2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth L2CAP core and sockets. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <linux/uaccess.h>
46 #include <asm/system.h>
47 #include <asm/unaligned.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
53 #define VERSION "2.14"
55 static int enable_ertm = 0;
57 static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
58 static u8 l2cap_fixed_chan[8] = { 0x02, };
60 static const struct proto_ops l2cap_sock_ops;
62 static struct bt_sock_list l2cap_sk_list = {
63 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
66 static void __l2cap_sock_close(struct sock *sk, int reason);
67 static void l2cap_sock_close(struct sock *sk);
68 static void l2cap_sock_kill(struct sock *sk);
70 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
71 u8 code, u8 ident, u16 dlen, void *data);
73 /* ---- L2CAP timers ---- */
74 static void l2cap_sock_timeout(unsigned long arg)
76 struct sock *sk = (struct sock *) arg;
79 BT_DBG("sock %p state %d", sk, sk->sk_state);
83 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
84 reason = ECONNREFUSED;
85 else if (sk->sk_state == BT_CONNECT &&
86 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
87 reason = ECONNREFUSED;
91 __l2cap_sock_close(sk, reason);
99 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
101 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
102 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
105 static void l2cap_sock_clear_timer(struct sock *sk)
107 BT_DBG("sock %p state %d", sk, sk->sk_state);
108 sk_stop_timer(sk, &sk->sk_timer);
111 /* ---- L2CAP channels ---- */
112 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
115 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
116 if (l2cap_pi(s)->dcid == cid)
122 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
125 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
126 if (l2cap_pi(s)->scid == cid)
132 /* Find channel with given SCID.
133 * Returns locked socket */
134 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
138 s = __l2cap_get_chan_by_scid(l, cid);
141 read_unlock(&l->lock);
145 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
148 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
149 if (l2cap_pi(s)->ident == ident)
155 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
159 s = __l2cap_get_chan_by_ident(l, ident);
162 read_unlock(&l->lock);
166 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
168 u16 cid = L2CAP_CID_DYN_START;
170 for (; cid < L2CAP_CID_DYN_END; cid++) {
171 if (!__l2cap_get_chan_by_scid(l, cid))
178 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
183 l2cap_pi(l->head)->prev_c = sk;
185 l2cap_pi(sk)->next_c = l->head;
186 l2cap_pi(sk)->prev_c = NULL;
190 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
192 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
194 write_lock_bh(&l->lock);
199 l2cap_pi(next)->prev_c = prev;
201 l2cap_pi(prev)->next_c = next;
202 write_unlock_bh(&l->lock);
207 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
209 struct l2cap_chan_list *l = &conn->chan_list;
211 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
212 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
214 conn->disc_reason = 0x13;
216 l2cap_pi(sk)->conn = conn;
218 if (sk->sk_type == SOCK_SEQPACKET) {
219 /* Alloc CID for connection-oriented socket */
220 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
221 } else if (sk->sk_type == SOCK_DGRAM) {
222 /* Connectionless socket */
223 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
224 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
225 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
227 /* Raw socket can send/recv signalling messages only */
228 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
229 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
230 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
233 __l2cap_chan_link(l, sk);
236 bt_accept_enqueue(parent, sk);
240 * Must be called on the locked socket. */
241 static void l2cap_chan_del(struct sock *sk, int err)
243 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
244 struct sock *parent = bt_sk(sk)->parent;
246 l2cap_sock_clear_timer(sk);
248 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
251 /* Unlink from channel list */
252 l2cap_chan_unlink(&conn->chan_list, sk);
253 l2cap_pi(sk)->conn = NULL;
254 hci_conn_put(conn->hcon);
257 sk->sk_state = BT_CLOSED;
258 sock_set_flag(sk, SOCK_ZAPPED);
264 bt_accept_unlink(sk);
265 parent->sk_data_ready(parent, 0);
267 sk->sk_state_change(sk);
270 /* Service level security */
271 static inline int l2cap_check_security(struct sock *sk)
273 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
276 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
277 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
278 auth_type = HCI_AT_NO_BONDING_MITM;
280 auth_type = HCI_AT_NO_BONDING;
282 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
283 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
285 switch (l2cap_pi(sk)->sec_level) {
286 case BT_SECURITY_HIGH:
287 auth_type = HCI_AT_GENERAL_BONDING_MITM;
289 case BT_SECURITY_MEDIUM:
290 auth_type = HCI_AT_GENERAL_BONDING;
293 auth_type = HCI_AT_NO_BONDING;
298 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
302 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
306 /* Get next available identificator.
307 * 1 - 128 are used by kernel.
308 * 129 - 199 are reserved.
309 * 200 - 254 are used by utilities like l2ping, etc.
