2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth L2CAP core and sockets. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
53 #define VERSION "2.11"
55 static u32 l2cap_feat_mask = 0x0000;
57 static const struct proto_ops l2cap_sock_ops;
59 static struct bt_sock_list l2cap_sk_list = {
60 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
63 static void __l2cap_sock_close(struct sock *sk, int reason);
64 static void l2cap_sock_close(struct sock *sk);
65 static void l2cap_sock_kill(struct sock *sk);
67 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
68 u8 code, u8 ident, u16 dlen, void *data);
70 /* ---- L2CAP timers ---- */
71 static void l2cap_sock_timeout(unsigned long arg)
73 struct sock *sk = (struct sock *) arg;
76 BT_DBG("sock %p state %d", sk, sk->sk_state);
80 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
81 reason = ECONNREFUSED;
82 else if (sk->sk_state == BT_CONNECT &&
83 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
84 reason = ECONNREFUSED;
88 __l2cap_sock_close(sk, reason);
96 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
98 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
99 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
102 static void l2cap_sock_clear_timer(struct sock *sk)
104 BT_DBG("sock %p state %d", sk, sk->sk_state);
105 sk_stop_timer(sk, &sk->sk_timer);
108 /* ---- L2CAP channels ---- */
109 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
112 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
113 if (l2cap_pi(s)->dcid == cid)
119 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
122 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
123 if (l2cap_pi(s)->scid == cid)
129 /* Find channel with given SCID.
130 * Returns locked socket */
131 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
135 s = __l2cap_get_chan_by_scid(l, cid);
136 if (s) bh_lock_sock(s);
137 read_unlock(&l->lock);
141 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
144 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
145 if (l2cap_pi(s)->ident == ident)
151 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
155 s = __l2cap_get_chan_by_ident(l, ident);
156 if (s) bh_lock_sock(s);
157 read_unlock(&l->lock);
161 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
165 for (; cid < 0xffff; cid++) {
166 if(!__l2cap_get_chan_by_scid(l, cid))
173 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
178 l2cap_pi(l->head)->prev_c = sk;
180 l2cap_pi(sk)->next_c = l->head;
181 l2cap_pi(sk)->prev_c = NULL;
185 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
187 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
189 write_lock_bh(&l->lock);
194 l2cap_pi(next)->prev_c = prev;
196 l2cap_pi(prev)->next_c = next;
197 write_unlock_bh(&l->lock);
202 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
204 struct l2cap_chan_list *l = &conn->chan_list;
206 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
208 l2cap_pi(sk)->conn = conn;
210 if (sk->sk_type == SOCK_SEQPACKET) {
211 /* Alloc CID for connection-oriented socket */
212 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
213 } else if (sk->sk_type == SOCK_DGRAM) {
214 /* Connectionless socket */
215 l2cap_pi(sk)->scid = 0x0002;
216 l2cap_pi(sk)->dcid = 0x0002;
217 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
219 /* Raw socket can send/recv signalling messages only */
220 l2cap_pi(sk)->scid = 0x0001;
221 l2cap_pi(sk)->dcid = 0x0001;
222 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
225 __l2cap_chan_link(l, sk);
228 bt_accept_enqueue(parent, sk);
232 * Must be called on the locked socket. */
233 static void l2cap_chan_del(struct sock *sk, int err)
235 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
236 struct sock *parent = bt_sk(sk)->parent;
238 l2cap_sock_clear_timer(sk);
240 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
243 /* Unlink from channel list */
244 l2cap_chan_unlink(&conn->chan_list, sk);
245 l2cap_pi(sk)->conn = NULL;
246 hci_conn_put(conn->hcon);
249 sk->sk_state = BT_CLOSED;
250 sock_set_flag(sk, SOCK_ZAPPED);
256 bt_accept_unlink(sk);
257 parent->sk_data_ready(parent, 0);
259 sk->sk_state_change(sk);
262 /* Service level security */
263 static inline int l2cap_check_security(struct sock *sk)
265 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
267 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level);
270 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
274 /* Get next available identificator.
275 * 1 - 128 are used by kernel.
276 * 129 - 199 are reserved.
277 * 200 - 254 are used by utilities like l2ping, etc.
280 spin_lock_bh(&conn->lock);
282 if (++conn->tx_ident > 128)
287 spin_unlock_bh(&conn->lock);
292 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
294 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
296 BT_DBG("code 0x%2.2x", code);
301 return hci_send_acl(conn->hcon, skb, 0);
304 static void l2cap_do_start(struct sock *sk)
306 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
308 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
309 if (l2cap_check_security(sk)) {
310 struct l2cap_conn_req req;
311 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
312 req.psm = l2cap_pi(sk)->psm;
314 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
316 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
317 L2CAP_CONN_REQ, sizeof(req), &req);
320 struct l2cap_info_req req;
321 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
323 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
324 conn->info_ident = l2cap_get_ident(conn);
326 mod_timer(&conn->info_timer, jiffies +
327 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
329 l2cap_send_cmd(conn, conn->info_ident,
330 L2CAP_INFO_REQ, sizeof(req), &req);
334 /* ---- L2CAP connections ---- */
335 static void l2cap_conn_start(struct l2cap_conn *conn)
337 struct l2cap_chan_list *l = &conn->chan_list;
340 BT_DBG("conn %p", conn);
344 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
347 if (sk->sk_type != SOCK_SEQPACKET) {
352 if (sk->sk_state == BT_CONNECT) {
353 if (l2cap_check_security(sk)) {
354 struct l2cap_conn_req req;
355 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
356 req.psm = l2cap_pi(sk)->psm;
358 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
360 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
361 L2CAP_CONN_REQ, sizeof(req), &req);
363 } else if (sk->sk_state == BT_CONNECT2) {
