Ubuntu
bluez package

.pc/applied-patches (+1/-0)
.pc/ssp_parameter.patch/doc/agent-api.txt (+123/-0)
.pc/ssp_parameter.patch/lib/hci.h (+2391/-0)
.pc/ssp_parameter.patch/lib/mgmt.h (+554/-0)
.pc/ssp_parameter.patch/plugins/hciops.c (+3943/-0)
.pc/ssp_parameter.patch/plugins/mgmtops.c (+2523/-0)
.pc/ssp_parameter.patch/src/agent.c (+844/-0)
.pc/ssp_parameter.patch/src/agent.h (+80/-0)
.pc/ssp_parameter.patch/src/device.c (+3164/-0)
.pc/ssp_parameter.patch/src/device.h (+128/-0)
.pc/ssp_parameter.patch/src/event.c (+571/-0)
.pc/ssp_parameter.patch/src/event.h (+49/-0)
.pc/ssp_parameter.patch/test/simple-agent (+144/-0)
debian/changelog (+19/-0)
debian/patches/series (+1/-0)
debian/patches/ssp_parameter.patch (+439/-0)
doc/agent-api.txt (+2/-1)
lib/hci.h (+2/-1)
lib/mgmt.h (+7/-0)
plugins/hciops.c (+1/-1)
plugins/mgmtops.c (+37/-0)
src/agent.c (+4/-1)
src/agent.h (+1/-1)
src/device.c (+116/-40)
src/device.h (+9/-2)
src/event.c (+7/-12)
src/event.h (+1/-1)
test/simple-agent (+3/-3)

To merge this branch:

bzr merge lp:~timchen119/ubuntu/utopic/bluez/lp1035431

Undecided

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Mathieu Trudel-Lapierre		2014-05-15	Approve on 2014-06-16
Review via email: mp+219626@code.launchpad.net

Description of the change

This fixed the issue for the paring issue on Logitech K810 and HP bluetooth keyboard K4000 and should also fixed any ssp paired bluetooth keyboard.

The root problem here is that in bluez4, the doc (agent-api.txt), specific that the
function

void DisplayPasskey(object device, uint32 passkey, uint8 entered)

however in bluez4's src/agent.c agent_display_passkey()
didn't pass the entered correct "enter" parameter,
and most of client implementation in linux (at least gnome-bluetooth, bluedevil, blueman) follows the specification in the api document so they never receive correct parameter.

This is already fixed in bluez5,
however due to the compatibility issue between bluez4 and bluez5
this never being backported in bluez4.

gnome-bluetooth do follow the doc and, but still have issues when display the number,
the number will not correctly display in current implementation,
however gnome-bluetooth is being removed in recent gnome upstream, so we need to maintain a ubuntu distro patch here.

This request is from our OEM so please help to review these patch and see if there's things I can improve this patch. If the patch is accepted I'll send SRUs to trusty (OEM shipping image is LTS based, so it will be trusty right now).

Revision history for this message

Mathieu Trudel-Lapierre (cyphermox) wrote on 2014-06-10:

Seems to me like the entered property is not consistently either an uint8 or an uint16, I think you'll want to keep it an uint16 everywhere maybe?

review: Needs Fixing

Revision history for this message

Tim Chen (timchen119) wrote on 2014-06-11:

@Mathieu
Thanks for the review and bring this up,
the reason behind this inconsistency is because it's how bluez5 doing it and I don't plan to modify too much upstream code when porting, upstream commit 6a394b2c7f19b53b630bef2e865f9bc289d4b75c says it's because D-Bus doesn't have a uint8 type, so they use uint16 instead and upstream still use uint8 internally.

==============================================================

commit 6a394b2c7f19b53b630bef2e865f9bc289d4b75c
Author: Johan Hedberg <email address hidden>
Date: Tue Sep 4 13:49:58 2012 +0300

agent-api: DisplayPasskey: D-Bus doesn't have a uint8 type

#git-upstream/bluez/src$ grep -C2 -Iir "_t entered" *
agent.c-
agent.c-int agent_display_passkey(struct agent *agent, struct btd_device *device,
agent.c: uint32_t passkey, uint16_t entered)
agent.c-{
agent.c- DBusMessage *message;
--
agent.h-
agent.h-int agent_display_passkey(struct agent *agent, struct btd_device *device,
agent.h: uint32_t passkey, uint16_t entered);
agent.h-
agent.h-int agent_display_pincode(struct agent *agent, struct btd_device *device,
--
device.c-
device.c-int device_notify_passkey(struct btd_device *device, uint32_t passkey,
device.c: uint8_t entered)
device.c-{
device.c- struct authentication_req *auth;
--
device.h- uint8_t confirm_hint);
device.h-int device_notify_passkey(struct btd_device *device, uint32_t passkey,
device.h: uint8_t entered);
device.h-int device_notify_pincode(struct btd_device *device, gboolean secure,
device.h- const char *pincode);

Revision history for this message

Mathieu Trudel-Lapierre (cyphermox) wrote on 2014-06-16:

Alright, let's land this.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Tim Chen