312 spin_lock_bh(&conn->lock);
314 if (++conn->tx_ident > 128)
319 spin_unlock_bh(&conn->lock);
324 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
326 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
328 BT_DBG("code 0x%2.2x", code);
333 return hci_send_acl(conn->hcon, skb, 0);
336 static void l2cap_do_start(struct sock *sk)
338 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
340 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
341 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
344 if (l2cap_check_security(sk)) {
345 struct l2cap_conn_req req;
346 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
347 req.psm = l2cap_pi(sk)->psm;
349 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
351 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
352 L2CAP_CONN_REQ, sizeof(req), &req);
355 struct l2cap_info_req req;
356 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
358 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
359 conn->info_ident = l2cap_get_ident(conn);
361 mod_timer(&conn->info_timer, jiffies +
362 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
364 l2cap_send_cmd(conn, conn->info_ident,
365 L2CAP_INFO_REQ, sizeof(req), &req);
369 /* ---- L2CAP connections ---- */
370 static void l2cap_conn_start(struct l2cap_conn *conn)
372 struct l2cap_chan_list *l = &conn->chan_list;
375 BT_DBG("conn %p", conn);
379 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
382 if (sk->sk_type != SOCK_SEQPACKET) {
387 if (sk->sk_state == BT_CONNECT) {
388 if (l2cap_check_security(sk)) {
389 struct l2cap_conn_req req;
390 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
391 req.psm = l2cap_pi(sk)->psm;
393 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
395 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
396 L2CAP_CONN_REQ, sizeof(req), &req);
398 } else if (sk->sk_state == BT_CONNECT2) {
399 struct l2cap_conn_rsp rsp;
400 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
401 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
403 if (l2cap_check_security(sk)) {
404 if (bt_sk(sk)->defer_setup) {
405 struct sock *parent = bt_sk(sk)->parent;
406 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
407 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
408 parent->sk_data_ready(parent, 0);
411 sk->sk_state = BT_CONFIG;
412 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
413 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
416 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
417 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
420 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
421 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
427 read_unlock(&l->lock);
430 static void l2cap_conn_ready(struct l2cap_conn *conn)
432 struct l2cap_chan_list *l = &conn->chan_list;
435 BT_DBG("conn %p", conn);
439 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
442 if (sk->sk_type != SOCK_SEQPACKET) {
443 l2cap_sock_clear_timer(sk);
444 sk->sk_state = BT_CONNECTED;
445 sk->sk_state_change(sk);
446 } else if (sk->sk_state == BT_CONNECT)
452 read_unlock(&l->lock);
455 /* Notify sockets that we cannot guaranty reliability anymore */
456 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
458 struct l2cap_chan_list *l = &conn->chan_list;
461 BT_DBG("conn %p", conn);
465 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
466 if (l2cap_pi(sk)->force_reliable)
470 read_unlock(&l->lock);
473 static void l2cap_info_timeout(unsigned long arg)
475 struct l2cap_conn *conn = (void *) arg;
477 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
478 conn->info_ident = 0;
480 l2cap_conn_start(conn);
483 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
485 struct l2cap_conn *conn = hcon->l2cap_data;
490 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
494 hcon->l2cap_data = conn;
497 BT_DBG("hcon %p conn %p", hcon, conn);
499 conn->mtu = hcon->hdev->acl_mtu;
500 conn->src = &hcon->hdev->bdaddr;
501 conn->dst = &hcon->dst;
505 setup_timer(&conn->info_timer, l2cap_info_timeout,
506 (unsigned long) conn);
508 spin_lock_init(&conn->lock);
509 rwlock_init(&conn->chan_list.lock);
511 conn->disc_reason = 0x13;
516 static void l2cap_conn_del(struct hci_conn *hcon, int err)
518 struct l2cap_conn *conn = hcon->l2cap_data;
524 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
526 kfree_skb(conn->rx_skb);
529 while ((sk = conn->chan_list.head)) {
531 l2cap_chan_del(sk, err);
536 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
537 del_timer_sync(&conn->info_timer);
539 hcon->l2cap_data = NULL;
543 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
545 struct l2cap_chan_list *l = &conn->chan_list;
546 write_lock_bh(&l->lock);
547 __l2cap_chan_add(conn, sk, parent);
548 write_unlock_bh(&l->lock);
551 /* ---- Socket interface ---- */
552 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
555 struct hlist_node *node;
556 sk_for_each(sk, node, &l2cap_sk_list.head)
557 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
564 /* Find socket with psm and source bdaddr.
565 * Returns closest match.
567 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
569 struct sock *sk = NULL, *sk1 = NULL;
570 struct hlist_node *node;
572 sk_for_each(sk, node, &l2cap_sk_list.head) {
573 if (state && sk->sk_state != state)
576 if (l2cap_pi(sk)->psm == psm) {
578 if (!bacmp(&bt_sk(sk)->src, src))
582 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
586 return node ? sk : sk1;
589 /* Find socket with given address (psm, src).
590 * Returns locked socket */
591 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
594 read_lock(&l2cap_sk_list.lock);
595 s = __l2cap_get_sock_by_psm(state, psm, src);
598 read_unlock(&l2cap_sk_list.lock);
602 static void l2cap_sock_destruct(struct sock *sk)
606 skb_queue_purge(&sk->sk_receive_queue);
607 skb_queue_purge(&sk->sk_write_queue);
610 static void l2cap_sock_cleanup_listen(struct sock *parent)
614 BT_DBG("parent %p", parent);
616 /* Close not yet accepted channels */
617 while ((sk = bt_accept_dequeue(parent, NULL)))
618 l2cap_sock_close(sk);
620 parent->sk_state = BT_CLOSED;
621 sock_set_flag(parent, SOCK_ZAPPED);
624 /* Kill socket (only if zapped and orphan)
625 * Must be called on unlocked socket.
627 static void l2cap_sock_kill(struct sock *sk)
629 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
632 BT_DBG("sk %p state %d", sk, sk->sk_state);
634 /* Kill poor orphan */
635 bt_sock_unlink(&l2cap_sk_list, sk);
636 sock_set_flag(sk, SOCK_DEAD);
640 static void __l2cap_sock_close(struct sock *sk, int reason)
642 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
644 switch (sk->sk_state) {
646 l2cap_sock_cleanup_listen(sk);
651 if (sk->sk_type == SOCK_SEQPACKET) {
652 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
653 struct l2cap_disconn_req req;
655 sk->sk_state = BT_DISCONN;
656 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
658 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
659 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
660 l2cap_send_cmd(conn, l2cap_get_ident(conn),
661 L2CAP_DISCONN_REQ, sizeof(req), &req);
663 l2cap_chan_del(sk, reason);
667 if (sk->sk_type == SOCK_SEQPACKET) {
668 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
669 struct l2cap_conn_rsp rsp;
