#include <sys/cdefs.h>
__RCSID("$NetBSD: bnep.c,v 1.1 2008/08/17 13:20:57 plunky Exp $");
#include <sys/uio.h>
#define L2CAP_SOCKET_CHECKED
#include <bluetooth.h>
#include <sdp.h>
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include "btpand.h"
#include "bnep.h"
static bool bnep_recv_extension(packet_t *);
static size_t bnep_recv_control(channel_t *, uint8_t *, size_t, bool);
static size_t bnep_recv_control_command_not_understood(channel_t *, uint8_t *, size_t);
static size_t bnep_recv_setup_connection_req(channel_t *, uint8_t *, size_t);
static size_t bnep_recv_setup_connection_rsp(channel_t *, uint8_t *, size_t);
static size_t bnep_recv_filter_net_type_set(channel_t *, uint8_t *, size_t);
static size_t bnep_recv_filter_net_type_rsp(channel_t *, uint8_t *, size_t);
static size_t bnep_recv_filter_multi_addr_set(channel_t *, uint8_t *, size_t);
static size_t bnep_recv_filter_multi_addr_rsp(channel_t *, uint8_t *, size_t);
static bool bnep_pfilter(channel_t *, packet_t *);
static bool bnep_mfilter(channel_t *, packet_t *);
static uint8_t NAP_UUID[] = {
0x00, 0x00, 0x11, 0x16,
0x00, 0x00,
0x10, 0x00,
0x80, 0x00,
0x00, 0x80, 0x5f, 0x9b, 0x34, 0xfb
};
static uint8_t GN_UUID[] = {
0x00, 0x00, 0x11, 0x17,
0x00, 0x00,
0x10, 0x00,
0x80, 0x00,
0x00, 0x80, 0x5f, 0x9b, 0x34, 0xfb,
};
static uint8_t PANU_UUID[] = {
0x00, 0x00, 0x11, 0x15,
0x00, 0x00,
0x10, 0x00,
0x80, 0x00,
0x00, 0x80, 0x5f, 0x9b, 0x34, 0xfb
};
bool
bnep_recv(packet_t *pkt)
{
size_t len;
uint8_t type;
if (pkt->len < 1)
return false;
type = pkt->ptr[0];
packet_adj(pkt, 1);
switch (BNEP_TYPE(type)) {
case BNEP_GENERAL_ETHERNET:
if (pkt->len < (ETHER_ADDR_LEN * 2) + ETHER_TYPE_LEN) {
log_debug("dropped short packet (type 0x%2.2x)", type);
return false;
}
pkt->dst = pkt->ptr;
packet_adj(pkt, ETHER_ADDR_LEN);
pkt->src = pkt->ptr;
packet_adj(pkt, ETHER_ADDR_LEN);
pkt->type = pkt->ptr;
packet_adj(pkt, ETHER_TYPE_LEN);
break;
case BNEP_CONTROL:
len = bnep_recv_control(pkt->chan, pkt->ptr, pkt->len, false);
if (len == 0)
return false;
packet_adj(pkt, len);
break;
case BNEP_COMPRESSED_ETHERNET:
if (pkt->len < ETHER_TYPE_LEN) {
log_debug("dropped short packet (type 0x%2.2x)", type);
return false;
}
pkt->dst = pkt->chan->laddr;
pkt->src = pkt->chan->raddr;
pkt->type = pkt->ptr;
packet_adj(pkt, ETHER_TYPE_LEN);
break;
case BNEP_COMPRESSED_ETHERNET_SRC_ONLY:
if (pkt->len < ETHER_ADDR_LEN + ETHER_TYPE_LEN) {
log_debug("dropped short packet (type 0x%2.2x)", type);
return false;
}
pkt->dst = pkt->chan->laddr;
