xref: /freebsd/sys/netgraph/bluetooth/l2cap/ng_l2cap_main.c (revision 1f4bcc459a76b7aa664f3fd557684cd0ba6da352)
1 /*
2  * ng_l2cap_main.c
3  */
4 
5 /*-
6  * Copyright (c) Maksim Yevmenkin <m_evmenkin@yahoo.com>
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  *
30  * $Id: ng_l2cap_main.c,v 1.2 2003/04/28 21:44:59 max Exp $
31  * $FreeBSD$
32  */
33 
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/kernel.h>
37 #include <sys/malloc.h>
38 #include <sys/mbuf.h>
39 #include <sys/queue.h>
40 #include <netgraph/ng_message.h>
41 #include <netgraph/netgraph.h>
42 #include <netgraph/ng_parse.h>
43 #include <netgraph/bluetooth/include/ng_bluetooth.h>
44 #include <netgraph/bluetooth/include/ng_hci.h>
45 #include <netgraph/bluetooth/include/ng_l2cap.h>
46 #include <netgraph/bluetooth/l2cap/ng_l2cap_var.h>
47 #include <netgraph/bluetooth/l2cap/ng_l2cap_cmds.h>
48 #include <netgraph/bluetooth/l2cap/ng_l2cap_evnt.h>
49 #include <netgraph/bluetooth/l2cap/ng_l2cap_llpi.h>
50 #include <netgraph/bluetooth/l2cap/ng_l2cap_ulpi.h>
51 #include <netgraph/bluetooth/l2cap/ng_l2cap_misc.h>
52 #include <netgraph/bluetooth/l2cap/ng_l2cap_prse.h>
53 
54 /******************************************************************************
55  ******************************************************************************
56  **  This node implements Link Layer Control and Adaptation Protocol (L2CAP)
57  ******************************************************************************
58  ******************************************************************************/
59 
60 /* MALLOC define */
61 #ifdef NG_SEPARATE_MALLOC
62 MALLOC_DEFINE(M_NETGRAPH_L2CAP, "netgraph_l2cap",
63 	"Netgraph Bluetooth L2CAP node");
64 #else
65 #define M_NETGRAPH_L2CAP M_NETGRAPH
66 #endif /* NG_SEPARATE_MALLOC */
67 
68 /* Netgraph node methods */
69 static	ng_constructor_t	ng_l2cap_constructor;
70 static	ng_shutdown_t		ng_l2cap_shutdown;
71 static	ng_newhook_t		ng_l2cap_newhook;
72 static	ng_connect_t		ng_l2cap_connect;
73 static	ng_disconnect_t		ng_l2cap_disconnect;
74 static	ng_rcvmsg_t		ng_l2cap_lower_rcvmsg;
75 static	ng_rcvmsg_t		ng_l2cap_upper_rcvmsg;
76 static	ng_rcvmsg_t		ng_l2cap_default_rcvmsg;
77 static	ng_rcvdata_t		ng_l2cap_rcvdata;
78 
79 /* Netgraph node type descriptor */
80 static	struct ng_type typestruct = {
81 	.version =	NG_ABI_VERSION,
82 	.name =		NG_L2CAP_NODE_TYPE,
83 	.constructor =	ng_l2cap_constructor,
84 	.rcvmsg =	ng_l2cap_default_rcvmsg,
85 	.shutdown =	ng_l2cap_shutdown,
86 	.newhook =	ng_l2cap_newhook,
87 	.connect =	ng_l2cap_connect,
88 	.rcvdata =	ng_l2cap_rcvdata,
89 	.disconnect =	ng_l2cap_disconnect,
90 	.cmdlist =	ng_l2cap_cmdlist,
91 };
92 NETGRAPH_INIT(l2cap, &typestruct);
93 MODULE_VERSION(ng_l2cap, NG_BLUETOOTH_VERSION);
94 MODULE_DEPEND(ng_l2cap, ng_bluetooth, NG_BLUETOOTH_VERSION,
95         NG_BLUETOOTH_VERSION, NG_BLUETOOTH_VERSION);
96 
97 /*****************************************************************************
98  *****************************************************************************
99  **                   Netgraph methods implementation
100  *****************************************************************************