672 if (bt_sk(sk)->defer_setup)
673 result = L2CAP_CR_SEC_BLOCK;
675 result = L2CAP_CR_BAD_PSM;
677 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
678 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
679 rsp.result = cpu_to_le16(result);
680 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
681 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
682 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
684 l2cap_chan_del(sk, reason);
689 l2cap_chan_del(sk, reason);
693 sock_set_flag(sk, SOCK_ZAPPED);
698 /* Must be called on unlocked socket. */
699 static void l2cap_sock_close(struct sock *sk)
701 l2cap_sock_clear_timer(sk);
703 __l2cap_sock_close(sk, ECONNRESET);
708 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
710 struct l2cap_pinfo *pi = l2cap_pi(sk);
715 sk->sk_type = parent->sk_type;
716 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
718 pi->imtu = l2cap_pi(parent)->imtu;
719 pi->omtu = l2cap_pi(parent)->omtu;
720 pi->sec_level = l2cap_pi(parent)->sec_level;
721 pi->role_switch = l2cap_pi(parent)->role_switch;
722 pi->force_reliable = l2cap_pi(parent)->force_reliable;
724 pi->imtu = L2CAP_DEFAULT_MTU;
726 pi->sec_level = BT_SECURITY_LOW;
728 pi->force_reliable = 0;
731 /* Default config options */
733 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
736 static struct proto l2cap_proto = {
738 .owner = THIS_MODULE,
739 .obj_size = sizeof(struct l2cap_pinfo)
742 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
746 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
750 sock_init_data(sock, sk);
751 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
753 sk->sk_destruct = l2cap_sock_destruct;
754 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
756 sock_reset_flag(sk, SOCK_ZAPPED);
758 sk->sk_protocol = proto;
759 sk->sk_state = BT_OPEN;
761 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
763 bt_sock_link(&l2cap_sk_list, sk);
767 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
771 BT_DBG("sock %p", sock);
773 sock->state = SS_UNCONNECTED;
775 if (sock->type != SOCK_SEQPACKET &&
776 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
777 return -ESOCKTNOSUPPORT;
779 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
782 sock->ops = &l2cap_sock_ops;
784 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
788 l2cap_sock_init(sk, NULL);
792 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
794 struct sock *sk = sock->sk;
795 struct sockaddr_l2 la;
800 if (!addr || addr->sa_family != AF_BLUETOOTH)
803 memset(&la, 0, sizeof(la));
804 len = min_t(unsigned int, sizeof(la), alen);
805 memcpy(&la, addr, len);
812 if (sk->sk_state != BT_OPEN) {
817 if (la.l2_psm && __le16_to_cpu(la.l2_psm) < 0x1001 &&
818 !capable(CAP_NET_BIND_SERVICE)) {
823 write_lock_bh(&l2cap_sk_list.lock);
825 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
828 /* Save source address */
829 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
830 l2cap_pi(sk)->psm = la.l2_psm;
831 l2cap_pi(sk)->sport = la.l2_psm;
832 sk->sk_state = BT_BOUND;
834 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
835 __le16_to_cpu(la.l2_psm) == 0x0003)
836 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
839 write_unlock_bh(&l2cap_sk_list.lock);
846 static int l2cap_do_connect(struct sock *sk)
848 bdaddr_t *src = &bt_sk(sk)->src;
849 bdaddr_t *dst = &bt_sk(sk)->dst;
850 struct l2cap_conn *conn;
851 struct hci_conn *hcon;
852 struct hci_dev *hdev;
856 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
859 hdev = hci_get_route(dst, src);
861 return -EHOSTUNREACH;
863 hci_dev_lock_bh(hdev);
867 if (sk->sk_type == SOCK_RAW) {
868 switch (l2cap_pi(sk)->sec_level) {
869 case BT_SECURITY_HIGH:
870 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
872 case BT_SECURITY_MEDIUM:
873 auth_type = HCI_AT_DEDICATED_BONDING;
876 auth_type = HCI_AT_NO_BONDING;
879 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
880 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
881 auth_type = HCI_AT_NO_BONDING_MITM;
883 auth_type = HCI_AT_NO_BONDING;
885 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
886 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
888 switch (l2cap_pi(sk)->sec_level) {
889 case BT_SECURITY_HIGH:
890 auth_type = HCI_AT_GENERAL_BONDING_MITM;
892 case BT_SECURITY_MEDIUM:
893 auth_type = HCI_AT_GENERAL_BONDING;
896 auth_type = HCI_AT_NO_BONDING;
901 hcon = hci_connect(hdev, ACL_LINK, dst,
902 l2cap_pi(sk)->sec_level, auth_type);
906 conn = l2cap_conn_add(hcon, 0);
914 /* Update source addr of the socket */
915 bacpy(src, conn->src);
917 l2cap_chan_add(conn, sk, NULL);
919 sk->sk_state = BT_CONNECT;
920 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
922 if (hcon->state == BT_CONNECTED) {
923 if (sk->sk_type != SOCK_SEQPACKET) {
924 l2cap_sock_clear_timer(sk);
925 sk->sk_state = BT_CONNECTED;
931 hci_dev_unlock_bh(hdev);
936 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
938 struct sock *sk = sock->sk;
939 struct sockaddr_l2 la;
944 if (!addr || addr->sa_family != AF_BLUETOOTH)
947 memset(&la, 0, sizeof(la));
948 len = min_t(unsigned int, sizeof(la), alen);
949 memcpy(&la, addr, len);
956 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
961 switch (sk->sk_state) {
965 /* Already connecting */
969 /* Already connected */
982 /* Set destination address and psm */
983 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
984 l2cap_pi(sk)->psm = la.l2_psm;
986 err = l2cap_do_connect(sk);
991 err = bt_sock_wait_state(sk, BT_CONNECTED,
992 sock_sndtimeo(sk, flags & O_NONBLOCK));
998 static int l2cap_sock_listen(struct socket *sock, int backlog)
1000 struct sock *sk = sock->sk;
1003 BT_DBG("sk %p backlog %d", sk, backlog);
1007 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
1012 if (!l2cap_pi(sk)->psm) {
1013 bdaddr_t *src = &bt_sk(sk)->src;
1018 write_lock_bh(&l2cap_sk_list.lock);
1020 for (psm = 0x1001; psm < 0x1100; psm += 2)
1021 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1022 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1023 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1028 write_unlock_bh(&l2cap_sk_list.lock);
1034 sk->sk_max_ack_backlog = backlog;
1035 sk->sk_ack_backlog = 0;
1036 sk->sk_state = BT_LISTEN;
1043 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1045 DECLARE_WAITQUEUE(wait, current);
1046 struct sock *sk = sock->sk, *nsk;
1050 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1052 if (sk->sk_state != BT_LISTEN) {
1057 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1059 BT_DBG("sk %p timeo %ld", sk, timeo);
1061 /* Wait for an incoming connection. (wake-one). */
1062 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1063 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1064 set_current_state(TASK_INTERRUPTIBLE);
1071 timeo = schedule_timeout(timeo);
1072 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1074 if (sk->sk_state != BT_LISTEN) {
1079 if (signal_pending(current)) {
1080 err = sock_intr_errno(timeo);
1084 set_current_state(TASK_RUNNING);
1085 remove_wait_queue(sk->sk_sleep, &wait);
1090 newsock->state = SS_CONNECTED;
1092 BT_DBG("new socket %p", nsk);
1099 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1101 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1102 struct sock *sk = sock->sk;