364 struct l2cap_conn_rsp rsp;
365 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
366 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
368 if (l2cap_check_security(sk)) {
369 if (bt_sk(sk)->defer_setup) {
370 struct sock *parent = bt_sk(sk)->parent;
371 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
372 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
373 parent->sk_data_ready(parent, 0);
376 sk->sk_state = BT_CONFIG;
377 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
378 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
381 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
382 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
385 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
386 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
392 read_unlock(&l->lock);
395 static void l2cap_conn_ready(struct l2cap_conn *conn)
397 struct l2cap_chan_list *l = &conn->chan_list;
400 BT_DBG("conn %p", conn);
404 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
407 if (sk->sk_type != SOCK_SEQPACKET) {
408 l2cap_sock_clear_timer(sk);
409 sk->sk_state = BT_CONNECTED;
410 sk->sk_state_change(sk);
411 } else if (sk->sk_state == BT_CONNECT)
417 read_unlock(&l->lock);
420 /* Notify sockets that we cannot guaranty reliability anymore */
421 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
423 struct l2cap_chan_list *l = &conn->chan_list;
426 BT_DBG("conn %p", conn);
430 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
431 if (l2cap_pi(sk)->force_reliable)
435 read_unlock(&l->lock);
438 static void l2cap_info_timeout(unsigned long arg)
440 struct l2cap_conn *conn = (void *) arg;
442 conn->info_ident = 0;
444 l2cap_conn_start(conn);
447 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
449 struct l2cap_conn *conn = hcon->l2cap_data;
454 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
458 hcon->l2cap_data = conn;
461 BT_DBG("hcon %p conn %p", hcon, conn);
463 conn->mtu = hcon->hdev->acl_mtu;
464 conn->src = &hcon->hdev->bdaddr;
465 conn->dst = &hcon->dst;
469 setup_timer(&conn->info_timer, l2cap_info_timeout,
470 (unsigned long) conn);
472 spin_lock_init(&conn->lock);
473 rwlock_init(&conn->chan_list.lock);
478 static void l2cap_conn_del(struct hci_conn *hcon, int err)
480 struct l2cap_conn *conn = hcon->l2cap_data;
486 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
489 kfree_skb(conn->rx_skb);
492 while ((sk = conn->chan_list.head)) {
494 l2cap_chan_del(sk, err);
499 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
500 del_timer_sync(&conn->info_timer);
502 hcon->l2cap_data = NULL;
506 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
508 struct l2cap_chan_list *l = &conn->chan_list;
509 write_lock_bh(&l->lock);
510 __l2cap_chan_add(conn, sk, parent);
511 write_unlock_bh(&l->lock);
514 /* ---- Socket interface ---- */
515 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
518 struct hlist_node *node;
519 sk_for_each(sk, node, &l2cap_sk_list.head)
520 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
527 /* Find socket with psm and source bdaddr.
528 * Returns closest match.
530 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
532 struct sock *sk = NULL, *sk1 = NULL;
533 struct hlist_node *node;
535 sk_for_each(sk, node, &l2cap_sk_list.head) {
536 if (state && sk->sk_state != state)
539 if (l2cap_pi(sk)->psm == psm) {
541 if (!bacmp(&bt_sk(sk)->src, src))
545 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
549 return node ? sk : sk1;
552 /* Find socket with given address (psm, src).
553 * Returns locked socket */
554 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
557 read_lock(&l2cap_sk_list.lock);
558 s = __l2cap_get_sock_by_psm(state, psm, src);
559 if (s) bh_lock_sock(s);
560 read_unlock(&l2cap_sk_list.lock);
564 static void l2cap_sock_destruct(struct sock *sk)
568 skb_queue_purge(&sk->sk_receive_queue);
569 skb_queue_purge(&sk->sk_write_queue);
572 static void l2cap_sock_cleanup_listen(struct sock *parent)
576 BT_DBG("parent %p", parent);
578 /* Close not yet accepted channels */
579 while ((sk = bt_accept_dequeue(parent, NULL)))
580 l2cap_sock_close(sk);
582 parent->sk_state = BT_CLOSED;
583 sock_set_flag(parent, SOCK_ZAPPED);
586 /* Kill socket (only if zapped and orphan)
587 * Must be called on unlocked socket.
589 static void l2cap_sock_kill(struct sock *sk)
591 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
594 BT_DBG("sk %p state %d", sk, sk->sk_state);
596 /* Kill poor orphan */
597 bt_sock_unlink(&l2cap_sk_list, sk);
598 sock_set_flag(sk, SOCK_DEAD);
602 static void __l2cap_sock_close(struct sock *sk, int reason)
604 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
606 switch (sk->sk_state) {
608 l2cap_sock_cleanup_listen(sk);
613 if (sk->sk_type == SOCK_SEQPACKET) {
614 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
615 struct l2cap_disconn_req req;
617 sk->sk_state = BT_DISCONN;
618 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
620 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
621 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
622 l2cap_send_cmd(conn, l2cap_get_ident(conn),
623 L2CAP_DISCONN_REQ, sizeof(req), &req);
625 l2cap_chan_del(sk, reason);
629 if (sk->sk_type == SOCK_SEQPACKET) {
630 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
631 struct l2cap_conn_rsp rsp;
634 if (bt_sk(sk)->defer_setup)
635 result = L2CAP_CR_SEC_BLOCK;
637 result = L2CAP_CR_BAD_PSM;
639 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
640 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
641 rsp.result = cpu_to_le16(result);
642 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
643 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
644 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
646 l2cap_chan_del(sk, reason);
651 l2cap_chan_del(sk, reason);
655 sock_set_flag(sk, SOCK_ZAPPED);
660 /* Must be called on unlocked socket. */
661 static void l2cap_sock_close(struct sock *sk)
663 l2cap_sock_clear_timer(sk);
665 __l2cap_sock_close(sk, ECONNRESET);
670 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
672 struct l2cap_pinfo *pi = l2cap_pi(sk);
677 sk->sk_type = parent->sk_type;
678 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
680 pi->imtu = l2cap_pi(parent)->imtu;
681 pi->omtu = l2cap_pi(parent)->omtu;
682 pi->sec_level = l2cap_pi(parent)->sec_level;
683 pi->role_switch = l2cap_pi(parent)->role_switch;