Ubuntu branches

 === modified file '.pc/applied-patches'
 --- .pc/applied-patches	2014-04-08 10:54:11 +0000
 +++ .pc/applied-patches	2014-05-15 03:26:22 +0000
@@ -14,3 +14,4 @@
  telephony_ofono_add_watch.patch
 _check_device_before_removing_from_devices.patch
 _reset_default_adapter_id.patch
++ssp_parameter.patch
 === added directory '.pc/ssp_parameter.patch'
 === added directory '.pc/ssp_parameter.patch/doc'
 === added file '.pc/ssp_parameter.patch/doc/agent-api.txt'
 --- .pc/ssp_parameter.patch/doc/agent-api.txt	1970-01-01 00:00:00 +0000
 +++ .pc/ssp_parameter.patch/doc/agent-api.txt	2014-05-15 03:26:22 +0000
@@ -0,0 +1,123 @@
++BlueZ D-Bus Agent API description
++**********************************
++
++Copyright (C) 2004-2010  Marcel Holtmann <marcel@holtmann.org>
++Copyright (C) 2005-2006  Johan Hedberg <johan.hedberg@nokia.com>
++
++
++Agent hierarchy
++===============
++
++Service		unique name
++Interface	org.bluez.Agent
++Object path	freely definable
++
++Methods		void Release()
++
++			This method gets called when the service daemon
++			unregisters the agent. An agent can use it to do
++			cleanup tasks. There is no need to unregister the
++			agent, because when this method gets called it has
++			already been unregistered.
++
++		string RequestPinCode(object device)
++
++			This method gets called when the service daemon
++			needs to get the passkey for an authentication.
++
++			The return value should be a string of 1-16 characters
++			length. The string can be alphanumeric.
++
++			Possible errors: org.bluez.Error.Rejected
++			                 org.bluez.Error.Canceled
++
++		uint32 RequestPasskey(object device)
++
++			This method gets called when the service daemon
++			needs to get the passkey for an authentication.
++
++			The return value should be a numeric value
++			between 0-999999.
++
++			Possible errors: org.bluez.Error.Rejected
++			                 org.bluez.Error.Canceled
++
++		void DisplayPasskey(object device, uint32 passkey, uint8 entered)
++
++			This method gets called when the service daemon
++			needs to display a passkey for an authentication.
++
++			The entered parameter indicates the number of already
++			typed keys on the remote side.
++
++			An empty reply should be returned. When the passkey
++			needs no longer to be displayed, the Cancel method
++			of the agent will be called.
++
++			During the pairing process this method might be
++			called multiple times to update the entered value.
++
++			Note that the passkey will always be a 6-digit number,
++			so the display should be zero-padded at the start if
++			the value contains less than 6 digits.
++
++		void DisplayPinCode(object device, string pincode)
++
++			This method gets called when the service daemon
++			needs to display a pincode for an authentication.
++
++			An empty reply should be returned. When the pincode
++			needs no longer to be displayed, the Cancel method
++			of the agent will be called.
++
++			If this method is not implemented the RequestPinCode
++			method will be used instead.
++
++			This is used during the pairing process of keyboards
++			that don't support Bluetooth 2.1 Secure Simple Pairing,
++			in contrast to DisplayPasskey which is used for those
++			that do.
++
++			This method will only ever be called once since
++			older keyboards do not support typing notification.
++
++			Note that the PIN will always be a 6-digit number,
++			zero-padded to 6 digits. This is for harmony with
++			the later specification.
++
++		void RequestConfirmation(object device, uint32 passkey)
++
++			This method gets called when the service daemon
++			needs to confirm a passkey for an authentication.
++
++			To confirm the value it should return an empty reply
++			or an error in case the passkey is invalid.
++
++			Note that the passkey will always be a 6-digit number,
++			so the display should be zero-padded at the start if
++			the value contains less than 6 digits.
++
++			Possible errors: org.bluez.Error.Rejected
++			                 org.bluez.Error.Canceled
++
++		void Authorize(object device, string uuid)
++
++			This method gets called when the service daemon
++			needs to authorize a connection/service request.
++
++			Possible errors: org.bluez.Error.Rejected
++			                 org.bluez.Error.Canceled
++
++		void ConfirmModeChange(string mode)
++
++			This method gets called if a mode change is requested
++			that needs to be confirmed by the user. An example
++			would be leaving flight mode.
++
++			Possible errors: org.bluez.Error.Rejected
++			                 org.bluez.Error.Canceled
++
++		void Cancel()
++
++			This method gets called to indicate that the agent
++			request failed before a reply was returned.
 === added directory '.pc/ssp_parameter.patch/lib'
 === added file '.pc/ssp_parameter.patch/lib/hci.h'
 --- .pc/ssp_parameter.patch/lib/hci.h	1970-01-01 00:00:00 +0000
 +++ .pc/ssp_parameter.patch/lib/hci.h	2014-05-15 03:26:22 +0000
@@ -0,0 +1,2391 @@
++/*
++ *
++ *  BlueZ - Bluetooth protocol stack for Linux
++ *
++ *  Copyright (C) 2000-2001  Qualcomm Incorporated
++ *  Copyright (C) 2002-2003  Maxim Krasnyansky <maxk@qualcomm.com>
++ *  Copyright (C) 2002-2010  Marcel Holtmann <marcel@holtmann.org>
++ *
++ *
++ *  This program is free software; you can redistribute it and/or modify
++ *  it under the terms of the GNU General Public License as published by
++ *  the Free Software Foundation; either version 2 of the License, or
++ *  (at your option) any later version.
++ *
++ *  This program is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *  GNU General Public License for more details.
++ *
++ *  You should have received a copy of the GNU General Public License
++ *  along with this program; if not, write to the Free Software
++ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ *
++ */
++
++#ifndef __HCI_H
++#define __HCI_H
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#include <sys/socket.h>
++
++#define HCI_MAX_DEV	16
++
++#define HCI_MAX_ACL_SIZE	1024
++#define HCI_MAX_SCO_SIZE	255
++#define HCI_MAX_EVENT_SIZE	260
++#define HCI_MAX_FRAME_SIZE	(HCI_MAX_ACL_SIZE + 4)
++
++/* HCI dev events */
++#define HCI_DEV_REG	1
++#define HCI_DEV_UNREG	2
++#define HCI_DEV_UP	3
++#define HCI_DEV_DOWN	4
++#define HCI_DEV_SUSPEND	5
++#define HCI_DEV_RESUME	6
++
++/* HCI bus types */
++#define HCI_VIRTUAL	0
++#define HCI_USB		1
++#define HCI_PCCARD	2
++#define HCI_UART	3
++#define HCI_RS232	4
++#define HCI_PCI		5
++#define HCI_SDIO	6
++
++/* HCI controller types */
++#define HCI_BREDR	0x00
++#define HCI_AMP		0x01
++
++/* HCI device flags */
++enum {
++	HCI_UP,
++	HCI_INIT,
++	HCI_RUNNING,
++
++	HCI_PSCAN,
++	HCI_ISCAN,
++	HCI_AUTH,
++	HCI_ENCRYPT,
++	HCI_INQUIRY,
++
++	HCI_RAW,
++};
++
++/* LE address type */
++enum {
++	LE_PUBLIC_ADDRESS = 0x00,
++	LE_RANDOM_ADDRESS = 0x01
++};
++
++/* HCI ioctl defines */
++#define HCIDEVUP	_IOW('H', 201, int)
++#define HCIDEVDOWN	_IOW('H', 202, int)
++#define HCIDEVRESET	_IOW('H', 203, int)
++#define HCIDEVRESTAT	_IOW('H', 204, int)
++
++#define HCIGETDEVLIST	_IOR('H', 210, int)
++#define HCIGETDEVINFO	_IOR('H', 211, int)
++#define HCIGETCONNLIST	_IOR('H', 212, int)
++#define HCIGETCONNINFO	_IOR('H', 213, int)
++#define HCIGETAUTHINFO	_IOR('H', 215, int)
++
++#define HCISETRAW	_IOW('H', 220, int)
++#define HCISETSCAN	_IOW('H', 221, int)
++#define HCISETAUTH	_IOW('H', 222, int)
++#define HCISETENCRYPT	_IOW('H', 223, int)
++#define HCISETPTYPE	_IOW('H', 224, int)
++#define HCISETLINKPOL	_IOW('H', 225, int)
++#define HCISETLINKMODE	_IOW('H', 226, int)
++#define HCISETACLMTU	_IOW('H', 227, int)
++#define HCISETSCOMTU	_IOW('H', 228, int)
++
++#define HCIBLOCKADDR	_IOW('H', 230, int)
++#define HCIUNBLOCKADDR	_IOW('H', 231, int)
++
++#define HCIINQUIRY	_IOR('H', 240, int)
++
++#ifndef __NO_HCI_DEFS
++
++/* HCI Packet types */
++#define HCI_COMMAND_PKT		0x01
++#define HCI_ACLDATA_PKT		0x02
++#define HCI_SCODATA_PKT		0x03
++#define HCI_EVENT_PKT		0x04
++#define HCI_VENDOR_PKT		0xff
++
++/* HCI Packet types */
++#define HCI_2DH1	0x0002
++#define HCI_3DH1	0x0004
++#define HCI_DM1		0x0008
++#define HCI_DH1		0x0010
++#define HCI_2DH3	0x0100
++#define HCI_3DH3	0x0200
++#define HCI_DM3		0x0400
++#define HCI_DH3		0x0800
++#define HCI_2DH5	0x1000
++#define HCI_3DH5	0x2000
++#define HCI_DM5		0x4000
++#define HCI_DH5		0x8000
++
++#define HCI_HV1		0x0020
++#define HCI_HV2		0x0040
++#define HCI_HV3		0x0080
++
++#define HCI_EV3		0x0008
++#define HCI_EV4		0x0010
++#define HCI_EV5		0x0020
++#define HCI_2EV3	0x0040
++#define HCI_3EV3	0x0080
++#define HCI_2EV5	0x0100
++#define HCI_3EV5	0x0200
++
++#define SCO_PTYPE_MASK	(HCI_HV1 | HCI_HV2 | HCI_HV3)
++#define ACL_PTYPE_MASK	(HCI_DM1 | HCI_DH1 | HCI_DM3 | HCI_DH3 | HCI_DM5 | HCI_DH5)
++
++/* HCI Error codes */
++#define HCI_UNKNOWN_COMMAND			0x01
++#define HCI_NO_CONNECTION			0x02
++#define HCI_HARDWARE_FAILURE			0x03
++#define HCI_PAGE_TIMEOUT			0x04
++#define HCI_AUTHENTICATION_FAILURE		0x05
++#define HCI_PIN_OR_KEY_MISSING			0x06
++#define HCI_MEMORY_FULL				0x07
++#define HCI_CONNECTION_TIMEOUT			0x08
++#define HCI_MAX_NUMBER_OF_CONNECTIONS		0x09
++#define HCI_MAX_NUMBER_OF_SCO_CONNECTIONS	0x0a
++#define HCI_ACL_CONNECTION_EXISTS		0x0b
++#define HCI_COMMAND_DISALLOWED			0x0c
++#define HCI_REJECTED_LIMITED_RESOURCES		0x0d
++#define HCI_REJECTED_SECURITY			0x0e
++#define HCI_REJECTED_PERSONAL			0x0f
++#define HCI_HOST_TIMEOUT			0x10
++#define HCI_UNSUPPORTED_FEATURE			0x11
++#define HCI_INVALID_PARAMETERS			0x12
++#define HCI_OE_USER_ENDED_CONNECTION		0x13
++#define HCI_OE_LOW_RESOURCES			0x14
++#define HCI_OE_POWER_OFF			0x15
++#define HCI_CONNECTION_TERMINATED		0x16
++#define HCI_REPEATED_ATTEMPTS			0x17
++#define HCI_PAIRING_NOT_ALLOWED			0x18
++#define HCI_UNKNOWN_LMP_PDU			0x19
++#define HCI_UNSUPPORTED_REMOTE_FEATURE		0x1a
++#define HCI_SCO_OFFSET_REJECTED			0x1b
++#define HCI_SCO_INTERVAL_REJECTED		0x1c
++#define HCI_AIR_MODE_REJECTED			0x1d
++#define HCI_INVALID_LMP_PARAMETERS		0x1e
++#define HCI_UNSPECIFIED_ERROR			0x1f
++#define HCI_UNSUPPORTED_LMP_PARAMETER_VALUE	0x20
++#define HCI_ROLE_CHANGE_NOT_ALLOWED		0x21
++#define HCI_LMP_RESPONSE_TIMEOUT		0x22
++#define HCI_LMP_ERROR_TRANSACTION_COLLISION	0x23
++#define HCI_LMP_PDU_NOT_ALLOWED			0x24
++#define HCI_ENCRYPTION_MODE_NOT_ACCEPTED	0x25
++#define HCI_UNIT_LINK_KEY_USED			0x26
++#define HCI_QOS_NOT_SUPPORTED			0x27
++#define HCI_INSTANT_PASSED			0x28
++#define HCI_PAIRING_NOT_SUPPORTED		0x29
++#define HCI_TRANSACTION_COLLISION		0x2a
++#define HCI_QOS_UNACCEPTABLE_PARAMETER		0x2c
++#define HCI_QOS_REJECTED			0x2d
++#define HCI_CLASSIFICATION_NOT_SUPPORTED	0x2e
++#define HCI_INSUFFICIENT_SECURITY		0x2f
++#define HCI_PARAMETER_OUT_OF_RANGE		0x30
++#define HCI_ROLE_SWITCH_PENDING			0x32
++#define HCI_SLOT_VIOLATION			0x34
++#define HCI_ROLE_SWITCH_FAILED			0x35
++#define HCI_EIR_TOO_LARGE			0x36
++#define HCI_SIMPLE_PAIRING_NOT_SUPPORTED	0x37
++#define HCI_HOST_BUSY_PAIRING			0x38
++
++/* ACL flags */
++#define ACL_START_NO_FLUSH	0x00
++#define ACL_CONT		0x01
++#define ACL_START		0x02
++#define ACL_ACTIVE_BCAST	0x04
++#define ACL_PICO_BCAST		0x08
++
++/* Baseband links */
++#define SCO_LINK	0x00
++#define ACL_LINK	0x01
++#define ESCO_LINK	0x02
++
++/* LMP features */
++#define LMP_3SLOT	0x01
++#define LMP_5SLOT	0x02
++#define LMP_ENCRYPT	0x04
++#define LMP_SOFFSET	0x08
++#define LMP_TACCURACY	0x10
++#define LMP_RSWITCH	0x20
++#define LMP_HOLD	0x40
++#define LMP_SNIFF	0x80
++
++#define LMP_PARK	0x01
++#define LMP_RSSI	0x02
++#define LMP_QUALITY	0x04
++#define LMP_SCO		0x08
++#define LMP_HV2		0x10
++#define LMP_HV3		0x20
++#define LMP_ULAW	0x40
++#define LMP_ALAW	0x80
++
++#define LMP_CVSD	0x01
++#define LMP_PSCHEME	0x02
++#define LMP_PCONTROL	0x04
++#define LMP_TRSP_SCO	0x08
++#define LMP_BCAST_ENC	0x80
++
++#define LMP_EDR_ACL_2M	0x02
++#define LMP_EDR_ACL_3M	0x04
++#define LMP_ENH_ISCAN	0x08
++#define LMP_ILACE_ISCAN	0x10
++#define LMP_ILACE_PSCAN	0x20
++#define LMP_RSSI_INQ	0x40
++#define LMP_ESCO	0x80
++
++#define LMP_EV4		0x01
++#define LMP_EV5		0x02
++#define LMP_AFH_CAP_SLV	0x08
++#define LMP_AFH_CLS_SLV	0x10
++#define LMP_NO_BREDR	0x20
++#define LMP_LE		0x40
++#define LMP_EDR_3SLOT	0x80
++
++#define LMP_EDR_5SLOT	0x01
++#define LMP_SNIFF_SUBR	0x02
++#define LMP_PAUSE_ENC	0x04
++#define LMP_AFH_CAP_MST	0x08
++#define LMP_AFH_CLS_MST	0x10
++#define LMP_EDR_ESCO_2M	0x20
++#define LMP_EDR_ESCO_3M	0x40
++#define LMP_EDR_3S_ESCO	0x80
++
++#define LMP_EXT_INQ	0x01
++#define LMP_LE_BREDR	0x02
++#define LMP_SIMPLE_PAIR	0x08
++#define LMP_ENCAPS_PDU	0x10
++#define LMP_ERR_DAT_REP	0x20
++#define LMP_NFLUSH_PKTS	0x40
++
++#define LMP_LSTO	0x01
++#define LMP_INQ_TX_PWR	0x02
++#define LMP_EPC		0x04
++#define LMP_EXT_FEAT	0x80
++
++/* Extended LMP features */
++#define LMP_HOST_SSP		0x01
++#define LMP_HOST_LE		0x02
++#define LMP_HOST_LE_BREDR	0x04
++
++/* Link policies */
++#define HCI_LP_RSWITCH	0x0001
++#define HCI_LP_HOLD	0x0002
++#define HCI_LP_SNIFF	0x0004
++#define HCI_LP_PARK	0x0008
++
++/* Link mode */
++#define HCI_LM_ACCEPT	0x8000
++#define HCI_LM_MASTER	0x0001
++#define HCI_LM_AUTH	0x0002
++#define HCI_LM_ENCRYPT	0x0004
++#define HCI_LM_TRUSTED	0x0008
++#define HCI_LM_RELIABLE	0x0010
++#define HCI_LM_SECURE	0x0020
++
++/* Link Key types */
++#define HCI_LK_COMBINATION		0x00
++#define HCI_LK_LOCAL_UNIT		0x01
++#define HCI_LK_REMOTE_UNIT		0x02
++#define HCI_LK_DEBUG_COMBINATION	0x03
++#define HCI_LK_UNAUTH_COMBINATION	0x04
++#define HCI_LK_AUTH_COMBINATION		0x05
++#define HCI_LK_CHANGED_COMBINATION	0x06
++#define HCI_LK_INVALID			0xFF
++
++/* -----  HCI Commands ----- */
++
++/* Link Control */
++#define OGF_LINK_CTL		0x01
++
++#define OCF_INQUIRY			0x0001
++typedef struct {
++	uint8_t		lap[3];
++	uint8_t		length;		/* 1.28s units */
++	uint8_t		num_rsp;
++} __attribute__ ((packed)) inquiry_cp;
++#define INQUIRY_CP_SIZE 5
++
++typedef struct {
++	uint8_t		status;
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) status_bdaddr_rp;
++#define STATUS_BDADDR_RP_SIZE 7
++
++#define OCF_INQUIRY_CANCEL		0x0002
++
++#define OCF_PERIODIC_INQUIRY		0x0003
++typedef struct {
++	uint16_t	max_period;	/* 1.28s units */
++	uint16_t	min_period;	/* 1.28s units */
++	uint8_t		lap[3];
++	uint8_t		length;		/* 1.28s units */
++	uint8_t		num_rsp;
++} __attribute__ ((packed)) periodic_inquiry_cp;
++#define PERIODIC_INQUIRY_CP_SIZE 9
++
++#define OCF_EXIT_PERIODIC_INQUIRY	0x0004
++
++#define OCF_CREATE_CONN			0x0005
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint16_t	pkt_type;
++	uint8_t		pscan_rep_mode;
++	uint8_t		pscan_mode;
++	uint16_t	clock_offset;
++	uint8_t		role_switch;
++} __attribute__ ((packed)) create_conn_cp;
++#define CREATE_CONN_CP_SIZE 13
++
++#define OCF_DISCONNECT			0x0006
++typedef struct {
++	uint16_t	handle;
++	uint8_t		reason;
++} __attribute__ ((packed)) disconnect_cp;
++#define DISCONNECT_CP_SIZE 3
++
++#define OCF_ADD_SCO			0x0007
++typedef struct {
++	uint16_t	handle;
++	uint16_t	pkt_type;
++} __attribute__ ((packed)) add_sco_cp;
++#define ADD_SCO_CP_SIZE 4
++
++#define OCF_CREATE_CONN_CANCEL		0x0008
++typedef struct {
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) create_conn_cancel_cp;
++#define CREATE_CONN_CANCEL_CP_SIZE 6
++
++#define OCF_ACCEPT_CONN_REQ		0x0009
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		role;
++} __attribute__ ((packed)) accept_conn_req_cp;
++#define ACCEPT_CONN_REQ_CP_SIZE	7
++
++#define OCF_REJECT_CONN_REQ		0x000A
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		reason;
++} __attribute__ ((packed)) reject_conn_req_cp;
++#define REJECT_CONN_REQ_CP_SIZE	7
++
++#define OCF_LINK_KEY_REPLY		0x000B
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		link_key[16];
++} __attribute__ ((packed)) link_key_reply_cp;
++#define LINK_KEY_REPLY_CP_SIZE 22
++
++#define OCF_LINK_KEY_NEG_REPLY		0x000C
++
++#define OCF_PIN_CODE_REPLY		0x000D
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		pin_len;
++	uint8_t		pin_code[16];
++} __attribute__ ((packed)) pin_code_reply_cp;
++#define PIN_CODE_REPLY_CP_SIZE 23
++
++#define OCF_PIN_CODE_NEG_REPLY		0x000E
++
++#define OCF_SET_CONN_PTYPE		0x000F
++typedef struct {
++	uint16_t	 handle;
++	uint16_t	 pkt_type;
++} __attribute__ ((packed)) set_conn_ptype_cp;
++#define SET_CONN_PTYPE_CP_SIZE 4
++
++#define OCF_AUTH_REQUESTED		0x0011
++typedef struct {
++	uint16_t	 handle;
++} __attribute__ ((packed)) auth_requested_cp;
++#define AUTH_REQUESTED_CP_SIZE 2
++
++#define OCF_SET_CONN_ENCRYPT		0x0013
++typedef struct {
++	uint16_t	handle;
++	uint8_t		encrypt;
++} __attribute__ ((packed)) set_conn_encrypt_cp;
++#define SET_CONN_ENCRYPT_CP_SIZE 3
++
++#define OCF_CHANGE_CONN_LINK_KEY	0x0015
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) change_conn_link_key_cp;
++#define CHANGE_CONN_LINK_KEY_CP_SIZE 2
++
++#define OCF_MASTER_LINK_KEY		0x0017
++typedef struct {
++	uint8_t		key_flag;
++} __attribute__ ((packed)) master_link_key_cp;
++#define MASTER_LINK_KEY_CP_SIZE 1
++
++#define OCF_REMOTE_NAME_REQ		0x0019
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		pscan_rep_mode;
++	uint8_t		pscan_mode;
++	uint16_t	clock_offset;
++} __attribute__ ((packed)) remote_name_req_cp;
++#define REMOTE_NAME_REQ_CP_SIZE 10
++
++#define OCF_REMOTE_NAME_REQ_CANCEL	0x001A
++typedef struct {
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) remote_name_req_cancel_cp;
++#define REMOTE_NAME_REQ_CANCEL_CP_SIZE 6
++
++#define OCF_READ_REMOTE_FEATURES	0x001B
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) read_remote_features_cp;
++#define READ_REMOTE_FEATURES_CP_SIZE 2
++
++#define OCF_READ_REMOTE_EXT_FEATURES	0x001C
++typedef struct {
++	uint16_t	handle;
++	uint8_t		page_num;
++} __attribute__ ((packed)) read_remote_ext_features_cp;
++#define READ_REMOTE_EXT_FEATURES_CP_SIZE 3
++
++#define OCF_READ_REMOTE_VERSION		0x001D
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) read_remote_version_cp;
++#define READ_REMOTE_VERSION_CP_SIZE 2
++
++#define OCF_READ_CLOCK_OFFSET		0x001F
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) read_clock_offset_cp;
++#define READ_CLOCK_OFFSET_CP_SIZE 2
++
++#define OCF_READ_LMP_HANDLE		0x0020
++
++#define OCF_SETUP_SYNC_CONN		0x0028
++typedef struct {
++	uint16_t	handle;
++	uint32_t	tx_bandwith;
++	uint32_t	rx_bandwith;
++	uint16_t	max_latency;
++	uint16_t	voice_setting;
++	uint8_t		retrans_effort;
++	uint16_t	pkt_type;
++} __attribute__ ((packed)) setup_sync_conn_cp;
++#define SETUP_SYNC_CONN_CP_SIZE 17
++
++#define OCF_ACCEPT_SYNC_CONN_REQ	0x0029
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint32_t	tx_bandwith;
++	uint32_t	rx_bandwith;
++	uint16_t	max_latency;
++	uint16_t	voice_setting;
++	uint8_t		retrans_effort;
++	uint16_t	pkt_type;
++} __attribute__ ((packed)) accept_sync_conn_req_cp;
++#define ACCEPT_SYNC_CONN_REQ_CP_SIZE 21
++
++#define OCF_REJECT_SYNC_CONN_REQ	0x002A
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		reason;