101  *****************************************************************************/
102 
103 static void ng_l2cap_cleanup          (ng_l2cap_p);
104 static void ng_l2cap_destroy_channels (ng_l2cap_p);
105 
106 /*
107  * Create new instance of L2CAP node
108  */
109 
110 static int
111 ng_l2cap_constructor(node_p node)
112 {
113 	ng_l2cap_p	l2cap = NULL;
114 
115 	/* Create new L2CAP node */
116 	l2cap = malloc(sizeof(*l2cap), M_NETGRAPH_L2CAP, M_WAITOK | M_ZERO);
117 
118 	l2cap->node = node;
119 	l2cap->debug = NG_L2CAP_WARN_LEVEL;
120 	l2cap->discon_timo = 5; /* sec */
121 
122 	LIST_INIT(&l2cap->con_list);
123 	LIST_INIT(&l2cap->chan_list);
124 
125 	NG_NODE_SET_PRIVATE(node, l2cap);
126 	NG_NODE_FORCE_WRITER(node);
127 
128 	return (0);
129 } /* ng_l2cap_constructor */
130 
131 /*
132  * Shutdown L2CAP node
133  */
134 
135 static int
136 ng_l2cap_shutdown(node_p node)
137 {
138 	ng_l2cap_p	l2cap = (ng_l2cap_p) NG_NODE_PRIVATE(node);
139 
140 	NG_NODE_SET_PRIVATE(node, NULL);
141 	NG_NODE_UNREF(node);
142 
143 	/* Clean up L2CAP node. Delete all connection, channels and commands */
144 	l2cap->node = NULL;
145 	ng_l2cap_cleanup(l2cap);
146 
147 	bzero(l2cap, sizeof(*l2cap));
148 	free(l2cap, M_NETGRAPH_L2CAP);
149 
150 	return (0);
151 } /* ng_l2cap_shutdown */
152 
153 /*
154  * Give our OK for a hook to be added. HCI layer is connected to the HCI
155  * (NG_L2CAP_HOOK_HCI) hook. As per specification L2CAP layer MUST provide
156  * Procol/Service Multiplexing, so the L2CAP node provides separate hooks
157  * for SDP (NG_L2CAP_HOOK_SDP), RFCOMM (NG_L2CAP_HOOK_RFCOMM) and TCP
158  * (NG_L2CAP_HOOK_TCP) protcols. Unknown PSM will be forwarded to
159  * NG_L2CAP_HOOK_ORPHAN hook. Control node/application is connected to
160  * control (NG_L2CAP_HOOK_CTL) hook.
161  */
162 
163 static int
164 ng_l2cap_newhook(node_p node, hook_p hook, char const *name)
165 {
166 	ng_l2cap_p	 l2cap = (ng_l2cap_p) NG_NODE_PRIVATE(node);
167 	hook_p		*h = NULL;
168 
169 	if (strcmp(name, NG_L2CAP_HOOK_HCI) == 0)
170 		h = &l2cap->hci;
171 	else if (strcmp(name, NG_L2CAP_HOOK_L2C) == 0)
172 		h = &l2cap->l2c;
173 	else if (strcmp(name, NG_L2CAP_HOOK_CTL) == 0)
174 		h = &l2cap->ctl;
175 	else
176 		return (EINVAL);
177 
178 	if (*h != NULL)
179 		return (EISCONN);
180 
181 	*h = hook;
182 
183 	return (0);
184 } /* ng_l2cap_newhook */
185 
186 /*
187  * Give our final OK to connect hook. Nothing to do here.
188  */
189 
190 static int
191 ng_l2cap_connect(hook_p hook)
192 {
193 	ng_l2cap_p	l2cap = (ng_l2cap_p) NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
194 	int		error = 0;
195 
196 	if (hook == l2cap->hci)
197 		NG_HOOK_SET_RCVMSG(hook, ng_l2cap_lower_rcvmsg);
198 	else
199 	if (hook == l2cap->l2c || hook == l2cap->ctl) {
200 		NG_HOOK_SET_RCVMSG(hook, ng_l2cap_upper_rcvmsg);
201 
202 		/* Send delayed notification to the upper layer */
203 		error = ng_send_fn(l2cap->node, hook, ng_l2cap_send_hook_info,
204 				NULL, 0);
205 	} else
206 		error = EINVAL;
207 
208 	return (error);
209 } /* ng_l2cap_connect */
210 
211 /*
212  * Disconnect the hook. For downstream hook we must notify upper layers.