684 pi->force_reliable = l2cap_pi(parent)->force_reliable;
686 pi->imtu = L2CAP_DEFAULT_MTU;
688 pi->sec_level = BT_SECURITY_LOW;
690 pi->force_reliable = 0;
693 /* Default config options */
695 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
698 static struct proto l2cap_proto = {
700 .owner = THIS_MODULE,
701 .obj_size = sizeof(struct l2cap_pinfo)
704 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
708 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
712 sock_init_data(sock, sk);
713 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
715 sk->sk_destruct = l2cap_sock_destruct;
716 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
718 sock_reset_flag(sk, SOCK_ZAPPED);
720 sk->sk_protocol = proto;
721 sk->sk_state = BT_OPEN;
723 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
725 bt_sock_link(&l2cap_sk_list, sk);
729 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
733 BT_DBG("sock %p", sock);
735 sock->state = SS_UNCONNECTED;
737 if (sock->type != SOCK_SEQPACKET &&
738 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
739 return -ESOCKTNOSUPPORT;
741 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
744 sock->ops = &l2cap_sock_ops;
746 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
750 l2cap_sock_init(sk, NULL);
754 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
756 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
757 struct sock *sk = sock->sk;
760 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
762 if (!addr || addr->sa_family != AF_BLUETOOTH)
767 if (sk->sk_state != BT_OPEN) {
772 if (la->l2_psm && btohs(la->l2_psm) < 0x1001 &&
773 !capable(CAP_NET_BIND_SERVICE)) {
778 write_lock_bh(&l2cap_sk_list.lock);
780 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
783 /* Save source address */
784 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
785 l2cap_pi(sk)->psm = la->l2_psm;
786 l2cap_pi(sk)->sport = la->l2_psm;
787 sk->sk_state = BT_BOUND;
789 if (btohs(la->l2_psm) == 0x0001)
790 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
793 write_unlock_bh(&l2cap_sk_list.lock);
800 static int l2cap_do_connect(struct sock *sk)
802 bdaddr_t *src = &bt_sk(sk)->src;
803 bdaddr_t *dst = &bt_sk(sk)->dst;
804 struct l2cap_conn *conn;
805 struct hci_conn *hcon;
806 struct hci_dev *hdev;
810 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
812 if (!(hdev = hci_get_route(dst, src)))
813 return -EHOSTUNREACH;
815 hci_dev_lock_bh(hdev);
819 if (sk->sk_type == SOCK_RAW) {
820 switch (l2cap_pi(sk)->sec_level) {
821 case BT_SECURITY_HIGH:
822 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
824 case BT_SECURITY_MEDIUM:
825 auth_type = HCI_AT_DEDICATED_BONDING;
828 auth_type = HCI_AT_NO_BONDING;
831 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
832 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
833 auth_type = HCI_AT_NO_BONDING_MITM;
835 auth_type = HCI_AT_NO_BONDING;
837 switch (l2cap_pi(sk)->sec_level) {
838 case BT_SECURITY_HIGH:
839 auth_type = HCI_AT_GENERAL_BONDING_MITM;
841 case BT_SECURITY_MEDIUM:
842 auth_type = HCI_AT_GENERAL_BONDING;
845 auth_type = HCI_AT_NO_BONDING;
850 hcon = hci_connect(hdev, ACL_LINK, dst,
851 l2cap_pi(sk)->sec_level, auth_type);
855 conn = l2cap_conn_add(hcon, 0);
863 /* Update source addr of the socket */
864 bacpy(src, conn->src);
866 l2cap_chan_add(conn, sk, NULL);
868 sk->sk_state = BT_CONNECT;
869 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
871 if (hcon->state == BT_CONNECTED) {
872 if (sk->sk_type != SOCK_SEQPACKET) {
873 l2cap_sock_clear_timer(sk);
874 sk->sk_state = BT_CONNECTED;
880 hci_dev_unlock_bh(hdev);
885 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
887 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
888 struct sock *sk = sock->sk;
895 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
900 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
905 switch(sk->sk_state) {
909 /* Already connecting */
913 /* Already connected */
926 /* Set destination address and psm */
927 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
928 l2cap_pi(sk)->psm = la->l2_psm;
930 if ((err = l2cap_do_connect(sk)))
934 err = bt_sock_wait_state(sk, BT_CONNECTED,
935 sock_sndtimeo(sk, flags & O_NONBLOCK));
941 static int l2cap_sock_listen(struct socket *sock, int backlog)
943 struct sock *sk = sock->sk;
946 BT_DBG("sk %p backlog %d", sk, backlog);
950 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
955 if (!l2cap_pi(sk)->psm) {
956 bdaddr_t *src = &bt_sk(sk)->src;
961 write_lock_bh(&l2cap_sk_list.lock);
963 for (psm = 0x1001; psm < 0x1100; psm += 2)
964 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
965 l2cap_pi(sk)->psm = htobs(psm);
966 l2cap_pi(sk)->sport = htobs(psm);
971 write_unlock_bh(&l2cap_sk_list.lock);
977 sk->sk_max_ack_backlog = backlog;
978 sk->sk_ack_backlog = 0;
979 sk->sk_state = BT_LISTEN;
986 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
988 DECLARE_WAITQUEUE(wait, current);
989 struct sock *sk = sock->sk, *nsk;
993 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
995 if (sk->sk_state != BT_LISTEN) {
1000 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1002 BT_DBG("sk %p timeo %ld", sk, timeo);
1004 /* Wait for an incoming connection. (wake-one). */
1005 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1006 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1007 set_current_state(TASK_INTERRUPTIBLE);
1014 timeo = schedule_timeout(timeo);
1015 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1017 if (sk->sk_state != BT_LISTEN) {
1022 if (signal_pending(current)) {
1023 err = sock_intr_errno(timeo);
1027 set_current_state(TASK_RUNNING);
1028 remove_wait_queue(sk->sk_sleep, &wait);
1033 newsock->state = SS_CONNECTED;
1035 BT_DBG("new socket %p", nsk);
1042 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1044 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1045 struct sock *sk = sock->sk;
1047 BT_DBG("sock %p, sk %p", sock, sk);
1049 addr->sa_family = AF_BLUETOOTH;
1050 *len = sizeof(struct sockaddr_l2);
1053 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1055 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1057 la->l2_psm = l2cap_pi(sk)->psm;
1061 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1063 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1064 struct sk_buff *skb, **frag;
1065 int err, hlen, count, sent=0;
1066 struct l2cap_hdr *lh;
1068 BT_DBG("sk %p len %d", sk, len);