++} __attribute__ ((packed)) reject_sync_conn_req_cp;
++#define REJECT_SYNC_CONN_REQ_CP_SIZE 7
++
++#define OCF_IO_CAPABILITY_REPLY		0x002B
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		capability;
++	uint8_t		oob_data;
++	uint8_t		authentication;
++} __attribute__ ((packed)) io_capability_reply_cp;
++#define IO_CAPABILITY_REPLY_CP_SIZE 9
++
++#define OCF_USER_CONFIRM_REPLY		0x002C
++typedef struct {
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) user_confirm_reply_cp;
++#define USER_CONFIRM_REPLY_CP_SIZE 6
++
++#define OCF_USER_CONFIRM_NEG_REPLY	0x002D
++
++#define OCF_USER_PASSKEY_REPLY		0x002E
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint32_t	passkey;
++} __attribute__ ((packed)) user_passkey_reply_cp;
++#define USER_PASSKEY_REPLY_CP_SIZE 10
++
++#define OCF_USER_PASSKEY_NEG_REPLY	0x002F
++
++#define OCF_REMOTE_OOB_DATA_REPLY	0x0030
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		hash[16];
++	uint8_t		randomizer[16];
++} __attribute__ ((packed)) remote_oob_data_reply_cp;
++#define REMOTE_OOB_DATA_REPLY_CP_SIZE 38
++
++#define OCF_REMOTE_OOB_DATA_NEG_REPLY	0x0033
++
++#define OCF_IO_CAPABILITY_NEG_REPLY	0x0034
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		reason;
++} __attribute__ ((packed)) io_capability_neg_reply_cp;
++#define IO_CAPABILITY_NEG_REPLY_CP_SIZE 7
++
++#define OCF_CREATE_PHYSICAL_LINK		0x0035
++typedef struct {
++	uint8_t		handle;
++	uint8_t		key_length;
++	uint8_t		key_type;
++	uint8_t		key[32];
++} __attribute__ ((packed)) create_physical_link_cp;
++#define CREATE_PHYSICAL_LINK_CP_SIZE 35
++
++#define OCF_ACCEPT_PHYSICAL_LINK		0x0036
++
++#define OCF_DISCONNECT_PHYSICAL_LINK		0x0037
++typedef struct {
++	uint8_t		handle;
++	uint8_t		reason;
++} __attribute__ ((packed)) disconnect_physical_link_cp;
++#define DISCONNECT_PHYSICAL_LINK_CP_SIZE 2
++
++#define OCF_CREATE_LOGICAL_LINK		0x0038
++typedef struct {
++	uint8_t		handle;
++	uint8_t		tx_flow[16];
++	uint8_t		rx_flow[16];
++} __attribute__ ((packed)) create_logical_link_cp;
++#define CREATE_LOGICAL_LINK_CP_SIZE 33
++
++#define OCF_ACCEPT_LOGICAL_LINK		0x0039
++
++#define OCF_DISCONNECT_LOGICAL_LINK		0x003A
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) disconnect_logical_link_cp;
++#define DISCONNECT_LOGICAL_LINK_CP_SIZE 2
++
++#define OCF_LOGICAL_LINK_CANCEL		0x003B
++typedef struct {
++	uint8_t		handle;
++	uint8_t		tx_flow_id;
++} __attribute__ ((packed)) cancel_logical_link_cp;
++#define LOGICAL_LINK_CANCEL_CP_SIZE 2
++typedef struct {
++	uint8_t		status;
++	uint8_t		handle;
++	uint8_t		tx_flow_id;
++} __attribute__ ((packed)) cancel_logical_link_rp;
++#define LOGICAL_LINK_CANCEL_RP_SIZE 3
++
++#define OCF_FLOW_SPEC_MODIFY		0x003C
++
++/* Link Policy */
++#define OGF_LINK_POLICY		0x02
++
++#define OCF_HOLD_MODE			0x0001
++typedef struct {
++	uint16_t	handle;
++	uint16_t	max_interval;
++	uint16_t	min_interval;
++} __attribute__ ((packed)) hold_mode_cp;
++#define HOLD_MODE_CP_SIZE 6
++
++#define OCF_SNIFF_MODE			0x0003
++typedef struct {
++	uint16_t	handle;
++	uint16_t	max_interval;
++	uint16_t	min_interval;
++	uint16_t	attempt;
++	uint16_t	timeout;
++} __attribute__ ((packed)) sniff_mode_cp;
++#define SNIFF_MODE_CP_SIZE 10
++
++#define OCF_EXIT_SNIFF_MODE		0x0004
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) exit_sniff_mode_cp;
++#define EXIT_SNIFF_MODE_CP_SIZE 2
++
++#define OCF_PARK_MODE			0x0005
++typedef struct {
++	uint16_t	handle;
++	uint16_t	max_interval;
++	uint16_t	min_interval;
++} __attribute__ ((packed)) park_mode_cp;
++#define PARK_MODE_CP_SIZE 6
++
++#define OCF_EXIT_PARK_MODE		0x0006
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) exit_park_mode_cp;
++#define EXIT_PARK_MODE_CP_SIZE 2
++
++#define OCF_QOS_SETUP			0x0007
++typedef struct {
++	uint8_t		service_type;		/* 1 = best effort */
++	uint32_t	token_rate;		/* Byte per seconds */
++	uint32_t	peak_bandwidth;		/* Byte per seconds */
++	uint32_t	latency;		/* Microseconds */
++	uint32_t	delay_variation;	/* Microseconds */
++} __attribute__ ((packed)) hci_qos;
++#define HCI_QOS_CP_SIZE 17
++typedef struct {
++	uint16_t 	handle;
++	uint8_t 	flags;			/* Reserved */
++	hci_qos 	qos;
++} __attribute__ ((packed)) qos_setup_cp;
++#define QOS_SETUP_CP_SIZE (3 + HCI_QOS_CP_SIZE)
++
++#define OCF_ROLE_DISCOVERY		0x0009
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) role_discovery_cp;
++#define ROLE_DISCOVERY_CP_SIZE 2
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		role;
++} __attribute__ ((packed)) role_discovery_rp;
++#define ROLE_DISCOVERY_RP_SIZE 4
++
++#define OCF_SWITCH_ROLE			0x000B
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		role;
++} __attribute__ ((packed)) switch_role_cp;
++#define SWITCH_ROLE_CP_SIZE 7
++
++#define OCF_READ_LINK_POLICY		0x000C
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) read_link_policy_cp;
++#define READ_LINK_POLICY_CP_SIZE 2
++typedef struct {
++	uint8_t 	status;
++	uint16_t	handle;
++	uint16_t	policy;
++} __attribute__ ((packed)) read_link_policy_rp;
++#define READ_LINK_POLICY_RP_SIZE 5
++
++#define OCF_WRITE_LINK_POLICY		0x000D
++typedef struct {
++	uint16_t	handle;
++	uint16_t	policy;
++} __attribute__ ((packed)) write_link_policy_cp;
++#define WRITE_LINK_POLICY_CP_SIZE 4
++typedef struct {
++	uint8_t 	status;
++	uint16_t	handle;
++} __attribute__ ((packed)) write_link_policy_rp;
++#define WRITE_LINK_POLICY_RP_SIZE 3
++
++#define OCF_READ_DEFAULT_LINK_POLICY	0x000E
++
++#define OCF_WRITE_DEFAULT_LINK_POLICY	0x000F
++
++#define OCF_FLOW_SPECIFICATION		0x0010
++
++#define OCF_SNIFF_SUBRATING		0x0011
++typedef struct {
++	uint16_t	handle;
++	uint16_t	max_latency;
++	uint16_t	min_remote_timeout;
++	uint16_t	min_local_timeout;
++} __attribute__ ((packed)) sniff_subrating_cp;
++#define SNIFF_SUBRATING_CP_SIZE 8
++
++/* Host Controller and Baseband */
++#define OGF_HOST_CTL		0x03
++
++#define OCF_SET_EVENT_MASK		0x0001
++typedef struct {
++	uint8_t		mask[8];
++} __attribute__ ((packed)) set_event_mask_cp;
++#define SET_EVENT_MASK_CP_SIZE 8
++
++#define OCF_RESET			0x0003
++
++#define OCF_SET_EVENT_FLT		0x0005
++typedef struct {
++	uint8_t		flt_type;
++	uint8_t		cond_type;
++	uint8_t		condition[0];
++} __attribute__ ((packed)) set_event_flt_cp;
++#define SET_EVENT_FLT_CP_SIZE 2
++
++/* Filter types */
++#define FLT_CLEAR_ALL			0x00
++#define FLT_INQ_RESULT			0x01
++#define FLT_CONN_SETUP			0x02
++/* INQ_RESULT Condition types */
++#define INQ_RESULT_RETURN_ALL		0x00
++#define INQ_RESULT_RETURN_CLASS		0x01
++#define INQ_RESULT_RETURN_BDADDR	0x02
++/* CONN_SETUP Condition types */
++#define CONN_SETUP_ALLOW_ALL		0x00
++#define CONN_SETUP_ALLOW_CLASS		0x01
++#define CONN_SETUP_ALLOW_BDADDR		0x02
++/* CONN_SETUP Conditions */
++#define CONN_SETUP_AUTO_OFF		0x01
++#define CONN_SETUP_AUTO_ON		0x02
++
++#define OCF_FLUSH			0x0008
++
++#define OCF_READ_PIN_TYPE		0x0009
++typedef struct {
++	uint8_t		status;
++	uint8_t		pin_type;
++} __attribute__ ((packed)) read_pin_type_rp;
++#define READ_PIN_TYPE_RP_SIZE 2
++
++#define OCF_WRITE_PIN_TYPE		0x000A
++typedef struct {
++	uint8_t		pin_type;
++} __attribute__ ((packed)) write_pin_type_cp;
++#define WRITE_PIN_TYPE_CP_SIZE 1
++
++#define OCF_CREATE_NEW_UNIT_KEY		0x000B
++
++#define OCF_READ_STORED_LINK_KEY	0x000D
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		read_all;
++} __attribute__ ((packed)) read_stored_link_key_cp;
++#define READ_STORED_LINK_KEY_CP_SIZE 7
++typedef struct {
++	uint8_t		status;
++	uint16_t	max_keys;
++	uint16_t	num_keys;
++} __attribute__ ((packed)) read_stored_link_key_rp;
++#define READ_STORED_LINK_KEY_RP_SIZE 5
++
++#define OCF_WRITE_STORED_LINK_KEY	0x0011
++typedef struct {
++	uint8_t		num_keys;
++	/* variable length part */
++} __attribute__ ((packed)) write_stored_link_key_cp;
++#define WRITE_STORED_LINK_KEY_CP_SIZE 1
++typedef struct {
++	uint8_t		status;
++	uint8_t		num_keys;
++} __attribute__ ((packed)) write_stored_link_key_rp;
++#define READ_WRITE_LINK_KEY_RP_SIZE 2
++
++#define OCF_DELETE_STORED_LINK_KEY	0x0012
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		delete_all;
++} __attribute__ ((packed)) delete_stored_link_key_cp;
++#define DELETE_STORED_LINK_KEY_CP_SIZE 7
++typedef struct {
++	uint8_t		status;
++	uint16_t	num_keys;
++} __attribute__ ((packed)) delete_stored_link_key_rp;
++#define DELETE_STORED_LINK_KEY_RP_SIZE 3
++
++#define HCI_MAX_NAME_LENGTH		248
++
++#define OCF_CHANGE_LOCAL_NAME		0x0013
++typedef struct {
++	uint8_t		name[HCI_MAX_NAME_LENGTH];
++} __attribute__ ((packed)) change_local_name_cp;
++#define CHANGE_LOCAL_NAME_CP_SIZE 248
++
++#define OCF_READ_LOCAL_NAME		0x0014
++typedef struct {
++	uint8_t		status;
++	uint8_t		name[HCI_MAX_NAME_LENGTH];
++} __attribute__ ((packed)) read_local_name_rp;
++#define READ_LOCAL_NAME_RP_SIZE 249
++
++#define OCF_READ_CONN_ACCEPT_TIMEOUT	0x0015
++typedef struct {
++	uint8_t		status;
++	uint16_t	timeout;
++} __attribute__ ((packed)) read_conn_accept_timeout_rp;
++#define READ_CONN_ACCEPT_TIMEOUT_RP_SIZE 3
++
++#define OCF_WRITE_CONN_ACCEPT_TIMEOUT	0x0016
++typedef struct {
++	uint16_t	timeout;
++} __attribute__ ((packed)) write_conn_accept_timeout_cp;
++#define WRITE_CONN_ACCEPT_TIMEOUT_CP_SIZE 2
++
++#define OCF_READ_PAGE_TIMEOUT		0x0017
++typedef struct {
++	uint8_t		status;
++	uint16_t	timeout;
++} __attribute__ ((packed)) read_page_timeout_rp;
++#define READ_PAGE_TIMEOUT_RP_SIZE 3
++
++#define OCF_WRITE_PAGE_TIMEOUT		0x0018
++typedef struct {
++	uint16_t	timeout;
++} __attribute__ ((packed)) write_page_timeout_cp;
++#define WRITE_PAGE_TIMEOUT_CP_SIZE 2
++
++#define OCF_READ_SCAN_ENABLE		0x0019
++typedef struct {
++	uint8_t		status;
++	uint8_t		enable;
++} __attribute__ ((packed)) read_scan_enable_rp;
++#define READ_SCAN_ENABLE_RP_SIZE 2
++
++#define OCF_WRITE_SCAN_ENABLE		0x001A
++	#define SCAN_DISABLED		0x00
++	#define SCAN_INQUIRY		0x01
++	#define SCAN_PAGE		0x02
++
++#define OCF_READ_PAGE_ACTIVITY		0x001B
++typedef struct {
++	uint8_t		status;
++	uint16_t	interval;
++	uint16_t	window;
++} __attribute__ ((packed)) read_page_activity_rp;
++#define READ_PAGE_ACTIVITY_RP_SIZE 5
++
++#define OCF_WRITE_PAGE_ACTIVITY		0x001C
++typedef struct {
++	uint16_t	interval;
++	uint16_t	window;
++} __attribute__ ((packed)) write_page_activity_cp;
++#define WRITE_PAGE_ACTIVITY_CP_SIZE 4
++
++#define OCF_READ_INQ_ACTIVITY		0x001D
++typedef struct {
++	uint8_t		status;
++	uint16_t	interval;
++	uint16_t	window;
++} __attribute__ ((packed)) read_inq_activity_rp;
++#define READ_INQ_ACTIVITY_RP_SIZE 5
++
++#define OCF_WRITE_INQ_ACTIVITY		0x001E
++typedef struct {
++	uint16_t	interval;
++	uint16_t	window;
++} __attribute__ ((packed)) write_inq_activity_cp;
++#define WRITE_INQ_ACTIVITY_CP_SIZE 4
++
++#define OCF_READ_AUTH_ENABLE		0x001F
++
++#define OCF_WRITE_AUTH_ENABLE		0x0020
++	#define AUTH_DISABLED		0x00
++	#define AUTH_ENABLED		0x01
++
++#define OCF_READ_ENCRYPT_MODE		0x0021
++
++#define OCF_WRITE_ENCRYPT_MODE		0x0022
++	#define ENCRYPT_DISABLED	0x00
++	#define ENCRYPT_P2P		0x01
++	#define ENCRYPT_BOTH		0x02
++
++#define OCF_READ_CLASS_OF_DEV		0x0023
++typedef struct {
++	uint8_t		status;
++	uint8_t		dev_class[3];
++} __attribute__ ((packed)) read_class_of_dev_rp;
++#define READ_CLASS_OF_DEV_RP_SIZE 4
++
++#define OCF_WRITE_CLASS_OF_DEV		0x0024
++typedef struct {
++	uint8_t		dev_class[3];
++} __attribute__ ((packed)) write_class_of_dev_cp;
++#define WRITE_CLASS_OF_DEV_CP_SIZE 3
++
++#define OCF_READ_VOICE_SETTING		0x0025
++typedef struct {
++	uint8_t		status;
++	uint16_t	voice_setting;
++} __attribute__ ((packed)) read_voice_setting_rp;
++#define READ_VOICE_SETTING_RP_SIZE 3
++
++#define OCF_WRITE_VOICE_SETTING		0x0026
++typedef struct {
++	uint16_t	voice_setting;
++} __attribute__ ((packed)) write_voice_setting_cp;
++#define WRITE_VOICE_SETTING_CP_SIZE 2
++
++#define OCF_READ_AUTOMATIC_FLUSH_TIMEOUT	0x0027
++
++#define OCF_WRITE_AUTOMATIC_FLUSH_TIMEOUT	0x0028
++
++#define OCF_READ_NUM_BROADCAST_RETRANS	0x0029
++
++#define OCF_WRITE_NUM_BROADCAST_RETRANS	0x002A
++
++#define OCF_READ_HOLD_MODE_ACTIVITY	0x002B
++
++#define OCF_WRITE_HOLD_MODE_ACTIVITY	0x002C
++
++#define OCF_READ_TRANSMIT_POWER_LEVEL	0x002D
++typedef struct {
++	uint16_t	handle;
++	uint8_t		type;
++} __attribute__ ((packed)) read_transmit_power_level_cp;
++#define READ_TRANSMIT_POWER_LEVEL_CP_SIZE 3
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	int8_t		level;
++} __attribute__ ((packed)) read_transmit_power_level_rp;
++#define READ_TRANSMIT_POWER_LEVEL_RP_SIZE 4
++
++#define OCF_READ_SYNC_FLOW_ENABLE	0x002E
++
++#define OCF_WRITE_SYNC_FLOW_ENABLE	0x002F
++
++#define OCF_SET_CONTROLLER_TO_HOST_FC	0x0031
++
++#define OCF_HOST_BUFFER_SIZE		0x0033
++typedef struct {
++	uint16_t	acl_mtu;
++	uint8_t		sco_mtu;
++	uint16_t	acl_max_pkt;
++	uint16_t	sco_max_pkt;
++} __attribute__ ((packed)) host_buffer_size_cp;
++#define HOST_BUFFER_SIZE_CP_SIZE 7
++
++#define OCF_HOST_NUM_COMP_PKTS		0x0035
++typedef struct {
++	uint8_t		num_hndl;
++	/* variable length part */
++} __attribute__ ((packed)) host_num_comp_pkts_cp;
++#define HOST_NUM_COMP_PKTS_CP_SIZE 1
++
++#define OCF_READ_LINK_SUPERVISION_TIMEOUT	0x0036
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint16_t	timeout;
++} __attribute__ ((packed)) read_link_supervision_timeout_rp;
++#define READ_LINK_SUPERVISION_TIMEOUT_RP_SIZE 5
++
++#define OCF_WRITE_LINK_SUPERVISION_TIMEOUT	0x0037
++typedef struct {
++	uint16_t	handle;
++	uint16_t	timeout;
++} __attribute__ ((packed)) write_link_supervision_timeout_cp;
++#define WRITE_LINK_SUPERVISION_TIMEOUT_CP_SIZE 4
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++} __attribute__ ((packed)) write_link_supervision_timeout_rp;
++#define WRITE_LINK_SUPERVISION_TIMEOUT_RP_SIZE 3
++
++#define OCF_READ_NUM_SUPPORTED_IAC	0x0038
++
++#define MAX_IAC_LAP 0x40
++#define OCF_READ_CURRENT_IAC_LAP	0x0039
++typedef struct {
++	uint8_t		status;
++	uint8_t		num_current_iac;
++	uint8_t		lap[MAX_IAC_LAP][3];
++} __attribute__ ((packed)) read_current_iac_lap_rp;
++#define READ_CURRENT_IAC_LAP_RP_SIZE 2+3*MAX_IAC_LAP
++
++#define OCF_WRITE_CURRENT_IAC_LAP	0x003A
++typedef struct {
++	uint8_t		num_current_iac;
++	uint8_t		lap[MAX_IAC_LAP][3];
++} __attribute__ ((packed)) write_current_iac_lap_cp;
++#define WRITE_CURRENT_IAC_LAP_CP_SIZE 1+3*MAX_IAC_LAP
++
++#define OCF_READ_PAGE_SCAN_PERIOD_MODE	0x003B
++
++#define OCF_WRITE_PAGE_SCAN_PERIOD_MODE	0x003C
++
++#define OCF_READ_PAGE_SCAN_MODE		0x003D
++
++#define OCF_WRITE_PAGE_SCAN_MODE	0x003E
++
++#define OCF_SET_AFH_CLASSIFICATION	0x003F
++typedef struct {
++	uint8_t		map[10];
++} __attribute__ ((packed)) set_afh_classification_cp;
++#define SET_AFH_CLASSIFICATION_CP_SIZE 10
++typedef struct {
++	uint8_t		status;
++} __attribute__ ((packed)) set_afh_classification_rp;
++#define SET_AFH_CLASSIFICATION_RP_SIZE 1
++
++#define OCF_READ_INQUIRY_SCAN_TYPE	0x0042
++typedef struct {
++	uint8_t		status;
++	uint8_t		type;
++} __attribute__ ((packed)) read_inquiry_scan_type_rp;
++#define READ_INQUIRY_SCAN_TYPE_RP_SIZE 2
++
++#define OCF_WRITE_INQUIRY_SCAN_TYPE	0x0043
++typedef struct {
++	uint8_t		type;
++} __attribute__ ((packed)) write_inquiry_scan_type_cp;
++#define WRITE_INQUIRY_SCAN_TYPE_CP_SIZE 1
++typedef struct {
++	uint8_t		status;
++} __attribute__ ((packed)) write_inquiry_scan_type_rp;
++#define WRITE_INQUIRY_SCAN_TYPE_RP_SIZE 1
++
++#define OCF_READ_INQUIRY_MODE		0x0044
++typedef struct {
++	uint8_t		status;
++	uint8_t		mode;
++} __attribute__ ((packed)) read_inquiry_mode_rp;
++#define READ_INQUIRY_MODE_RP_SIZE 2
++
++#define OCF_WRITE_INQUIRY_MODE		0x0045
++typedef struct {
++	uint8_t		mode;
++} __attribute__ ((packed)) write_inquiry_mode_cp;
++#define WRITE_INQUIRY_MODE_CP_SIZE 1
++typedef struct {
++	uint8_t		status;
++} __attribute__ ((packed)) write_inquiry_mode_rp;
++#define WRITE_INQUIRY_MODE_RP_SIZE 1
++
++#define OCF_READ_PAGE_SCAN_TYPE		0x0046
++
++#define OCF_WRITE_PAGE_SCAN_TYPE	0x0047
++	#define PAGE_SCAN_TYPE_STANDARD		0x00
++	#define PAGE_SCAN_TYPE_INTERLACED	0x01
++
++#define OCF_READ_AFH_MODE		0x0048
++typedef struct {
++	uint8_t		status;
++	uint8_t		mode;
++} __attribute__ ((packed)) read_afh_mode_rp;
++#define READ_AFH_MODE_RP_SIZE 2
++
++#define OCF_WRITE_AFH_MODE		0x0049
++typedef struct {
++	uint8_t		mode;
++} __attribute__ ((packed)) write_afh_mode_cp;
++#define WRITE_AFH_MODE_CP_SIZE 1
++typedef struct {
++	uint8_t		status;
++} __attribute__ ((packed)) write_afh_mode_rp;
++#define WRITE_AFH_MODE_RP_SIZE 1
++
++#define HCI_MAX_EIR_LENGTH		240
++
++#define OCF_READ_EXT_INQUIRY_RESPONSE	0x0051
++typedef struct {
++	uint8_t		status;
++	uint8_t		fec;
++	uint8_t		data[HCI_MAX_EIR_LENGTH];
++} __attribute__ ((packed)) read_ext_inquiry_response_rp;
++#define READ_EXT_INQUIRY_RESPONSE_RP_SIZE 242
++
++#define OCF_WRITE_EXT_INQUIRY_RESPONSE	0x0052
++typedef struct {
++	uint8_t		fec;
++	uint8_t		data[HCI_MAX_EIR_LENGTH];
++} __attribute__ ((packed)) write_ext_inquiry_response_cp;
++#define WRITE_EXT_INQUIRY_RESPONSE_CP_SIZE 241
++typedef struct {
++	uint8_t		status;
++} __attribute__ ((packed)) write_ext_inquiry_response_rp;
++#define WRITE_EXT_INQUIRY_RESPONSE_RP_SIZE 1
++
++#define OCF_REFRESH_ENCRYPTION_KEY	0x0053
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) refresh_encryption_key_cp;
++#define REFRESH_ENCRYPTION_KEY_CP_SIZE 2
++typedef struct {
++	uint8_t		status;
++} __attribute__ ((packed)) refresh_encryption_key_rp;
++#define REFRESH_ENCRYPTION_KEY_RP_SIZE 1
++
++#define OCF_READ_SIMPLE_PAIRING_MODE	0x0055
++typedef struct {
++	uint8_t		status;
++	uint8_t		mode;
++} __attribute__ ((packed)) read_simple_pairing_mode_rp;
++#define READ_SIMPLE_PAIRING_MODE_RP_SIZE 2
++
++#define OCF_WRITE_SIMPLE_PAIRING_MODE	0x0056
++typedef struct {
++	uint8_t		mode;
++} __attribute__ ((packed)) write_simple_pairing_mode_cp;
++#define WRITE_SIMPLE_PAIRING_MODE_CP_SIZE 1
++typedef struct {
++	uint8_t		status;
++} __attribute__ ((packed)) write_simple_pairing_mode_rp;
++#define WRITE_SIMPLE_PAIRING_MODE_RP_SIZE 1
++
++#define OCF_READ_LOCAL_OOB_DATA		0x0057
++typedef struct {
++	uint8_t		status;
++	uint8_t		hash[16];
++	uint8_t		randomizer[16];
++} __attribute__ ((packed)) read_local_oob_data_rp;
++#define READ_LOCAL_OOB_DATA_RP_SIZE 33
++
++#define OCF_READ_INQ_RESPONSE_TX_POWER_LEVEL	0x0058
++typedef struct {
++	uint8_t		status;
++	int8_t		level;
++} __attribute__ ((packed)) read_inq_response_tx_power_level_rp;
++#define READ_INQ_RESPONSE_TX_POWER_LEVEL_RP_SIZE 2
++
++#define OCF_READ_INQUIRY_TRANSMIT_POWER_LEVEL	0x0058
++typedef struct {
++	uint8_t		status;
++	int8_t		level;
++} __attribute__ ((packed)) read_inquiry_transmit_power_level_rp;
++#define READ_INQUIRY_TRANSMIT_POWER_LEVEL_RP_SIZE 2
++
++#define OCF_WRITE_INQUIRY_TRANSMIT_POWER_LEVEL	0x0059
++typedef struct {
++	int8_t		level;
++} __attribute__ ((packed)) write_inquiry_transmit_power_level_cp;
++#define WRITE_INQUIRY_TRANSMIT_POWER_LEVEL_CP_SIZE 1
++typedef struct {
