM_KEY_REQUEST:
601 		//TBD
602 	  /*FALLTHROUGH*/
603 	default:
604 	  	NG_FREE_M(event);
605 	}
606 	return error;
607 }
608 
609 /* Inquiry result event */
610 static int
611 inquiry_result(ng_hci_unit_p unit, struct mbuf *event)
612 {
613 	ng_hci_inquiry_result_ep	*ep = NULL;
614 	ng_hci_neighbor_p		 n = NULL;
615 	bdaddr_t			 bdaddr;
616 	int				 error = 0;
617 
618 	NG_HCI_M_PULLUP(event, sizeof(*ep));
619 	if (event == NULL)
620 		return (ENOBUFS);
621 
622 	ep = mtod(event, ng_hci_inquiry_result_ep *);
623 	m_adj(event, sizeof(*ep));
624 
625 	for (; ep->num_responses > 0; ep->num_responses --) {
626 		/* Get remote unit address */
627 		m_copydata(event, 0, sizeof(bdaddr), (caddr_t) &bdaddr);
628 		m_adj(event, sizeof(bdaddr));
629 
630 		/* Lookup entry in the cache */
631 		n = ng_hci_get_neighbor(unit, &bdaddr, NG_HCI_LINK_ACL);
632 		if (n == NULL) {
633 			/* Create new entry */
634 			n = ng_hci_new_neighbor(unit);
635 			if (n == NULL) {
636 				error = ENOMEM;
637 				break;
638 			}
639 		} else
640 			getmicrotime(&n->updated);
641 
642 		bcopy(&bdaddr, &n->bdaddr, sizeof(n->bdaddr));
643 		n->addrtype = NG_HCI_LINK_ACL;
644 
645 		/* XXX call m_pullup here? */
646 
647 		n->page_scan_rep_mode = *mtod(event, u_int8_t *);
648 		m_adj(event, sizeof(u_int8_t));
649 
650 		/* page_scan_period_mode */
651 		m_adj(event, sizeof(u_int8_t));
652 
653 		n->page_scan_mode = *mtod(event, u_int8_t *);
654 		m_adj(event, sizeof(u_int8_t));
655 
656 		/* class */
657 		m_adj(event, NG_HCI_CLASS_SIZE);
658 
659 		/* clock offset */
660 		m_copydata(event, 0, sizeof(n->clock_offset),
661 			(caddr_t) &n->clock_offset);
662 		n->clock_offset = le16toh(n->clock_offset);
663 	}
664 
665 	NG_FREE_M(event);
666 
667 	return (error);
668 } /* inquiry_result */
669 
670 /* Connection complete event */
671 static int
672 con_compl(ng_hci_unit_p unit, struct mbuf *event)
673 {
674 	ng_hci_con_compl_ep	*ep = NULL;
675 	ng_hci_unit_con_p	 con = NULL;
676 	int			 error = 0;
677 
678 	NG_HCI_M_PULLUP(event, sizeof(*ep));
679 	if (event == NULL)
680 		return (ENOBUFS);
681 
682 	ep = mtod(event, ng_hci_con_compl_ep *);
683 
684 	/*
685 	 * Find the first connection descriptor that matches the following:
686 	 *
687 	 * 1) con->link_type == ep->link_type
688 	 * 2) con->state == NG_HCI_CON_W4_CONN_COMPLETE
689 	 * 3) con->bdaddr == ep->bdaddr
690 	 */
691 
692 	LIST_FOREACH(con, &unit->con_list, next)
693 		if (con->link_type == ep->link_type &&
694 		    con->state == NG_HCI_CON_W4_CONN_COMPLETE &&
695 		    bcmp(&con->bdaddr, &ep->bdaddr, sizeof(bdaddr_t)) == 0)
696 			break;
697 
698 	/*
699 	 * Two possible cases:
700 	 *
701 	 * 1) We have found connection descriptor. That means upper layer has
702 	 *    requested this connection via LP_CON_REQ message. In this case
703 	 *    connection must have timeout set. If ng_hci_con_untimeout() fails
704 	 *    then timeout message already went into node's queue. In this case
705 	 *    ignore Connection_Complete event and let timeout deal with it.