1104 BT_DBG("sock %p, sk %p", sock, sk);
1106 addr->sa_family = AF_BLUETOOTH;
1107 *len = sizeof(struct sockaddr_l2);
1110 la->l2_psm = l2cap_pi(sk)->psm;
1111 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1112 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1114 la->l2_psm = l2cap_pi(sk)->sport;
1115 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1116 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
1122 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1124 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1125 struct sk_buff *skb, **frag;
1126 int err, hlen, count, sent = 0;
1127 struct l2cap_hdr *lh;
1129 BT_DBG("sk %p len %d", sk, len);
1131 /* First fragment (with L2CAP header) */
1132 if (sk->sk_type == SOCK_DGRAM)
1133 hlen = L2CAP_HDR_SIZE + 2;
1135 hlen = L2CAP_HDR_SIZE;
1137 count = min_t(unsigned int, (conn->mtu - hlen), len);
1139 skb = bt_skb_send_alloc(sk, hlen + count,
1140 msg->msg_flags & MSG_DONTWAIT, &err);
1144 /* Create L2CAP header */
1145 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1146 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1147 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1149 if (sk->sk_type == SOCK_DGRAM)
1150 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1152 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1160 /* Continuation fragments (no L2CAP header) */
1161 frag = &skb_shinfo(skb)->frag_list;
1163 count = min_t(unsigned int, conn->mtu, len);
1165 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1169 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1177 frag = &(*frag)->next;
1179 err = hci_send_acl(conn->hcon, skb, 0);
1190 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1192 struct sock *sk = sock->sk;
1195 BT_DBG("sock %p, sk %p", sock, sk);
1197 err = sock_error(sk);
1201 if (msg->msg_flags & MSG_OOB)
1204 /* Check outgoing MTU */
1205 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1210 if (sk->sk_state == BT_CONNECTED)
1211 err = l2cap_do_send(sk, msg, len);
1219 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1221 struct sock *sk = sock->sk;
1225 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1226 struct l2cap_conn_rsp rsp;
1228 sk->sk_state = BT_CONFIG;
1230 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1231 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1232 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1233 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1234 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1235 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1243 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1246 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1248 struct sock *sk = sock->sk;
1249 struct l2cap_options opts;
1253 BT_DBG("sk %p", sk);
1259 opts.imtu = l2cap_pi(sk)->imtu;
1260 opts.omtu = l2cap_pi(sk)->omtu;
1261 opts.flush_to = l2cap_pi(sk)->flush_to;
1262 opts.mode = L2CAP_MODE_BASIC;
1264 len = min_t(unsigned int, sizeof(opts), optlen);
1265 if (copy_from_user((char *) &opts, optval, len)) {
1270 l2cap_pi(sk)->imtu = opts.imtu;
1271 l2cap_pi(sk)->omtu = opts.omtu;
1275 if (get_user(opt, (u32 __user *) optval)) {
1280 if (opt & L2CAP_LM_AUTH)
1281 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1282 if (opt & L2CAP_LM_ENCRYPT)
1283 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1284 if (opt & L2CAP_LM_SECURE)
1285 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1287 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1288 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1300 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1302 struct sock *sk = sock->sk;
1303 struct bt_security sec;
1307 BT_DBG("sk %p", sk);
1309 if (level == SOL_L2CAP)
1310 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1312 if (level != SOL_BLUETOOTH)
1313 return -ENOPROTOOPT;
1319 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1324 sec.level = BT_SECURITY_LOW;
1326 len = min_t(unsigned int, sizeof(sec), optlen);
1327 if (copy_from_user((char *) &sec, optval, len)) {
1332 if (sec.level < BT_SECURITY_LOW ||
1333 sec.level > BT_SECURITY_HIGH) {
1338 l2cap_pi(sk)->sec_level = sec.level;
1341 case BT_DEFER_SETUP:
1342 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1347 if (get_user(opt, (u32 __user *) optval)) {
1352 bt_sk(sk)->defer_setup = opt;
1364 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1366 struct sock *sk = sock->sk;
1367 struct l2cap_options opts;
1368 struct l2cap_conninfo cinfo;
1372 BT_DBG("sk %p", sk);
1374 if (get_user(len, optlen))
1381 opts.imtu = l2cap_pi(sk)->imtu;
1382 opts.omtu = l2cap_pi(sk)->omtu;
1383 opts.flush_to = l2cap_pi(sk)->flush_to;
1384 opts.mode = L2CAP_MODE_BASIC;
1386 len = min_t(unsigned int, len, sizeof(opts));
1387 if (copy_to_user(optval, (char *) &opts, len))
1393 switch (l2cap_pi(sk)->sec_level) {
1394 case BT_SECURITY_LOW:
1395 opt = L2CAP_LM_AUTH;
1397 case BT_SECURITY_MEDIUM:
1398 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1400 case BT_SECURITY_HIGH:
1401 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1409 if (l2cap_pi(sk)->role_switch)
1410 opt |= L2CAP_LM_MASTER;
1412 if (l2cap_pi(sk)->force_reliable)
1413 opt |= L2CAP_LM_RELIABLE;
1415 if (put_user(opt, (u32 __user *) optval))
1419 case L2CAP_CONNINFO:
1420 if (sk->sk_state != BT_CONNECTED &&
1421 !(sk->sk_state == BT_CONNECT2 &&
1422 bt_sk(sk)->defer_setup)) {
1427 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1428 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1430 len = min_t(unsigned int, len, sizeof(cinfo));
1431 if (copy_to_user(optval, (char *) &cinfo, len))
1445 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1447 struct sock *sk = sock->sk;
1448 struct bt_security sec;
1451 BT_DBG("sk %p", sk);
1453 if (level == SOL_L2CAP)
1454 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1456 if (level != SOL_BLUETOOTH)
1457 return -ENOPROTOOPT;
1459 if (get_user(len, optlen))
1466 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1471 sec.level = l2cap_pi(sk)->sec_level;
1473 len = min_t(unsigned int, len, sizeof(sec));
1474 if (copy_to_user(optval, (char *) &sec, len))
1479 case BT_DEFER_SETUP:
1480 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1485 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1499 static int l2cap_sock_shutdown(struct socket *sock, int how)
1501 struct sock *sk = sock->sk;
1504 BT_DBG("sock %p, sk %p", sock, sk);
1510 if (!sk->sk_shutdown) {
1511 sk->sk_shutdown = SHUTDOWN_MASK;
1512 l2cap_sock_clear_timer(sk);
1513 __l2cap_sock_close(sk, 0);
1515 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1516 err = bt_sock_wait_state(sk, BT_CLOSED,
1523 static int l2cap_sock_release(struct socket *sock)
1525 struct sock *sk = sock->sk;
1528 BT_DBG("sock %p, sk %p", sock, sk);
1533 err = l2cap_sock_shutdown(sock, 2);
1536 l2cap_sock_kill(sk);
1540 static void l2cap_chan_ready(struct sock *sk)
1542 struct sock *parent = bt_sk(sk)->parent;
1544 BT_DBG("sk %p, parent %p", sk, parent);
1546 l2cap_pi(sk)->conf_state = 0;
1547 l2cap_sock_clear_timer(sk);
1550 /* Outgoing channel.
1551 * Wake up socket sleeping on connect.
1553 sk->sk_state = BT_CONNECTED;
1554 sk->sk_state_change(sk);
1556 /* Incoming channel.