pkt->src = pkt->ptr;
packet_adj(pkt, ETHER_ADDR_LEN);
pkt->type = pkt->ptr;
packet_adj(pkt, ETHER_TYPE_LEN);
break;
case BNEP_COMPRESSED_ETHERNET_DST_ONLY:
if (pkt->len < ETHER_ADDR_LEN + ETHER_TYPE_LEN) {
log_debug("dropped short packet (type 0x%2.2x)", type);
return false;
}
pkt->dst = pkt->ptr;
packet_adj(pkt, ETHER_ADDR_LEN);
pkt->src = pkt->chan->raddr;
pkt->type = pkt->ptr;
packet_adj(pkt, ETHER_TYPE_LEN);
break;
default:
log_debug("dropped packet with reserved type 0x%2.2x", type);
return false;
}
if (BNEP_TYPE_EXT(type)
&& !bnep_recv_extension(pkt))
return false;
if (BNEP_TYPE(type) == BNEP_CONTROL
|| pkt->chan->state != CHANNEL_OPEN)
return false;
return true;
}
static bool
bnep_recv_extension(packet_t *pkt)
{
exthdr_t *eh;
size_t len, size;
uint8_t type;
do {
if (pkt->len < 2)
return false;
type = pkt->ptr[0];
size = pkt->ptr[1];
if (pkt->len < size + 2)
return false;
switch (type) {
case BNEP_EXTENSION_CONTROL:
len = bnep_recv_control(pkt->chan, pkt->ptr + 2, size, true);
if (len != size)
log_err("ignored spurious data in exthdr");
break;
default:
eh = malloc(sizeof(exthdr_t));
if (eh == NULL) {
log_err("exthdr malloc() failed: %m");
break;
}
eh->ptr = pkt->ptr;
eh->len = size;
STAILQ_INSERT_TAIL(&pkt->extlist, eh, next);
break;
}
packet_adj(pkt, size + 2);
} while (BNEP_TYPE_EXT(type));
return true;
}
static size_t
bnep_recv_control(channel_t *chan, uint8_t *ptr, size_t size, bool isext)
{
uint8_t type;
size_t len;
if (size-- < 1)
return 0;
type = *ptr++;
switch (type) {
case BNEP_CONTROL_COMMAND_NOT_UNDERSTOOD:
len = bnep_recv_control_command_not_understood(chan, ptr, size);
break;
case BNEP_SETUP_CONNECTION_REQUEST:
if (isext)
return 0;
len = bnep_recv_setup_connection_req(chan, ptr, size);
break;
case BNEP_SETUP_CONNECTION_RESPONSE:
if (isext)
return 0;
len = bnep_recv_setup_connection_rsp(chan, ptr, size);
break;
case BNEP_FILTER_NET_TYPE_SET:
len = bnep_recv_filter_net_type_set(chan, ptr, size);
break;
case BNEP_FILTER_NET_TYPE_RESPONSE:
len = bnep_recv_filter_net_type_rsp(chan, ptr, size);
break;
case BNEP_FILTER_MULTI_ADDR_SET:
len = bnep_recv_filter_multi_addr_set(chan, ptr, size);
break;
case BNEP_FILTER_MULTI_ADDR_RESPONSE:
len = bnep_recv_filter_multi_addr_rsp(chan, ptr, size);
break;
default:
len = 0;
break;
}
if (len == 0)
bnep_send_control(chan, BNEP_CONTROL_COMMAND_NOT_UNDERSTOOD, type);
return len;
}
static size_t
bnep_recv_control_command_not_understood(channel_t *chan, uint8_t *ptr, size_t size)
{
uint8_t type;
if (size < 1)
return 0;