706 	 *
707 	 * 2) We do not have connection descriptor. That means upper layer
708 	 *    nas not requested this connection or (less likely) we gave up
709 	 *    on this connection (timeout). The most likely scenario is that
710 	 *    we have received Create_Connection/Add_SCO_Connection command
711 	 *    from the RAW hook
712 	 */
713 
714 	if (con == NULL) {
715 		if (ep->status != 0)
716 			goto out;
717 
718 		con = ng_hci_new_con(unit, ep->link_type);
719 		if (con == NULL) {
720 			error = ENOMEM;
721 			goto out;
722 		}
723 
724 		bcopy(&ep->bdaddr, &con->bdaddr, sizeof(con->bdaddr));
725 	} else if ((error = ng_hci_con_untimeout(con)) != 0)
726 			goto out;
727 
728 	/*
729 	 * Update connection descriptor and send notification
730 	 * to the upper layers.
731 	 */
732 
733 	con->con_handle = NG_HCI_CON_HANDLE(le16toh(ep->con_handle));
734 	con->encryption_mode = ep->encryption_mode;
735 
736 	ng_hci_lp_con_cfm(con, ep->status);
737 
738 	/* Adjust connection state */
739 	if (ep->status != 0)
740 		ng_hci_free_con(con);
741 	else {
742 		con->state = NG_HCI_CON_OPEN;
743 
744 		/*
745 		 * Change link policy for the ACL connections. Enable all
746 		 * supported link modes. Enable Role switch as well if
747 		 * device supports it.
748 		 */
749 
750 		if (ep->link_type == NG_HCI_LINK_ACL) {
751 			struct __link_policy {
752 				ng_hci_cmd_pkt_t			 hdr;
753 				ng_hci_write_link_policy_settings_cp	 cp;
754 			} __attribute__ ((packed))			*lp;
755 			struct mbuf					*m;
756 
757 			MGETHDR(m, M_NOWAIT, MT_DATA);
758 			if (m != NULL) {
759 				m->m_pkthdr.len = m->m_len = sizeof(*lp);
760 				lp = mtod(m, struct __link_policy *);
761 
762 				lp->hdr.type = NG_HCI_CMD_PKT;
763 				lp->hdr.opcode = htole16(NG_HCI_OPCODE(
764 					NG_HCI_OGF_LINK_POLICY,
765 					NG_HCI_OCF_WRITE_LINK_POLICY_SETTINGS));
766 				lp->hdr.length = sizeof(lp->cp);
767 
768 				lp->cp.con_handle = ep->con_handle;
769 
770 				lp->cp.settings = 0;
771 				if ((unit->features[0] & NG_HCI_LMP_SWITCH) &&
772 				    unit->role_switch)
773 					lp->cp.settings |= 0x1;
774 				if (unit->features[0] & NG_HCI_LMP_HOLD_MODE)
775 					lp->cp.settings |= 0x2;
776 				if (unit->features[0] & NG_HCI_LMP_SNIFF_MODE)
777 					lp->cp.settings |= 0x4;
778 				if (unit->features[1] & NG_HCI_LMP_PARK_MODE)
779 					lp->cp.settings |= 0x8;
780 
781 				lp->cp.settings &= unit->link_policy_mask;
782 				lp->cp.settings = htole16(lp->cp.settings);
783 
784 				NG_BT_MBUFQ_ENQUEUE(&unit->cmdq, m);
785 				if (!(unit->state & NG_HCI_UNIT_COMMAND_PENDING))
786 					ng_hci_send_command(unit);
787 			}
788 		}
789 	}
790 out:
791 	NG_FREE_M(event);
792 
793 	return (error);
794 } /* con_compl */
795 
796 /* Connection request event */
797 static int
798 con_req(ng_hci_unit_p unit, struct mbuf *event)
799 {
800 	ng_hci_con_req_ep	*ep = NULL;
801 	ng_hci_unit_con_p	 con = NULL;
802 	int			 error = 0;
803 
804 	NG_HCI_M_PULLUP(event, sizeof(*ep));
805 	if (event == NULL)
806 		return (ENOBUFS);
807 
808 	ep = mtod(event, ng_hci_con_req_ep *);
809 
810 	/*
811 	 * Find the first connection descriptor that matches the following:
812 	 *
813 	 * 1) con->link_type == ep->link_type
814 	 *
815 	 * 2) con->state == NG_HCI_CON_W4_LP_CON_RSP ||
816 	 *    con->state == NG_HCI_CON_W4_CONN_COMPL
817 	 *
818 	 * 3) con->bdaddr == ep->bdaddr
819 	 *
820 	 * Possible cases:
821 	 *
822 	 * 1) We do not have connection descriptor. This is simple. Create
823 	 *    new fresh connection descriptor and send notification to the
824 	 *    appropriate upstream hook (based on link_type).