++	uint8_t		status;
++} __attribute__ ((packed)) write_inquiry_transmit_power_level_rp;
++#define WRITE_INQUIRY_TRANSMIT_POWER_LEVEL_RP_SIZE 1
++
++#define OCF_READ_DEFAULT_ERROR_DATA_REPORTING	0x005A
++typedef struct {
++	uint8_t		status;
++	uint8_t		reporting;
++} __attribute__ ((packed)) read_default_error_data_reporting_rp;
++#define READ_DEFAULT_ERROR_DATA_REPORTING_RP_SIZE 2
++
++#define OCF_WRITE_DEFAULT_ERROR_DATA_REPORTING	0x005B
++typedef struct {
++	uint8_t		reporting;
++} __attribute__ ((packed)) write_default_error_data_reporting_cp;
++#define WRITE_DEFAULT_ERROR_DATA_REPORTING_CP_SIZE 1
++typedef struct {
++	uint8_t		status;
++} __attribute__ ((packed)) write_default_error_data_reporting_rp;
++#define WRITE_DEFAULT_ERROR_DATA_REPORTING_RP_SIZE 1
++
++#define OCF_ENHANCED_FLUSH		0x005F
++typedef struct {
++	uint16_t	handle;
++	uint8_t		type;
++} __attribute__ ((packed)) enhanced_flush_cp;
++#define ENHANCED_FLUSH_CP_SIZE 3
++
++#define OCF_SEND_KEYPRESS_NOTIFY	0x0060
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		type;
++} __attribute__ ((packed)) send_keypress_notify_cp;
++#define SEND_KEYPRESS_NOTIFY_CP_SIZE 7
++typedef struct {
++	uint8_t		status;
++} __attribute__ ((packed)) send_keypress_notify_rp;
++#define SEND_KEYPRESS_NOTIFY_RP_SIZE 1
++
++#define OCF_READ_LOGICAL_LINK_ACCEPT_TIMEOUT	 0x0061
++typedef struct {
++	uint8_t		status;
++	uint16_t	timeout;
++} __attribute__ ((packed)) read_log_link_accept_timeout_rp;
++#define READ_LOGICAL_LINK_ACCEPT_TIMEOUT_RP_SIZE 3
++
++#define OCF_WRITE_LOGICAL_LINK_ACCEPT_TIMEOUT	0x0062
++typedef struct {
++	uint16_t	timeout;
++} __attribute__ ((packed)) write_log_link_accept_timeout_cp;
++#define WRITE_LOGICAL_LINK_ACCEPT_TIMEOUT_CP_SIZE 2
++
++#define OCF_SET_EVENT_MASK_PAGE_2	0x0063
++
++#define OCF_READ_LOCATION_DATA		0x0064
++
++#define OCF_WRITE_LOCATION_DATA	0x0065
++
++#define OCF_READ_FLOW_CONTROL_MODE	0x0066
++
++#define OCF_WRITE_FLOW_CONTROL_MODE	0x0067
++
++#define OCF_READ_ENHANCED_TRANSMIT_POWER_LEVEL	0x0068
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	int8_t		level_gfsk;
++	int8_t		level_dqpsk;
++	int8_t		level_8dpsk;
++} __attribute__ ((packed)) read_enhanced_transmit_power_level_rp;
++#define READ_ENHANCED_TRANSMIT_POWER_LEVEL_RP_SIZE 6
++
++#define OCF_READ_BEST_EFFORT_FLUSH_TIMEOUT	0x0069
++typedef struct {
++	uint8_t		status;
++	uint32_t	timeout;
++} __attribute__ ((packed)) read_best_effort_flush_timeout_rp;
++#define READ_BEST_EFFORT_FLUSH_TIMEOUT_RP_SIZE 5
++
++#define OCF_WRITE_BEST_EFFORT_FLUSH_TIMEOUT	0x006A
++typedef struct {
++	uint16_t	handle;
++	uint32_t	timeout;
++} __attribute__ ((packed)) write_best_effort_flush_timeout_cp;
++#define WRITE_BEST_EFFORT_FLUSH_TIMEOUT_CP_SIZE 6
++typedef struct {
++	uint8_t		status;
++} __attribute__ ((packed)) write_best_effort_flush_timeout_rp;
++#define WRITE_BEST_EFFORT_FLUSH_TIMEOUT_RP_SIZE 1
++
++#define OCF_READ_LE_HOST_SUPPORTED	0x006C
++typedef struct {
++	uint8_t		status;
++	uint8_t		le;
++	uint8_t		simul;
++} __attribute__ ((packed)) read_le_host_supported_rp;
++#define READ_LE_HOST_SUPPORTED_RP_SIZE 3
++
++#define OCF_WRITE_LE_HOST_SUPPORTED	0x006D
++typedef struct {
++	uint8_t		le;
++	uint8_t		simul;
++} __attribute__ ((packed)) write_le_host_supported_cp;
++#define WRITE_LE_HOST_SUPPORTED_CP_SIZE 2
++
++/* Informational Parameters */
++#define OGF_INFO_PARAM		0x04
++
++#define OCF_READ_LOCAL_VERSION		0x0001
++typedef struct {
++	uint8_t		status;
++	uint8_t		hci_ver;
++	uint16_t	hci_rev;
++	uint8_t		lmp_ver;
++	uint16_t	manufacturer;
++	uint16_t	lmp_subver;
++} __attribute__ ((packed)) read_local_version_rp;
++#define READ_LOCAL_VERSION_RP_SIZE 9
++
++#define OCF_READ_LOCAL_COMMANDS		0x0002
++typedef struct {
++	uint8_t		status;
++	uint8_t		commands[64];
++} __attribute__ ((packed)) read_local_commands_rp;
++#define READ_LOCAL_COMMANDS_RP_SIZE 65
++
++#define OCF_READ_LOCAL_FEATURES		0x0003
++typedef struct {
++	uint8_t		status;
++	uint8_t		features[8];
++} __attribute__ ((packed)) read_local_features_rp;
++#define READ_LOCAL_FEATURES_RP_SIZE 9
++
++#define OCF_READ_LOCAL_EXT_FEATURES	0x0004
++typedef struct {
++	uint8_t		page_num;
++} __attribute__ ((packed)) read_local_ext_features_cp;
++#define READ_LOCAL_EXT_FEATURES_CP_SIZE 1
++typedef struct {
++	uint8_t		status;
++	uint8_t		page_num;
++	uint8_t		max_page_num;
++	uint8_t		features[8];
++} __attribute__ ((packed)) read_local_ext_features_rp;
++#define READ_LOCAL_EXT_FEATURES_RP_SIZE 11
++
++#define OCF_READ_BUFFER_SIZE		0x0005
++typedef struct {
++	uint8_t		status;
++	uint16_t	acl_mtu;
++	uint8_t		sco_mtu;
++	uint16_t	acl_max_pkt;
++	uint16_t	sco_max_pkt;
++} __attribute__ ((packed)) read_buffer_size_rp;
++#define READ_BUFFER_SIZE_RP_SIZE 8
++
++#define OCF_READ_COUNTRY_CODE		0x0007
++
++#define OCF_READ_BD_ADDR		0x0009
++typedef struct {
++	uint8_t		status;
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) read_bd_addr_rp;
++#define READ_BD_ADDR_RP_SIZE 7
++
++/* Status params */
++#define OGF_STATUS_PARAM	0x05
++
++#define OCF_READ_FAILED_CONTACT_COUNTER		0x0001
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		counter;
++} __attribute__ ((packed)) read_failed_contact_counter_rp;
++#define READ_FAILED_CONTACT_COUNTER_RP_SIZE 4
++
++#define OCF_RESET_FAILED_CONTACT_COUNTER	0x0002
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++} __attribute__ ((packed)) reset_failed_contact_counter_rp;
++#define RESET_FAILED_CONTACT_COUNTER_RP_SIZE 4
++
++#define OCF_READ_LINK_QUALITY		0x0003
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		link_quality;
++} __attribute__ ((packed)) read_link_quality_rp;
++#define READ_LINK_QUALITY_RP_SIZE 4
++
++#define OCF_READ_RSSI			0x0005
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	int8_t		rssi;
++} __attribute__ ((packed)) read_rssi_rp;
++#define READ_RSSI_RP_SIZE 4
++
++#define OCF_READ_AFH_MAP		0x0006
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		mode;
++	uint8_t		map[10];
++} __attribute__ ((packed)) read_afh_map_rp;
++#define READ_AFH_MAP_RP_SIZE 14
++
++#define OCF_READ_CLOCK			0x0007
++typedef struct {
++	uint16_t	handle;
++	uint8_t		which_clock;
++} __attribute__ ((packed)) read_clock_cp;
++#define READ_CLOCK_CP_SIZE 3
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint32_t	clock;
++	uint16_t	accuracy;
++} __attribute__ ((packed)) read_clock_rp;
++#define READ_CLOCK_RP_SIZE 9
++
++#define OCF_READ_LOCAL_AMP_INFO	0x0009
++typedef struct {
++	uint8_t		status;
++	uint8_t		amp_status;
++	uint32_t	total_bandwidth;
++	uint32_t	max_guaranteed_bandwidth;
++	uint32_t	min_latency;
++	uint32_t	max_pdu_size;
++	uint8_t		controller_type;
++	uint16_t	pal_caps;
++	uint16_t	max_amp_assoc_length;
++	uint32_t	max_flush_timeout;
++	uint32_t	best_effort_flush_timeout;
++} __attribute__ ((packed)) read_local_amp_info_rp;
++#define READ_LOCAL_AMP_INFO_RP_SIZE 31
++
++#define OCF_READ_LOCAL_AMP_ASSOC	0x000A
++typedef struct {
++	uint8_t		handle;
++	uint16_t	len_so_far;
++	uint16_t	max_len;
++} __attribute__ ((packed)) read_local_amp_assoc_cp;
++
++typedef struct {
++	uint8_t		status;
++	uint8_t		handle;
++	uint16_t	rem_len;
++	uint8_t		frag[0];
++} __attribute__ ((packed)) read_local_amp_assoc_rp;
++
++#define OCF_WRITE_REMOTE_AMP_ASSOC	0x000B
++typedef struct {
++	uint8_t		handle;
++	uint16_t	length_so_far;
++	uint16_t	assoc_length;
++	uint8_t		fragment[HCI_MAX_NAME_LENGTH];
++} __attribute__ ((packed)) write_remote_amp_assoc_cp;
++#define WRITE_REMOTE_AMP_ASSOC_CP_SIZE 253
++typedef struct {
++	uint8_t		status;
++	uint8_t		handle;
++} __attribute__ ((packed)) write_remote_amp_assoc_rp;
++#define WRITE_REMOTE_AMP_ASSOC_RP_SIZE 2
++
++/* Testing commands */
++#define OGF_TESTING_CMD		0x3e
++
++#define OCF_READ_LOOPBACK_MODE			0x0001
++
++#define OCF_WRITE_LOOPBACK_MODE			0x0002
++
++#define OCF_ENABLE_DEVICE_UNDER_TEST_MODE	0x0003
++
++#define OCF_WRITE_SIMPLE_PAIRING_DEBUG_MODE	0x0004
++typedef struct {
++	uint8_t		mode;
++} __attribute__ ((packed)) write_simple_pairing_debug_mode_cp;
++#define WRITE_SIMPLE_PAIRING_DEBUG_MODE_CP_SIZE 1
++typedef struct {
++	uint8_t		status;
++} __attribute__ ((packed)) write_simple_pairing_debug_mode_rp;
++#define WRITE_SIMPLE_PAIRING_DEBUG_MODE_RP_SIZE 1
++
++/* LE commands */
++#define OGF_LE_CTL		0x08
++
++#define OCF_LE_SET_EVENT_MASK			0x0001
++typedef struct {
++	uint8_t		mask[8];
++} __attribute__ ((packed)) le_set_event_mask_cp;
++#define LE_SET_EVENT_MASK_CP_SIZE 8
++
++#define OCF_LE_READ_BUFFER_SIZE			0x0002
++typedef struct {
++	uint8_t		status;
++	uint16_t	pkt_len;
++	uint8_t		max_pkt;
++} __attribute__ ((packed)) le_read_buffer_size_rp;
++#define LE_READ_BUFFER_SIZE_RP_SIZE 4
++
++#define OCF_LE_READ_LOCAL_SUPPORTED_FEATURES	0x0003
++typedef struct {
++	uint8_t		status;
++	uint8_t		features[8];
++} __attribute__ ((packed)) le_read_local_supported_features_rp;
++#define LE_READ_LOCAL_SUPPORTED_FEATURES_RP_SIZE 9
++
++#define OCF_LE_SET_RANDOM_ADDRESS		0x0005
++typedef struct {
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) le_set_random_address_cp;
++#define LE_SET_RANDOM_ADDRESS_CP_SIZE 6
++
++#define OCF_LE_SET_ADVERTISING_PARAMETERS	0x0006
++typedef struct {
++	uint16_t	min_interval;
++	uint16_t	max_interval;
++	uint8_t		advtype;
++	uint8_t		own_bdaddr_type;
++	uint8_t		direct_bdaddr_type;
++	bdaddr_t	direct_bdaddr;
++	uint8_t		chan_map;
++	uint8_t		filter;
++} __attribute__ ((packed)) le_set_advertising_parameters_cp;
++#define LE_SET_ADVERTISING_PARAMETERS_CP_SIZE 15
++
++#define OCF_LE_READ_ADVERTISING_CHANNEL_TX_POWER	0x0007
++typedef struct {
++	uint8_t		status;
++	uint8_t		level;
++} __attribute__ ((packed)) le_read_advertising_channel_tx_power_rp;
++#define LE_READ_ADVERTISING_CHANNEL_TX_POWER_RP_SIZE 2
++
++#define OCF_LE_SET_ADVERTISING_DATA		0x0008
++typedef struct {
++	uint8_t		length;
++	uint8_t		data[31];
++} __attribute__ ((packed)) le_set_advertising_data_cp;
++#define LE_SET_ADVERTISING_DATA_CP_SIZE 32
++
++#define OCF_LE_SET_SCAN_RESPONSE_DATA		0x0009
++typedef struct {
++	uint8_t		length;
++	uint8_t		data[31];
++} __attribute__ ((packed)) le_set_scan_response_data_cp;
++#define LE_SET_SCAN_RESPONSE_DATA_CP_SIZE 32
++
++#define OCF_LE_SET_ADVERTISE_ENABLE		0x000A
++typedef struct {
++	uint8_t		enable;
++} __attribute__ ((packed)) le_set_advertise_enable_cp;
++#define LE_SET_ADVERTISE_ENABLE_CP_SIZE 1
++
++#define OCF_LE_SET_SCAN_PARAMETERS		0x000B
++typedef struct {
++	uint8_t		type;
++	uint16_t	interval;
++	uint16_t	window;
++	uint8_t		own_bdaddr_type;
++	uint8_t		filter;
++} __attribute__ ((packed)) le_set_scan_parameters_cp;
++#define LE_SET_SCAN_PARAMETERS_CP_SIZE 7
++
++#define OCF_LE_SET_SCAN_ENABLE			0x000C
++typedef struct {
++	uint8_t		enable;
++	uint8_t		filter_dup;
++} __attribute__ ((packed)) le_set_scan_enable_cp;
++#define LE_SET_SCAN_ENABLE_CP_SIZE 2
++
++#define OCF_LE_CREATE_CONN			0x000D
++typedef struct {
++	uint16_t	interval;
++	uint16_t	window;
++	uint8_t		initiator_filter;
++	uint8_t		peer_bdaddr_type;
++	bdaddr_t	peer_bdaddr;
++	uint8_t		own_bdaddr_type;
++	uint16_t	min_interval;
++	uint16_t	max_interval;
++	uint16_t	latency;
++	uint16_t	supervision_timeout;
++	uint16_t	min_ce_length;
++	uint16_t	max_ce_length;
++} __attribute__ ((packed)) le_create_connection_cp;
++#define LE_CREATE_CONN_CP_SIZE 25
++
++#define OCF_LE_CREATE_CONN_CANCEL		0x000E
++
++#define OCF_LE_READ_WHITE_LIST_SIZE		0x000F
++typedef struct {
++	uint8_t		status;
++	uint8_t		size;
++} __attribute__ ((packed)) le_read_white_list_size_rp;
++#define LE_READ_WHITE_LIST_SIZE_RP_SIZE 2
++
++#define OCF_LE_CLEAR_WHITE_LIST			0x0010
++
++#define OCF_LE_ADD_DEVICE_TO_WHITE_LIST		0x0011
++typedef struct {
++	uint8_t		bdaddr_type;
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) le_add_device_to_white_list_cp;
++#define LE_ADD_DEVICE_TO_WHITE_LIST_CP_SIZE 7
++
++#define OCF_LE_REMOVE_DEVICE_FROM_WHITE_LIST	0x0012
++typedef struct {
++	uint8_t		bdaddr_type;
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) le_remove_device_from_white_list_cp;
++#define LE_REMOVE_DEVICE_FROM_WHITE_LIST_CP_SIZE 7
++
++#define OCF_LE_CONN_UPDATE			0x0013
++typedef struct {
++	uint16_t	handle;
++	uint16_t	min_interval;
++	uint16_t	max_interval;
++	uint16_t	latency;
++	uint16_t	supervision_timeout;
++	uint16_t	min_ce_length;
++	uint16_t	max_ce_length;
++} __attribute__ ((packed)) le_connection_update_cp;
++#define LE_CONN_UPDATE_CP_SIZE 14
++
++#define OCF_LE_SET_HOST_CHANNEL_CLASSIFICATION	0x0014
++typedef struct {
++	uint8_t		map[5];
++} __attribute__ ((packed)) le_set_host_channel_classification_cp;
++#define LE_SET_HOST_CHANNEL_CLASSIFICATION_CP_SIZE 5
++
++#define OCF_LE_READ_CHANNEL_MAP			0x0015
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) le_read_channel_map_cp;
++#define LE_READ_CHANNEL_MAP_CP_SIZE 2
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		map[5];
++} __attribute__ ((packed)) le_read_channel_map_rp;
++#define LE_READ_CHANNEL_MAP_RP_SIZE 8
++
++#define OCF_LE_READ_REMOTE_USED_FEATURES	0x0016
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) le_read_remote_used_features_cp;
++#define LE_READ_REMOTE_USED_FEATURES_CP_SIZE 2
++
++#define OCF_LE_ENCRYPT				0x0017
++typedef struct {
++	uint8_t		key[16];
++	uint8_t		plaintext[16];
++} __attribute__ ((packed)) le_encrypt_cp;
++#define LE_ENCRYPT_CP_SIZE 32
++typedef struct {
++	uint8_t		status;
++	uint8_t		data[16];
++} __attribute__ ((packed)) le_encrypt_rp;
++#define LE_ENCRYPT_RP_SIZE 17
++
++#define OCF_LE_RAND				0x0018
++typedef struct {
++	uint8_t		status;
++	uint64_t	random;
++} __attribute__ ((packed)) le_rand_rp;
++#define LE_RAND_RP_SIZE 9
++
++#define OCF_LE_START_ENCRYPTION			0x0019
++typedef struct {
++	uint16_t	handle;
++	uint64_t	random;
++	uint16_t	diversifier;
++	uint8_t		key[16];
++} __attribute__ ((packed)) le_start_encryption_cp;
++#define LE_START_ENCRYPTION_CP_SIZE 28
++
++#define OCF_LE_LTK_REPLY			0x001A
++typedef struct {
++	uint16_t	handle;
++	uint8_t		key[16];
++} __attribute__ ((packed)) le_ltk_reply_cp;
++#define LE_LTK_REPLY_CP_SIZE 18
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++} __attribute__ ((packed)) le_ltk_reply_rp;
++#define LE_LTK_REPLY_RP_SIZE 3
++
++#define OCF_LE_LTK_NEG_REPLY			0x001B
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) le_ltk_neg_reply_cp;
++#define LE_LTK_NEG_REPLY_CP_SIZE 2
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++} __attribute__ ((packed)) le_ltk_neg_reply_rp;
++#define LE_LTK_NEG_REPLY_RP_SIZE 3
++
++#define OCF_LE_READ_SUPPORTED_STATES		0x001C
++typedef struct {
++	uint8_t		status;
++	uint64_t	states;
++} __attribute__ ((packed)) le_read_supported_states_rp;
++#define LE_READ_SUPPORTED_STATES_RP_SIZE 9
++
++#define OCF_LE_RECEIVER_TEST			0x001D
++typedef struct {
++	uint8_t		frequency;
++} __attribute__ ((packed)) le_receiver_test_cp;
++#define LE_RECEIVER_TEST_CP_SIZE 1
++
++#define OCF_LE_TRANSMITTER_TEST			0x001E
++typedef struct {
++	uint8_t		frequency;
++	uint8_t		length;
++	uint8_t		payload;
++} __attribute__ ((packed)) le_transmitter_test_cp;
++#define LE_TRANSMITTER_TEST_CP_SIZE 3
++
++#define OCF_LE_TEST_END				0x001F
++typedef struct {
++	uint8_t		status;
++	uint16_t	num_pkts;
++} __attribute__ ((packed)) le_test_end_rp;
++#define LE_TEST_END_RP_SIZE 3
++
++/* Vendor specific commands */
++#define OGF_VENDOR_CMD		0x3f
++
++/* ---- HCI Events ---- */
++
++#define EVT_INQUIRY_COMPLETE		0x01
++
++#define EVT_INQUIRY_RESULT		0x02
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		pscan_rep_mode;
++	uint8_t		pscan_period_mode;
++	uint8_t		pscan_mode;
++	uint8_t		dev_class[3];
++	uint16_t	clock_offset;
++} __attribute__ ((packed)) inquiry_info;
++#define INQUIRY_INFO_SIZE 14
++
++#define EVT_CONN_COMPLETE		0x03
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	bdaddr_t	bdaddr;
++	uint8_t		link_type;
++	uint8_t		encr_mode;
++} __attribute__ ((packed)) evt_conn_complete;
++#define EVT_CONN_COMPLETE_SIZE 13
++
++#define EVT_CONN_REQUEST		0x04
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		dev_class[3];
++	uint8_t		link_type;
++} __attribute__ ((packed)) evt_conn_request;
++#define EVT_CONN_REQUEST_SIZE 10
++
++#define EVT_DISCONN_COMPLETE		0x05
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		reason;
++} __attribute__ ((packed)) evt_disconn_complete;
++#define EVT_DISCONN_COMPLETE_SIZE 4
++
++#define EVT_AUTH_COMPLETE		0x06
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++} __attribute__ ((packed)) evt_auth_complete;
++#define EVT_AUTH_COMPLETE_SIZE 3
++
++#define EVT_REMOTE_NAME_REQ_COMPLETE	0x07
++typedef struct {
++	uint8_t		status;
++	bdaddr_t	bdaddr;
++	uint8_t		name[HCI_MAX_NAME_LENGTH];
++} __attribute__ ((packed)) evt_remote_name_req_complete;
++#define EVT_REMOTE_NAME_REQ_COMPLETE_SIZE 255
++
++#define EVT_ENCRYPT_CHANGE		0x08
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		encrypt;
++} __attribute__ ((packed)) evt_encrypt_change;
++#define EVT_ENCRYPT_CHANGE_SIZE 5
++
++#define EVT_CHANGE_CONN_LINK_KEY_COMPLETE	0x09
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++}  __attribute__ ((packed)) evt_change_conn_link_key_complete;
++#define EVT_CHANGE_CONN_LINK_KEY_COMPLETE_SIZE 3
++
++#define EVT_MASTER_LINK_KEY_COMPLETE		0x0A
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		key_flag;
++} __attribute__ ((packed)) evt_master_link_key_complete;
++#define EVT_MASTER_LINK_KEY_COMPLETE_SIZE 4
++
++#define EVT_READ_REMOTE_FEATURES_COMPLETE	0x0B
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		features[8];
++} __attribute__ ((packed)) evt_read_remote_features_complete;
++#define EVT_READ_REMOTE_FEATURES_COMPLETE_SIZE 11
++
++#define EVT_READ_REMOTE_VERSION_COMPLETE	0x0C
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		lmp_ver;
++	uint16_t	manufacturer;
++	uint16_t	lmp_subver;
++} __attribute__ ((packed)) evt_read_remote_version_complete;
++#define EVT_READ_REMOTE_VERSION_COMPLETE_SIZE 8
++
++#define EVT_QOS_SETUP_COMPLETE		0x0D
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		flags;			/* Reserved */
++	hci_qos		qos;
++} __attribute__ ((packed)) evt_qos_setup_complete;
++#define EVT_QOS_SETUP_COMPLETE_SIZE (4 + HCI_QOS_CP_SIZE)
++
++#define EVT_CMD_COMPLETE 		0x0E
++typedef struct {
++	uint8_t		ncmd;
++	uint16_t	opcode;
++} __attribute__ ((packed)) evt_cmd_complete;
++#define EVT_CMD_COMPLETE_SIZE 3
++
++#define EVT_CMD_STATUS 			0x0F
++typedef struct {
++	uint8_t		status;
++	uint8_t		ncmd;
++	uint16_t	opcode;
++} __attribute__ ((packed)) evt_cmd_status;
++#define EVT_CMD_STATUS_SIZE 4
++
++#define EVT_HARDWARE_ERROR		0x10
++typedef struct {
++	uint8_t		code;
++} __attribute__ ((packed)) evt_hardware_error;
++#define EVT_HARDWARE_ERROR_SIZE 1
++
++#define EVT_FLUSH_OCCURRED		0x11
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) evt_flush_occured;
++#define EVT_FLUSH_OCCURRED_SIZE 2
++
++#define EVT_ROLE_CHANGE			0x12
++typedef struct {
++	uint8_t		status;
++	bdaddr_t	bdaddr;
++	uint8_t		role;