213  *
214  * XXX For upstream hooks this is really ugly :( Hook was disconnected and it
215  * XXX is now too late to do anything. For now we just clean up our own mess
216  * XXX and remove all channels that use disconnected upstream hook. If we don't
217  * XXX do that then L2CAP node can get out of sync with upper layers.
218  * XXX No notification will be sent to remote peer.
219  */
220 
221 static int
222 ng_l2cap_disconnect(hook_p hook)
223 {
224 	ng_l2cap_p	 l2cap = (ng_l2cap_p) NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
225 	hook_p		*h = NULL;
226 
227 	if (hook == l2cap->hci) {
228 		ng_l2cap_cleanup(l2cap);
229 		h = &l2cap->hci;
230 	} else
231 	if (hook == l2cap->l2c) {
232 		ng_l2cap_destroy_channels(l2cap);
233 		h = &l2cap->l2c;
234 	} else
235 	if (hook == l2cap->ctl)
236 		h = &l2cap->ctl;
237 	else
238 		return (EINVAL);
239 
240 	*h = NULL;
241 
242 	/* Shutdown when all hooks are disconnected */
243 	if (NG_NODE_NUMHOOKS(NG_HOOK_NODE(hook)) == 0 &&
244 	    NG_NODE_IS_VALID(NG_HOOK_NODE(hook)))
245 		ng_rmnode_self(NG_HOOK_NODE(hook));
246 
247 	return (0);
248 } /* ng_l2cap_disconnect */
249 
250 /*
251  * Process control message from lower layer
252  */
253 
254 static int
255 ng_l2cap_lower_rcvmsg(node_p node, item_p item, hook_p lasthook)
256 {
257 	ng_l2cap_p	 l2cap = (ng_l2cap_p) NG_NODE_PRIVATE(node);
258 	struct ng_mesg	*msg = NGI_MSG(item); /* item still has message */
259 	int		 error = 0;
260 
261 	switch (msg->header.typecookie) {
262 	case NGM_HCI_COOKIE:
263 		switch (msg->header.cmd) {
264 		/* HCI node is ready */
265 		case NGM_HCI_NODE_UP: {
266 			ng_hci_node_up_ep	*ep = NULL;
267 
268 			if (msg->header.arglen != sizeof(*ep))
269 				error = EMSGSIZE;
270 			else {
271 				ep = (ng_hci_node_up_ep *)(msg->data);
272 
273 				NG_L2CAP_INFO(
274 "%s: %s - HCI node is up, bdaddr: %x:%x:%x:%x:%x:%x, " \
275 "pkt_size=%d bytes, num_pkts=%d\n",	__func__, NG_NODE_NAME(l2cap->node),
276 					ep->bdaddr.b[5], ep->bdaddr.b[4],
277 					ep->bdaddr.b[3], ep->bdaddr.b[2],
278 					ep->bdaddr.b[1], ep->bdaddr.b[0],
279 					ep->pkt_size, ep->num_pkts);
280 
281 				bcopy(&ep->bdaddr, &l2cap->bdaddr,
282 					sizeof(l2cap->bdaddr));
283 				l2cap->pkt_size = ep->pkt_size;
284 				l2cap->num_pkts = ep->num_pkts;
285 
286 				/* Notify upper layers */
287 				ng_l2cap_send_hook_info(l2cap->node,
288 					l2cap->l2c, NULL, 0);
289 				ng_l2cap_send_hook_info(l2cap->node,
290 					l2cap->ctl, NULL, 0);
291 			}
292 			} break;
293 
294 		case NGM_HCI_SYNC_CON_QUEUE: {
295 			ng_hci_sync_con_queue_ep	*ep = NULL;
296 			ng_l2cap_con_p			 con = NULL;
297 
298 			if (msg->header.arglen != sizeof(*ep))
299 				error = EMSGSIZE;
300 			else {