825 	 *
826 	 * 2) We found connection handle. This is more complicated.
827 	 *
828 	 * 2.1) ACL links
829 	 *
830 	 *      Since only one ACL link can exist between each pair of
831 	 *      units then we have a race. Our upper layer has requested
832 	 *      an ACL connection to the remote unit, but we did not send
833 	 *      command yet. At the same time the remote unit has requested
834 	 *      an ACL connection from us. In this case we will ignore
835 	 *	Connection_Request event. This probably will cause connect
836 	 *      failure	on both units.
837 	 *
838 	 * 2.2) SCO links
839 	 *
840 	 *      The spec on page 45 says :
841 	 *
842 	 *      "The master can support up to three SCO links to the same
843 	 *       slave or to different slaves. A slave can support up to
844 	 *       three SCO links from the same master, or two SCO links if
845 	 *       the links originate from different masters."
846 	 *
847 	 *      The only problem is how to handle multiple SCO links between
848 	 *      matster and slave. For now we will assume that multiple SCO
849 	 *      links MUST be opened one after another.
850 	 */
851 
852 	LIST_FOREACH(con, &unit->con_list, next)
853 		if (con->link_type == ep->link_type &&
854 		    (con->state == NG_HCI_CON_W4_LP_CON_RSP ||
855 		     con->state == NG_HCI_CON_W4_CONN_COMPLETE) &&
856 		    bcmp(&con->bdaddr, &ep->bdaddr, sizeof(bdaddr_t)) == 0)
857 			break;
858 
859 	if (con == NULL) {
860 		con = ng_hci_new_con(unit, ep->link_type);
861 		if (con != NULL) {
862 			bcopy(&ep->bdaddr, &con->bdaddr, sizeof(con->bdaddr));
863 
864 			con->state = NG_HCI_CON_W4_LP_CON_RSP;
865 			ng_hci_con_timeout(con);
866 
867 			error = ng_hci_lp_con_ind(con, ep->uclass);
868 			if (error != 0) {
869 				ng_hci_con_untimeout(con);
870 				ng_hci_free_con(con);
871 			}
872 		} else
873 			error = ENOMEM;
874 	}
875 
876 	NG_FREE_M(event);
877 
878 	return (error);
879 } /* con_req */
880 
881 /* Disconnect complete event */
882 static int
883 discon_compl(ng_hci_unit_p unit, struct mbuf *event)
884 {
885 	ng_hci_discon_compl_ep	*ep = NULL;
886 	ng_hci_unit_con_p	 con = NULL;
887 	int			 error = 0;
888 	u_int16_t		 h;
889 
890 	NG_HCI_M_PULLUP(event, sizeof(*ep));
891 	if (event == NULL)
892 		return (ENOBUFS);
893 
894 	ep = mtod(event, ng_hci_discon_compl_ep *);
895 
896 	/*
897 	 * XXX
898 	 * Do we have to send notification if ep->status != 0?
899 	 * For now we will send notification for both ACL and SCO connections
900 	 * ONLY if ep->status == 0.