1557 * Wake up socket sleeping on accept.
1559 parent->sk_data_ready(parent, 0);
1563 /* Copy frame to all raw sockets on that connection */
1564 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1566 struct l2cap_chan_list *l = &conn->chan_list;
1567 struct sk_buff *nskb;
1570 BT_DBG("conn %p", conn);
1572 read_lock(&l->lock);
1573 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1574 if (sk->sk_type != SOCK_RAW)
1577 /* Don't send frame to the socket it came from */
1580 nskb = skb_clone(skb, GFP_ATOMIC);
1584 if (sock_queue_rcv_skb(sk, nskb))
1587 read_unlock(&l->lock);
1590 /* ---- L2CAP signalling commands ---- */
1591 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1592 u8 code, u8 ident, u16 dlen, void *data)
1594 struct sk_buff *skb, **frag;
1595 struct l2cap_cmd_hdr *cmd;
1596 struct l2cap_hdr *lh;
1599 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1600 conn, code, ident, dlen);
1602 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1603 count = min_t(unsigned int, conn->mtu, len);
1605 skb = bt_skb_alloc(count, GFP_ATOMIC);
1609 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1610 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1611 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1613 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1616 cmd->len = cpu_to_le16(dlen);
1619 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1620 memcpy(skb_put(skb, count), data, count);
1626 /* Continuation fragments (no L2CAP header) */
1627 frag = &skb_shinfo(skb)->frag_list;
1629 count = min_t(unsigned int, conn->mtu, len);
1631 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1635 memcpy(skb_put(*frag, count), data, count);
1640 frag = &(*frag)->next;
1650 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1652 struct l2cap_conf_opt *opt = *ptr;
1655 len = L2CAP_CONF_OPT_SIZE + opt->len;
1663 *val = *((u8 *) opt->val);
1667 *val = __le16_to_cpu(*((__le16 *) opt->val));
1671 *val = __le32_to_cpu(*((__le32 *) opt->val));
1675 *val = (unsigned long) opt->val;
1679 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1683 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1685 struct l2cap_conf_opt *opt = *ptr;
1687 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1694 *((u8 *) opt->val) = val;
1698 *((__le16 *) opt->val) = cpu_to_le16(val);
1702 *((__le32 *) opt->val) = cpu_to_le32(val);
1706 memcpy(opt->val, (void *) val, len);
1710 *ptr += L2CAP_CONF_OPT_SIZE + len;
1713 static int l2cap_build_conf_req(struct sock *sk, void *data)
1715 struct l2cap_pinfo *pi = l2cap_pi(sk);
1716 struct l2cap_conf_req *req = data;
1717 void *ptr = req->data;
1719 BT_DBG("sk %p", sk);
1721 if (pi->imtu != L2CAP_DEFAULT_MTU)
1722 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1724 /* FIXME: Need actual value of the flush timeout */
1725 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1726 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1728 req->dcid = cpu_to_le16(pi->dcid);
1729 req->flags = cpu_to_le16(0);
1734 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1736 struct l2cap_pinfo *pi = l2cap_pi(sk);
1737 struct l2cap_conf_rsp *rsp = data;
1738 void *ptr = rsp->data;
1739 void *req = pi->conf_req;
1740 int len = pi->conf_len;
1741 int type, hint, olen;
1743 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1744 u16 mtu = L2CAP_DEFAULT_MTU;
1745 u16 result = L2CAP_CONF_SUCCESS;
1747 BT_DBG("sk %p", sk);
1749 while (len >= L2CAP_CONF_OPT_SIZE) {
1750 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1752 hint = type & L2CAP_CONF_HINT;
1753 type &= L2CAP_CONF_MASK;
1756 case L2CAP_CONF_MTU:
1760 case L2CAP_CONF_FLUSH_TO:
1764 case L2CAP_CONF_QOS:
1767 case L2CAP_CONF_RFC:
1768 if (olen == sizeof(rfc))
1769 memcpy(&rfc, (void *) val, olen);
1776 result = L2CAP_CONF_UNKNOWN;
1777 *((u8 *) ptr++) = type;
1782 if (result == L2CAP_CONF_SUCCESS) {
1783 /* Configure output options and let the other side know
1784 * which ones we don't like. */
1786 if (rfc.mode == L2CAP_MODE_BASIC) {
1788 result = L2CAP_CONF_UNACCEPT;
1791 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1794 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1796 result = L2CAP_CONF_UNACCEPT;
1798 memset(&rfc, 0, sizeof(rfc));
1799 rfc.mode = L2CAP_MODE_BASIC;
1801 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1802 sizeof(rfc), (unsigned long) &rfc);
1806 rsp->scid = cpu_to_le16(pi->dcid);
1807 rsp->result = cpu_to_le16(result);
1808 rsp->flags = cpu_to_le16(0x0000);
1813 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1815 struct l2cap_conf_rsp *rsp = data;
1816 void *ptr = rsp->data;
1818 BT_DBG("sk %p", sk);
1820 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1821 rsp->result = cpu_to_le16(result);
1822 rsp->flags = cpu_to_le16(flags);
1827 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1829 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1831 if (rej->reason != 0x0000)
1834 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1835 cmd->ident == conn->info_ident) {
1836 del_timer(&conn->info_timer);
1838 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
1839 conn->info_ident = 0;
1841 l2cap_conn_start(conn);
1847 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1849 struct l2cap_chan_list *list = &conn->chan_list;
1850 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1851 struct l2cap_conn_rsp rsp;
1852 struct sock *sk, *parent;
1853 int result, status = L2CAP_CS_NO_INFO;
1855 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1856 __le16 psm = req->psm;
1858 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1860 /* Check if we have socket listening on psm */
1861 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1863 result = L2CAP_CR_BAD_PSM;
1867 /* Check if the ACL is secure enough (if not SDP) */
1868 if (psm != cpu_to_le16(0x0001) &&
1869 !hci_conn_check_link_mode(conn->hcon)) {
1870 conn->disc_reason = 0x05;
1871 result = L2CAP_CR_SEC_BLOCK;
1875 result = L2CAP_CR_NO_MEM;
1877 /* Check for backlog size */
1878 if (sk_acceptq_is_full(parent)) {
1879 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1883 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1887 write_lock_bh(&list->lock);
1889 /* Check if we already have channel with that dcid */
1890 if (__l2cap_get_chan_by_dcid(list, scid)) {
1891 write_unlock_bh(&list->lock);
1892 sock_set_flag(sk, SOCK_ZAPPED);
1893 l2cap_sock_kill(sk);
1897 hci_conn_hold(conn->hcon);
1899 l2cap_sock_init(sk, parent);
1900 bacpy(&bt_sk(sk)->src, conn->src);
1901 bacpy(&bt_sk(sk)->dst, conn->dst);