type = *ptr++;
log_err("received Control Command Not Understood (0x%2.2x)", type);
channel_close(chan);
return 1;
}
static size_t
bnep_recv_setup_connection_req(channel_t *chan, uint8_t *ptr, size_t size)
{
uint8_t off;
int src, dst, rsp;
size_t len;
if (size < 1)
return 0;
len = *ptr++;
if (size < (len * 2 + 1))
return 0;
if (chan->state != CHANNEL_WAIT_CONNECT_REQ
&& chan->state != CHANNEL_OPEN) {
log_debug("ignored");
return (len * 2 + 1);
}
if (len == 2)
off = 2;
else if (len == 4)
off = 0;
else if (len == 16)
off = 0;
else {
rsp = BNEP_SETUP_INVALID_UUID_SIZE;
goto done;
}
if (memcmp(ptr, NAP_UUID + off, len) == 0)
dst = SDP_SERVICE_CLASS_NAP;
else if (memcmp(ptr, GN_UUID + off, len) == 0)
dst = SDP_SERVICE_CLASS_GN;
else if (memcmp(ptr, PANU_UUID + off, len) == 0)
dst = SDP_SERVICE_CLASS_PANU;
else
dst = 0;
if (dst != service_class) {
rsp = BNEP_SETUP_INVALID_DST_UUID;
goto done;
}
ptr += len;
if (memcmp(ptr, NAP_UUID + off, len) == 0)
src = SDP_SERVICE_CLASS_NAP;
else if (memcmp(ptr, GN_UUID + off, len) == 0)
src = SDP_SERVICE_CLASS_GN;
else if (memcmp(ptr, PANU_UUID + off, len) == 0)
src = SDP_SERVICE_CLASS_PANU;
else
src = 0;
if ((dst != SDP_SERVICE_CLASS_PANU && src != SDP_SERVICE_CLASS_PANU)
|| src == 0) {
rsp = BNEP_SETUP_INVALID_SRC_UUID;
goto done;
}
rsp = BNEP_SETUP_SUCCESS;
chan->state = CHANNEL_OPEN;
channel_timeout(chan, 0);
done:
log_debug("addr %s response 0x%2.2x",
ether_ntoa((struct ether_addr *)chan->raddr), rsp);
bnep_send_control(chan, BNEP_SETUP_CONNECTION_RESPONSE, rsp);
return (len * 2 + 1);
}
static size_t
bnep_recv_setup_connection_rsp(channel_t *chan, uint8_t *ptr, size_t size)
{
int rsp;
if (size < 2)
return 0;
rsp = be16dec(ptr);
if (chan->state != CHANNEL_WAIT_CONNECT_RSP) {
log_debug("ignored");
return 2;
}
log_debug("addr %s response 0x%2.2x",
ether_ntoa((struct ether_addr *)chan->raddr), rsp);
if (rsp == BNEP_SETUP_SUCCESS) {
chan->state = CHANNEL_OPEN;
channel_timeout(chan, 0);
} else {
channel_close(chan);
}
return 2;
}
static size_t
bnep_recv_filter_net_type_set(channel_t *chan, uint8_t *ptr, size_t size)
{
pfilter_t *pf;
int i, nf, rsp;
size_t len;
if (size < 2)
return 0;
len = be16dec(ptr);
ptr += 2;
if (size < (len + 2))
return 0;
if (chan->state != CHANNEL_OPEN) {
log_debug("ignored");
return (len + 2);
}
nf = len / 4;
pf = malloc(nf * sizeof(pfilter_t));
if (pf == NULL) {
rsp = BNEP_FILTER_TOO_MANY_FILTERS;
goto done;
}
log_debug("nf = %d", nf);
for (i = 0; i < nf; i++) {
pf[i].start = be16dec(ptr);
ptr += 2;