901 	 */
902 
903 	if (ep->status == 0) {
904 		h = NG_HCI_CON_HANDLE(le16toh(ep->con_handle));
905 		con = ng_hci_con_by_handle(unit, h);
906 		if (con != NULL) {
907 			error = ng_hci_lp_discon_ind(con, ep->reason);
908 
909 			/* Remove all timeouts (if any) */
910 			if (con->flags & NG_HCI_CON_TIMEOUT_PENDING)
911 				ng_hci_con_untimeout(con);
912 
913 			ng_hci_free_con(con);
914 		} else {
915 			NG_HCI_ALERT(
916 "%s: %s - invalid connection handle=%d\n",
917 				__func__, NG_NODE_NAME(unit->node), h);
918 			error = ENOENT;
919 		}
920 	}
921 
922 	NG_FREE_M(event);
923 
924 	return (error);
925 } /* discon_compl */
926 
927 /* Encryption change event */
928 static int
929 encryption_change(ng_hci_unit_p unit, struct mbuf *event)
930 {
931 	ng_hci_encryption_change_ep	*ep = NULL;
932 	ng_hci_unit_con_p		 con = NULL;
933 	int				 error = 0;
934 	u_int16_t	h;
935 
936 	NG_HCI_M_PULLUP(event, sizeof(*ep));
937 	if (event == NULL)
938 		return (ENOBUFS);
939 
940 	ep = mtod(event, ng_hci_encryption_change_ep *);
941 	h = NG_HCI_CON_HANDLE(le16toh(ep->con_handle));
942 	con = ng_hci_con_by_handle(unit, h);
943 
944 	if (ep->status == 0) {
945 		if (con == NULL) {
946 			NG_HCI_ALERT(
947 "%s: %s - invalid connection handle=%d\n",
948 				__func__, NG_NODE_NAME(unit->node), h);
949 			error = ENOENT;
950 		} else if (con->link_type == NG_HCI_LINK_SCO) {
951 			NG_HCI_ALERT(
952 "%s: %s - invalid link type=%d\n",
953 				__func__, NG_NODE_NAME(unit->node),
954 				con->link_type);
955 			error = EINVAL;
956 		} else if (ep->encryption_enable)
957 			/* XXX is that true? */
958 			con->encryption_mode = NG_HCI_ENCRYPTION_MODE_P2P;
959 		else
960 			con->encryption_mode = NG_HCI_ENCRYPTION_MODE_NONE;
961 	} else
962 		NG_HCI_ERR(
963 "%s: %s - failed to change encryption mode, status=%d\n",
964 			__func__, NG_NODE_NAME(unit->node), ep->status);
965 
966 	/*Anyway, propagete encryption status to upper layer*/
967 	ng_hci_lp_enc_change(con, con->encryption_mode);
968 
969 	NG_FREE_M(event);
970 
971 	return (error);
972 } /* encryption_change */
973 
974 /* Read remote feature complete event */
975 static int
976 read_remote_features_compl(ng_hci_unit_p unit, struct mbuf *event)
977 {
978 	ng_hci_read_remote_features_compl_ep	*ep = NULL;
979 	ng_hci_unit_con_p			 con = NULL;
980 	ng_hci_neighbor_p			 n = NULL;
981 	u_int16_t				 h;
982 	int					 error = 0;
983 
984 	NG_HCI_M_PULLUP(event, sizeof(*ep));
985 	if (event == NULL)
986 		return (ENOBUFS);
987 
988 	ep = mtod(event, ng_hci_read_remote_features_compl_ep *);
989 
990 	if (ep->status == 0) {
991 		/* Check if we have this connection handle */
992 		h = NG_HCI_CON_HANDLE(le16toh(ep->con_handle));
993 		con = ng_hci_con_by_handle(unit, h);
994 		if (con == NULL) {
995 			NG_HCI_ALERT(
996 "%s: %s - invalid connection handle=%d\n",
997 				__func__, NG_NODE_NAME(unit->node), h);
998 			error = ENOENT;
999 			goto out;