1070 /* First fragment (with L2CAP header) */
1071 if (sk->sk_type == SOCK_DGRAM)
1072 hlen = L2CAP_HDR_SIZE + 2;
1074 hlen = L2CAP_HDR_SIZE;
1076 count = min_t(unsigned int, (conn->mtu - hlen), len);
1078 skb = bt_skb_send_alloc(sk, hlen + count,
1079 msg->msg_flags & MSG_DONTWAIT, &err);
1083 /* Create L2CAP header */
1084 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1085 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1086 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1088 if (sk->sk_type == SOCK_DGRAM)
1089 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1091 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1099 /* Continuation fragments (no L2CAP header) */
1100 frag = &skb_shinfo(skb)->frag_list;
1102 count = min_t(unsigned int, conn->mtu, len);
1104 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1108 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1116 frag = &(*frag)->next;
1119 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1129 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1131 struct sock *sk = sock->sk;
1134 BT_DBG("sock %p, sk %p", sock, sk);
1136 err = sock_error(sk);
1140 if (msg->msg_flags & MSG_OOB)
1143 /* Check outgoing MTU */
1144 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1149 if (sk->sk_state == BT_CONNECTED)
1150 err = l2cap_do_send(sk, msg, len);
1158 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1160 struct sock *sk = sock->sk;
1164 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1165 struct l2cap_conn_rsp rsp;
1167 sk->sk_state = BT_CONFIG;
1169 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1170 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1171 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1172 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1173 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1174 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1182 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1185 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1187 struct sock *sk = sock->sk;
1188 struct l2cap_options opts;
1192 BT_DBG("sk %p", sk);
1198 opts.imtu = l2cap_pi(sk)->imtu;
1199 opts.omtu = l2cap_pi(sk)->omtu;
1200 opts.flush_to = l2cap_pi(sk)->flush_to;
1201 opts.mode = L2CAP_MODE_BASIC;
1203 len = min_t(unsigned int, sizeof(opts), optlen);
1204 if (copy_from_user((char *) &opts, optval, len)) {
1209 l2cap_pi(sk)->imtu = opts.imtu;
1210 l2cap_pi(sk)->omtu = opts.omtu;
1214 if (get_user(opt, (u32 __user *) optval)) {
1219 if (opt & L2CAP_LM_AUTH)
1220 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1221 if (opt & L2CAP_LM_ENCRYPT)
1222 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1223 if (opt & L2CAP_LM_SECURE)
1224 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1226 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1227 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1239 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1241 struct sock *sk = sock->sk;
1242 struct bt_security sec;
1246 BT_DBG("sk %p", sk);
1248 if (level == SOL_L2CAP)
1249 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1251 if (level != SOL_BLUETOOTH)
1252 return -ENOPROTOOPT;
1258 if (sk->sk_type != SOCK_SEQPACKET) {
1263 sec.level = BT_SECURITY_LOW;
1265 len = min_t(unsigned int, sizeof(sec), optlen);
1266 if (copy_from_user((char *) &sec, optval, len)) {
1271 if (sec.level < BT_SECURITY_LOW ||
1272 sec.level > BT_SECURITY_HIGH) {
1277 l2cap_pi(sk)->sec_level = sec.level;
1280 case BT_DEFER_SETUP:
1281 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1286 if (get_user(opt, (u32 __user *) optval)) {
1291 bt_sk(sk)->defer_setup = opt;
1303 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1305 struct sock *sk = sock->sk;
1306 struct l2cap_options opts;
1307 struct l2cap_conninfo cinfo;
1311 BT_DBG("sk %p", sk);
1313 if (get_user(len, optlen))
1320 opts.imtu = l2cap_pi(sk)->imtu;
1321 opts.omtu = l2cap_pi(sk)->omtu;
1322 opts.flush_to = l2cap_pi(sk)->flush_to;
1323 opts.mode = L2CAP_MODE_BASIC;
1325 len = min_t(unsigned int, len, sizeof(opts));
1326 if (copy_to_user(optval, (char *) &opts, len))
1332 switch (l2cap_pi(sk)->sec_level) {
1333 case BT_SECURITY_LOW:
1334 opt = L2CAP_LM_AUTH;
1336 case BT_SECURITY_MEDIUM:
1337 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1339 case BT_SECURITY_HIGH:
1340 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1348 if (l2cap_pi(sk)->role_switch)
1349 opt |= L2CAP_LM_MASTER;
1351 if (l2cap_pi(sk)->force_reliable)
1352 opt |= L2CAP_LM_RELIABLE;
1354 if (put_user(opt, (u32 __user *) optval))
1358 case L2CAP_CONNINFO:
1359 if (sk->sk_state != BT_CONNECTED &&
1360 !(sk->sk_state == BT_CONNECT2 &&
1361 bt_sk(sk)->defer_setup)) {
1366 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1367 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1369 len = min_t(unsigned int, len, sizeof(cinfo));
1370 if (copy_to_user(optval, (char *) &cinfo, len))
1384 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1386 struct sock *sk = sock->sk;
1387 struct bt_security sec;
1390 BT_DBG("sk %p", sk);
1392 if (level == SOL_L2CAP)
1393 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1395 if (level != SOL_BLUETOOTH)
1396 return -ENOPROTOOPT;
1398 if (get_user(len, optlen))
1405 if (sk->sk_type != SOCK_SEQPACKET) {
1410 sec.level = l2cap_pi(sk)->sec_level;
1412 len = min_t(unsigned int, len, sizeof(sec));
1413 if (copy_to_user(optval, (char *) &sec, len))
1418 case BT_DEFER_SETUP:
1419 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1424 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1438 static int l2cap_sock_shutdown(struct socket *sock, int how)
1440 struct sock *sk = sock->sk;
1443 BT_DBG("sock %p, sk %p", sock, sk);
1449 if (!sk->sk_shutdown) {
1450 sk->sk_shutdown = SHUTDOWN_MASK;
1451 l2cap_sock_clear_timer(sk);
1452 __l2cap_sock_close(sk, 0);
1454 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1455 err = bt_sock_wait_state(sk, BT_CLOSED,
1462 static int l2cap_sock_release(struct socket *sock)
1464 struct sock *sk = sock->sk;
1467 BT_DBG("sock %p, sk %p", sock, sk);
1472 err = l2cap_sock_shutdown(sock, 2);
1475 l2cap_sock_kill(sk);
1479 static void l2cap_chan_ready(struct sock *sk)
1481 struct sock *parent = bt_sk(sk)->parent;
1483 BT_DBG("sk %p, parent %p", sk, parent);
1485 l2cap_pi(sk)->conf_state = 0;
1486 l2cap_sock_clear_timer(sk);
1489 /* Outgoing channel.
