From 2c26f576aeea406e5147f96b49aba4c880252143 Mon Sep 17 00:00:00 2001
From: Andy Nguyen <theflow@google.com>
Date: Sun, 2 Aug 2020 18:16:52 +0200
Subject: all: fake hci le conn using handle 201

---
 sys/linux/dev_vhci.txt | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

(limited to 'sys/linux')

diff --git a/sys/linux/dev_vhci.txt b/sys/linux/dev_vhci.txt
index b1440b3c5..4064c1e56 100644
--- a/sys/linux/dev_vhci.txt
+++ b/sys/linux/dev_vhci.txt
@@ -8,23 +8,18 @@ include <net/bluetooth/hci.h>
 
 syz_emit_vhci(data ptr[in, vhci_command], size bytesize[data])
 
-# Matches HCI_HANDLE in executor/common_linux.h and hci_acl_hdr.handle.
-type hci_conn_handle const[200, int16]
-type hci_phy_handle const[200, int8]
+# Matches HCI_HANDLE_1/HCI_HANDLE_2 in executor/common_linux.h.
+hci_handles = 200, 201
+type hci_conn_handle flags[hci_handles, int16]
+type hci_phy_handle flags[hci_handles, int8]
 
 vhci_command [
 	HCI_EVENT_PKT	vhci_command_event_pkt
 	HCI_ACLDATA_PKT	vhci_command_acldata_pkt
-	HCI_SCODATA_PKT	vhci_command_generic[HCI_SCODATA_PKT]
+	HCI_SCODATA_PKT	vhci_command_scodata_pkt
 	HCI_VENDOR_PKT	vhci_command_vendor_pkt
 ] [varlen]
 
-type vhci_command_generic[CMD] {
-	cmd	const[CMD, int8]
-# TODO: what's the format of these packets? Is there anything interesting?
-	data	array[int8]
-}
-
 vhci_command_event_pkt {
 	cmd	const[HCI_EVENT_PKT, int8]
 	hdr	hci_event_hdr_un
@@ -36,6 +31,12 @@ vhci_command_acldata_pkt {
 	l2cap_hdr	l2cap_hdr_un
 }
 
+vhci_command_scodata_pkt {
+	cmd	const[HCI_SCODATA_PKT, int8]
+	sco_hdr	hci_sco_hdr[vhci_command_scodata_pkt:data]
+	data	array[int8]
+}
+
 vhci_command_vendor_pkt {
 	cmd	const[HCI_VENDOR_PKT, int8]
 	opcode	flags[vhci_vendor_pkt_opcode, int8]
@@ -44,12 +45,17 @@ vhci_command_vendor_pkt {
 vhci_vendor_pkt_opcode = HCI_PRIMARY, HCI_AMP, HCI_EXTERNAL_CONFIG, HCI_RAW_DEVICE
 
 type hci_acl_hdr[DATA] {
-	handle	const[200, int16:12]
+	handle	flags[hci_handles, int16:12]
 	pb	int16:2
 	bc	int16:2
 	dlen	bytesize[DATA, int16]
 } [packed]
 
+type hci_sco_hdr[DATA] {
+	handle	hci_conn_handle
+	dlen	bytesize[DATA, int8]
+} [packed]
+
 hci_event_hdr_un [
 	HCI_EV_INQUIRY_COMPLETE			hci_event_hdr_t[HCI_EV_INQUIRY_COMPLETE, int8]
 	extended_inquiry_info			hci_event_hdr_t[HCI_EV_EXTENDED_INQUIRY_RESULT, extended_inquiry_info_t]
-- 
cgit mrf-deployment