1000 		}
1001 
1002 		/* Update cache entry */
1003 		n = ng_hci_get_neighbor(unit, &con->bdaddr, NG_HCI_LINK_ACL);
1004 		if (n == NULL) {
1005 			n = ng_hci_new_neighbor(unit);
1006 			if (n == NULL) {
1007 				error = ENOMEM;
1008 				goto out;
1009 			}
1010 
1011 			bcopy(&con->bdaddr, &n->bdaddr, sizeof(n->bdaddr));
1012 			n->addrtype = NG_HCI_LINK_ACL;
1013 		} else
1014 			getmicrotime(&n->updated);
1015 
1016 		bcopy(ep->features, n->features, sizeof(n->features));
1017 	} else
1018 		NG_HCI_ERR(
1019 "%s: %s - failed to read remote unit features, status=%d\n",
1020 			__func__, NG_NODE_NAME(unit->node), ep->status);
1021 out:
1022 	NG_FREE_M(event);
1023 
1024 	return (error);
1025 } /* read_remote_features_compl */
1026 
1027 /* QoS setup complete event */
1028 static int
1029 qos_setup_compl(ng_hci_unit_p unit, struct mbuf *event)
1030 {
1031 	ng_hci_qos_setup_compl_ep	*ep = NULL;
1032 	ng_hci_unit_con_p		 con = NULL;
1033 	u_int16_t			 h;
1034 	int				 error = 0;
1035 
1036 	NG_HCI_M_PULLUP(event, sizeof(*ep));
1037 	if (event == NULL)
1038 		return (ENOBUFS);
1039 
1040 	ep = mtod(event, ng_hci_qos_setup_compl_ep *);
1041 
1042 	/* Check if we have this connection handle */
1043 	h = NG_HCI_CON_HANDLE(le16toh(ep->con_handle));
1044 	con = ng_hci_con_by_handle(unit, h);
1045 	if (con == NULL) {
1046 		NG_HCI_ALERT(
1047 "%s: %s - invalid connection handle=%d\n",
1048 			__func__, NG_NODE_NAME(unit->node), h);
1049 		error = ENOENT;
1050 	} else if (con->link_type != NG_HCI_LINK_ACL) {
1051 		NG_HCI_ALERT(
1052 "%s: %s - invalid link type=%d, handle=%d\n",
1053 			__func__, NG_NODE_NAME(unit->node), con->link_type, h);
1054 		error = EINVAL;
1055 	} else if (con->state != NG_HCI_CON_OPEN) {
1056 		NG_HCI_ALERT(
1057 "%s: %s - invalid connection state=%d, handle=%d\n",
1058 			__func__, NG_NODE_NAME(unit->node),
1059 			con->state, h);
1060 		error = EINVAL;
1061 	} else /* Notify upper layer */
1062 		error = ng_hci_lp_qos_cfm(con, ep->status);
1063 
1064 	NG_FREE_M(event);
1065 
1066 	return (error);
1067 } /* qos_setup_compl */
1068 
1069 /* Hardware error event */
1070 static int
1071 hardware_error(ng_hci_unit_p unit, struct mbuf *event)
1072 {
1073 	NG_HCI_ALERT(
1074 "%s: %s - hardware error %#x\n",
1075 		__func__, NG_NODE_NAME(unit->node), *mtod(event, u_int8_t *));
1076 
1077 	NG_FREE_M(event);
1078 
1079 	return (0);
1080 } /* hardware_error */
1081 
1082 /* Role change event */
1083 static int
1084 role_change(ng_hci_unit_p unit, struct mbuf *event)
1085 {
1086 	ng_hci_role_change_ep	*ep = NULL;
1087 	ng_hci_unit_con_p	 con = NULL;
1088 
1089 	NG_HCI_M_PULLUP(event, sizeof(*ep));
1090 	if (event == NULL)
1091 		return (ENOBUFS);
1092 
1093 	ep = mtod(event, ng_hci_role_change_ep *);
1094 
1095 	if (ep->status == 0) {
1096 		/* XXX shoud we also change "role" for SCO connections? */
1097 		con = ng_hci_con_by_bdaddr(unit, &ep->bdaddr, NG_HCI_LINK_ACL);
