diff options
| author | Andy Nguyen <theflow@google.com> | 2020-08-02 18:16:52 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-08-02 19:34:27 +0200 |
| commit | 2c26f576aeea406e5147f96b49aba4c880252143 (patch) | |
| tree | dacaca22e99d58f3f01889d514c4420de34a0fef /sys/linux | |
| parent | 55a879802aff4a70a7624e9c9a44058f4f1a31ac (diff) | |
all: fake hci le conn using handle 201
Diffstat (limited to 'sys/linux')
| -rw-r--r-- | sys/linux/dev_vhci.txt | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/sys/linux/dev_vhci.txt b/sys/linux/dev_vhci.txt index b1440b3c5..4064c1e56 100644 --- a/sys/linux/dev_vhci.txt +++ b/sys/linux/dev_vhci.txt @@ -8,23 +8,18 @@ include <net/bluetooth/hci.h> syz_emit_vhci(data ptr[in, vhci_command], size bytesize[data]) -# Matches HCI_HANDLE in executor/common_linux.h and hci_acl_hdr.handle. -type hci_conn_handle const[200, int16] -type hci_phy_handle const[200, int8] +# Matches HCI_HANDLE_1/HCI_HANDLE_2 in executor/common_linux.h. +hci_handles = 200, 201 +type hci_conn_handle flags[hci_handles, int16] +type hci_phy_handle flags[hci_handles, int8] vhci_command [ HCI_EVENT_PKT vhci_command_event_pkt HCI_ACLDATA_PKT vhci_command_acldata_pkt - HCI_SCODATA_PKT vhci_command_generic[HCI_SCODATA_PKT] + HCI_SCODATA_PKT vhci_command_scodata_pkt HCI_VENDOR_PKT vhci_command_vendor_pkt ] [varlen] -type vhci_command_generic[CMD] { - cmd const[CMD, int8] -# TODO: what's the format of these packets? Is there anything interesting? - data array[int8] -} - vhci_command_event_pkt { cmd const[HCI_EVENT_PKT, int8] hdr hci_event_hdr_un @@ -36,6 +31,12 @@ vhci_command_acldata_pkt { l2cap_hdr l2cap_hdr_un } +vhci_command_scodata_pkt { + cmd const[HCI_SCODATA_PKT, int8] + sco_hdr hci_sco_hdr[vhci_command_scodata_pkt:data] + data array[int8] +} + vhci_command_vendor_pkt { cmd const[HCI_VENDOR_PKT, int8] opcode flags[vhci_vendor_pkt_opcode, int8] @@ -44,12 +45,17 @@ vhci_command_vendor_pkt { vhci_vendor_pkt_opcode = HCI_PRIMARY, HCI_AMP, HCI_EXTERNAL_CONFIG, HCI_RAW_DEVICE type hci_acl_hdr[DATA] { - handle const[200, int16:12] + handle flags[hci_handles, int16:12] pb int16:2 bc int16:2 dlen bytesize[DATA, int16] } [packed] +type hci_sco_hdr[DATA] { + handle hci_conn_handle + dlen bytesize[DATA, int8] +} [packed] + hci_event_hdr_un [ HCI_EV_INQUIRY_COMPLETE hci_event_hdr_t[HCI_EV_INQUIRY_COMPLETE, int8] extended_inquiry_info hci_event_hdr_t[HCI_EV_EXTENDED_INQUIRY_RESULT, extended_inquiry_info_t] |