301 				ep = (ng_hci_sync_con_queue_ep *)(msg->data);
302 				con = ng_l2cap_con_by_handle(l2cap,
303 							ep->con_handle);
304 				if (con == NULL)
305 					break;
306 
307 				NG_L2CAP_INFO(
308 "%s: %s - sync HCI connection queue, con_handle=%d, pending=%d, completed=%d\n",
309 					 __func__, NG_NODE_NAME(l2cap->node),
310 					ep->con_handle, con->pending,
311 					ep->completed);
312 
313 				con->pending -= ep->completed;
314 				if (con->pending < 0) {
315 					NG_L2CAP_WARN(
316 "%s: %s - pending packet counter is out of sync! " \
317 "con_handle=%d, pending=%d, completed=%d\n",	__func__,
318 						NG_NODE_NAME(l2cap->node),
319 						con->con_handle, con->pending,
320 						ep->completed);
321 
322 					con->pending = 0;
323 				}
324 
325 				ng_l2cap_lp_deliver(con);
326 			}
327 			} break;
328 
329 		/* LP_ConnectCfm[Neg] */
330 		case NGM_HCI_LP_CON_CFM:
331 			error = ng_l2cap_lp_con_cfm(l2cap, msg);
332 			break;
333 
334 		/* LP_ConnectInd */
335 		case NGM_HCI_LP_CON_IND:
336 			error = ng_l2cap_lp_con_ind(l2cap, msg);
337 			break;
338 
339 		/* LP_DisconnectInd */
340 		case NGM_HCI_LP_DISCON_IND:
341 			error = ng_l2cap_lp_discon_ind(l2cap, msg);
342 			break;
343 
344 		/* LP_QoSSetupCfm[Neg] */
345 		case NGM_HCI_LP_QOS_CFM:
346 			error = ng_l2cap_lp_qos_cfm(l2cap, msg);
347 			break;
348 
349 		/* LP_OoSViolationInd */
350 		case NGM_HCI_LP_QOS_IND:
351 			error = ng_l2cap_lp_qos_ind(l2cap, msg);
352 			break;
353 		case NGM_HCI_LP_ENC_CHG:
354 			error = ng_l2cap_lp_enc_change(l2cap, msg);
355 			break;
356 		default:
357 			error = EINVAL;
358 			break;
359 		}
360 		break;
361 
362 	default:
363 		return (ng_l2cap_default_rcvmsg(node, item, lasthook));
364 		/* NOT REACHED */
365 	}
366 
367 	NG_FREE_ITEM(item);
368 
369 	return (error);
370 } /* ng_l2cap_lower_rcvmsg */
371 
372 /*
373  * Process control message from upper layer
374  */
375 
376 static int
377 ng_l2cap_upper_rcvmsg(node_p node, item_p item, hook_p lasthook)
378 {
379 	ng_l2cap_p	 l2cap = (ng_l2cap_p) NG_NODE_PRIVATE(node);
380 	struct ng_mesg	*msg = NGI_MSG(item); /* item still has message */
381 	int		 error = 0;
382 
383 	switch (msg->header.typecookie) {
384 	case NGM_L2CAP_COOKIE:
385 		switch (msg->header.cmd) {
386 		/* L2CA_Connect */
387 		case NGM_L2CAP_L2CA_CON:
388 			error = ng_l2cap_l2ca_con_req(l2cap, msg);
389 			break;
390 
391 		/* L2CA_ConnectRsp */
392 		case NGM_L2CAP_L2CA_CON_RSP:
393 			error = ng_l2cap_l2ca_con_rsp_req(l2cap, msg);
394 			break;
395 
396 		/* L2CA_Config */
397 		case NGM_L2CAP_L2CA_CFG:
398 			error = ng_l2cap_l2ca_cfg_req(l2cap, msg);
399 			break;
400 
401 		/* L2CA_ConfigRsp */
402 		case NGM_L2CAP_L2CA_CFG_RSP:
403 			error = ng_l2cap_l2ca_cfg_rsp_req(l2cap, msg);