++} __attribute__ ((packed)) evt_role_change;
++#define EVT_ROLE_CHANGE_SIZE 8
++
++#define EVT_NUM_COMP_PKTS		0x13
++typedef struct {
++	uint8_t		num_hndl;
++	/* variable length part */
++} __attribute__ ((packed)) evt_num_comp_pkts;
++#define EVT_NUM_COMP_PKTS_SIZE 1
++
++#define EVT_MODE_CHANGE			0x14
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		mode;
++	uint16_t	interval;
++} __attribute__ ((packed)) evt_mode_change;
++#define EVT_MODE_CHANGE_SIZE 6
++
++#define EVT_RETURN_LINK_KEYS		0x15
++typedef struct {
++	uint8_t		num_keys;
++	/* variable length part */
++} __attribute__ ((packed)) evt_return_link_keys;
++#define EVT_RETURN_LINK_KEYS_SIZE 1
++
++#define EVT_PIN_CODE_REQ		0x16
++typedef struct {
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) evt_pin_code_req;
++#define EVT_PIN_CODE_REQ_SIZE 6
++
++#define EVT_LINK_KEY_REQ		0x17
++typedef struct {
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) evt_link_key_req;
++#define EVT_LINK_KEY_REQ_SIZE 6
++
++#define EVT_LINK_KEY_NOTIFY		0x18
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		link_key[16];
++	uint8_t		key_type;
++} __attribute__ ((packed)) evt_link_key_notify;
++#define EVT_LINK_KEY_NOTIFY_SIZE 23
++
++#define EVT_LOOPBACK_COMMAND		0x19
++
++#define EVT_DATA_BUFFER_OVERFLOW	0x1A
++typedef struct {
++	uint8_t		link_type;
++} __attribute__ ((packed)) evt_data_buffer_overflow;
++#define EVT_DATA_BUFFER_OVERFLOW_SIZE 1
++
++#define EVT_MAX_SLOTS_CHANGE		0x1B
++typedef struct {
++	uint16_t	handle;
++	uint8_t		max_slots;
++} __attribute__ ((packed)) evt_max_slots_change;
++#define EVT_MAX_SLOTS_CHANGE_SIZE 3
++
++#define EVT_READ_CLOCK_OFFSET_COMPLETE	0x1C
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint16_t	clock_offset;
++} __attribute__ ((packed)) evt_read_clock_offset_complete;
++#define EVT_READ_CLOCK_OFFSET_COMPLETE_SIZE 5
++
++#define EVT_CONN_PTYPE_CHANGED		0x1D
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint16_t	ptype;
++} __attribute__ ((packed)) evt_conn_ptype_changed;
++#define EVT_CONN_PTYPE_CHANGED_SIZE 5
++
++#define EVT_QOS_VIOLATION		0x1E
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) evt_qos_violation;
++#define EVT_QOS_VIOLATION_SIZE 2
++
++#define EVT_PSCAN_REP_MODE_CHANGE	0x20
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		pscan_rep_mode;
++} __attribute__ ((packed)) evt_pscan_rep_mode_change;
++#define EVT_PSCAN_REP_MODE_CHANGE_SIZE 7
++
++#define EVT_FLOW_SPEC_COMPLETE		0x21
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		flags;
++	uint8_t		direction;
++	hci_qos		qos;
++} __attribute__ ((packed)) evt_flow_spec_complete;
++#define EVT_FLOW_SPEC_COMPLETE_SIZE (5 + HCI_QOS_CP_SIZE)
++
++#define EVT_INQUIRY_RESULT_WITH_RSSI	0x22
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		pscan_rep_mode;
++	uint8_t		pscan_period_mode;
++	uint8_t		dev_class[3];
++	uint16_t	clock_offset;
++	int8_t		rssi;
++} __attribute__ ((packed)) inquiry_info_with_rssi;
++#define INQUIRY_INFO_WITH_RSSI_SIZE 14
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		pscan_rep_mode;
++	uint8_t		pscan_period_mode;
++	uint8_t		pscan_mode;
++	uint8_t		dev_class[3];
++	uint16_t	clock_offset;
++	int8_t		rssi;
++} __attribute__ ((packed)) inquiry_info_with_rssi_and_pscan_mode;
++#define INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE 15
++
++#define EVT_READ_REMOTE_EXT_FEATURES_COMPLETE	0x23
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		page_num;
++	uint8_t		max_page_num;
++	uint8_t		features[8];
++} __attribute__ ((packed)) evt_read_remote_ext_features_complete;
++#define EVT_READ_REMOTE_EXT_FEATURES_COMPLETE_SIZE 13
++
++#define EVT_SYNC_CONN_COMPLETE		0x2C
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	bdaddr_t	bdaddr;
++	uint8_t		link_type;
++	uint8_t		trans_interval;
++	uint8_t		retrans_window;
++	uint16_t	rx_pkt_len;
++	uint16_t	tx_pkt_len;
++	uint8_t		air_mode;
++} __attribute__ ((packed)) evt_sync_conn_complete;
++#define EVT_SYNC_CONN_COMPLETE_SIZE 17
++
++#define EVT_SYNC_CONN_CHANGED		0x2D
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		trans_interval;
++	uint8_t		retrans_window;
++	uint16_t	rx_pkt_len;
++	uint16_t	tx_pkt_len;
++} __attribute__ ((packed)) evt_sync_conn_changed;
++#define EVT_SYNC_CONN_CHANGED_SIZE 9
++
++#define EVT_SNIFF_SUBRATING		0x2E
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint16_t	max_tx_latency;
++	uint16_t	max_rx_latency;
++	uint16_t	min_remote_timeout;
++	uint16_t	min_local_timeout;
++} __attribute__ ((packed)) evt_sniff_subrating;
++#define EVT_SNIFF_SUBRATING_SIZE 11
++
++#define EVT_EXTENDED_INQUIRY_RESULT	0x2F
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		pscan_rep_mode;
++	uint8_t		pscan_period_mode;
++	uint8_t		dev_class[3];
++	uint16_t	clock_offset;
++	int8_t		rssi;
++	uint8_t		data[HCI_MAX_EIR_LENGTH];
++} __attribute__ ((packed)) extended_inquiry_info;
++#define EXTENDED_INQUIRY_INFO_SIZE 254
++
++#define EVT_ENCRYPTION_KEY_REFRESH_COMPLETE	0x30
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++} __attribute__ ((packed)) evt_encryption_key_refresh_complete;
++#define EVT_ENCRYPTION_KEY_REFRESH_COMPLETE_SIZE 3
++
++#define EVT_IO_CAPABILITY_REQUEST	0x31
++typedef struct {
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) evt_io_capability_request;
++#define EVT_IO_CAPABILITY_REQUEST_SIZE 6
++
++#define EVT_IO_CAPABILITY_RESPONSE	0x32
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		capability;
++	uint8_t		oob_data;
++	uint8_t		authentication;
++} __attribute__ ((packed)) evt_io_capability_response;
++#define EVT_IO_CAPABILITY_RESPONSE_SIZE 9
++
++#define EVT_USER_CONFIRM_REQUEST	0x33
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint32_t	passkey;
++} __attribute__ ((packed)) evt_user_confirm_request;
++#define EVT_USER_CONFIRM_REQUEST_SIZE 10
++
++#define EVT_USER_PASSKEY_REQUEST	0x34
++typedef struct {
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) evt_user_passkey_request;
++#define EVT_USER_PASSKEY_REQUEST_SIZE 6
++
++#define EVT_REMOTE_OOB_DATA_REQUEST	0x35
++typedef struct {
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) evt_remote_oob_data_request;
++#define EVT_REMOTE_OOB_DATA_REQUEST_SIZE 6
++
++#define EVT_SIMPLE_PAIRING_COMPLETE	0x36
++typedef struct {
++	uint8_t		status;
++	bdaddr_t	bdaddr;
++} __attribute__ ((packed)) evt_simple_pairing_complete;
++#define EVT_SIMPLE_PAIRING_COMPLETE_SIZE 7
++
++#define EVT_LINK_SUPERVISION_TIMEOUT_CHANGED	0x38
++typedef struct {
++	uint16_t	handle;
++	uint16_t	timeout;
++} __attribute__ ((packed)) evt_link_supervision_timeout_changed;
++#define EVT_LINK_SUPERVISION_TIMEOUT_CHANGED_SIZE 4
++
++#define EVT_ENHANCED_FLUSH_COMPLETE	0x39
++typedef struct {
++	uint16_t	handle;
++} __attribute__ ((packed)) evt_enhanced_flush_complete;
++#define EVT_ENHANCED_FLUSH_COMPLETE_SIZE 2
++
++#define EVT_USER_PASSKEY_NOTIFY		0x3B
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint32_t	passkey;
++} __attribute__ ((packed)) evt_user_passkey_notify;
++#define EVT_USER_PASSKEY_NOTIFY_SIZE 10
++
++#define EVT_KEYPRESS_NOTIFY		0x3C
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		type;
++} __attribute__ ((packed)) evt_keypress_notify;
++#define EVT_KEYPRESS_NOTIFY_SIZE 7
++
++#define EVT_REMOTE_HOST_FEATURES_NOTIFY	0x3D
++typedef struct {
++	bdaddr_t	bdaddr;
++	uint8_t		features[8];
++} __attribute__ ((packed)) evt_remote_host_features_notify;
++#define EVT_REMOTE_HOST_FEATURES_NOTIFY_SIZE 14
++
++#define EVT_LE_META_EVENT	0x3E
++typedef struct {
++	uint8_t		subevent;
++	uint8_t		data[0];
++} __attribute__ ((packed)) evt_le_meta_event;
++#define EVT_LE_META_EVENT_SIZE 1
++
++#define EVT_LE_CONN_COMPLETE	0x01
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		role;
++	uint8_t		peer_bdaddr_type;
++	bdaddr_t	peer_bdaddr;
++	uint16_t	interval;
++	uint16_t	latency;
++	uint16_t	supervision_timeout;
++	uint8_t		master_clock_accuracy;
++} __attribute__ ((packed)) evt_le_connection_complete;
++#define EVT_LE_CONN_COMPLETE_SIZE 18
++
++#define EVT_LE_ADVERTISING_REPORT	0x02
++typedef struct {
++	uint8_t		evt_type;
++	uint8_t		bdaddr_type;
++	bdaddr_t	bdaddr;
++	uint8_t		length;
++	uint8_t		data[0];
++} __attribute__ ((packed)) le_advertising_info;
++#define LE_ADVERTISING_INFO_SIZE 9
++
++#define EVT_LE_CONN_UPDATE_COMPLETE	0x03
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint16_t	interval;
++	uint16_t	latency;
++	uint16_t	supervision_timeout;
++} __attribute__ ((packed)) evt_le_connection_update_complete;
++#define EVT_LE_CONN_UPDATE_COMPLETE_SIZE 9
++
++#define EVT_LE_READ_REMOTE_USED_FEATURES_COMPLETE	0x04
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++	uint8_t		features[8];
++} __attribute__ ((packed)) evt_le_read_remote_used_features_complete;
++#define EVT_LE_READ_REMOTE_USED_FEATURES_COMPLETE_SIZE 11
++
++#define EVT_LE_LTK_REQUEST	0x05
++typedef struct {
++	uint16_t	handle;
++	uint64_t	random;
++	uint16_t	diversifier;
++} __attribute__ ((packed)) evt_le_long_term_key_request;
++#define EVT_LE_LTK_REQUEST_SIZE 12
++
++#define EVT_PHYSICAL_LINK_COMPLETE		0x40
++typedef struct {
++	uint8_t		status;
++	uint8_t		handle;
++} __attribute__ ((packed)) evt_physical_link_complete;
++#define EVT_PHYSICAL_LINK_COMPLETE_SIZE 2
++
++#define EVT_CHANNEL_SELECTED		0x41
++
++#define EVT_DISCONNECT_PHYSICAL_LINK_COMPLETE	0x42
++typedef struct {
++	uint8_t		status;
++	uint8_t		handle;
++	uint8_t		reason;
++} __attribute__ ((packed)) evt_disconn_physical_link_complete;
++#define EVT_DISCONNECT_PHYSICAL_LINK_COMPLETE_SIZE 3
++
++#define EVT_PHYSICAL_LINK_LOSS_EARLY_WARNING	0x43
++typedef struct {
++	uint8_t		handle;
++	uint8_t		reason;
++} __attribute__ ((packed)) evt_physical_link_loss_warning;
++#define EVT_PHYSICAL_LINK_LOSS_WARNING_SIZE 2
++
++#define EVT_PHYSICAL_LINK_RECOVERY		0x44
++typedef struct {
++	uint8_t		handle;
++} __attribute__ ((packed)) evt_physical_link_recovery;
++#define EVT_PHYSICAL_LINK_RECOVERY_SIZE 1
++
++#define EVT_LOGICAL_LINK_COMPLETE		0x45
++typedef struct {
++	uint8_t		status;
++	uint16_t	log_handle;
++	uint8_t		handle;
++	uint8_t		tx_flow_id;
++} __attribute__ ((packed)) evt_logical_link_complete;
++#define EVT_LOGICAL_LINK_COMPLETE_SIZE 5
++
++#define EVT_DISCONNECT_LOGICAL_LINK_COMPLETE	0x46
++
++#define EVT_FLOW_SPEC_MODIFY_COMPLETE		0x47
++typedef struct {
++	uint8_t		status;
++	uint16_t	handle;
++} __attribute__ ((packed)) evt_flow_spec_modify_complete;
++#define EVT_FLOW_SPEC_MODIFY_COMPLETE_SIZE 3
++
++#define EVT_NUMBER_COMPLETED_BLOCKS		0x48
++
++#define EVT_AMP_STATUS_CHANGE			0x4D
++typedef struct {
++	uint8_t		status;
++	uint8_t		amp_status;
++} __attribute__ ((packed)) evt_amp_status_change;
++#define EVT_AMP_STATUS_CHANGE_SIZE 2
++
++#define EVT_TESTING			0xFE
++
++#define EVT_VENDOR			0xFF
++
++/* Internal events generated by BlueZ stack */
++#define EVT_STACK_INTERNAL		0xFD
++typedef struct {
++	uint16_t	type;
++	uint8_t		data[0];
++} __attribute__ ((packed)) evt_stack_internal;
++#define EVT_STACK_INTERNAL_SIZE 2
++
++#define EVT_SI_DEVICE	0x01
++typedef struct {
++	uint16_t	event;
++	uint16_t	dev_id;
++} __attribute__ ((packed)) evt_si_device;
++#define EVT_SI_DEVICE_SIZE 4
++
++/* --------  HCI Packet structures  -------- */
++#define HCI_TYPE_LEN	1
++
++typedef struct {
++	uint16_t	opcode;		/* OCF & OGF */
++	uint8_t		plen;
++} __attribute__ ((packed))	hci_command_hdr;
++#define HCI_COMMAND_HDR_SIZE 	3
++
++typedef struct {
++	uint8_t		evt;
++	uint8_t		plen;
++} __attribute__ ((packed))	hci_event_hdr;
++#define HCI_EVENT_HDR_SIZE 	2
++
++typedef struct {
++	uint16_t	handle;		/* Handle & Flags(PB, BC) */
++	uint16_t	dlen;
++} __attribute__ ((packed))	hci_acl_hdr;
++#define HCI_ACL_HDR_SIZE 	4
++
++typedef struct {
++	uint16_t	handle;
++	uint8_t		dlen;
++} __attribute__ ((packed))	hci_sco_hdr;
++#define HCI_SCO_HDR_SIZE 	3
++
++typedef struct {
++	uint16_t	device;
++	uint16_t	type;
++	uint16_t	plen;
++} __attribute__ ((packed))	hci_msg_hdr;
++#define HCI_MSG_HDR_SIZE	6
++
++/* Command opcode pack/unpack */
++#define cmd_opcode_pack(ogf, ocf)	(uint16_t)((ocf & 0x03ff)|(ogf << 10))
++#define cmd_opcode_ogf(op)		(op >> 10)
++#define cmd_opcode_ocf(op)		(op & 0x03ff)
++
++/* ACL handle and flags pack/unpack */
++#define acl_handle_pack(h, f)	(uint16_t)((h & 0x0fff)|(f << 12))
++#define acl_handle(h)		(h & 0x0fff)
++#define acl_flags(h)		(h >> 12)
++
++#endif /* _NO_HCI_DEFS */
++
++/* HCI Socket options */
++#define HCI_DATA_DIR	1
++#define HCI_FILTER	2
++#define HCI_TIME_STAMP	3
++
++/* HCI CMSG flags */
++#define HCI_CMSG_DIR	0x0001
++#define HCI_CMSG_TSTAMP	0x0002
++
++struct sockaddr_hci {
++	sa_family_t	hci_family;
++	unsigned short	hci_dev;
++	unsigned short  hci_channel;
++};
++#define HCI_DEV_NONE	0xffff
++
++#define HCI_CHANNEL_RAW		0
++#define HCI_CHANNEL_MONITOR	2
++#define HCI_CHANNEL_CONTROL	3
++
++struct hci_filter {
++	uint32_t type_mask;
++	uint32_t event_mask[2];
++	uint16_t opcode;
++};
++
++#define HCI_FLT_TYPE_BITS	31
++#define HCI_FLT_EVENT_BITS	63
++#define HCI_FLT_OGF_BITS	63
++#define HCI_FLT_OCF_BITS	127
++
++/* Ioctl requests structures */
++struct hci_dev_stats {
++	uint32_t err_rx;
++	uint32_t err_tx;
++	uint32_t cmd_tx;
++	uint32_t evt_rx;
++	uint32_t acl_tx;
++	uint32_t acl_rx;
++	uint32_t sco_tx;
++	uint32_t sco_rx;
++	uint32_t byte_rx;
++	uint32_t byte_tx;
++};
++
++struct hci_dev_info {
++	uint16_t dev_id;
++	char     name[8];
++
++	bdaddr_t bdaddr;
++
++	uint32_t flags;
++	uint8_t  type;
++
++	uint8_t  features[8];
++
++	uint32_t pkt_type;
++	uint32_t link_policy;
++	uint32_t link_mode;
++
++	uint16_t acl_mtu;
++	uint16_t acl_pkts;
++	uint16_t sco_mtu;
++	uint16_t sco_pkts;
++
++	struct   hci_dev_stats stat;
++};
++
++struct hci_conn_info {
++	uint16_t handle;
++	bdaddr_t bdaddr;
++	uint8_t  type;
++	uint8_t	 out;
++	uint16_t state;
++	uint32_t link_mode;
++};
++
++struct hci_dev_req {
++	uint16_t dev_id;
++	uint32_t dev_opt;
++};
++
++struct hci_dev_list_req {
++	uint16_t dev_num;
++	struct hci_dev_req dev_req[0];	/* hci_dev_req structures */
++};
++
++struct hci_conn_list_req {
++	uint16_t dev_id;
++	uint16_t conn_num;
++	struct hci_conn_info conn_info[0];
++};
++
++struct hci_conn_info_req {
++	bdaddr_t bdaddr;
++	uint8_t  type;
++	struct hci_conn_info conn_info[0];
++};
++
++struct hci_auth_info_req {
++	bdaddr_t bdaddr;
++	uint8_t  type;
++};
++
++struct hci_inquiry_req {
++	uint16_t dev_id;
++	uint16_t flags;
++	uint8_t  lap[3];
++	uint8_t  length;
++	uint8_t  num_rsp;
++};
++#define IREQ_CACHE_FLUSH 0x0001
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __HCI_H */
 === added file '.pc/ssp_parameter.patch/lib/mgmt.h'
 --- .pc/ssp_parameter.patch/lib/mgmt.h	1970-01-01 00:00:00 +0000
 +++ .pc/ssp_parameter.patch/lib/mgmt.h	2014-05-15 03:26:22 +0000
@@ -0,0 +1,554 @@
++/*
++ *  BlueZ - Bluetooth protocol stack for Linux
++ *
++ *  Copyright (C) 2010  Nokia Corporation
++ *  Copyright (C) 2010  Marcel Holtmann <marcel@holtmann.org>
++ *
++ *
++ *  This program is free software; you can redistribute it and/or modify
++ *  it under the terms of the GNU General Public License as published by
++ *  the Free Software Foundation; either version 2 of the License, or
++ *  (at your option) any later version.
++ *
++ *  This program is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *  GNU General Public License for more details.
++ *
++ *  You should have received a copy of the GNU General Public License
++ *  along with this program; if not, write to the Free Software
++ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ *
++ */
++
++#ifndef __packed
++#define __packed __attribute__((packed))
++#endif
++
++#define MGMT_INDEX_NONE			0xFFFF
++
++#define MGMT_STATUS_SUCCESS		0x00
++#define MGMT_STATUS_UNKNOWN_COMMAND	0x01
++#define MGMT_STATUS_NOT_CONNECTED	0x02
++#define MGMT_STATUS_FAILED		0x03
++#define MGMT_STATUS_CONNECT_FAILED	0x04
++#define MGMT_STATUS_AUTH_FAILED		0x05
++#define MGMT_STATUS_NOT_PAIRED		0x06
++#define MGMT_STATUS_NO_RESOURCES	0x07
++#define MGMT_STATUS_TIMEOUT		0x08
++#define MGMT_STATUS_ALREADY_CONNECTED	0x09
++#define MGMT_STATUS_BUSY		0x0a
++#define MGMT_STATUS_REJECTED		0x0b
++#define MGMT_STATUS_NOT_SUPPORTED	0x0c
++#define MGMT_STATUS_INVALID_PARAMS	0x0d
++#define MGMT_STATUS_DISCONNECTED	0x0e
++#define MGMT_STATUS_NOT_POWERED		0x0f
++#define MGMT_STATUS_CANCELLED		0x10
++#define MGMT_STATUS_INVALID_INDEX	0x11
++
++struct mgmt_hdr {
++	uint16_t opcode;
++	uint16_t index;
++	uint16_t len;
++} __packed;
++#define MGMT_HDR_SIZE	6
++
++struct mgmt_addr_info {
++	bdaddr_t bdaddr;
++	uint8_t type;
++} __packed;
++
++#define MGMT_OP_READ_VERSION		0x0001
++struct mgmt_rp_read_version {
++	uint8_t version;
++	uint16_t revision;
++} __packed;
++
++#define MGMT_OP_READ_COMMANDS		0x0002
++struct mgmt_rp_read_commands {
++	uint16_t num_commands;
++	uint16_t num_events;
++	uint16_t opcodes[0];
++} __packed;
++
++#define MGMT_OP_READ_INDEX_LIST		0x0003
++struct mgmt_rp_read_index_list {
++	uint16_t num_controllers;
++	uint16_t index[0];
++} __packed;
++
++/* Reserve one extra byte for names in management messages so that they
++ * are always guaranteed to be nul-terminated */
++#define MGMT_MAX_NAME_LENGTH		(HCI_MAX_NAME_LENGTH + 1)
++#define MGMT_MAX_SHORT_NAME_LENGTH	(10 + 1)
++
++#define MGMT_SETTING_POWERED		0x00000001
++#define MGMT_SETTING_CONNECTABLE	0x00000002
++#define MGMT_SETTING_FAST_CONNECTABLE	0x00000004
++#define MGMT_SETTING_DISCOVERABLE	0x00000008
++#define MGMT_SETTING_PAIRABLE		0x00000010
++#define MGMT_SETTING_LINK_SECURITY	0x00000020
++#define MGMT_SETTING_SSP		0x00000040
++#define MGMT_SETTING_BREDR		0x00000080
++#define MGMT_SETTING_HS			0x00000100
++#define MGMT_SETTING_LE			0x00000200
++
++#define MGMT_OP_READ_INFO		0x0004
++struct mgmt_rp_read_info {
++	bdaddr_t bdaddr;
++	uint8_t version;
++	uint16_t manufacturer;
++	uint32_t supported_settings;
++	uint32_t current_settings;
++	uint8_t dev_class[3];
++	uint8_t name[MGMT_MAX_NAME_LENGTH];
++	uint8_t short_name[MGMT_MAX_SHORT_NAME_LENGTH];
++} __packed;
++
++struct mgmt_mode {
++	uint8_t val;
++} __packed;
++
++#define MGMT_OP_SET_POWERED		0x0005
++
++#define MGMT_OP_SET_DISCOVERABLE	0x0006
++struct mgmt_cp_set_discoverable {
++	uint8_t val;
++	uint16_t timeout;
++} __packed;
++
++#define MGMT_OP_SET_CONNECTABLE		0x0007
++
++#define MGMT_OP_SET_FAST_CONNECTABLE	0x0008
++
++#define MGMT_OP_SET_PAIRABLE		0x0009
++
++#define MGMT_OP_SET_LINK_SECURITY	0x000A
++
++#define MGMT_OP_SET_SSP			0x000B
++
++#define MGMT_OP_SET_HS			0x000C
++
++#define MGMT_OP_SET_LE			0x000D
++
++#define MGMT_OP_SET_DEV_CLASS		0x000E
++struct mgmt_cp_set_dev_class {
++	uint8_t major;
++	uint8_t minor;
++} __packed;
++
++#define MGMT_OP_SET_LOCAL_NAME		0x000F
++struct mgmt_cp_set_local_name {
++	uint8_t name[MGMT_MAX_NAME_LENGTH];
++	uint8_t short_name[MGMT_MAX_SHORT_NAME_LENGTH];
++} __packed;
++
++#define MGMT_OP_ADD_UUID		0x0010
++struct mgmt_cp_add_uuid {
++	uint8_t uuid[16];
++	uint8_t svc_hint;