1098 		if (con != NULL)
1099 			con->role = ep->role;
1100 		else
1101 			NG_HCI_ALERT(
1102 "%s: %s - ACL connection does not exist, bdaddr=%x:%x:%x:%x:%x:%x\n",
1103 				__func__, NG_NODE_NAME(unit->node),
1104 				ep->bdaddr.b[5], ep->bdaddr.b[4],
1105 				ep->bdaddr.b[3], ep->bdaddr.b[2],
1106 				ep->bdaddr.b[1], ep->bdaddr.b[0]);
1107 	} else
1108 		NG_HCI_ERR(
1109 "%s: %s - failed to change role, status=%d, bdaddr=%x:%x:%x:%x:%x:%x\n",
1110 			__func__, NG_NODE_NAME(unit->node), ep->status,
1111 			ep->bdaddr.b[5], ep->bdaddr.b[4], ep->bdaddr.b[3],
1112 			ep->bdaddr.b[2], ep->bdaddr.b[1], ep->bdaddr.b[0]);
1113 
1114 	NG_FREE_M(event);
1115 
1116 	return (0);
1117 } /* role_change */
1118 
1119 /* Number of completed packets event */
1120 static int
1121 num_compl_pkts(ng_hci_unit_p unit, struct mbuf *event)
1122 {
1123 	ng_hci_num_compl_pkts_ep	*ep = NULL;
1124 	ng_hci_unit_con_p		 con = NULL;
1125 	u_int16_t			 h, p;
1126 
1127 	NG_HCI_M_PULLUP(event, sizeof(*ep));
1128 	if (event == NULL)
1129 		return (ENOBUFS);
1130 
1131 	ep = mtod(event, ng_hci_num_compl_pkts_ep *);
1132 	m_adj(event, sizeof(*ep));
1133 
1134 	for (; ep->num_con_handles > 0; ep->num_con_handles --) {
1135 		/* Get connection handle */
1136 		m_copydata(event, 0, sizeof(h), (caddr_t) &h);
1137 		m_adj(event, sizeof(h));
1138 		h = NG_HCI_CON_HANDLE(le16toh(h));
1139 
1140 		/* Get number of completed packets */
1141 		m_copydata(event, 0, sizeof(p), (caddr_t) &p);
1142 		m_adj(event, sizeof(p));
1143 		p = le16toh(p);
1144 
1145 		/* Check if we have this connection handle */
1146 		con = ng_hci_con_by_handle(unit, h);
1147 		if (con != NULL) {
1148 			con->pending -= p;
1149 			if (con->pending < 0) {
1150 				NG_HCI_WARN(
1151 "%s: %s - pending packet counter is out of sync! " \
1152 "handle=%d, pending=%d, ncp=%d\n",	__func__, NG_NODE_NAME(unit->node),
1153 					con->con_handle, con->pending, p);
1154 
1155 				con->pending = 0;
1156 			}
1157 
1158 			/* Update buffer descriptor */
1159 			if (con->link_type != NG_HCI_LINK_SCO)
1160 				NG_HCI_BUFF_ACL_FREE(unit->buffer, p);
1161 			else
1162 				NG_HCI_BUFF_SCO_FREE(unit->buffer, p);
1163 		} else
1164 			NG_HCI_ALERT(
1165 "%s: %s - invalid connection handle=%d\n",
1166 				__func__, NG_NODE_NAME(unit->node), h);
1167 	}
1168 
1169 	NG_FREE_M(event);
1170 
1171 	/* Send more data */
1172 	ng_hci_send_data(unit);
1173 
1174 	return (0);
1175 } /* num_compl_pkts */
1176 
1177 /* Mode change event */
1178 static int
1179 mode_change(ng_hci_unit_p unit, struct mbuf *event)
1180 {
1181 	ng_hci_mode_change_ep	*ep = NULL;
1182 	ng_hci_unit_con_p	 con = NULL;
1183 	int			 error = 0;
1184 
1185 	NG_HCI_M_PULLUP(event, sizeof(*ep));
1186 	if (event == NULL)
1187 		return (ENOBUFS);
1188 
1189 	ep = mtod(event, ng_hci_mode_change_ep *);
1190 
1191 	if (ep->status == 0) {
1192 		u_int16_t	h = NG_HCI_CON_HANDLE(le16toh(ep->con_handle));
1193 