pf[i].end = be16dec(ptr);
ptr += 2;
if (pf[i].start > pf[i].end) {
free(pf);
rsp = BNEP_FILTER_INVALID_RANGE;
goto done;
}
log_debug("pf[%d] = %#4.4x, %#4.4x", i, pf[i].start, pf[i].end);
}
if (chan->pfilter)
free(chan->pfilter);
chan->pfilter = pf;
chan->npfilter = nf;
rsp = BNEP_FILTER_SUCCESS;
done:
log_debug("addr %s response 0x%2.2x",
ether_ntoa((struct ether_addr *)chan->raddr), rsp);
bnep_send_control(chan, BNEP_FILTER_NET_TYPE_RESPONSE, rsp);
return (len + 2);
}
static size_t
bnep_recv_filter_net_type_rsp(channel_t *chan, uint8_t *ptr, size_t size)
{
int rsp;
if (size < 2)
return 0;
if (chan->state != CHANNEL_OPEN) {
log_debug("ignored");
return 2;
}
rsp = be16dec(ptr);
log_debug("addr %s response 0x%2.2x",
ether_ntoa((struct ether_addr *)chan->raddr), rsp);
return 2;
}
static size_t
bnep_recv_filter_multi_addr_set(channel_t *chan, uint8_t *ptr, size_t size)
{
mfilter_t *mf;
int i, nf, rsp;
size_t len;
if (size < 2)
return 0;
len = be16dec(ptr);
ptr += 2;
if (size < (len + 2))
return 0;
if (chan->state != CHANNEL_OPEN) {
log_debug("ignored");
return (len + 2);
}
nf = len / (ETHER_ADDR_LEN * 2);
mf = malloc(nf * sizeof(mfilter_t));
if (mf == NULL) {
rsp = BNEP_FILTER_TOO_MANY_FILTERS;
goto done;
}
log_debug("nf = %d", nf);
for (i = 0; i < nf; i++) {
memcpy(mf[i].start, ptr, ETHER_ADDR_LEN);
ptr += ETHER_ADDR_LEN;
memcpy(mf[i].end, ptr, ETHER_ADDR_LEN);
ptr += ETHER_ADDR_LEN;
if (memcmp(mf[i].start, mf[i].end, ETHER_ADDR_LEN) > 0) {
free(mf);
rsp = BNEP_FILTER_INVALID_RANGE;
goto done;
}
log_debug("pf[%d] = "
"%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x, "
"%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x", i,
mf[i].start[0], mf[i].start[1], mf[i].start[2],
mf[i].start[3], mf[i].start[4], mf[i].start[5],
mf[i].end[0], mf[i].end[1], mf[i].end[2],
mf[i].end[3], mf[i].end[4], mf[i].end[5]);
}
if (chan->mfilter)
free(chan->mfilter);
chan->mfilter = mf;
chan->nmfilter = nf;
rsp = BNEP_FILTER_SUCCESS;
done:
log_debug("addr %s response 0x%2.2x",
ether_ntoa((struct ether_addr *)chan->raddr), rsp);
bnep_send_control(chan, BNEP_FILTER_MULTI_ADDR_RESPONSE, rsp);
return (len + 2);
}
static size_t
bnep_recv_filter_multi_addr_rsp(channel_t *chan, uint8_t *ptr, size_t size)
{
int rsp;
if (size < 2)
return false;
if (chan->state != CHANNEL_OPEN) {
log_debug("ignored");
return 2;
}
rsp = be16dec(ptr);
log_debug("addr %s response 0x%2.2x",
ether_ntoa((struct ether_addr *)chan->raddr), rsp);
return 2;
}
void
bnep_send_control(channel_t *chan, unsigned type, ...)