++} __packed;
++
++#define MGMT_OP_REMOVE_UUID		0x0011
++struct mgmt_cp_remove_uuid {
++	uint8_t uuid[16];
++} __packed;
++
++struct mgmt_link_key_info {
++	struct mgmt_addr_info addr;
++	uint8_t type;
++	uint8_t val[16];
++	uint8_t pin_len;
++} __packed;
++
++#define MGMT_OP_LOAD_LINK_KEYS		0x0012
++struct mgmt_cp_load_link_keys {
++	uint8_t debug_keys;
++	uint16_t key_count;
++	struct mgmt_link_key_info keys[0];
++} __packed;
++
++struct mgmt_ltk_info {
++	struct mgmt_addr_info addr;
++	uint8_t authenticated;
++	uint8_t master;
++	uint8_t enc_size;
++	uint16_t ediv;
++	uint8_t rand[8];
++	uint8_t val[16];
++} __packed;
++
++#define MGMT_OP_LOAD_LONG_TERM_KEYS	0x0013
++struct mgmt_cp_load_long_term_keys {
++	uint16_t key_count;
++	struct mgmt_ltk_info keys[0];
++} __packed;
++
++#define MGMT_OP_DISCONNECT		0x0014
++struct mgmt_cp_disconnect {
++	struct mgmt_addr_info addr;
++} __packed;
++struct mgmt_rp_disconnect {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_OP_GET_CONNECTIONS		0x0015
++struct mgmt_rp_get_connections {
++	uint16_t conn_count;
++	struct mgmt_addr_info addr[0];
++} __packed;
++
++#define MGMT_OP_PIN_CODE_REPLY		0x0016
++struct mgmt_cp_pin_code_reply {
++	struct mgmt_addr_info addr;
++	uint8_t pin_len;
++	uint8_t pin_code[16];
++} __packed;
++
++#define MGMT_OP_PIN_CODE_NEG_REPLY	0x0017
++struct mgmt_cp_pin_code_neg_reply {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_OP_SET_IO_CAPABILITY	0x0018
++struct mgmt_cp_set_io_capability {
++	uint8_t io_capability;
++} __packed;
++
++#define MGMT_OP_PAIR_DEVICE		0x0019
++struct mgmt_cp_pair_device {
++	struct mgmt_addr_info addr;
++	uint8_t io_cap;
++} __packed;
++struct mgmt_rp_pair_device {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_OP_CANCEL_PAIR_DEVICE	0x001A
++
++#define MGMT_OP_UNPAIR_DEVICE		0x001B
++struct mgmt_cp_unpair_device {
++	struct mgmt_addr_info addr;
++	uint8_t disconnect;
++} __packed;
++struct mgmt_rp_unpair_device {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_OP_USER_CONFIRM_REPLY	0x001C
++struct mgmt_cp_user_confirm_reply {
++	struct mgmt_addr_info addr;
++} __packed;
++struct mgmt_rp_user_confirm_reply {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_OP_USER_CONFIRM_NEG_REPLY	0x001D
++
++#define MGMT_OP_USER_PASSKEY_REPLY	0x001E
++struct mgmt_cp_user_passkey_reply {
++	struct mgmt_addr_info addr;
++	uint32_t passkey;
++} __packed;
++struct mgmt_rp_user_passkey_reply {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_OP_USER_PASSKEY_NEG_REPLY	0x001F
++struct mgmt_cp_user_passkey_neg_reply {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_OP_READ_LOCAL_OOB_DATA	0x0020
++struct mgmt_rp_read_local_oob_data {
++	uint8_t hash[16];
++	uint8_t randomizer[16];
++} __packed;
++
++#define MGMT_OP_ADD_REMOTE_OOB_DATA	0x0021
++struct mgmt_cp_add_remote_oob_data {
++	struct mgmt_addr_info addr;
++	uint8_t hash[16];
++	uint8_t randomizer[16];
++} __packed;
++
++#define MGMT_OP_REMOVE_REMOTE_OOB_DATA	0x0022
++struct mgmt_cp_remove_remote_oob_data {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_OP_START_DISCOVERY		0x0023
++struct mgmt_cp_start_discovery {
++	uint8_t type;
++} __packed;
++
++#define MGMT_OP_STOP_DISCOVERY		0x0024
++struct mgmt_cp_stop_discovery {
++	uint8_t type;
++} __packed;
++
++#define MGMT_OP_CONFIRM_NAME		0x0025
++struct mgmt_cp_confirm_name {
++	struct mgmt_addr_info addr;
++	uint8_t name_known;
++} __packed;
++struct mgmt_rp_confirm_name {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_OP_BLOCK_DEVICE		0x0026
++struct mgmt_cp_block_device {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_OP_UNBLOCK_DEVICE		0x0027
++struct mgmt_cp_unblock_device {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_OP_SET_DEVICE_ID		0x0028
++struct mgmt_cp_set_device_id {
++	uint16_t source;
++	uint16_t vendor;
++	uint16_t product;
++	uint16_t version;
++} __packed;
++
++#define MGMT_EV_CMD_COMPLETE		0x0001
++struct mgmt_ev_cmd_complete {
++	uint16_t opcode;
++	uint8_t status;
++	uint8_t data[0];
++} __packed;
++
++#define MGMT_EV_CMD_STATUS		0x0002
++struct mgmt_ev_cmd_status {
++	uint16_t opcode;
++	uint8_t status;
++} __packed;
++
++#define MGMT_EV_CONTROLLER_ERROR	0x0003
++struct mgmt_ev_controller_error {
++	uint8_t error_code;
++} __packed;
++
++#define MGMT_EV_INDEX_ADDED		0x0004
++
++#define MGMT_EV_INDEX_REMOVED		0x0005
++
++#define MGMT_EV_NEW_SETTINGS		0x0006
++
++#define MGMT_EV_CLASS_OF_DEV_CHANGED	0x0007
++struct mgmt_ev_class_of_dev_changed {
++	uint8_t class_of_dev[3];
++} __packed;
++
++#define MGMT_EV_LOCAL_NAME_CHANGED	0x0008
++struct mgmt_ev_local_name_changed {
++	uint8_t name[MGMT_MAX_NAME_LENGTH];
++	uint8_t short_name[MGMT_MAX_SHORT_NAME_LENGTH];
++} __packed;
++
++#define MGMT_EV_NEW_LINK_KEY		0x0009
++struct mgmt_ev_new_link_key {
++	uint8_t store_hint;
++	struct mgmt_link_key_info key;
++} __packed;
++
++#define MGMT_EV_NEW_LONG_TERM_KEY	0x000A
++struct mgmt_ev_new_long_term_key {
++	uint8_t store_hint;
++	struct mgmt_ltk_info key;
++} __packed;
++
++#define MGMT_EV_DEVICE_CONNECTED	0x000B
++struct mgmt_ev_device_connected {
++	struct mgmt_addr_info addr;
++	uint32_t flags;
++	uint16_t eir_len;
++	uint8_t eir[0];
++} __packed;
++
++#define MGMT_EV_DEVICE_DISCONNECTED	0x000C
++struct mgmt_ev_device_disconnected {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_EV_CONNECT_FAILED		0x000D
++struct mgmt_ev_connect_failed {
++	struct mgmt_addr_info addr;
++	uint8_t status;
++} __packed;
++
++#define MGMT_EV_PIN_CODE_REQUEST	0x000E
++struct mgmt_ev_pin_code_request {
++	struct mgmt_addr_info addr;
++	uint8_t secure;
++} __packed;
++
++#define MGMT_EV_USER_CONFIRM_REQUEST	0x000F
++struct mgmt_ev_user_confirm_request {
++	struct mgmt_addr_info addr;
++	uint8_t confirm_hint;
++	uint32_t value;
++} __packed;
++
++#define MGMT_EV_USER_PASSKEY_REQUEST	0x0010
++struct mgmt_ev_user_passkey_request {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_EV_AUTH_FAILED		0x0011
++struct mgmt_ev_auth_failed {
++	struct mgmt_addr_info addr;
++	uint8_t status;
++} __packed;
++
++#define MGMT_DEV_FOUND_CONFIRM_NAME	0x01
++#define MGMT_DEV_FOUND_LEGACY_PAIRING	0x02
++
++#define MGMT_EV_DEVICE_FOUND		0x0012
++struct mgmt_ev_device_found {
++	struct mgmt_addr_info addr;
++	int8_t rssi;
++	uint32_t flags;
++	uint16_t eir_len;
++	uint8_t eir[0];
++} __packed;
++
++#define MGMT_EV_DISCOVERING		0x0013
++struct mgmt_ev_discovering {
++	uint8_t type;
++	uint8_t discovering;
++} __packed;
++
++#define MGMT_EV_DEVICE_BLOCKED		0x0014
++struct mgmt_ev_device_blocked {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_EV_DEVICE_UNBLOCKED	0x0015
++struct mgmt_ev_device_unblocked {
++	struct mgmt_addr_info addr;
++} __packed;
++
++#define MGMT_EV_DEVICE_UNPAIRED		0x0016
++struct mgmt_ev_device_unpaired {
++	struct mgmt_addr_info addr;
++} __packed;
++
++static const char *mgmt_op[] = {
++	"<0x0000>",
++	"Read Version",
++	"Read Commands",
++	"Read Index List",
++	"Read Controller Info",
++	"Set Powered",
++	"Set Discoverable",
++	"Set Connectable",
++	"Set Fast Connectable",		/* 0x0008 */
++	"Set Pairable",
++	"Set Link Security",
++	"Set Secure Simple Pairing",
++	"Set High Speed",
++	"Set Low Energy",
++	"Set Dev Class",
++	"Set Local Name",
++	"Add UUID",			/* 0x0010 */
++	"Remove UUID",
++	"Load Link Keys",
++	"Load Long Term Keys",
++	"Disconnect",
++	"Get Connections",
++	"PIN Code Reply",
++	"PIN Code Neg Reply",
++	"Set IO Capability",		/* 0x0018 */
++	"Pair Device",
++	"Cancel Pair Device",
++	"Unpair Device",
++	"User Confirm Reply",
++	"User Confirm Neg Reply",
++	"User Passkey Reply",
++	"User Passkey Neg Reply",
++	"Read Local OOB Data",		/* 0x0020 */
++	"Add Remote OOB Data",
++	"Remove Remove OOB Data",
++	"Start Discovery",
++	"Stop Discovery",
++	"Confirm Name",
++	"Block Device",
++	"Unblock Device",
++	"Set Device ID",
++};
++
++static const char *mgmt_ev[] = {
++	"<0x0000>",
++	"Command Complete",
++	"Command Status",
++	"Controller Error",
++	"Index Added",
++	"Index Removed",
++	"New Settings",
++	"Class of Device Changed",
++	"Local Name Changed",		/* 0x0008 */
++	"New Link Key",
++	"New Long Term Key",
++	"Device Connected",
++	"Device Disconnected",
++	"Connect Failed",
++	"PIN Code Request",
++	"User Confirm Request",
++	"User Passkey Request",		/* 0x0010 */
++	"Authentication Failed",
++	"Device Found",
++	"Discovering",
++	"Device Blocked",
++	"Device Unblocked",
++	"Device Unpaired",
++};
++
++static const char *mgmt_status[] = {
++	"Success",
++	"Unknown Command",
++	"Not Connected",
++	"Failed",
++	"Connect Failed",
++	"Authentication Failed",
++	"Not Paired",
++	"No Resources",
++	"Timeout",
++	"Already Connected",
++	"Busy",
++	"Rejected",
++	"Not Supported",
++	"Invalid Parameters",
++	"Disconnected",
++	"Not Powered",
++	"Cancelled",
++	"Invalid Index",
++};
++
++#ifndef NELEM
++#define NELEM(x) (sizeof(x) / sizeof((x)[0]))
++#endif
++
++static inline const char *mgmt_opstr(uint16_t op)
++{
++	if (op >= NELEM(mgmt_op))
++		return "<unknown opcode>";
++	return mgmt_op[op];
++}
++
++static inline const char *mgmt_evstr(uint16_t ev)
++{
++	if (ev >= NELEM(mgmt_ev))
++		return "<unknown event>";
++	return mgmt_ev[ev];
++}
++
++static inline const char *mgmt_errstr(uint8_t status)
++{
++	if (status >= NELEM(mgmt_status))
++		return "<unknown status>";
++	return mgmt_status[status];
++}
 === added directory '.pc/ssp_parameter.patch/plugins'
 === added file '.pc/ssp_parameter.patch/plugins/hciops.c'
 --- .pc/ssp_parameter.patch/plugins/hciops.c	1970-01-01 00:00:00 +0000
 +++ .pc/ssp_parameter.patch/plugins/hciops.c	2014-05-15 03:26:22 +0000
@@ -0,0 +1,3943 @@
++/*
++ *
++ *  BlueZ - Bluetooth protocol stack for Linux
++ *
++ *  Copyright (C) 2004-2010  Marcel Holtmann <marcel@holtmann.org>
++ *
++ *  This program is free software; you can redistribute it and/or modify
++ *  it under the terms of the GNU General Public License as published by
++ *  the Free Software Foundation; either version 2 of the License, or
++ *  (at your option) any later version.
++ *
++ *  This program is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *  GNU General Public License for more details.
++ *
++ *  You should have received a copy of the GNU General Public License
++ *  along with this program; if not, write to the Free Software
++ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ *
++ */
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <stdio.h>
++#include <errno.h>
++#include <unistd.h>
++#include <stdlib.h>
++#include <sys/types.h>
++#include <sys/ioctl.h>
++#include <sys/wait.h>
++
++#include <bluetooth/bluetooth.h>
++#include <bluetooth/hci.h>
++#include <bluetooth/hci_lib.h>
++#include <bluetooth/sdp.h>
++#include <bluetooth/sdp_lib.h>
++
++#include <glib.h>
++
++#include "hcid.h"
++#include "sdpd.h"
++#include "btio.h"
++#include "adapter.h"
++#include "device.h"
++#include "plugin.h"
++#include "log.h"
++#include "storage.h"
++#include "event.h"
++#include "manager.h"
++#include "oob.h"
++#include "eir.h"
++
++#define DISCOV_HALTED 0
++#define DISCOV_INQ 1
++#define DISCOV_SCAN 2
++#define DISCOV_NAMES 3
++
++#define TIMEOUT_BR_LE_SCAN 5120 /* TGAP(100)/2 */
++#define TIMEOUT_LE_SCAN 10240 /* TGAP(gen_disc_scan_min) */
++
++#define LENGTH_BR_INQ 0x08
++#define LENGTH_BR_LE_INQ 0x04
++
++static int start_scanning(int index, int timeout);
++
++static int child_pipe[2] = { -1, -1 };
++
++static guint child_io_id = 0;
++static guint ctl_io_id = 0;
++
++enum adapter_type {
++	BR_EDR,
++	LE_ONLY,
++	BR_EDR_LE,
++	UNKNOWN,
++};
++
++/* Commands sent by kernel on starting an adapter */
++enum {
++	PENDING_BDADDR,
++	PENDING_VERSION,
++	PENDING_FEATURES,
++	PENDING_NAME,
++};
++
++struct bt_conn {
++	struct dev_info *dev;
++	bdaddr_t bdaddr;
++	uint16_t handle;
++	uint8_t loc_cap;
++	uint8_t loc_auth;
++	uint8_t rem_cap;
++	uint8_t rem_auth;
++	uint8_t rem_oob_data;
++	gboolean bonding_initiator;
++	gboolean secmode3;
++	GIOChannel *io; /* For raw L2CAP socket (bonding) */
++};
++
++struct oob_data {
++	bdaddr_t bdaddr;
++	uint8_t hash[16];
++	uint8_t randomizer[16];
++};
++
++enum name_state {
++	NAME_UNKNOWN,
++	NAME_NEEDED,
++	NAME_NOT_NEEDED,
++	NAME_PENDING,
++};
++
++struct found_dev {
++	bdaddr_t bdaddr;
++	int8_t rssi;
++	enum name_state name_state;
++};
++
++static int max_dev = -1;
++static struct dev_info {
++	int id;
++	int sk;
++	bdaddr_t bdaddr;
++	char name[249];
++	uint8_t eir[HCI_MAX_EIR_LENGTH];
++	uint8_t features[8];
++	uint8_t extfeatures[8];
++	uint8_t ssp_mode;
++
++	int8_t tx_power;
++
++	int discov_state;
++
++	uint32_t current_cod;
++	uint32_t wanted_cod;
++	uint32_t pending_cod;
++	gboolean cache_enable;
++	gboolean already_up;
++	gboolean registered;
++	gboolean pairable;
++
++	uint8_t io_capability;
++
++	struct hci_version ver;
++
++	uint16_t did_source;
++	uint16_t did_vendor;
++	uint16_t did_product;
++	uint16_t did_version;
++
++	gboolean up;
++	uint32_t pending;
++
++	GIOChannel *io;
++	guint watch_id;
++
++	gboolean debug_keys;
++	GSList *keys;
++	uint8_t pin_length;
++
++	GSList *oob_data;
++
++	GSList *uuids;
++
++	GSList *connections;
++
++	GSList *found_devs;
++	GSList *need_name;
++
++	guint stop_scan_id;
++
++	uint16_t discoverable_timeout;
++	guint discoverable_id;
++} *devs = NULL;
++
++static int found_dev_rssi_cmp(gconstpointer a, gconstpointer b)
++{
++	const struct found_dev *d1 = a, *d2 = b;
++	int rssi1, rssi2;
++
++	if (d2->name_state == NAME_NOT_NEEDED)
++		return -1;
++
++	rssi1 = d1->rssi < 0 ? -d1->rssi : d1->rssi;
++	rssi2 = d2->rssi < 0 ? -d2->rssi : d2->rssi;
++
++	return rssi1 - rssi2;
++}
++
++static int found_dev_bda_cmp(gconstpointer a, gconstpointer b)
++{
++	const struct found_dev *d1 = a, *d2 = b;
++
++	return bacmp(&d1->bdaddr, &d2->bdaddr);
++}
++
++static void found_dev_cleanup(struct dev_info *info)
++{
++	g_slist_free_full(info->found_devs, g_free);
++	info->found_devs = NULL;
++
++	g_slist_free_full(info->need_name, g_free);
++	info->need_name = NULL;
++}
++
++static int resolve_name(struct dev_info *info, bdaddr_t *bdaddr)
++{
++	remote_name_req_cp cp;
++	char addr[18];
++
++	ba2str(bdaddr, addr);
++	DBG("hci%d dba %s", info->id, addr);
++
++	memset(&cp, 0, sizeof(cp));
++	bacpy(&cp.bdaddr, bdaddr);
++	cp.pscan_rep_mode = 0x02;
++
++	if (hci_send_cmd(info->sk, OGF_LINK_CTL, OCF_REMOTE_NAME_REQ,
++					REMOTE_NAME_REQ_CP_SIZE, &cp) < 0)
++		return -errno;
++
++	return 0;
++}
++
++static int resolve_names(struct dev_info *info, struct btd_adapter *adapter)
++{
++	struct found_dev *dev;
++
++	DBG("found_dev %u need_name %u", g_slist_length(info->found_devs),
++					g_slist_length(info->need_name));
++
++	if (g_slist_length(info->need_name) == 0)
++		return -ENOENT;
++
++	dev = info->need_name->data;
++	resolve_name(info, &dev->bdaddr);
++	dev->name_state = NAME_PENDING;
++
++	return 0;
++}
++
++static void set_state(int index, int state)
++{
++	struct btd_adapter *adapter;
++	struct dev_info *dev = &devs[index];
++
++	if (dev->discov_state == state)
++		return;
++
++	adapter = manager_find_adapter_by_id(index);
++	if (!adapter) {
++		error("No matching adapter found");
++		return;
++	}
++
++	dev->discov_state = state;
++
++	DBG("hci%d: new state %d", index, dev->discov_state);
++
++	switch (dev->discov_state) {
++	case DISCOV_HALTED:
++		found_dev_cleanup(dev);
++		adapter_set_discovering(adapter, FALSE);
++		break;
++	case DISCOV_INQ:
++	case DISCOV_SCAN:
++		adapter_set_discovering(adapter, TRUE);
++		break;
++	case DISCOV_NAMES:
++		if (resolve_names(dev, adapter) < 0)
++			set_state(index, DISCOV_HALTED);
++		break;
++	}
++}
++
++static inline gboolean is_le_capable(int index)
++{
++	struct dev_info *dev = &devs[index];
++
++	return (dev->features[4] & LMP_LE &&
++			dev->extfeatures[0] & LMP_HOST_LE) ? TRUE : FALSE;
++}
++
++static inline gboolean is_bredr_capable(int index)
++{
++	struct dev_info *dev = &devs[index];
++
++	return (dev->features[4] & LMP_NO_BREDR) == 0 ? TRUE : FALSE;
++}
++
++static int get_adapter_type(int index)
++{
++	if (is_le_capable(index) && is_bredr_capable(index))
++		return BR_EDR_LE;
++	else if (is_le_capable(index))
++		return LE_ONLY;
++	else if (is_bredr_capable(index))
++		return BR_EDR;
++
++	return UNKNOWN;
++}
++
++static int ignore_device(struct hci_dev_info *di)
++{
++	return hci_test_bit(HCI_RAW, &di->flags) || di->type >> 4 != HCI_BREDR;
++}
++
++static struct dev_info *init_dev_info(int index, int sk, gboolean registered,
++							gboolean already_up)
++{
++	struct dev_info *dev = &devs[index];
++
++	memset(dev, 0, sizeof(*dev));
++
++	dev->id = index;
++	dev->sk = sk;
++	dev->cache_enable = TRUE;
++	dev->registered = registered;
++	dev->already_up = already_up;
++	dev->io_capability = 0x03; /* No Input No Output */
++	dev->discov_state = DISCOV_HALTED;
++
++	return dev;
++}
++
++/* Async HCI command handling with callback support */
++
++struct hci_cmd_data {
++	bt_hci_result_t		cb;
++	uint16_t		handle;
++	uint16_t		ocf;
++	gpointer		caller_data;
++};
++
++static gboolean hci_event_watch(GIOChannel *io,
++			GIOCondition cond, gpointer user_data)
++{
++	unsigned char buf[HCI_MAX_EVENT_SIZE], *body;
++	struct hci_cmd_data *cmd = user_data;
++	evt_cmd_status *evt_status;
++	evt_auth_complete *evt_auth;
++	evt_encrypt_change *evt_enc;
++	hci_event_hdr *hdr;
++	set_conn_encrypt_cp cp;
++	int dd;
++	uint16_t ocf;
++	uint8_t status = HCI_OE_POWER_OFF;
++
++	if (cond & G_IO_NVAL) {
++		cmd->cb(status, cmd->caller_data);
++		return FALSE;
++	}
++
++	if (cond & (G_IO_ERR | G_IO_HUP))
++		goto failed;
++
++	dd = g_io_channel_unix_get_fd(io);
++
++	if (read(dd, buf, sizeof(buf)) < 0)
++		goto failed;
++
++	hdr = (hci_event_hdr *) (buf + 1);
++	body = buf + (1 + HCI_EVENT_HDR_SIZE);
++
++	switch (hdr->evt) {
++	case EVT_CMD_STATUS:
++		evt_status = (evt_cmd_status *) body;
++		ocf = cmd_opcode_ocf(evt_status->opcode);
++		if (ocf != cmd->ocf)
++			return TRUE;
++		switch (ocf) {
++		case OCF_AUTH_REQUESTED:
++		case OCF_SET_CONN_ENCRYPT:
++			if (evt_status->status != 0) {
++				/* Baseband rejected command */
++				status = evt_status->status;
++				goto failed;
++			}
++			break;
++		default:
++			return TRUE;
++		}
++		/* Wait for the next event */
++		return TRUE;
++	case EVT_AUTH_COMPLETE:
++		evt_auth = (evt_auth_complete *) body;
++		if (evt_auth->handle != cmd->handle) {
++			/* Skipping */
++			return TRUE;
++		}
++
++		if (evt_auth->status != 0x00) {
++			status = evt_auth->status;
++			/* Abort encryption */
++			goto failed;
++		}
++
++		memset(&cp, 0, sizeof(cp));
++		cp.handle  = cmd->handle;
++		cp.encrypt = 1;
++
++		cmd->ocf = OCF_SET_CONN_ENCRYPT;
++
++		if (hci_send_cmd(dd, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT,
++					SET_CONN_ENCRYPT_CP_SIZE, &cp) < 0) {
++			status = HCI_COMMAND_DISALLOWED;
++			goto failed;
++		}
++		/* Wait for encrypt change event */
++		return TRUE;
++	case EVT_ENCRYPT_CHANGE:
++		evt_enc = (evt_encrypt_change *) body;