1194 		con = ng_hci_con_by_handle(unit, h);
1195 		if (con == NULL) {
1196 			NG_HCI_ALERT(
1197 "%s: %s - invalid connection handle=%d\n",
1198 				__func__, NG_NODE_NAME(unit->node), h);
1199 			error = ENOENT;
1200 		} else if (con->link_type != NG_HCI_LINK_ACL) {
1201 			NG_HCI_ALERT(
1202 "%s: %s - invalid link type=%d\n",
1203 				__func__, NG_NODE_NAME(unit->node),
1204 				con->link_type);
1205 			error = EINVAL;
1206 		} else
1207 			con->mode = ep->unit_mode;
1208 	} else
1209 		NG_HCI_ERR(
1210 "%s: %s - failed to change mode, status=%d\n",
1211 			__func__, NG_NODE_NAME(unit->node), ep->status);
1212 
1213 	NG_FREE_M(event);
1214 
1215 	return (error);
1216 } /* mode_change */
1217 
1218 /* Data buffer overflow event */
1219 static int
1220 data_buffer_overflow(ng_hci_unit_p unit, struct mbuf *event)
1221 {
1222 	NG_HCI_ALERT(
1223 "%s: %s - %s data buffer overflow\n",
1224 		__func__, NG_NODE_NAME(unit->node),
1225 		(*mtod(event, u_int8_t *) == NG_HCI_LINK_ACL)? "ACL" : "SCO");
1226 
1227 	NG_FREE_M(event);
1228 
1229 	return (0);
1230 } /* data_buffer_overflow */
1231 
1232 /* Read clock offset complete event */
1233 static int
1234 read_clock_offset_compl(ng_hci_unit_p unit, struct mbuf *event)
1235 {
1236 	ng_hci_read_clock_offset_compl_ep	*ep = NULL;
1237 	ng_hci_unit_con_p			 con = NULL;
1238 	ng_hci_neighbor_p			 n = NULL;
1239 	int					 error = 0;
1240 
1241 	NG_HCI_M_PULLUP(event, sizeof(*ep));
1242 	if (event == NULL)
1243 		return (ENOBUFS);
1244 
1245 	ep = mtod(event, ng_hci_read_clock_offset_compl_ep *);
1246 
1247 	if (ep->status == 0) {
1248 		u_int16_t	h = NG_HCI_CON_HANDLE(le16toh(ep->con_handle));
1249 
1250 		con = ng_hci_con_by_handle(unit, h);
1251 		if (con == NULL) {
1252 			NG_HCI_ALERT(
1253 "%s: %s - invalid connection handle=%d\n",
1254 				__func__, NG_NODE_NAME(unit->node), h);
1255 			error = ENOENT;
1256 			goto out;
1257 		}
1258 
1259 		/* Update cache entry */
1260 		n = ng_hci_get_neighbor(unit, &con->bdaddr, NG_HCI_LINK_ACL);
1261 		if (n == NULL) {
1262 			n = ng_hci_new_neighbor(unit);
1263 			if (n == NULL) {
1264 				error = ENOMEM;
1265 				goto out;
1266 			}
1267 
1268 			bcopy(&con->bdaddr, &n->bdaddr, sizeof(n->bdaddr));
1269 			n->addrtype = NG_HCI_LINK_ACL;
1270 		} else
1271 			getmicrotime(&n->updated);
1272 
1273 		n->clock_offset = le16toh(ep->clock_offset);
1274 	} else
1275 		NG_HCI_ERR(
1276 "%s: %s - failed to Read Remote Clock Offset, status=%d\n",
1277 			__func__, NG_NODE_NAME(unit->node), ep->status);
1278 out:
1279 	NG_FREE_M(event);
1280 
1281 	return (error);
1282 } /* read_clock_offset_compl */
1283 
1284 /* QoS violation event */
1285 static int
1286 qos_violation(ng_hci_unit_p unit, struct mbuf *event)
1287 {
1288 	ng_hci_qos_violation_ep	*ep = NULL;
1289 	ng_hci_unit_con_p	 con = NULL;
1290 	u_int16_t		 h;
1291 	int			 error = 0;
1292 
1293 	NG_HCI_M_PULLUP(event, sizeof(*ep));
1294 	if (event == NULL)