1490 * Wake up socket sleeping on connect.
1492 sk->sk_state = BT_CONNECTED;
1493 sk->sk_state_change(sk);
1495 /* Incoming channel.
1496 * Wake up socket sleeping on accept.
1498 parent->sk_data_ready(parent, 0);
1502 /* Copy frame to all raw sockets on that connection */
1503 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1505 struct l2cap_chan_list *l = &conn->chan_list;
1506 struct sk_buff *nskb;
1509 BT_DBG("conn %p", conn);
1511 read_lock(&l->lock);
1512 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1513 if (sk->sk_type != SOCK_RAW)
1516 /* Don't send frame to the socket it came from */
1520 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1523 if (sock_queue_rcv_skb(sk, nskb))
1526 read_unlock(&l->lock);
1529 /* ---- L2CAP signalling commands ---- */
1530 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1531 u8 code, u8 ident, u16 dlen, void *data)
1533 struct sk_buff *skb, **frag;
1534 struct l2cap_cmd_hdr *cmd;
1535 struct l2cap_hdr *lh;
1538 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1540 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1541 count = min_t(unsigned int, conn->mtu, len);
1543 skb = bt_skb_alloc(count, GFP_ATOMIC);
1547 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1548 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1549 lh->cid = cpu_to_le16(0x0001);
1551 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1554 cmd->len = cpu_to_le16(dlen);
1557 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1558 memcpy(skb_put(skb, count), data, count);
1564 /* Continuation fragments (no L2CAP header) */
1565 frag = &skb_shinfo(skb)->frag_list;
1567 count = min_t(unsigned int, conn->mtu, len);
1569 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1573 memcpy(skb_put(*frag, count), data, count);
1578 frag = &(*frag)->next;
1588 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1590 struct l2cap_conf_opt *opt = *ptr;
1593 len = L2CAP_CONF_OPT_SIZE + opt->len;
1601 *val = *((u8 *) opt->val);
1605 *val = __le16_to_cpu(*((__le16 *) opt->val));
1609 *val = __le32_to_cpu(*((__le32 *) opt->val));
1613 *val = (unsigned long) opt->val;
1617 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1621 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1623 struct l2cap_conf_opt *opt = *ptr;
1625 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1632 *((u8 *) opt->val) = val;
1636 *((__le16 *) opt->val) = cpu_to_le16(val);
1640 *((__le32 *) opt->val) = cpu_to_le32(val);
1644 memcpy(opt->val, (void *) val, len);
1648 *ptr += L2CAP_CONF_OPT_SIZE + len;
1651 static int l2cap_build_conf_req(struct sock *sk, void *data)
1653 struct l2cap_pinfo *pi = l2cap_pi(sk);
1654 struct l2cap_conf_req *req = data;
1655 void *ptr = req->data;
1657 BT_DBG("sk %p", sk);
1659 if (pi->imtu != L2CAP_DEFAULT_MTU)
1660 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1662 /* FIXME: Need actual value of the flush timeout */
1663 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1664 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1666 req->dcid = cpu_to_le16(pi->dcid);
1667 req->flags = cpu_to_le16(0);
1672 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1674 struct l2cap_pinfo *pi = l2cap_pi(sk);
1675 struct l2cap_conf_rsp *rsp = data;
1676 void *ptr = rsp->data;
1677 void *req = pi->conf_req;
1678 int len = pi->conf_len;
1679 int type, hint, olen;
1681 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1682 u16 mtu = L2CAP_DEFAULT_MTU;
1683 u16 result = L2CAP_CONF_SUCCESS;
1685 BT_DBG("sk %p", sk);
1687 while (len >= L2CAP_CONF_OPT_SIZE) {
1688 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1694 case L2CAP_CONF_MTU:
1698 case L2CAP_CONF_FLUSH_TO:
1702 case L2CAP_CONF_QOS:
1705 case L2CAP_CONF_RFC:
1706 if (olen == sizeof(rfc))
1707 memcpy(&rfc, (void *) val, olen);
1714 result = L2CAP_CONF_UNKNOWN;
1715 *((u8 *) ptr++) = type;
1720 if (result == L2CAP_CONF_SUCCESS) {
1721 /* Configure output options and let the other side know
1722 * which ones we don't like. */
1724 if (rfc.mode == L2CAP_MODE_BASIC) {
1726 result = L2CAP_CONF_UNACCEPT;
1729 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1732 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1734 result = L2CAP_CONF_UNACCEPT;
1736 memset(&rfc, 0, sizeof(rfc));
1737 rfc.mode = L2CAP_MODE_BASIC;
1739 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1740 sizeof(rfc), (unsigned long) &rfc);
1744 rsp->scid = cpu_to_le16(pi->dcid);
1745 rsp->result = cpu_to_le16(result);
1746 rsp->flags = cpu_to_le16(0x0000);
1751 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1753 struct l2cap_conf_rsp *rsp = data;
1754 void *ptr = rsp->data;
1756 BT_DBG("sk %p", sk);
1758 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1759 rsp->result = cpu_to_le16(result);
1760 rsp->flags = cpu_to_le16(flags);
1765 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1767 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1769 if (rej->reason != 0x0000)
1772 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1773 cmd->ident == conn->info_ident) {
1774 conn->info_ident = 0;
1775 del_timer(&conn->info_timer);
1776 l2cap_conn_start(conn);
1782 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1784 struct l2cap_chan_list *list = &conn->chan_list;
1785 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1786 struct l2cap_conn_rsp rsp;
1787 struct sock *sk, *parent;
1788 int result, status = L2CAP_CS_NO_INFO;
1790 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1791 __le16 psm = req->psm;
1793 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1795 /* Check if we have socket listening on psm */
1796 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1798 result = L2CAP_CR_BAD_PSM;
1802 /* Check if the ACL is secure enough (if not SDP) */
1803 if (psm != cpu_to_le16(0x0001) &&
1804 !hci_conn_check_link_mode(conn->hcon)) {
1805 result = L2CAP_CR_SEC_BLOCK;
1809 result = L2CAP_CR_NO_MEM;
1811 /* Check for backlog size */
1812 if (sk_acceptq_is_full(parent)) {
1813 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1817 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1821 write_lock_bh(&list->lock);