{
packet_t *pkt;
uint8_t *p;
va_list ap;
assert(chan->state != CHANNEL_CLOSED);
pkt = packet_alloc(chan);
if (pkt == NULL)
return;
p = pkt->ptr;
va_start(ap, type);
*p++ = BNEP_CONTROL;
*p++ = (uint8_t)type;
switch(type) {
case BNEP_CONTROL_COMMAND_NOT_UNDERSTOOD:
*p++ = va_arg(ap, int);
break;
case BNEP_SETUP_CONNECTION_REQUEST:
*p++ = va_arg(ap, int);
be16enc(p, va_arg(ap, int));
p += 2;
be16enc(p, va_arg(ap, int));
p += 2;
break;
case BNEP_SETUP_CONNECTION_RESPONSE:
case BNEP_FILTER_NET_TYPE_RESPONSE:
case BNEP_FILTER_MULTI_ADDR_RESPONSE:
be16enc(p, va_arg(ap, int));
p += 2;
break;
case BNEP_FILTER_NET_TYPE_SET:
case BNEP_FILTER_MULTI_ADDR_SET:
default:
log_err("Can't send control type 0x%2.2x", type);
break;
}
va_end(ap);
pkt->len = p - pkt->ptr;
channel_put(chan, pkt);
packet_free(pkt);
}
bool
bnep_send(channel_t *chan, packet_t *pkt)
{
struct iovec iov[2];
uint8_t *p, *type, *proto;
exthdr_t *eh;
bool src, dst;
size_t nw;
if (pkt->type == NULL) {
iov[0].iov_base = pkt->ptr;
iov[0].iov_len = pkt->len;
iov[1].iov_base = NULL;
iov[1].iov_len = 0;
} else {
p = chan->sendbuf;
dst = (memcmp(pkt->dst, chan->raddr, ETHER_ADDR_LEN) != 0);
src = (memcmp(pkt->src, chan->laddr, ETHER_ADDR_LEN) != 0);
type = p;
p += 1;
if (dst && src)
*type = BNEP_GENERAL_ETHERNET;
else if (dst && !src)
*type = BNEP_COMPRESSED_ETHERNET_DST_ONLY;
else if (!dst && src)
*type = BNEP_COMPRESSED_ETHERNET_SRC_ONLY;
else
*type = BNEP_COMPRESSED_ETHERNET;
if (dst) {
memcpy(p, pkt->dst, ETHER_ADDR_LEN);
p += ETHER_ADDR_LEN;
}
if (src) {
memcpy(p, pkt->src, ETHER_ADDR_LEN);
p += ETHER_ADDR_LEN;
}
proto = p;
memcpy(p, pkt->type, ETHER_TYPE_LEN);
p += ETHER_TYPE_LEN;
STAILQ_FOREACH(eh, &pkt->extlist, next) {
if (p + eh->len > chan->sendbuf + chan->mtu)
break;
*type |= BNEP_EXT;
type = p;
memcpy(p, eh->ptr, eh->len);
p += eh->len;
}
*type &= ~BNEP_EXT;
iov[0].iov_base = chan->sendbuf;
iov[0].iov_len = (p - chan->sendbuf);
if ((chan->npfilter == 0 || bnep_pfilter(chan, pkt))
&& (chan->nmfilter == 0 || bnep_mfilter(chan, pkt))) {
iov[1].iov_base = pkt->ptr;
iov[1].iov_len = pkt->len;
} else if (be16dec(proto) == ETHERTYPE_VLAN
&& pkt->len >= ETHER_VLAN_ENCAP_LEN) {
iov[1].iov_base = pkt->ptr;
iov[1].iov_len = ETHER_VLAN_ENCAP_LEN;
} else {
iov[1].iov_base = NULL;
iov[1].iov_len = 0;
memset(proto, 0, ETHER_TYPE_LEN);
}
}
if (iov[0].iov_len + iov[1].iov_len > chan->mtu) {
log_err("packet exceeded MTU (dropped)");
return false;
}
nw = writev(chan->fd, iov, __arraycount(iov));
return (nw > 0);
}
static bool
bnep_pfilter(channel_t *chan, packet_t *pkt)
{
int proto, i;
proto = be16dec(pkt->type);
if (proto == ETHERTYPE_VLAN) {
if (pkt->len < 4)
return false;
proto = be16dec(pkt->ptr + 2);
}
for (i = 0; i < chan->npfilter; i++) {
if (chan->pfilter[i].start <= proto
&& chan->pfilter[i].end >=proto)
return true;
}
return false;
}
static bool
bnep_mfilter(channel_t *chan, packet_t *pkt)
{
int i;
if (!ETHER_IS_MULTICAST(pkt->dst))
return true;
for (i = 0; i < chan->nmfilter; i++) {
if (memcmp(pkt->dst, chan->mfilter[i].start, ETHER_ADDR_LEN) >= 0
&& memcmp(pkt->dst, chan->mfilter[i].end, ETHER_ADDR_LEN) <= 0)
return true;
}
return false;
}