404 			break;
405 
406 		/* L2CA_Disconnect */
407 		case NGM_L2CAP_L2CA_DISCON:
408 			error = ng_l2cap_l2ca_discon_req(l2cap, msg);
409 			break;
410 
411 		/* L2CA_GroupCreate */
412 		case NGM_L2CAP_L2CA_GRP_CREATE:
413 			error = ng_l2cap_l2ca_grp_create(l2cap, msg);
414 			break;
415 
416 		/* L2CA_GroupClose */
417 		case NGM_L2CAP_L2CA_GRP_CLOSE:
418 			error = ng_l2cap_l2ca_grp_close(l2cap, msg);
419 			break;
420 
421 		/* L2CA_GroupAddMember */
422 		case NGM_L2CAP_L2CA_GRP_ADD_MEMBER:
423 			error = ng_l2cap_l2ca_grp_add_member_req(l2cap, msg);
424 			break;
425 
426 		/* L2CA_GroupDeleteMember */
427 		case NGM_L2CAP_L2CA_GRP_REM_MEMBER:
428 			error = ng_l2cap_l2ca_grp_rem_member(l2cap, msg);
429 			break;
430 
431 		/* L2CA_GroupMembership */
432 		case NGM_L2CAP_L2CA_GRP_MEMBERSHIP:
433 			error = ng_l2cap_l2ca_grp_get_members(l2cap, msg);
434 			break;
435 
436 		/* L2CA_Ping */
437 		case NGM_L2CAP_L2CA_PING:
438 			error = ng_l2cap_l2ca_ping_req(l2cap, msg);
439 			break;
440 
441 		/* L2CA_GetInfo */
442 		case NGM_L2CAP_L2CA_GET_INFO:
443 			error = ng_l2cap_l2ca_get_info_req(l2cap, msg);
444 			break;
445 
446 		/* L2CA_EnableCLT */
447 		case NGM_L2CAP_L2CA_ENABLE_CLT:
448 			error = ng_l2cap_l2ca_enable_clt(l2cap, msg);
449 			break;
450 
451 		default:
452 			return (ng_l2cap_default_rcvmsg(node, item, lasthook));
453 			/* NOT REACHED */
454 		}
455 		break;
456 
457 	default:
458 		return (ng_l2cap_default_rcvmsg(node, item, lasthook));
459 		/* NOT REACHED */
460 	}
461 
462 	NG_FREE_ITEM(item);
463 
464 	return (error);
465 } /* ng_l2cap_upper_rcvmsg */
466 
467 /*
468  * Default control message processing routine
469  */
470 
471 static int
472 ng_l2cap_default_rcvmsg(node_p node, item_p item, hook_p lasthook)
473 {
474 	ng_l2cap_p	 l2cap = (ng_l2cap_p) NG_NODE_PRIVATE(node);
475 	struct ng_mesg	*msg = NULL, *rsp = NULL;
476 	int		 error = 0;
477 
478 	/* Detach and process message */
479 	NGI_GET_MSG(item, msg);
480 
481 	switch (msg->header.typecookie) {
482 	case NGM_GENERIC_COOKIE:
483 		switch (msg->header.cmd) {
484 		case NGM_TEXT_STATUS:
485 			NG_MKRESPONSE(rsp, msg, NG_TEXTRESPONSE, M_NOWAIT);
486 			if (rsp == NULL)
487 				error = ENOMEM;
488 			else
489 				snprintf(rsp->data, NG_TEXTRESPONSE,
490 					"bdaddr %x:%x:%x:%x:%x:%x, " \
491 					"pkt_size %d\n" \
492 					"Hooks %s %s %s\n" \
493 					"Flags %#x\n",
494 					l2cap->bdaddr.b[5], l2cap->bdaddr.b[4],
495 					l2cap->bdaddr.b[3], l2cap->bdaddr.b[2],
496 					l2cap->bdaddr.b[1], l2cap->bdaddr.b[0],
497 					l2cap->pkt_size,
498 					(l2cap->hci != NULL)?
499 						NG_L2CAP_HOOK_HCI : "",
500 					(l2cap->l2c != NULL)?
501 						NG_L2CAP_HOOK_L2C : "",
502 					(l2cap->ctl != NULL)?