1902 l2cap_pi(sk)->psm = psm;
1903 l2cap_pi(sk)->dcid = scid;
1905 __l2cap_chan_add(conn, sk, parent);
1906 dcid = l2cap_pi(sk)->scid;
1908 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1910 l2cap_pi(sk)->ident = cmd->ident;
1912 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
1913 if (l2cap_check_security(sk)) {
1914 if (bt_sk(sk)->defer_setup) {
1915 sk->sk_state = BT_CONNECT2;
1916 result = L2CAP_CR_PEND;
1917 status = L2CAP_CS_AUTHOR_PEND;
1918 parent->sk_data_ready(parent, 0);
1920 sk->sk_state = BT_CONFIG;
1921 result = L2CAP_CR_SUCCESS;
1922 status = L2CAP_CS_NO_INFO;
1925 sk->sk_state = BT_CONNECT2;
1926 result = L2CAP_CR_PEND;
1927 status = L2CAP_CS_AUTHEN_PEND;
1930 sk->sk_state = BT_CONNECT2;
1931 result = L2CAP_CR_PEND;
1932 status = L2CAP_CS_NO_INFO;
1935 write_unlock_bh(&list->lock);
1938 bh_unlock_sock(parent);
1941 rsp.scid = cpu_to_le16(scid);
1942 rsp.dcid = cpu_to_le16(dcid);
1943 rsp.result = cpu_to_le16(result);
1944 rsp.status = cpu_to_le16(status);
1945 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1947 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1948 struct l2cap_info_req info;
1949 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1951 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1952 conn->info_ident = l2cap_get_ident(conn);
1954 mod_timer(&conn->info_timer, jiffies +
1955 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1957 l2cap_send_cmd(conn, conn->info_ident,
1958 L2CAP_INFO_REQ, sizeof(info), &info);
1964 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1966 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1967 u16 scid, dcid, result, status;
1971 scid = __le16_to_cpu(rsp->scid);
1972 dcid = __le16_to_cpu(rsp->dcid);
1973 result = __le16_to_cpu(rsp->result);
1974 status = __le16_to_cpu(rsp->status);
1976 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1979 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
1983 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
1989 case L2CAP_CR_SUCCESS:
1990 sk->sk_state = BT_CONFIG;
1991 l2cap_pi(sk)->ident = 0;
1992 l2cap_pi(sk)->dcid = dcid;
1993 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1995 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
1997 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1998 l2cap_build_conf_req(sk, req), req);
2002 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
2006 l2cap_chan_del(sk, ECONNREFUSED);
2014 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2016 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2022 dcid = __le16_to_cpu(req->dcid);
2023 flags = __le16_to_cpu(req->flags);
2025 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2027 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2031 if (sk->sk_state == BT_DISCONN)
2034 /* Reject if config buffer is too small. */
2035 len = cmd_len - sizeof(*req);
2036 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2037 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2038 l2cap_build_conf_rsp(sk, rsp,
2039 L2CAP_CONF_REJECT, flags), rsp);
2044 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2045 l2cap_pi(sk)->conf_len += len;
2047 if (flags & 0x0001) {
2048 /* Incomplete config. Send empty response. */
2049 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2050 l2cap_build_conf_rsp(sk, rsp,
2051 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2055 /* Complete config. */
2056 len = l2cap_parse_conf_req(sk, rsp);
2060 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2062 /* Reset config buffer. */
2063 l2cap_pi(sk)->conf_len = 0;
2065 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2068 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2069 sk->sk_state = BT_CONNECTED;
2070 l2cap_chan_ready(sk);
2074 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2076 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2077 l2cap_build_conf_req(sk, buf), buf);
2085 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2087 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2088 u16 scid, flags, result;
2091 scid = __le16_to_cpu(rsp->scid);
2092 flags = __le16_to_cpu(rsp->flags);
2093 result = __le16_to_cpu(rsp->result);
2095 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2096 scid, flags, result);
2098 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2103 case L2CAP_CONF_SUCCESS:
2106 case L2CAP_CONF_UNACCEPT:
2107 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2109 /* It does not make sense to adjust L2CAP parameters
2110 * that are currently defined in the spec. We simply
2111 * resend config request that we sent earlier. It is
2112 * stupid, but it helps qualification testing which
2113 * expects at least some response from us. */
2114 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2115 l2cap_build_conf_req(sk, req), req);
2120 sk->sk_state = BT_DISCONN;
2121 sk->sk_err = ECONNRESET;
2122 l2cap_sock_set_timer(sk, HZ * 5);
2124 struct l2cap_disconn_req req;
2125 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2126 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2127 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2128 L2CAP_DISCONN_REQ, sizeof(req), &req);
2136 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2138 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2139 sk->sk_state = BT_CONNECTED;
2140 l2cap_chan_ready(sk);
2148 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2150 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2151 struct l2cap_disconn_rsp rsp;
2155 scid = __le16_to_cpu(req->scid);
2156 dcid = __le16_to_cpu(req->dcid);
2158 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2160 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2164 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2165 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2166 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2168 sk->sk_shutdown = SHUTDOWN_MASK;
2170 l2cap_chan_del(sk, ECONNRESET);
2173 l2cap_sock_kill(sk);
2177 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2179 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2183 scid = __le16_to_cpu(rsp->scid);
2184 dcid = __le16_to_cpu(rsp->dcid);
2186 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2188 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2192 l2cap_chan_del(sk, 0);
2195 l2cap_sock_kill(sk);
2199 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2201 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2204 type = __le16_to_cpu(req->type);
2206 BT_DBG("type 0x%4.4x", type);
2208 if (type == L2CAP_IT_FEAT_MASK) {