++		if (evt_enc->handle != cmd->handle)
++			return TRUE;
++
++		/* Procedure finished: reporting status */
++		status = evt_enc->status;
++		break;
++	default:
++		/* Skipping */
++		return TRUE;
++	}
++
++failed:
++	cmd->cb(status, cmd->caller_data);
++	g_io_channel_shutdown(io, TRUE, NULL);
++
++	return FALSE;
++}
++
++static int write_inq_mode(int index, uint8_t mode)
++{
++	struct dev_info *dev = &devs[index];
++	write_inquiry_mode_cp cp;
++
++	memset(&cp, 0, sizeof(cp));
++	cp.mode = mode;
++
++	if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_INQUIRY_MODE,
++					WRITE_INQUIRY_MODE_CP_SIZE, &cp) < 0)
++		return -errno;
++
++	return 0;
++}
++
++static uint8_t get_inquiry_mode(int index)
++{
++	struct dev_info *dev = &devs[index];
++
++	if (dev->features[6] & LMP_EXT_INQ)
++		return 2;
++
++	if (dev->features[3] & LMP_RSSI_INQ)
++		return 1;
++
++	if (dev->ver.manufacturer == 11 && dev->ver.hci_rev == 0x00 &&
++					dev->ver.lmp_subver == 0x0757)
++		return 1;
++
++	if (dev->ver.manufacturer == 15) {
++		if (dev->ver.hci_rev == 0x03 &&
++					dev->ver.lmp_subver == 0x6963)
++			return 1;
++		if (dev->ver.hci_rev == 0x09 &&
++					dev->ver.lmp_subver == 0x6963)
++			return 1;
++		if (dev->ver.hci_rev == 0x00 &&
++					dev->ver.lmp_subver == 0x6965)
++			return 1;
++	}
++
++	if (dev->ver.manufacturer == 31 && dev->ver.hci_rev == 0x2005 &&
++					dev->ver.lmp_subver == 0x1805)
++		return 1;
++
++	return 0;
++}
++
++static int init_ssp_mode(int index)
++{
++	struct dev_info *dev = &devs[index];
++	write_simple_pairing_mode_cp cp;
++
++	if (ioctl(dev->sk, HCIGETAUTHINFO, NULL) < 0 && errno == EINVAL)
++		return 0;
++
++	memset(&cp, 0, sizeof(cp));
++	cp.mode = 0x01;
++
++	if (hci_send_cmd(dev->sk, OGF_HOST_CTL,
++				OCF_WRITE_SIMPLE_PAIRING_MODE,
++				WRITE_SIMPLE_PAIRING_MODE_CP_SIZE, &cp) < 0)
++		return -errno;
++
++	return 0;
++}
++
++static int hciops_set_discoverable(int index, gboolean discoverable,
++							uint16_t timeout)
++{
++	struct dev_info *dev = &devs[index];
++	uint8_t mode;
++
++	if (discoverable)
++		mode = (SCAN_PAGE | SCAN_INQUIRY);
++	else
++		mode = SCAN_PAGE;
++
++	DBG("hci%d discoverable %d", index, discoverable);
++
++	if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE,
++								1, &mode) < 0)
++		return -errno;
++
++	dev->discoverable_timeout = timeout;
++
++	return 0;
++}
++
++static int hciops_set_pairable(int index, gboolean pairable)
++{
++	struct btd_adapter *adapter;
++
++	DBG("hci%d pairable %d", index, pairable);
++
++	adapter = manager_find_adapter(&devs[index].bdaddr);
++	if (adapter)
++		btd_adapter_pairable_changed(adapter, pairable);
++
++	devs[index].pairable = pairable;
++
++	return 0;
++}
++
++static int hciops_power_off(int index)
++{
++	struct dev_info *dev = &devs[index];
++
++	DBG("hci%d", index);
++
++	if (ioctl(dev->sk, HCIDEVDOWN, index) < 0 && errno != EALREADY)
++		return -errno;
++
++	return 0;
++}
++
++static void set_event_mask(int index)
++{
++	struct dev_info *dev = &devs[index];
++	/* The second byte is 0xff instead of 0x9f (two reserved bits
++	 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
++	 * command otherwise */
++	uint8_t events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
++
++	/* Events for 1.2 and newer controllers */
++	if (dev->ver.lmp_ver > 1) {
++		events[4] |= 0x01; /* Flow Specification Complete */
++		events[4] |= 0x02; /* Inquiry Result with RSSI */
++		events[4] |= 0x04; /* Read Remote Extended Features Complete */
++		events[5] |= 0x08; /* Synchronous Connection Complete */
++		events[5] |= 0x10; /* Synchronous Connection Changed */
++	}
++
++	if (dev->features[3] & LMP_RSSI_INQ)
++		events[4] |= 0x02; /* Inquiry Result with RSSI */
++
++	if (dev->features[5] & LMP_SNIFF_SUBR)
++		events[5] |= 0x20; /* Sniff Subrating */
++
++	if (dev->features[5] & LMP_PAUSE_ENC)
++		events[5] |= 0x80; /* Encryption Key Refresh Complete */
++
++	if (dev->features[6] & LMP_EXT_INQ)
++		events[5] |= 0x40; /* Extended Inquiry Result */
++
++	if (dev->features[6] & LMP_NFLUSH_PKTS)
++		events[7] |= 0x01; /* Enhanced Flush Complete */
++
++	if (dev->features[7] & LMP_LSTO)
++		events[6] |= 0x80; /* Link Supervision Timeout Changed */
++
++	if (dev->features[6] & LMP_SIMPLE_PAIR) {
++		events[6] |= 0x01;	/* IO Capability Request */
++		events[6] |= 0x02;	/* IO Capability Response */
++		events[6] |= 0x04;	/* User Confirmation Request */
++		events[6] |= 0x08;	/* User Passkey Request */
++		events[6] |= 0x10;	/* Remote OOB Data Request */
++		events[6] |= 0x20;	/* Simple Pairing Complete */
++		events[7] |= 0x04;	/* User Passkey Notification */
++		events[7] |= 0x08;	/* Keypress Notification */
++		events[7] |= 0x10;	/* Remote Host Supported
++					 * Features Notification */
++	}
++
++	if (dev->features[4] & LMP_LE)
++		events[7] |= 0x20;	/* LE Meta-Event */
++
++	hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_SET_EVENT_MASK,
++						sizeof(events), events);
++}
++
++static void start_adapter(int index)
++{
++	struct dev_info *dev = &devs[index];
++	uint8_t inqmode;
++	uint16_t link_policy;
++
++	set_event_mask(index);
++
++	if (dev->features[6] & LMP_SIMPLE_PAIR)
++		init_ssp_mode(index);
++
++	inqmode = get_inquiry_mode(index);
++	if (inqmode)
++		write_inq_mode(index, inqmode);
++
++	if (dev->features[7] & LMP_INQ_TX_PWR)
++		hci_send_cmd(dev->sk, OGF_HOST_CTL,
++				OCF_READ_INQ_RESPONSE_TX_POWER_LEVEL, 0, NULL);
++
++	/* Set default link policy */
++	link_policy = main_opts.link_policy;
++
++	if (!(dev->features[0] & LMP_RSWITCH))
++		link_policy &= ~HCI_LP_RSWITCH;
++	if (!(dev->features[0] & LMP_HOLD))
++		link_policy &= ~HCI_LP_HOLD;
++	if (!(dev->features[0] & LMP_SNIFF))
++		link_policy &= ~HCI_LP_SNIFF;
++	if (!(dev->features[1] & LMP_PARK))
++		link_policy &= ~HCI_LP_PARK;
++
++	link_policy = htobs(link_policy);
++	hci_send_cmd(dev->sk, OGF_LINK_POLICY, OCF_WRITE_DEFAULT_LINK_POLICY,
++					sizeof(link_policy), &link_policy);
++
++	dev->current_cod = 0;
++	memset(dev->eir, 0, sizeof(dev->eir));
++}
++
++static int hciops_stop_inquiry(int index)
++{
++	struct dev_info *dev = &devs[index];
++
++	DBG("hci%d", index);
++
++	if (hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_INQUIRY_CANCEL, 0, 0) < 0)
++		return -errno;
++
++	return 0;
++}
++
++static void update_ext_inquiry_response(int index)
++{
++	struct dev_info *dev = &devs[index];
++	write_ext_inquiry_response_cp cp;
++
++	DBG("hci%d", index);
++
++	if (!(dev->features[6] & LMP_EXT_INQ))
++		return;
++
++	if (dev->ssp_mode == 0)
++		return;
++
++	if (dev->cache_enable)
++		return;
++
++	memset(&cp, 0, sizeof(cp));
++
++	eir_create(dev->name, dev->tx_power, dev->did_vendor, dev->did_product,
++			dev->did_version, dev->did_source, dev->uuids,
++			cp.data);
++
++	if (memcmp(cp.data, dev->eir, sizeof(cp.data)) == 0)
++		return;
++
++	memcpy(dev->eir, cp.data, sizeof(cp.data));
++
++	if (hci_send_cmd(dev->sk, OGF_HOST_CTL,
++				OCF_WRITE_EXT_INQUIRY_RESPONSE,
++				WRITE_EXT_INQUIRY_RESPONSE_CP_SIZE, &cp) < 0)
++		error("Unable to write EIR data: %s (%d)",
++						strerror(errno), errno);
++}
++
++static int hciops_set_name(int index, const char *name)
++{
++	struct dev_info *dev = &devs[index];
++	change_local_name_cp cp;
++
++	DBG("hci%d, name %s", index, name);
++
++	memset(&cp, 0, sizeof(cp));
++	strncpy((char *) cp.name, name, sizeof(cp.name));
++
++	if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME,
++				CHANGE_LOCAL_NAME_CP_SIZE, &cp) < 0)
++		return -errno;
++
++	memcpy(dev->name, cp.name, 248);
++	update_ext_inquiry_response(index);
++
++	return 0;
++}
++
++static int write_class(int index, uint32_t class)
++{
++	struct dev_info *dev = &devs[index];
++	write_class_of_dev_cp cp;
++
++	DBG("hci%d class 0x%06x", index, class);
++
++	memcpy(cp.dev_class, &class, 3);
++
++	if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV,
++					WRITE_CLASS_OF_DEV_CP_SIZE, &cp) < 0)
++		return -errno;
++
++	dev->pending_cod = class;
++
++	return 0;
++}
++
++static int hciops_set_dev_class(int index, uint8_t major, uint8_t minor)
++{
++	struct dev_info *dev = &devs[index];
++	int err;
++
++	DBG("hci%d major %u minor %u", index, major, minor);
++
++	/* Update only the major and minor class bits keeping remaining bits
++	 * intact*/
++	dev->wanted_cod &= 0xffe000;
++	dev->wanted_cod |= ((major & 0x1f) << 8) | minor;
++
++	if (dev->wanted_cod == dev->current_cod ||
++			dev->cache_enable || dev->pending_cod)
++		return 0;
++
++	DBG("Changing Major/Minor class to 0x%06x", dev->wanted_cod);
++
++	err = write_class(index, dev->wanted_cod);
++	if (err < 0)
++		error("Adapter class update failed: %s (%d)",
++						strerror(-err), -err);
++
++	return err;
++}
++
++static gboolean init_adapter(int index)
++{
++	struct dev_info *dev = &devs[index];
++	struct btd_adapter *adapter = NULL;
++	gboolean existing_adapter = dev->registered;
++	uint8_t mode, on_mode, major, minor;
++	gboolean pairable, discoverable;
++	const char *name;
++	uint16_t discoverable_timeout;
++
++	if (!dev->registered) {
++		adapter = btd_manager_register_adapter(index, TRUE);
++		if (adapter)
++			dev->registered = TRUE;
++	} else {
++		adapter = manager_find_adapter(&dev->bdaddr);
++		/* FIXME: manager_find_adapter should return a new ref */
++		btd_adapter_ref(adapter);
++	}
++
++	if (adapter == NULL)
++		return FALSE;
++
++	btd_adapter_get_mode(adapter, &mode, &on_mode,
++						&discoverable_timeout,
++						&pairable);
++
++	if (existing_adapter)
++		mode = on_mode;
++
++	if (mode == MODE_OFF) {
++		hciops_power_off(index);
++		goto done;
++	}
++
++	start_adapter(index);
++
++	name = btd_adapter_get_name(adapter);
++	if (name)
++		hciops_set_name(index, name);
++
++	btd_adapter_get_class(adapter, &major, &minor);
++	hciops_set_dev_class(index, major, minor);
++
++	btd_adapter_start(adapter);
++
++	discoverable = (mode == MODE_DISCOVERABLE);
++
++	hciops_set_discoverable(index, discoverable, discoverable_timeout);
++	hciops_set_pairable(index, pairable);
++
++	if (dev->already_up)
++		hciops_stop_inquiry(index);
++
++done:
++	btd_adapter_unref(adapter);
++	return TRUE;
++}
++
++static int hciops_encrypt_link(int index, bdaddr_t *dst, bt_hci_result_t cb,
++							gpointer user_data)
++{
++	GIOChannel *io;
++	struct hci_cmd_data *cmd;
++	struct hci_conn_info_req *cr;
++	auth_requested_cp cp;
++	struct hci_filter nf;
++	int dd, err;
++	uint32_t link_mode;
++	uint16_t handle;
++
++	dd = hci_open_dev(index);
++	if (dd < 0)
++		return -errno;
++
++	cr = g_malloc0(sizeof(*cr) + sizeof(struct hci_conn_info));
++	cr->type = ACL_LINK;
++	bacpy(&cr->bdaddr, dst);
++
++	err = ioctl(dd, HCIGETCONNINFO, cr);
++	link_mode = cr->conn_info->link_mode;
++	handle = cr->conn_info->handle;
++	g_free(cr);
++
++	if (err < 0) {
++		err = -errno;
++		goto fail;
++	}
++
++	if (link_mode & HCI_LM_ENCRYPT) {
++		err = -EALREADY;
++		goto fail;
++	}
++
++	memset(&cp, 0, sizeof(cp));
++	cp.handle = htobs(handle);
++
++	if (hci_send_cmd(dd, OGF_LINK_CTL, OCF_AUTH_REQUESTED,
++				AUTH_REQUESTED_CP_SIZE, &cp) < 0) {
++		err = -errno;
++		goto fail;
++	}
++
++	cmd = g_new0(struct hci_cmd_data, 1);
++	cmd->handle = handle;
++	cmd->ocf = OCF_AUTH_REQUESTED;
++	cmd->cb	= cb;
++	cmd->caller_data = user_data;
++
++	hci_filter_clear(&nf);
++	hci_filter_set_ptype(HCI_EVENT_PKT, &nf);
++	hci_filter_set_event(EVT_CMD_STATUS, &nf);
++	hci_filter_set_event(EVT_AUTH_COMPLETE, &nf);
++	hci_filter_set_event(EVT_ENCRYPT_CHANGE, &nf);
++
++	if (setsockopt(dd, SOL_HCI, HCI_FILTER, &nf, sizeof(nf)) < 0) {
++		err = -errno;
++		g_free(cmd);
++		goto fail;
++	}
++
++	io = g_io_channel_unix_new(dd);
++	g_io_channel_set_close_on_unref(io, FALSE);
++	g_io_add_watch_full(io, G_PRIORITY_DEFAULT,
++			G_IO_HUP | G_IO_ERR | G_IO_NVAL | G_IO_IN,
++			hci_event_watch, cmd, g_free);
++	g_io_channel_unref(io);
++
++	return 0;
++
++fail:
++	close(dd);
++	return err;
++}
++
++static int hciops_set_did(int index, uint16_t vendor, uint16_t product,
++					uint16_t version, uint16_t source)
++{
++	struct dev_info *dev = &devs[index];
++
++	dev->did_vendor = vendor;
++	dev->did_product = product;
++	dev->did_version = version;
++	dev->did_source = source;
++
++	return 0;
++}
++
++/* End async HCI command handling */
++
++/* Start of HCI event callbacks */
++
++static gint conn_handle_cmp(gconstpointer a, gconstpointer b)
++{
++	const struct bt_conn *conn = a;
++	uint16_t handle = *((const uint16_t *) b);
++
++	return (int) conn->handle - (int) handle;
++}
++
++static struct bt_conn *find_conn_by_handle(struct dev_info *dev,
++							uint16_t handle)
++{
++	GSList *match;
++
++	match = g_slist_find_custom(dev->connections, &handle,
++							conn_handle_cmp);
++	if (match)
++		return match->data;
++
++	return NULL;
++}
++
++static gint conn_bdaddr_cmp(gconstpointer a, gconstpointer b)
++{
++	const struct bt_conn *conn = a;
++	const bdaddr_t *bdaddr = b;
++
++	return bacmp(&conn->bdaddr, bdaddr);
++}
++
++static struct bt_conn *find_connection(struct dev_info *dev, bdaddr_t *bdaddr)
++{
++	GSList *match;
++
++	match = g_slist_find_custom(dev->connections, bdaddr, conn_bdaddr_cmp);
++	if (match)
++		return match->data;
++
++	return NULL;
++}
++
++static struct bt_conn *get_connection(struct dev_info *dev, bdaddr_t *bdaddr)
++{
++	struct bt_conn *conn;
++
++	conn = find_connection(dev, bdaddr);
++	if (conn)
++		return conn;
++
++	conn = g_new0(struct bt_conn, 1);
++
++	conn->dev = dev;
++	conn->loc_cap = dev->io_capability;
++	conn->loc_auth = 0xff;
++	conn->rem_auth = 0xff;
++	bacpy(&conn->bdaddr, bdaddr);
++
++	dev->connections = g_slist_append(dev->connections, conn);
++
++	return conn;
++}
++
++static int get_handle(int index, bdaddr_t *bdaddr, uint16_t *handle)
++{
++	struct dev_info *dev = &devs[index];
++	struct bt_conn *conn;
++	char addr[18];
++
++	ba2str(bdaddr, addr);
++	DBG("hci%d dba %s", index, addr);
++
++	conn = find_connection(dev, bdaddr);
++	if (conn == NULL)
++		return -ENOENT;
++
++	*handle = conn->handle;
++
++	return 0;
++}
++
++static int disconnect_addr(int index, bdaddr_t *dba, uint8_t reason)
++{
++	disconnect_cp cp;
++	uint16_t handle;
++	int err;
++
++	err = get_handle(index, dba, &handle);
++	if (err < 0)
++		return err;
++
++	memset(&cp, 0, sizeof(cp));
++	cp.handle = htobs(handle);
++	cp.reason = reason;
++
++	if (hci_send_cmd(devs[index].sk, OGF_LINK_CTL, OCF_DISCONNECT,
++						DISCONNECT_CP_SIZE, &cp) < 0)
++		return -errno;
++
++	return 0;
++}
++
++static void bonding_complete(struct dev_info *dev, struct bt_conn *conn,
++								uint8_t status)
++{
++	struct btd_adapter *adapter;
++
++	DBG("status 0x%02x", status);
++
++	if (conn->io != NULL) {
++		/* bonding_connect_cb takes care of the successul case */
++		if (status != 0)
++			g_io_channel_shutdown(conn->io, TRUE, NULL);
++		g_io_channel_unref(conn->io);
++		conn->io = NULL;
++	}
++
++	conn->bonding_initiator = FALSE;
++
++	adapter = manager_find_adapter(&dev->bdaddr);
++	if (adapter)
++		adapter_bonding_complete(adapter, &conn->bdaddr, status);
++}
++
++static int get_auth_info(int index, bdaddr_t *bdaddr, uint8_t *auth)
++{
++	struct dev_info *dev = &devs[index];
++	struct hci_auth_info_req req;
++	char addr[18];
++
++	ba2str(bdaddr, addr);
++	DBG("hci%d dba %s", index, addr);
++
++	memset(&req, 0, sizeof(req));
++	bacpy(&req.bdaddr, bdaddr);
++
++	if (ioctl(dev->sk, HCIGETAUTHINFO, (unsigned long) &req) < 0)
++		return -errno;
++
++	if (auth)
++		*auth = req.type;
++
++	return 0;
++}
++
++/* Link Key handling */
++
++static void link_key_request(int index, bdaddr_t *dba)
++{
++	struct dev_info *dev = &devs[index];
++	struct link_key_info *key_info;
++	struct bt_conn *conn;
++	GSList *match;
++	char da[18];
++
++	ba2str(dba, da);
++	DBG("hci%d dba %s", index, da);
++
++	conn = get_connection(dev, dba);
++	if (conn->handle == 0)
++		conn->secmode3 = TRUE;
++
++	get_auth_info(index, dba, &conn->loc_auth);
++
++	DBG("kernel auth requirements = 0x%02x", conn->loc_auth);
++
++	match = g_slist_find_custom(dev->keys, dba, (GCompareFunc) bacmp);
++	if (match)
++		key_info = match->data;
++	else
++		key_info = NULL;
++
++	DBG("Matching key %s", key_info ? "found" : "not found");
++
++	if (key_info == NULL || (!dev->debug_keys && key_info->type == 0x03)) {
++		/* Link key not found */
++		hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY,
++								6, dba);
++		return;
++	}
++
++	/* Link key found */
++
++	DBG("link key type 0x%02x", key_info->type);
++
++	/* Don't use unauthenticated combination keys if MITM is
++	 * required */
++	if (key_info->type == 0x04 && conn->loc_auth != 0xff &&
++						(conn->loc_auth & 0x01))
++		hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY,
++								6, dba);
++	else {
++		link_key_reply_cp lr;
++
++		memcpy(lr.link_key, key_info->key, 16);
++		bacpy(&lr.bdaddr, dba);
++
++		hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_LINK_KEY_REPLY,
++						LINK_KEY_REPLY_CP_SIZE, &lr);
++	}
++}
++
++static void link_key_notify(int index, void *ptr)
++{
++	struct dev_info *dev = &devs[index];
++	evt_link_key_notify *evt = ptr;
++	bdaddr_t *dba = &evt->bdaddr;
++	struct link_key_info *key_info;
++	uint8_t old_key_type, key_type;
++	struct bt_conn *conn;
++	GSList *match;
++	char da[18];
++	uint8_t status = 0;
++
++	ba2str(dba, da);
++	DBG("hci%d dba %s type %d", index, da, evt->key_type);
++
++	conn = get_connection(dev, &evt->bdaddr);
++
++	match = g_slist_find_custom(dev->keys, dba, (GCompareFunc) bacmp);
++	if (match)
++		key_info = match->data;
++	else
++		key_info = NULL;
++
++	if (key_info == NULL) {
++		key_info = g_new0(struct link_key_info, 1);
++		bacpy(&key_info->bdaddr, &evt->bdaddr);
++		old_key_type = 0xff;
++	} else {
++		dev->keys = g_slist_remove(dev->keys, key_info);
++		old_key_type = key_info->type;
++	}
++
++	memcpy(key_info->key, evt->link_key, sizeof(evt->link_key));
++	key_info->type = evt->key_type;
++	key_info->pin_len = dev->pin_length;
++
++	key_type = evt->key_type;
++
++	DBG("key type 0x%02x old key type 0x%02x", key_type, old_key_type);
++	DBG("local auth 0x%02x and remote auth 0x%02x",
++					conn->loc_auth, conn->rem_auth);
++
++	if (key_type == HCI_LK_CHANGED_COMBINATION) {
++		/* Some buggy controller combinations generate a changed
++		 * combination key for legacy pairing even when there's no
++		 * previous key */
++		if (conn->rem_auth == 0xff && old_key_type == 0xff)
++			key_type = HCI_LK_COMBINATION;
++		else if (old_key_type != 0xff)
++			key_type = old_key_type;
++		else
++			/* This is Changed Combination Link Key for
++			 * a temporary link key.*/
++			goto done;
++	}
++
++	key_info->type = key_type;
++
++	/* Skip the storage check if this is a debug key */
++	if (key_type == HCI_LK_DEBUG_COMBINATION)
++		goto done;
++
++	/* Store the link key persistently if one of the following is true:
++	 * 1. this is a legacy link key
++	 * 2. this is a changed combination key and there was a previously