503 						NG_L2CAP_HOOK_CTL : "",
504 					l2cap->flags);
505 			break;
506 
507 		default:
508 			error = EINVAL;
509 			break;
510 		}
511 		break;
512 
513 	/* Messages from the upper layer or directed to the local node */
514 	case NGM_L2CAP_COOKIE:
515 		switch (msg->header.cmd) {
516 		/* Get node flags */
517 		case NGM_L2CAP_NODE_GET_FLAGS:
518 			NG_MKRESPONSE(rsp, msg, sizeof(ng_l2cap_node_flags_ep),
519 				M_NOWAIT);
520 			if (rsp == NULL)
521 				error = ENOMEM;
522 			else
523 				*((ng_l2cap_node_flags_ep *)(rsp->data)) =
524 					l2cap->flags;
525 			break;
526 
527 		/* Get node debug */
528 		case NGM_L2CAP_NODE_GET_DEBUG:
529 			NG_MKRESPONSE(rsp, msg, sizeof(ng_l2cap_node_debug_ep),
530 				M_NOWAIT);
531 			if (rsp == NULL)
532 				error = ENOMEM;
533 			else
534 				*((ng_l2cap_node_debug_ep *)(rsp->data)) =
535 					l2cap->debug;
536 			break;
537 
538 		/* Set node debug */
539 		case NGM_L2CAP_NODE_SET_DEBUG:
540 			if (msg->header.arglen !=
541 					sizeof(ng_l2cap_node_debug_ep))
542 				error = EMSGSIZE;
543 			else
544 				l2cap->debug =
545 					*((ng_l2cap_node_debug_ep *)(msg->data));
546 			break;
547 
548 		/* Get connection list */
549 		case NGM_L2CAP_NODE_GET_CON_LIST: {
550 			ng_l2cap_con_p			 con = NULL;
551 			ng_l2cap_node_con_list_ep	*e1 = NULL;
552 			ng_l2cap_node_con_ep		*e2 = NULL;
553 			int				 n = 0;
554 
555 			/* Count number of connections */
556 			LIST_FOREACH(con, &l2cap->con_list, next)
557 				n++;
558 			if (n > NG_L2CAP_MAX_CON_NUM)
559 				n = NG_L2CAP_MAX_CON_NUM;
560 
561 			/* Prepare response */
562 			NG_MKRESPONSE(rsp, msg,
563 				sizeof(*e1) + n * sizeof(*e2), M_NOWAIT);
564 			if (rsp == NULL) {
565 				error = ENOMEM;
566 				break;
567 			}
568 
569 			e1 = (ng_l2cap_node_con_list_ep *)(rsp->data);
570 			e2 = (ng_l2cap_node_con_ep *)(e1 + 1);
571 
572 			e1->num_connections = n;
573 
574 			LIST_FOREACH(con, &l2cap->con_list, next) {
575 				e2->state = con->state;
576 
577 				e2->flags = con->flags;
578 				if (con->tx_pkt != NULL)
579 					e2->flags |= NG_L2CAP_CON_TX;
580 				if (con->rx_pkt != NULL)
581 					e2->flags |= NG_L2CAP_CON_RX;
582 
583 				e2->pending = con->pending;
584 
585 				e2->con_handle = con->con_handle;
586 				bcopy(&con->remote, &e2->remote,
587 					sizeof(e2->remote));
588 
589 				e2 ++;
590 				if (--n <= 0)
591 					break;
592 			}
593 			} break;
594 
595 		/* Get channel list */
596 		case NGM_L2CAP_NODE_GET_CHAN_LIST: {
597 			ng_l2cap_chan_p			 ch = NULL;
598 			ng_l2cap_node_chan_list_ep	*e1 = NULL;
599 			ng_l2cap_node_chan_ep		*e2 = NULL;
600 			int				 n = 0;
601 
602 			/* Count number of channels */
603 			LIST_FOREACH(ch, &l2cap->chan_list, next)
604 				n ++;
605 			if (n > NG_L2CAP_MAX_CHAN_NUM)
606 				n = NG_L2CAP_MAX_CHAN_NUM;
607 
608 			/* Prepare response */
609 			NG_MKRESPONSE(rsp, msg,
610 				sizeof(ng_l2cap_node_chan_list_ep) +
611 				n * sizeof(ng_l2cap_node_chan_ep), M_NOWAIT);
612 			if (rsp == NULL) {
613 				error = ENOMEM;
614 				break;
615 			}
616 
617 			e1 = (ng_l2cap_node_chan_list_ep *)(rsp->data);
618 			e2 = (ng_l2cap_node_chan_ep *)(e1 + 1);
619 
620 			e1->num_channels = n;
621 
622 			LIST_FOREACH(ch, &l2cap->chan_list, next) {
623 				e2->state = ch->state;
624 
625 				e2->scid = ch->scid;
626 				e2->dcid = ch->dcid;
627 
628 				e2->imtu = ch->imtu;
629 				e2->omtu = ch->omtu;
630 
631 				e2->psm = ch->psm;
632 				bcopy(&ch->con->remote, &e2->remote,
633 					sizeof(e2->remote));
634 
635 				e2 ++;
636 				if (--n <= 0)
637 					break;
638 			}
639 			} break;
640 
641 		case NGM_L2CAP_NODE_GET_AUTO_DISCON_TIMO:
642 			NG_MKRESPONSE(rsp, msg,
643 				sizeof(ng_l2cap_node_auto_discon_ep), M_NOWAIT);
644 			if (rsp == NULL)
645 				error = ENOMEM;
646 			else
647 				*((ng_l2cap_node_auto_discon_ep *)(rsp->data)) =
648 					l2cap->discon_timo;
649 			break;
650 
651 		case NGM_L2CAP_NODE_SET_AUTO_DISCON_TIMO:
652 			if (msg->header.arglen !=
653 					sizeof(ng_l2cap_node_auto_discon_ep))
654 				error = EMSGSIZE;
655 			else
656 				l2cap->discon_timo =
657 					*((ng_l2cap_node_auto_discon_ep *)
658 							(msg->data));
659 			break;
660 
661 		default:
662 			error = EINVAL;
663 			break;
664 		}
665 		break;
666 
667 	default:
668 		error = EINVAL;
669 		break;
670 	}
671 
672 	NG_RESPOND_MSG(error, node, item, rsp);
673 	NG_FREE_MSG(msg);
674 
675 	return (error);
676 } /* ng_l2cap_rcvmsg */
677 
678 /*
679  * Process data packet from one of our hooks.