1295 		return (ENOBUFS);
1296 
1297 	ep = mtod(event, ng_hci_qos_violation_ep *);
1298 
1299 	/* Check if we have this connection handle */
1300 	h = NG_HCI_CON_HANDLE(le16toh(ep->con_handle));
1301 	con = ng_hci_con_by_handle(unit, h);
1302 	if (con == NULL) {
1303 		NG_HCI_ALERT(
1304 "%s: %s - invalid connection handle=%d\n",
1305 			__func__, NG_NODE_NAME(unit->node), h);
1306 		error = ENOENT;
1307 	} else if (con->link_type != NG_HCI_LINK_ACL) {
1308 		NG_HCI_ALERT(
1309 "%s: %s - invalid link type=%d\n",
1310 			__func__, NG_NODE_NAME(unit->node), con->link_type);
1311 		error = EINVAL;
1312 	} else if (con->state != NG_HCI_CON_OPEN) {
1313 		NG_HCI_ALERT(
1314 "%s: %s - invalid connection state=%d, handle=%d\n",
1315 			__func__, NG_NODE_NAME(unit->node), con->state, h);
1316 		error = EINVAL;
1317 	} else /* Notify upper layer */
1318 		error = ng_hci_lp_qos_ind(con);
1319 
1320 	NG_FREE_M(event);
1321 
1322 	return (error);
1323 } /* qos_violation */
1324 
1325 /* Page scan mode change event */
1326 static int
1327 page_scan_mode_change(ng_hci_unit_p unit, struct mbuf *event)
1328 {
1329 	ng_hci_page_scan_mode_change_ep	*ep = NULL;
1330 	ng_hci_neighbor_p		 n = NULL;
1331 	int				 error = 0;
1332 
1333 	NG_HCI_M_PULLUP(event, sizeof(*ep));
1334 	if (event == NULL)
1335 		return (ENOBUFS);
1336 
1337 	ep = mtod(event, ng_hci_page_scan_mode_change_ep *);
1338 
1339 	/* Update cache entry */
1340 	n = ng_hci_get_neighbor(unit, &ep->bdaddr, NG_HCI_LINK_ACL);
1341 	if (n == NULL) {
1342 		n = ng_hci_new_neighbor(unit);
1343 		if (n == NULL) {
1344 			error = ENOMEM;
1345 			goto out;
1346 		}
1347 
1348 		bcopy(&ep->bdaddr, &n->bdaddr, sizeof(n->bdaddr));
1349 		n->addrtype = NG_HCI_LINK_ACL;
1350 	} else
1351 		getmicrotime(&n->updated);
1352 
1353 	n->page_scan_mode = ep->page_scan_mode;
1354 out:
1355 	NG_FREE_M(event);
1356 
1357 	return (error);
1358 } /* page_scan_mode_change */
1359 
1360 /* Page scan repetition mode change event */
1361 static int
1362 page_scan_rep_mode_change(ng_hci_unit_p unit, struct mbuf *event)
1363 {
1364 	ng_hci_page_scan_rep_mode_change_ep	*ep = NULL;
1365 	ng_hci_neighbor_p			 n = NULL;
1366 	int					 error = 0;
1367 
1368 	NG_HCI_M_PULLUP(event, sizeof(*ep));
1369 	if (event == NULL)
1370 		return (ENOBUFS);
1371 
1372 	ep = mtod(event, ng_hci_page_scan_rep_mode_change_ep *);
1373 
1374 	/* Update cache entry */
1375 	n = ng_hci_get_neighbor(unit, &ep->bdaddr, NG_HCI_LINK_ACL);
1376 	if (n == NULL) {
1377 		n = ng_hci_new_neighbor(unit);
1378 		if (n == NULL) {
1379 			error = ENOMEM;
1380 			goto out;
1381 		}
1382 
1383 		bcopy(&ep->bdaddr, &n->bdaddr, sizeof(n->bdaddr));
1384 		n->addrtype = NG_HCI_LINK_ACL;
1385 	} else
1386 		getmicrotime(&n->updated);
1387 
1388 	n->page_scan_rep_mode = ep->page_scan_rep_mode;
1389 out:
1390 	NG_FREE_M(event);
1391 
1392 	return (error);
1393 } /* page_scan_rep_mode_change */
1394