2210 u32 feat_mask = l2cap_feat_mask;
2211 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2212 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2213 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2215 feat_mask |= L2CAP_FEAT_ERTM;
2216 put_unaligned(cpu_to_le32(feat_mask), (__le32 *) rsp->data);
2217 l2cap_send_cmd(conn, cmd->ident,
2218 L2CAP_INFO_RSP, sizeof(buf), buf);
2219 } else if (type == L2CAP_IT_FIXED_CHAN) {
2221 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2222 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2223 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2224 memcpy(buf + 4, l2cap_fixed_chan, 8);
2225 l2cap_send_cmd(conn, cmd->ident,
2226 L2CAP_INFO_RSP, sizeof(buf), buf);
2228 struct l2cap_info_rsp rsp;
2229 rsp.type = cpu_to_le16(type);
2230 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2231 l2cap_send_cmd(conn, cmd->ident,
2232 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2238 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2240 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2243 type = __le16_to_cpu(rsp->type);
2244 result = __le16_to_cpu(rsp->result);
2246 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2248 del_timer(&conn->info_timer);
2250 if (type == L2CAP_IT_FEAT_MASK) {
2251 conn->feat_mask = get_unaligned_le32(rsp->data);
2253 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
2254 struct l2cap_info_req req;
2255 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2257 conn->info_ident = l2cap_get_ident(conn);
2259 l2cap_send_cmd(conn, conn->info_ident,
2260 L2CAP_INFO_REQ, sizeof(req), &req);
2262 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2263 conn->info_ident = 0;
2265 l2cap_conn_start(conn);
2267 } else if (type == L2CAP_IT_FIXED_CHAN) {
2268 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2269 conn->info_ident = 0;
2271 l2cap_conn_start(conn);
2277 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2279 u8 *data = skb->data;
2281 struct l2cap_cmd_hdr cmd;
2284 l2cap_raw_recv(conn, skb);
2286 while (len >= L2CAP_CMD_HDR_SIZE) {
2288 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2289 data += L2CAP_CMD_HDR_SIZE;
2290 len -= L2CAP_CMD_HDR_SIZE;
2292 cmd_len = le16_to_cpu(cmd.len);
2294 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
2296 if (cmd_len > len || !cmd.ident) {
2297 BT_DBG("corrupted command");
2302 case L2CAP_COMMAND_REJ:
2303 l2cap_command_rej(conn, &cmd, data);
2306 case L2CAP_CONN_REQ:
2307 err = l2cap_connect_req(conn, &cmd, data);
2310 case L2CAP_CONN_RSP:
2311 err = l2cap_connect_rsp(conn, &cmd, data);
2314 case L2CAP_CONF_REQ:
2315 err = l2cap_config_req(conn, &cmd, cmd_len, data);
2318 case L2CAP_CONF_RSP:
2319 err = l2cap_config_rsp(conn, &cmd, data);
2322 case L2CAP_DISCONN_REQ:
2323 err = l2cap_disconnect_req(conn, &cmd, data);
2326 case L2CAP_DISCONN_RSP:
2327 err = l2cap_disconnect_rsp(conn, &cmd, data);
2330 case L2CAP_ECHO_REQ:
2331 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
2334 case L2CAP_ECHO_RSP:
2337 case L2CAP_INFO_REQ:
2338 err = l2cap_information_req(conn, &cmd, data);
2341 case L2CAP_INFO_RSP:
2342 err = l2cap_information_rsp(conn, &cmd, data);
2346 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2352 struct l2cap_cmd_rej rej;
2353 BT_DBG("error %d", err);
2355 /* FIXME: Map err to a valid reason */
2356 rej.reason = cpu_to_le16(0);
2357 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2367 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2371 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2373 BT_DBG("unknown cid 0x%4.4x", cid);
2377 BT_DBG("sk %p, len %d", sk, skb->len);
2379 if (sk->sk_state != BT_CONNECTED)
2382 if (l2cap_pi(sk)->imtu < skb->len)
2385 /* If socket recv buffers overflows we drop data here
2386 * which is *bad* because L2CAP has to be reliable.
2387 * But we don't have any other choice. L2CAP doesn't
2388 * provide flow control mechanism. */
2390 if (!sock_queue_rcv_skb(sk, skb))
2403 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
2407 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2411 BT_DBG("sk %p, len %d", sk, skb->len);
2413 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2416 if (l2cap_pi(sk)->imtu < skb->len)
2419 if (!sock_queue_rcv_skb(sk, skb))
2431 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2433 struct l2cap_hdr *lh = (void *) skb->data;
2437 skb_pull(skb, L2CAP_HDR_SIZE);
2438 cid = __le16_to_cpu(lh->cid);
2439 len = __le16_to_cpu(lh->len);
2441 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2444 case L2CAP_CID_SIGNALING:
2445 l2cap_sig_channel(conn, skb);
2448 case L2CAP_CID_CONN_LESS:
2449 psm = get_unaligned((__le16 *) skb->data);
2451 l2cap_conless_channel(conn, psm, skb);
2455 l2cap_data_channel(conn, cid, skb);
2460 /* ---- L2CAP interface with lower layer (HCI) ---- */
2462 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2464 int exact = 0, lm1 = 0, lm2 = 0;
2465 register struct sock *sk;
2466 struct hlist_node *node;
2468 if (type != ACL_LINK)
2471 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2473 /* Find listening sockets and check their link_mode */
2474 read_lock(&l2cap_sk_list.lock);
2475 sk_for_each(sk, node, &l2cap_sk_list.head) {
2476 if (sk->sk_state != BT_LISTEN)
2479 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2480 lm1 |= HCI_LM_ACCEPT;
2481 if (l2cap_pi(sk)->role_switch)
2482 lm1 |= HCI_LM_MASTER;
2484 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2485 lm2 |= HCI_LM_ACCEPT;
2486 if (l2cap_pi(sk)->role_switch)
2487 lm2 |= HCI_LM_MASTER;
2490 read_unlock(&l2cap_sk_list.lock);
2492 return exact ? lm1 : lm2;
2495 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2497 struct l2cap_conn *conn;
2499 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2501 if (hcon->type != ACL_LINK)
2505 conn = l2cap_conn_add(hcon, status);
2507 l2cap_conn_ready(conn);
2509 l2cap_conn_del(hcon, bt_err(status));
2514 static int l2cap_disconn_ind(struct hci_conn *hcon)
2516 struct l2cap_conn *conn = hcon->l2cap_data;
2518 BT_DBG("hcon %p", hcon);
2520 if (hcon->type != ACL_LINK || !conn)
2523 return conn->disc_reason;
2526 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
2528 BT_DBG("hcon %p reason %d", hcon, reason);
2530 if (hcon->type != ACL_LINK)
2533 l2cap_conn_del(hcon, bt_err(reason));
2538 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2540 if (sk->sk_type != SOCK_SEQPACKET)
2543 if (encrypt == 0x00) {
2544 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2545 l2cap_sock_clear_timer(sk);
2546 l2cap_sock_set_timer(sk, HZ * 5);