++	 *    stored one
++	 * 3. neither local nor remote side had no-bonding as a requirement
++	 * 4. the local side had dedicated bonding as a requirement
++	 * 5. the remote side is using dedicated bonding since in that case
++	 *    also the local requirements are set to dedicated bonding
++	 * If none of the above match only keep the link key around for
++	 * this connection and set the temporary flag for the device.
++	 */
++	if (key_type < HCI_LK_DEBUG_COMBINATION ||
++			(key_type == HCI_LK_CHANGED_COMBINATION
++					&& old_key_type != HCI_LK_INVALID) ||
++			(conn->loc_auth > 0x01 && conn->rem_auth > 0x01) ||
++			(conn->loc_auth == 0x02 || conn->loc_auth == 0x03) ||
++			(conn->rem_auth == 0x02 || conn->rem_auth == 0x03)) {
++		int err;
++
++		err = btd_event_link_key_notify(&dev->bdaddr, dba,
++						evt->link_key, key_type,
++						dev->pin_length);
++
++		if (err == -ENODEV)
++			status = HCI_OE_LOW_RESOURCES;
++		else if (err < 0)
++			status = HCI_MEMORY_FULL;
++
++		goto done;
++	}
++
++done:
++	dev->pin_length = 0;
++
++	if (status != 0) {
++		g_free(key_info);
++		bonding_complete(dev, conn, status);
++		disconnect_addr(index, dba, status);
++		return;
++	}
++
++	dev->keys = g_slist_prepend(dev->keys, key_info);
++
++	/* If we're connected and not dedicated bonding initiators we're
++	 * done with the bonding process */
++	if (!conn->bonding_initiator && conn->handle != 0)
++		bonding_complete(dev, conn, 0);
++}
++
++static void return_link_keys(int index, void *ptr)
++{
++	struct dev_info *dev = &devs[index];
++	evt_return_link_keys *evt = ptr;
++	uint8_t num = evt->num_keys;
++	unsigned char key[16];
++	char da[18];
++	bdaddr_t dba;
++	int i;
++
++	DBG("hci%d num_keys %u", index, num);
++
++	ptr++;
++
++	for (i = 0; i < num; i++) {
++		bacpy(&dba, ptr); ba2str(&dba, da);
++		memcpy(key, ptr + 6, 16);
++
++		DBG("hci%d returned key for %s", index, da);
++
++		btd_event_returned_link_key(&dev->bdaddr, &dba);
++
++		ptr += 22;
++	}
++}
++
++/* Simple Pairing handling */
++
++static int hciops_confirm_reply(int index, bdaddr_t *bdaddr, uint8_t bdaddr_type,
++							gboolean success)
++{
++	struct dev_info *dev = &devs[index];
++	user_confirm_reply_cp cp;
++	char addr[18];
++	int err;
++
++	ba2str(bdaddr, addr);
++	DBG("hci%d dba %s success %d", index, addr, success);
++
++	memset(&cp, 0, sizeof(cp));
++	bacpy(&cp.bdaddr, bdaddr);
++
++	if (success)
++		err = hci_send_cmd(dev->sk, OGF_LINK_CTL,
++					OCF_USER_CONFIRM_REPLY,
++					USER_CONFIRM_REPLY_CP_SIZE, &cp);
++	else
++		err = hci_send_cmd(dev->sk, OGF_LINK_CTL,
++					OCF_USER_CONFIRM_NEG_REPLY,
++					USER_CONFIRM_REPLY_CP_SIZE, &cp);
++
++	if (err < 0)
++		err = -errno;
++
++	return err;
++}
++
++static void user_confirm_request(int index, void *ptr)
++{
++	struct dev_info *dev = &devs[index];
++	evt_user_confirm_request *req = ptr;
++	gboolean loc_mitm, rem_mitm;
++	struct bt_conn *conn;
++
++	DBG("hci%d", index);
++
++	conn = find_connection(dev, &req->bdaddr);
++	if (conn == NULL)
++		return;
++
++	loc_mitm = (conn->loc_auth & 0x01) ? TRUE : FALSE;
++	rem_mitm = (conn->rem_auth & 0x01) ? TRUE : FALSE;
++
++	/* If we require MITM but the remote device can't provide that
++	 * (it has NoInputNoOutput) then reject the confirmation
++	 * request. The only exception is when we're dedicated bonding
++	 * initiators since then we always have the MITM bit set. */
++	if (!conn->bonding_initiator && loc_mitm && conn->rem_cap == 0x03) {
++		error("Rejecting request: remote device can't provide MITM");
++		goto fail;
++	}
++
++	/* If no side requires MITM protection; auto-accept */
++	if ((conn->loc_auth == 0xff || !loc_mitm || conn->rem_cap == 0x03) &&
++					(!rem_mitm || conn->loc_cap == 0x03)) {
++		DBG("auto accept of confirmation");
++
++		/* Wait 5 milliseconds before doing auto-accept */
++		usleep(5000);
++
++		if (hciops_confirm_reply(index, &req->bdaddr,
++						BDADDR_BREDR, TRUE) < 0)
++			goto fail;
++
++		return;
++	}
++
++	if (btd_event_user_confirm(&dev->bdaddr, &req->bdaddr,
++						btohl(req->passkey)) == 0)
++		return;
++
++fail:
++	hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_USER_CONFIRM_NEG_REPLY,
++								6, ptr);
++}
++
++static void user_passkey_request(int index, void *ptr)
++{
++	struct dev_info *dev = &devs[index];
++	evt_user_passkey_request *req = ptr;
++
++	DBG("hci%d", index);
++
++	if (btd_event_user_passkey(&dev->bdaddr, &req->bdaddr) < 0)
++		hci_send_cmd(dev->sk, OGF_LINK_CTL,
++				OCF_USER_PASSKEY_NEG_REPLY, 6, ptr);
++}
++
++static void user_passkey_notify(int index, void *ptr)
++{
++	struct dev_info *dev = &devs[index];
++	evt_user_passkey_notify *req = ptr;
++
++	DBG("hci%d", index);
++
++	btd_event_user_notify(&dev->bdaddr, &req->bdaddr,
++						btohl(req->passkey));
++}
++
++static gint oob_bdaddr_cmp(gconstpointer a, gconstpointer b)
++{
++	const struct oob_data *data = a;
++	const bdaddr_t *bdaddr = b;
++
++	return bacmp(&data->bdaddr, bdaddr);
++}
++
++static void remote_oob_data_request(int index, bdaddr_t *bdaddr)
++{
++	struct dev_info *dev = &devs[index];
++	GSList *match;
++
++	DBG("hci%d", index);
++
++	match = g_slist_find_custom(dev->oob_data, bdaddr, oob_bdaddr_cmp);
++
++	if (match) {
++		struct oob_data *data;
++		remote_oob_data_reply_cp cp;
++
++		data = match->data;
++
++		bacpy(&cp.bdaddr, &data->bdaddr);
++		memcpy(cp.hash, data->hash, sizeof(cp.hash));
++		memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
++
++		dev->oob_data = g_slist_delete_link(dev->oob_data, match);
++
++		hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_REMOTE_OOB_DATA_REPLY,
++				REMOTE_OOB_DATA_REPLY_CP_SIZE, &cp);
++
++	} else {
++		hci_send_cmd(dev->sk, OGF_LINK_CTL,
++				OCF_REMOTE_OOB_DATA_NEG_REPLY, 6, bdaddr);
++	}
++}
++
++static int get_io_cap(int index, bdaddr_t *bdaddr, uint8_t *cap, uint8_t *auth)
++{
++	struct dev_info *dev = &devs[index];
++	struct bt_conn *conn;
++	int err;
++
++	conn = find_connection(dev, bdaddr);
++	if (conn == NULL)
++		return -ENOENT;
++
++	err = get_auth_info(index, bdaddr, &conn->loc_auth);
++	if (err < 0)
++		return err;
++
++	DBG("initial authentication requirement is 0x%02x", conn->loc_auth);
++
++	if (!dev->pairable && !conn->bonding_initiator) {
++		if (conn->rem_auth < 0x02) {
++			DBG("Allowing no bonding in non-bondable mode");
++			/* Kernel defaults to general bonding and so
++			 * overwrite for this special case. Otherwise
++			 * non-pairable test cases will fail. */
++			conn->loc_auth = conn->rem_auth;
++			goto done;
++		}
++
++		return -EPERM;
++	}
++
++	/* If the kernel doesn't know the local requirement just mirror
++	 * the remote one */
++	if (conn->loc_auth == 0xff)
++		conn->loc_auth = conn->rem_auth;
++
++	if (conn->loc_auth == 0x00 || conn->loc_auth == 0x04) {
++		/* If remote requests dedicated bonding follow that lead */
++		if (conn->rem_auth == 0x02 || conn->rem_auth == 0x03) {
++
++			/* If both remote and local IO capabilities allow MITM
++			 * then require it, otherwise don't */
++			if (conn->rem_cap == 0x03 || conn->loc_cap == 0x03)
++				conn->loc_auth = 0x02;
++			else
++				conn->loc_auth = 0x03;
++		}
++
++		/* If remote indicates no bonding then follow that. This
++		 * is important since the kernel might give general bonding
++		 * as default. */
++		if (conn->rem_auth == 0x00 || conn->rem_auth == 0x01)
++			conn->loc_auth = 0x00;
++
++		/* If remote requires MITM then also require it, unless
++		 * our IO capability is NoInputNoOutput (so some
++		 * just-works security cases can be tested) */
++		if (conn->rem_auth != 0xff && (conn->rem_auth & 0x01) &&
++							conn->loc_cap != 0x03)
++			conn->loc_auth |= 0x01;
++	}
++
++done:
++	*cap = conn->loc_cap;
++	*auth = conn->loc_auth;
++
++	DBG("final authentication requirement is 0x%02x", *auth);
++
++	return 0;
++}
++
++static void io_capa_request(int index, void *ptr)
++{
++	struct dev_info *dev = &devs[index];
++	bdaddr_t *dba = ptr;
++	uint8_t cap, auth = 0xff;
++	char da[18];
++	int err;
++
++	ba2str(dba, da);
++	DBG("hci%d IO capability request for %s", index, da);
++
++	err = get_io_cap(index, dba, &cap, &auth);
++	if (err < 0) {
++		io_capability_neg_reply_cp cp;
++
++		error("Getting IO capability failed: %s (%d)",
++						strerror(-err), -err);
++
++		memset(&cp, 0, sizeof(cp));
++		bacpy(&cp.bdaddr, dba);
++		cp.reason = HCI_PAIRING_NOT_ALLOWED;
++		hci_send_cmd(dev->sk, OGF_LINK_CTL,
++					OCF_IO_CAPABILITY_NEG_REPLY,
++					IO_CAPABILITY_NEG_REPLY_CP_SIZE, &cp);
++	} else {
++		io_capability_reply_cp cp;
++		struct bt_conn *conn;
++		GSList *match;
++
++		memset(&cp, 0, sizeof(cp));
++		bacpy(&cp.bdaddr, dba);
++		cp.capability = cap;
++		cp.authentication = auth;
++
++		conn = find_connection(dev, dba);
++		match = g_slist_find_custom(dev->oob_data, dba, oob_bdaddr_cmp);
++
++		if ((conn->bonding_initiator || conn->rem_oob_data == 0x01) &&
++				match)
++			cp.oob_data = 0x01;
++		else
++			cp.oob_data = 0x00;
++
++		hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_IO_CAPABILITY_REPLY,
++					IO_CAPABILITY_REPLY_CP_SIZE, &cp);
++	}
++}
++
++static void io_capa_response(int index, void *ptr)
++{
++	struct dev_info *dev = &devs[index];
++	evt_io_capability_response *evt = ptr;
++	struct bt_conn *conn;
++	char da[18];
++
++	ba2str(&evt->bdaddr, da);
++	DBG("hci%d IO capability response from %s", index, da);
++
++	conn = find_connection(dev, &evt->bdaddr);
++	if (conn) {
++		conn->rem_cap = evt->capability;
++		conn->rem_auth = evt->authentication;
++		conn->rem_oob_data = evt->oob_data;
++	}
++}
++
++/* PIN code handling */
++
++static void pin_code_request(int index, bdaddr_t *dba)
++{
++	struct dev_info *dev = &devs[index];
++	struct bt_conn *conn;
++	char addr[18];
++	int err;
++
++	ba2str(dba, addr);
++	DBG("hci%d PIN request for %s", index, addr);
++
++	conn = get_connection(dev, dba);
++	if (conn->handle == 0)
++		conn->secmode3 = TRUE;
++
++	/* Check if the adapter is not pairable and if there isn't a bonding in
++	 * progress */
++	if (!dev->pairable && !conn->bonding_initiator) {
++		DBG("Rejecting PIN request in non-pairable mode");
++		goto reject;
++	}
++
++	err = btd_event_request_pin(&dev->bdaddr, dba, FALSE);
++	if (err < 0) {
++		error("PIN code negative reply: %s", strerror(-err));
++		goto reject;
++	}
++
++	return;
++
++reject:
++	hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_PIN_CODE_NEG_REPLY, 6, dba);
++}
++
++static inline void remote_features_notify(int index, void *ptr)
++{
++	struct dev_info *dev = &devs[index];
++	evt_remote_host_features_notify *evt = ptr;
++
++	if (evt->features[0] & 0x01)
++		btd_event_set_legacy_pairing(&dev->bdaddr, &evt->bdaddr,
++									FALSE);
++	else
++		btd_event_set_legacy_pairing(&dev->bdaddr, &evt->bdaddr,
++									TRUE);
++
++	write_features_info(&dev->bdaddr, &evt->bdaddr, NULL, evt->features);
++}
++
++static void read_local_version_complete(int index,
++				const read_local_version_rp *rp)
++{
++	struct dev_info *dev = &devs[index];
++
++	if (rp->status)
++		return;
++
++	dev->ver.manufacturer = btohs(bt_get_unaligned(&rp->manufacturer));
++	dev->ver.hci_ver = rp->hci_ver;
++	dev->ver.hci_rev = btohs(bt_get_unaligned(&rp->hci_rev));
++	dev->ver.lmp_ver = rp->lmp_ver;
++	dev->ver.lmp_subver = btohs(bt_get_unaligned(&rp->lmp_subver));
++
++	if (!dev->pending)
++		return;
++
++	hci_clear_bit(PENDING_VERSION, &dev->pending);
++
++	DBG("Got version for hci%d", index);
++
++	if (!dev->pending && dev->up)
++		init_adapter(index);
++}
++
++static void read_local_features_complete(int index,
++				const read_local_features_rp *rp)
++{
++	struct dev_info *dev = &devs[index];
++
++	if (rp->status)
++		return;
++
++	memcpy(dev->features, rp->features, 8);
++
++	if (!dev->pending)
++		return;
++
++	hci_clear_bit(PENDING_FEATURES, &dev->pending);
++
++	DBG("Got features for hci%d", index);
++
++	if (!dev->pending && dev->up)
++		init_adapter(index);
++}
++
++static void update_name(int index, const char *name)
++{
++	struct btd_adapter *adapter;
++
++	adapter = manager_find_adapter_by_id(index);
++	if (adapter)
++		adapter_name_changed(adapter, name);
++
++	update_ext_inquiry_response(index);
++}
++
++static void read_local_name_complete(int index, read_local_name_rp *rp)
++{
++	struct dev_info *dev = &devs[index];
++
++	DBG("hci%d status %u", index, rp->status);
++
++	if (rp->status)
++		return;
++
++	memcpy(dev->name, rp->name, 248);
++
++	if (!dev->pending) {
++		update_name(index, (char *) rp->name);
++		return;
++	}
++
++	hci_clear_bit(PENDING_NAME, &dev->pending);
++
++	DBG("Got name for hci%d", index);
++
++	if (!dev->pending && dev->up)
++		init_adapter(index);
++}
++
++static void read_tx_power_complete(int index, void *ptr)
++{
++	struct dev_info *dev = &devs[index];
++
++	read_inq_response_tx_power_level_rp *rp = ptr;
++
++	DBG("hci%d status %u", index, rp->status);
++
++	if (rp->status)
++		return;
++
++	dev->tx_power = rp->level;
++	update_ext_inquiry_response(index);
++}
++
++static void read_simple_pairing_mode_complete(int index, void *ptr)
++{
++	struct dev_info *dev = &devs[index];
++	read_simple_pairing_mode_rp *rp = ptr;
++
++	DBG("hci%d status %u", index, rp->status);
++
++	if (rp->status)
++		return;
++
++	dev->ssp_mode = rp->mode;
++	update_ext_inquiry_response(index);
++}
++
++static void read_local_ext_features_complete(int index,
++				const read_local_ext_features_rp *rp)
++{
++	struct dev_info *dev = &devs[index];
++
++	DBG("hci%d status %u", index, rp->status);
++
++	if (rp->status)
++		return;
++
++	/* Local Extended feature page number is 1 */
++	if (rp->page_num != 1)
++		return;
++
++	memcpy(dev->extfeatures, rp->features, sizeof(dev->extfeatures));
++}
++
++static void read_bd_addr_complete(int index, read_bd_addr_rp *rp)
++{
++	struct dev_info *dev = &devs[index];
++
++	DBG("hci%d status %u", index, rp->status);
++
++	if (rp->status)
++		return;
++
++	bacpy(&dev->bdaddr, &rp->bdaddr);
++
++	if (!dev->pending)
++		return;
++
++	hci_clear_bit(PENDING_BDADDR, &dev->pending);
++
++	DBG("Got bdaddr for hci%d", index);
++
++	if (!dev->pending && dev->up)
++		init_adapter(index);
++}
++
++static inline void cs_inquiry_evt(int index, uint8_t status)
++{
++	if (status) {
++		error("Inquiry Failed with status 0x%02x", status);
++		return;
++	}
++
++	set_state(index, DISCOV_INQ);
++}
++
++static inline void cmd_status(int index, void *ptr)
++{
++	evt_cmd_status *evt = ptr;
++	uint16_t opcode = btohs(evt->opcode);
++
++	if (opcode == cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY))
++		cs_inquiry_evt(index, evt->status);
++}
++
++static gboolean discoverable_timeout_handler(gpointer user_data)
++{
++	struct dev_info *dev = user_data;
++
++	hciops_set_discoverable(dev->id, FALSE, 0);
++
++	return FALSE;
++}
++
++/* Limited Discoverable bit mask in CoD */
++#define LIMITED_BIT			0x002000
++
++static int hciops_set_limited_discoverable(int index, gboolean limited)
++{
++	struct dev_info *dev = &devs[index];
++	int num = (limited ? 2 : 1);
++	uint8_t lap[] = { 0x33, 0x8b, 0x9e, 0x00, 0x8b, 0x9e };
++	write_current_iac_lap_cp cp;
++
++	DBG("hci%d limited %d", index, limited);
++
++	/* Check if limited bit needs to be set/reset */
++	if (limited)
++		dev->wanted_cod |= LIMITED_BIT;
++	else
++		dev->wanted_cod &= ~LIMITED_BIT;
++
++	/* If we dont need the toggling, save an unnecessary CoD write */
++	if (dev->pending_cod || dev->wanted_cod == dev->current_cod)
++		return 0;
++
++	/*
++	 * 1: giac
++	 * 2: giac + liac
++	 */
++	memset(&cp, 0, sizeof(cp));
++	cp.num_current_iac = num;
++	memcpy(&cp.lap, lap, num * 3);
++
++	if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_CURRENT_IAC_LAP,
++						(num * 3 + 1), &cp) < 0)
++		return -errno;
++
++	return write_class(index, dev->wanted_cod);
++}
++
++static void reset_discoverable_timeout(int index)
++{
++	struct dev_info *dev = &devs[index];
++
++	if (dev->discoverable_id > 0) {
++		g_source_remove(dev->discoverable_id);
++		dev->discoverable_id = 0;
++	}
++}
++
++static void set_discoverable_timeout(int index)
++{
++	struct dev_info *dev = &devs[index];
++
++	reset_discoverable_timeout(index);
++
++	if (dev->discoverable_timeout == 0) {
++		hciops_set_limited_discoverable(index, FALSE);
++		return;
++	}
++
++	/* Set limited discoverable if pairable and interval between 0 to 60
++	   sec */
++	if (dev->pairable && dev->discoverable_timeout <= 60)
++		hciops_set_limited_discoverable(index, TRUE);
++	else
++		hciops_set_limited_discoverable(index, FALSE);
++
++	dev->discoverable_id = g_timeout_add_seconds(dev->discoverable_timeout,
++						discoverable_timeout_handler,
++						dev);
++}
++
++static void read_scan_complete(int index, uint8_t status, void *ptr)
++{
++	struct btd_adapter *adapter;
++	read_scan_enable_rp *rp = ptr;
++
++	DBG("hci%d status %u", index, status);
++
++	switch (rp->enable) {
++	case (SCAN_PAGE | SCAN_INQUIRY):
++	case SCAN_INQUIRY:
++		set_discoverable_timeout(index);
++		break;
++	default:
++		reset_discoverable_timeout(index);
++		hciops_set_limited_discoverable(index, FALSE);
++	}
++
++	adapter = manager_find_adapter_by_id(index);
++	if (!adapter) {
++		error("Unable to find matching adapter");
++		return;
++	}
++
++	adapter_mode_changed(adapter, rp->enable);
++}
++
++static void write_class_complete(int index, uint8_t status)
++{
++	struct dev_info *dev = &devs[index];
++	struct btd_adapter *adapter;
++
++	if (status)
++		return;
++
++	if (dev->pending_cod == 0)
++		return;
++
++	dev->current_cod = dev->pending_cod;
++	dev->pending_cod = 0;
++
++	adapter = manager_find_adapter(&dev->bdaddr);
++	if (adapter)
++		btd_adapter_class_changed(adapter, dev->current_cod);
++
++	update_ext_inquiry_response(index);
++
++	if (dev->wanted_cod == dev->current_cod)
++		return;
++
++	if (dev->wanted_cod & LIMITED_BIT &&
++			!(dev->current_cod & LIMITED_BIT))
++		hciops_set_limited_discoverable(index, TRUE);
++	else if (!(dev->wanted_cod & LIMITED_BIT) &&
++					(dev->current_cod & LIMITED_BIT))
++		hciops_set_limited_discoverable(index, FALSE);
++	else
++		write_class(index, dev->wanted_cod);
++}
++
++static void read_local_oob_data_complete(int index, uint8_t status,
++						read_local_oob_data_rp *rp)
++{
++	struct btd_adapter *adapter = manager_find_adapter_by_id(index);
++
++	if (!adapter)
++		return;
++
++	if (status)
++		oob_read_local_data_complete(adapter, NULL, NULL);
++	else
++		oob_read_local_data_complete(adapter, rp->hash, rp->randomizer);
++}
++
++static inline void inquiry_complete_evt(int index, uint8_t status)
++{
++	int adapter_type;
++	struct btd_adapter *adapter;
++
++	if (status) {
++		error("Inquiry Failed with status 0x%02x", status);
++		return;
++	}
++
++	adapter = manager_find_adapter_by_id(index);
++	if (!adapter) {

Ubuntubluez package

Merge lp:~timchen119/ubuntu/utopic/bluez/lp1035431 into lp:ubuntu/utopic/bluez

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
bluez package