1823 /* Check if we already have channel with that dcid */
1824 if (__l2cap_get_chan_by_dcid(list, scid)) {
1825 write_unlock_bh(&list->lock);
1826 sock_set_flag(sk, SOCK_ZAPPED);
1827 l2cap_sock_kill(sk);
1831 hci_conn_hold(conn->hcon);
1833 l2cap_sock_init(sk, parent);
1834 bacpy(&bt_sk(sk)->src, conn->src);
1835 bacpy(&bt_sk(sk)->dst, conn->dst);
1836 l2cap_pi(sk)->psm = psm;
1837 l2cap_pi(sk)->dcid = scid;
1839 __l2cap_chan_add(conn, sk, parent);
1840 dcid = l2cap_pi(sk)->scid;
1842 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1844 l2cap_pi(sk)->ident = cmd->ident;
1846 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
1847 if (l2cap_check_security(sk)) {
1848 if (bt_sk(sk)->defer_setup) {
1849 sk->sk_state = BT_CONNECT2;
1850 result = L2CAP_CR_PEND;
1851 status = L2CAP_CS_AUTHOR_PEND;
1852 parent->sk_data_ready(parent, 0);
1854 sk->sk_state = BT_CONFIG;
1855 result = L2CAP_CR_SUCCESS;
1856 status = L2CAP_CS_NO_INFO;
1859 sk->sk_state = BT_CONNECT2;
1860 result = L2CAP_CR_PEND;
1861 status = L2CAP_CS_AUTHEN_PEND;
1864 sk->sk_state = BT_CONNECT2;
1865 result = L2CAP_CR_PEND;
1866 status = L2CAP_CS_NO_INFO;
1869 write_unlock_bh(&list->lock);
1872 bh_unlock_sock(parent);
1875 rsp.scid = cpu_to_le16(scid);
1876 rsp.dcid = cpu_to_le16(dcid);
1877 rsp.result = cpu_to_le16(result);
1878 rsp.status = cpu_to_le16(status);
1879 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1881 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1882 struct l2cap_info_req info;
1883 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1885 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1886 conn->info_ident = l2cap_get_ident(conn);
1888 mod_timer(&conn->info_timer, jiffies +
1889 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1891 l2cap_send_cmd(conn, conn->info_ident,
1892 L2CAP_INFO_REQ, sizeof(info), &info);
1898 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1900 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1901 u16 scid, dcid, result, status;
1905 scid = __le16_to_cpu(rsp->scid);
1906 dcid = __le16_to_cpu(rsp->dcid);
1907 result = __le16_to_cpu(rsp->result);
1908 status = __le16_to_cpu(rsp->status);
1910 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1913 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1916 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1921 case L2CAP_CR_SUCCESS:
1922 sk->sk_state = BT_CONFIG;
1923 l2cap_pi(sk)->ident = 0;
1924 l2cap_pi(sk)->dcid = dcid;
1925 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1927 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1928 l2cap_build_conf_req(sk, req), req);
1935 l2cap_chan_del(sk, ECONNREFUSED);
1943 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1945 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1951 dcid = __le16_to_cpu(req->dcid);
1952 flags = __le16_to_cpu(req->flags);
1954 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1956 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1959 if (sk->sk_state == BT_DISCONN)
1962 /* Reject if config buffer is too small. */
1963 len = cmd_len - sizeof(*req);
1964 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
1965 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1966 l2cap_build_conf_rsp(sk, rsp,
1967 L2CAP_CONF_REJECT, flags), rsp);
1972 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
1973 l2cap_pi(sk)->conf_len += len;
1975 if (flags & 0x0001) {
1976 /* Incomplete config. Send empty response. */
1977 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1978 l2cap_build_conf_rsp(sk, rsp,
1979 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1983 /* Complete config. */
1984 len = l2cap_parse_conf_req(sk, rsp);
1988 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
1990 /* Reset config buffer. */
1991 l2cap_pi(sk)->conf_len = 0;
1993 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
1996 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
1997 sk->sk_state = BT_CONNECTED;
1998 l2cap_chan_ready(sk);
2002 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2004 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2005 l2cap_build_conf_req(sk, buf), buf);
2013 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2015 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2016 u16 scid, flags, result;
2019 scid = __le16_to_cpu(rsp->scid);
2020 flags = __le16_to_cpu(rsp->flags);
2021 result = __le16_to_cpu(rsp->result);
2023 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
2025 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2029 case L2CAP_CONF_SUCCESS:
2032 case L2CAP_CONF_UNACCEPT:
2033 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2035 /* It does not make sense to adjust L2CAP parameters
2036 * that are currently defined in the spec. We simply
2037 * resend config request that we sent earlier. It is
2038 * stupid, but it helps qualification testing which
2039 * expects at least some response from us. */
2040 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2041 l2cap_build_conf_req(sk, req), req);
2046 sk->sk_state = BT_DISCONN;
2047 sk->sk_err = ECONNRESET;
2048 l2cap_sock_set_timer(sk, HZ * 5);
2050 struct l2cap_disconn_req req;
2051 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2052 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2053 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2054 L2CAP_DISCONN_REQ, sizeof(req), &req);
2062 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2064 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2065 sk->sk_state = BT_CONNECTED;
2066 l2cap_chan_ready(sk);
2074 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2076 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2077 struct l2cap_disconn_rsp rsp;
2081 scid = __le16_to_cpu(req->scid);
2082 dcid = __le16_to_cpu(req->dcid);
2084 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2086 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2089 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2090 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2091 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2093 sk->sk_shutdown = SHUTDOWN_MASK;
2095 l2cap_chan_del(sk, ECONNRESET);
2098 l2cap_sock_kill(sk);