2547 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2548 __l2cap_sock_close(sk, ECONNREFUSED);
2550 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2551 l2cap_sock_clear_timer(sk);
2555 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2557 struct l2cap_chan_list *l;
2558 struct l2cap_conn *conn = hcon->l2cap_data;
2564 l = &conn->chan_list;
2566 BT_DBG("conn %p", conn);
2568 read_lock(&l->lock);
2570 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2573 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
2578 if (!status && (sk->sk_state == BT_CONNECTED ||
2579 sk->sk_state == BT_CONFIG)) {
2580 l2cap_check_encryption(sk, encrypt);
2585 if (sk->sk_state == BT_CONNECT) {
2587 struct l2cap_conn_req req;
2588 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2589 req.psm = l2cap_pi(sk)->psm;
2591 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2593 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2594 L2CAP_CONN_REQ, sizeof(req), &req);
2596 l2cap_sock_clear_timer(sk);
2597 l2cap_sock_set_timer(sk, HZ / 10);
2599 } else if (sk->sk_state == BT_CONNECT2) {
2600 struct l2cap_conn_rsp rsp;
2604 sk->sk_state = BT_CONFIG;
2605 result = L2CAP_CR_SUCCESS;
2607 sk->sk_state = BT_DISCONN;
2608 l2cap_sock_set_timer(sk, HZ / 10);
2609 result = L2CAP_CR_SEC_BLOCK;
2612 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2613 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2614 rsp.result = cpu_to_le16(result);
2615 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2616 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2617 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2623 read_unlock(&l->lock);
2628 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2630 struct l2cap_conn *conn = hcon->l2cap_data;
2632 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2635 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2637 if (flags & ACL_START) {
2638 struct l2cap_hdr *hdr;
2642 BT_ERR("Unexpected start frame (len %d)", skb->len);
2643 kfree_skb(conn->rx_skb);
2644 conn->rx_skb = NULL;
2646 l2cap_conn_unreliable(conn, ECOMM);
2650 BT_ERR("Frame is too short (len %d)", skb->len);
2651 l2cap_conn_unreliable(conn, ECOMM);
2655 hdr = (struct l2cap_hdr *) skb->data;
2656 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2658 if (len == skb->len) {
2659 /* Complete frame received */
2660 l2cap_recv_frame(conn, skb);
2664 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2666 if (skb->len > len) {
2667 BT_ERR("Frame is too long (len %d, expected len %d)",
2669 l2cap_conn_unreliable(conn, ECOMM);
2673 /* Allocate skb for the complete frame (with header) */
2674 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
2678 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2680 conn->rx_len = len - skb->len;
2682 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2684 if (!conn->rx_len) {
2685 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2686 l2cap_conn_unreliable(conn, ECOMM);
2690 if (skb->len > conn->rx_len) {
2691 BT_ERR("Fragment is too long (len %d, expected %d)",
2692 skb->len, conn->rx_len);
2693 kfree_skb(conn->rx_skb);
2694 conn->rx_skb = NULL;
2696 l2cap_conn_unreliable(conn, ECOMM);
2700 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2702 conn->rx_len -= skb->len;
2704 if (!conn->rx_len) {
2705 /* Complete frame received */
2706 l2cap_recv_frame(conn, conn->rx_skb);
2707 conn->rx_skb = NULL;
2716 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
2719 struct hlist_node *node;
2722 read_lock_bh(&l2cap_sk_list.lock);
2724 sk_for_each(sk, node, &l2cap_sk_list.head) {
2725 struct l2cap_pinfo *pi = l2cap_pi(sk);
2727 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
2728 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2729 sk->sk_state, __le16_to_cpu(pi->psm), pi->scid,
2730 pi->dcid, pi->imtu, pi->omtu, pi->sec_level);
2733 read_unlock_bh(&l2cap_sk_list.lock);
2738 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
2740 static const struct proto_ops l2cap_sock_ops = {
2741 .family = PF_BLUETOOTH,
2742 .owner = THIS_MODULE,
2743 .release = l2cap_sock_release,
2744 .bind = l2cap_sock_bind,
2745 .connect = l2cap_sock_connect,
2746 .listen = l2cap_sock_listen,
2747 .accept = l2cap_sock_accept,
2748 .getname = l2cap_sock_getname,
2749 .sendmsg = l2cap_sock_sendmsg,
2750 .recvmsg = l2cap_sock_recvmsg,
2751 .poll = bt_sock_poll,
2752 .ioctl = bt_sock_ioctl,
2753 .mmap = sock_no_mmap,
2754 .socketpair = sock_no_socketpair,
2755 .shutdown = l2cap_sock_shutdown,
2756 .setsockopt = l2cap_sock_setsockopt,
2757 .getsockopt = l2cap_sock_getsockopt
2760 static struct net_proto_family l2cap_sock_family_ops = {
2761 .family = PF_BLUETOOTH,
2762 .owner = THIS_MODULE,
2763 .create = l2cap_sock_create,
2766 static struct hci_proto l2cap_hci_proto = {
2768 .id = HCI_PROTO_L2CAP,
2769 .connect_ind = l2cap_connect_ind,
2770 .connect_cfm = l2cap_connect_cfm,
2771 .disconn_ind = l2cap_disconn_ind,
2772 .disconn_cfm = l2cap_disconn_cfm,
2773 .security_cfm = l2cap_security_cfm,
2774 .recv_acldata = l2cap_recv_acldata
2777 static int __init l2cap_init(void)
2781 err = proto_register(&l2cap_proto, 0);
2785 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2787 BT_ERR("L2CAP socket registration failed");
2791 err = hci_register_proto(&l2cap_hci_proto);
2793 BT_ERR("L2CAP protocol registration failed");
2794 bt_sock_unregister(BTPROTO_L2CAP);
2798 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2799 BT_ERR("Failed to create L2CAP info file");
2801 BT_INFO("L2CAP ver %s", VERSION);
2802 BT_INFO("L2CAP socket layer initialized");
2807 proto_unregister(&l2cap_proto);
2811 static void __exit l2cap_exit(void)
2813 class_remove_file(bt_class, &class_attr_l2cap);
2815 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2816 BT_ERR("L2CAP socket unregistration failed");
2818 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2819 BT_ERR("L2CAP protocol unregistration failed");
2821 proto_unregister(&l2cap_proto);
2824 void l2cap_load(void)
2826 /* Dummy function to trigger automatic L2CAP module loading by
2827 * other modules that use L2CAP sockets but don't use any other
2828 * symbols from it. */
2831 EXPORT_SYMBOL(l2cap_load);
2833 module_init(l2cap_init);
2834 module_exit(l2cap_exit);
2836 module_param(enable_ertm, bool, 0644);
2837 MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
2839 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2840 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2841 MODULE_VERSION(VERSION);
2842 MODULE_LICENSE("GPL");
2843 MODULE_ALIAS("bt-proto-0");