680  *
681  * From the HCI hook we expect to receive ACL data packets. ACL data packets
682  * gets re-assembled into one L2CAP packet (according to length) and then gets
683  * processed.
684  *
685  * NOTE: We expect to receive L2CAP packet header in the first fragment.
686  *       Otherwise we WILL NOT be able to get length of the L2CAP packet.
687  *
688  * Signaling L2CAP packets (destination channel ID == 0x1) are processed within
689  * the node. Connectionless data packets (destination channel ID == 0x2) will
690  * be forwarded to appropriate upstream hook unless it is not connected or
691  * connectionless traffic for the specified PSM was disabled.
692  *
693  * From the upstream hooks we expect to receive data packets. These data
694  * packets will be converted into L2CAP data packets. The length of each
695  * L2CAP packet must not exceed channel's omtu (our peer's imtu). Then
696  * these L2CAP packets will be converted to ACL data packets (according to
697  * HCI layer MTU) and sent to lower layer.
698  *
699  * No data is expected from the control hook.
700  */
701 
702 static int
703 ng_l2cap_rcvdata(hook_p hook, item_p item)
704 {
705 	ng_l2cap_p	 l2cap = (ng_l2cap_p) NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
706 	struct mbuf	*m = NULL;
707 	int		 error = 0;
708 
709 	/* Detach mbuf, discard item and process data */
710 	NGI_GET_M(item, m);
711 	NG_FREE_ITEM(item);
712 
713 	if (hook == l2cap->hci)
714 		error = ng_l2cap_lp_receive(l2cap, m);
715 	else if (hook == l2cap->l2c)
716 		error = ng_l2cap_l2ca_write_req(l2cap, m);
717 	else {
718 		NG_FREE_M(m);
719 		error = EINVAL;
720 	}
721 
722 	return (error);
723 } /* ng_l2cap_rcvdata */
724 
725 /*
726  * Clean all connections, channels and commands for the L2CAP node
727  */
728 
729 static void
730 ng_l2cap_cleanup(ng_l2cap_p l2cap)
731 {
732 	ng_l2cap_con_p	con = NULL;
733 
734 	/* Clean up connection and channels */
735 	while (!LIST_EMPTY(&l2cap->con_list)) {
736 		con = LIST_FIRST(&l2cap->con_list);
737 
738 		if (con->flags & NG_L2CAP_CON_LP_TIMO)
739 			ng_l2cap_lp_untimeout(con);
740 		else if (con->flags & NG_L2CAP_CON_AUTO_DISCON_TIMO)
741 			ng_l2cap_discon_untimeout(con);
742 
743 		/* Connection terminated by local host */
744 		ng_l2cap_con_fail(con, 0x16);
745 	}
746 } /* ng_l2cap_cleanup */
747 
748 /*
749  * Destroy all channels that use specified upstream hook
750  */
751 
752 static void
753 ng_l2cap_destroy_channels(ng_l2cap_p l2cap)
754 {
755 	while (!LIST_EMPTY(&l2cap->chan_list))
756 		ng_l2cap_free_chan(LIST_FIRST(&l2cap->chan_list));
757 } /* ng_l2cap_destroy_channels_by_hook */
758 
759