2102 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2104 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2108 scid = __le16_to_cpu(rsp->scid);
2109 dcid = __le16_to_cpu(rsp->dcid);
2111 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2113 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2116 l2cap_chan_del(sk, 0);
2119 l2cap_sock_kill(sk);
2123 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2125 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2128 type = __le16_to_cpu(req->type);
2130 BT_DBG("type 0x%4.4x", type);
2132 if (type == L2CAP_IT_FEAT_MASK) {
2134 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2135 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2136 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2137 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2138 l2cap_send_cmd(conn, cmd->ident,
2139 L2CAP_INFO_RSP, sizeof(buf), buf);
2141 struct l2cap_info_rsp rsp;
2142 rsp.type = cpu_to_le16(type);
2143 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2144 l2cap_send_cmd(conn, cmd->ident,
2145 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2151 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2153 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2156 type = __le16_to_cpu(rsp->type);
2157 result = __le16_to_cpu(rsp->result);
2159 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2161 conn->info_ident = 0;
2163 del_timer(&conn->info_timer);
2165 if (type == L2CAP_IT_FEAT_MASK)
2166 conn->feat_mask = get_unaligned_le32(rsp->data);
2168 l2cap_conn_start(conn);
2173 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2175 u8 *data = skb->data;
2177 struct l2cap_cmd_hdr cmd;
2180 l2cap_raw_recv(conn, skb);
2182 while (len >= L2CAP_CMD_HDR_SIZE) {
2184 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2185 data += L2CAP_CMD_HDR_SIZE;
2186 len -= L2CAP_CMD_HDR_SIZE;
2188 cmd_len = le16_to_cpu(cmd.len);
2190 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
2192 if (cmd_len > len || !cmd.ident) {
2193 BT_DBG("corrupted command");
2198 case L2CAP_COMMAND_REJ:
2199 l2cap_command_rej(conn, &cmd, data);
2202 case L2CAP_CONN_REQ:
2203 err = l2cap_connect_req(conn, &cmd, data);
2206 case L2CAP_CONN_RSP:
2207 err = l2cap_connect_rsp(conn, &cmd, data);
2210 case L2CAP_CONF_REQ:
2211 err = l2cap_config_req(conn, &cmd, cmd_len, data);
2214 case L2CAP_CONF_RSP:
2215 err = l2cap_config_rsp(conn, &cmd, data);
2218 case L2CAP_DISCONN_REQ:
2219 err = l2cap_disconnect_req(conn, &cmd, data);
2222 case L2CAP_DISCONN_RSP:
2223 err = l2cap_disconnect_rsp(conn, &cmd, data);
2226 case L2CAP_ECHO_REQ:
2227 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
2230 case L2CAP_ECHO_RSP:
2233 case L2CAP_INFO_REQ:
2234 err = l2cap_information_req(conn, &cmd, data);
2237 case L2CAP_INFO_RSP:
2238 err = l2cap_information_rsp(conn, &cmd, data);
2242 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2248 struct l2cap_cmd_rej rej;
2249 BT_DBG("error %d", err);
2251 /* FIXME: Map err to a valid reason */
2252 rej.reason = cpu_to_le16(0);
2253 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2263 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2267 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2269 BT_DBG("unknown cid 0x%4.4x", cid);
2273 BT_DBG("sk %p, len %d", sk, skb->len);
2275 if (sk->sk_state != BT_CONNECTED)
2278 if (l2cap_pi(sk)->imtu < skb->len)
2281 /* If socket recv buffers overflows we drop data here
2282 * which is *bad* because L2CAP has to be reliable.
2283 * But we don't have any other choice. L2CAP doesn't
2284 * provide flow control mechanism. */
2286 if (!sock_queue_rcv_skb(sk, skb))
2299 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
2303 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2307 BT_DBG("sk %p, len %d", sk, skb->len);
2309 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2312 if (l2cap_pi(sk)->imtu < skb->len)
2315 if (!sock_queue_rcv_skb(sk, skb))
2322 if (sk) bh_unlock_sock(sk);
2326 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2328 struct l2cap_hdr *lh = (void *) skb->data;
2332 skb_pull(skb, L2CAP_HDR_SIZE);
2333 cid = __le16_to_cpu(lh->cid);
2334 len = __le16_to_cpu(lh->len);
2336 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2340 l2cap_sig_channel(conn, skb);
2344 psm = get_unaligned((__le16 *) skb->data);
2346 l2cap_conless_channel(conn, psm, skb);
2350 l2cap_data_channel(conn, cid, skb);
2355 /* ---- L2CAP interface with lower layer (HCI) ---- */
2357 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2359 int exact = 0, lm1 = 0, lm2 = 0;
2360 register struct sock *sk;
2361 struct hlist_node *node;
2363 if (type != ACL_LINK)
2366 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2368 /* Find listening sockets and check their link_mode */
2369 read_lock(&l2cap_sk_list.lock);
2370 sk_for_each(sk, node, &l2cap_sk_list.head) {
2371 if (sk->sk_state != BT_LISTEN)
2374 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2375 lm1 |= HCI_LM_ACCEPT;
2376 if (l2cap_pi(sk)->role_switch)
2377 lm1 |= HCI_LM_MASTER;
2379 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2380 lm2 |= HCI_LM_ACCEPT;
2381 if (l2cap_pi(sk)->role_switch)
2382 lm2 |= HCI_LM_MASTER;
2385 read_unlock(&l2cap_sk_list.lock);
2387 return exact ? lm1 : lm2;
2390 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2392 struct l2cap_conn *conn;
2394 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2396 if (hcon->type != ACL_LINK)
2400 conn = l2cap_conn_add(hcon, status);
2402 l2cap_conn_ready(conn);
2404 l2cap_conn_del(hcon, bt_err(status));
2409 static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2411 BT_DBG("hcon %p reason %d", hcon, reason);
2413 if (hcon->type != ACL_LINK)
2416 l2cap_conn_del(hcon, bt_err(reason));
2421 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2423 if (encrypt == 0x00) {
2424 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2425 l2cap_sock_clear_timer(sk);
2426 l2cap_sock_set_timer(sk, HZ * 5);
2427 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2428 __l2cap_sock_close(sk, ECONNREFUSED);
2430 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2431 l2cap_sock_clear_timer(sk);
2435 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2437 struct l2cap_chan_list *l;
2438 struct l2cap_conn *conn = hcon->l2cap_data;
2444 l = &conn->chan_list;
2446 BT_DBG("conn %p", conn);
2448 read_lock(&l->lock);
2450 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2453 if (!status && (sk->sk_state == BT_CONNECTED ||
2454 sk->sk_state == BT_CONFIG)) {
2455 l2cap_check_encryption(sk, encrypt);
2460 if (sk->sk_state == BT_CONNECT) {
2462 struct l2cap_conn_req req;
2463 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2464 req.psm = l2cap_pi(sk)->psm;
2466 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2468 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2469 L2CAP_CONN_REQ, sizeof(req), &req);
2471 l2cap_sock_clear_timer(sk);
2472 l2cap_sock_set_timer(sk, HZ / 10);
2474 } else if (sk->sk_state == BT_CONNECT2) {
2475 struct l2cap_conn_rsp rsp;
2479 sk->sk_state = BT_CONFIG;
2480 result = L2CAP_CR_SUCCESS;
2482 sk->sk_state = BT_DISCONN;
2483 l2cap_sock_set_timer(sk, HZ / 10);
2484 result = L2CAP_CR_SEC_BLOCK;
2487 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2488 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2489 rsp.result = cpu_to_le16(result);
2490 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2491 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2492 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2498 read_unlock(&l->lock);
2503 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2505 struct l2cap_conn *conn = hcon->l2cap_data;
2507 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2510 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2512 if (flags & ACL_START) {
2513 struct l2cap_hdr *hdr;
2517 BT_ERR("Unexpected start frame (len %d)", skb->len);
2518 kfree_skb(conn->rx_skb);
2519 conn->rx_skb = NULL;
2521 l2cap_conn_unreliable(conn, ECOMM);
2525 BT_ERR("Frame is too short (len %d)", skb->len);
2526 l2cap_conn_unreliable(conn, ECOMM);
2530 hdr = (struct l2cap_hdr *) skb->data;
2531 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2533 if (len == skb->len) {
2534 /* Complete frame received */
2535 l2cap_recv_frame(conn, skb);
2539 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2541 if (skb->len > len) {
2542 BT_ERR("Frame is too long (len %d, expected len %d)",
2544 l2cap_conn_unreliable(conn, ECOMM);
2548 /* Allocate skb for the complete frame (with header) */
2549 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2552 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2554 conn->rx_len = len - skb->len;
2556 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2558 if (!conn->rx_len) {
2559 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2560 l2cap_conn_unreliable(conn, ECOMM);
2564 if (skb->len > conn->rx_len) {
2565 BT_ERR("Fragment is too long (len %d, expected %d)",
2566 skb->len, conn->rx_len);
2567 kfree_skb(conn->rx_skb);
2568 conn->rx_skb = NULL;
2570 l2cap_conn_unreliable(conn, ECOMM);
2574 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2576 conn->rx_len -= skb->len;
2578 if (!conn->rx_len) {
2579 /* Complete frame received */
2580 l2cap_recv_frame(conn, conn->rx_skb);
2581 conn->rx_skb = NULL;
2590 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
2593 struct hlist_node *node;
2596 read_lock_bh(&l2cap_sk_list.lock);
2598 sk_for_each(sk, node, &l2cap_sk_list.head) {
2599 struct l2cap_pinfo *pi = l2cap_pi(sk);
2601 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
2602 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2603 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2604 pi->imtu, pi->omtu, pi->sec_level);
2607 read_unlock_bh(&l2cap_sk_list.lock);
2612 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
2614 static const struct proto_ops l2cap_sock_ops = {
2615 .family = PF_BLUETOOTH,
2616 .owner = THIS_MODULE,
2617 .release = l2cap_sock_release,
2618 .bind = l2cap_sock_bind,
2619 .connect = l2cap_sock_connect,
2620 .listen = l2cap_sock_listen,
2621 .accept = l2cap_sock_accept,
2622 .getname = l2cap_sock_getname,
2623 .sendmsg = l2cap_sock_sendmsg,
2624 .recvmsg = l2cap_sock_recvmsg,
2625 .poll = bt_sock_poll,
2626 .ioctl = bt_sock_ioctl,
2627 .mmap = sock_no_mmap,
2628 .socketpair = sock_no_socketpair,
2629 .shutdown = l2cap_sock_shutdown,
2630 .setsockopt = l2cap_sock_setsockopt,
2631 .getsockopt = l2cap_sock_getsockopt
2634 static struct net_proto_family l2cap_sock_family_ops = {
2635 .family = PF_BLUETOOTH,
2636 .owner = THIS_MODULE,
2637 .create = l2cap_sock_create,
2640 static struct hci_proto l2cap_hci_proto = {
2642 .id = HCI_PROTO_L2CAP,
2643 .connect_ind = l2cap_connect_ind,
2644 .connect_cfm = l2cap_connect_cfm,
2645 .disconn_ind = l2cap_disconn_ind,
2646 .security_cfm = l2cap_security_cfm,
2647 .recv_acldata = l2cap_recv_acldata
2650 static int __init l2cap_init(void)
2654 err = proto_register(&l2cap_proto, 0);
2658 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2660 BT_ERR("L2CAP socket registration failed");
2664 err = hci_register_proto(&l2cap_hci_proto);
2666 BT_ERR("L2CAP protocol registration failed");
2667 bt_sock_unregister(BTPROTO_L2CAP);
2671 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2672 BT_ERR("Failed to create L2CAP info file");
2674 BT_INFO("L2CAP ver %s", VERSION);
2675 BT_INFO("L2CAP socket layer initialized");
2680 proto_unregister(&l2cap_proto);
2684 static void __exit l2cap_exit(void)
2686 class_remove_file(bt_class, &class_attr_l2cap);
2688 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2689 BT_ERR("L2CAP socket unregistration failed");
2691 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2692 BT_ERR("L2CAP protocol unregistration failed");
2694 proto_unregister(&l2cap_proto);
2697 void l2cap_load(void)
2699 /* Dummy function to trigger automatic L2CAP module loading by
2700 * other modules that use L2CAP sockets but don't use any other
2701 * symbols from it. */
2704 EXPORT_SYMBOL(l2cap_load);
2706 module_init(l2cap_init);
2707 module_exit(l2cap_exit);
2709 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2710 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2711 MODULE_VERSION(VERSION);
2712 MODULE_LICENSE("GPL");
2713 MODULE_ALIAS("bt-proto-0");