2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth L2CAP core and sockets. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <linux/uaccess.h>
46 #include <asm/system.h>
47 #include <asm/unaligned.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
53 #define VERSION "2.14"
55 static int enable_ertm = 0;
57 static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
58 static u8 l2cap_fixed_chan[8] = { 0x02, };
60 static const struct proto_ops l2cap_sock_ops;
62 static struct bt_sock_list l2cap_sk_list = {
63 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
66 static void __l2cap_sock_close(struct sock *sk, int reason);
67 static void l2cap_sock_close(struct sock *sk);
68 static void l2cap_sock_kill(struct sock *sk);
70 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
71 u8 code, u8 ident, u16 dlen, void *data);
73 /* ---- L2CAP timers ---- */
74 static void l2cap_sock_timeout(unsigned long arg)
76 struct sock *sk = (struct sock *) arg;
79 BT_DBG("sock %p state %d", sk, sk->sk_state);
83 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
84 reason = ECONNREFUSED;
85 else if (sk->sk_state == BT_CONNECT &&
86 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
87 reason = ECONNREFUSED;
91 __l2cap_sock_close(sk, reason);
99 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
101 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
102 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
105 static void l2cap_sock_clear_timer(struct sock *sk)
107 BT_DBG("sock %p state %d", sk, sk->sk_state);
108 sk_stop_timer(sk, &sk->sk_timer);
111 /* ---- L2CAP channels ---- */
112 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
115 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
116 if (l2cap_pi(s)->dcid == cid)
122 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
125 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
126 if (l2cap_pi(s)->scid == cid)
132 /* Find channel with given SCID.
133 * Returns locked socket */
134 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
138 s = __l2cap_get_chan_by_scid(l, cid);
141 read_unlock(&l->lock);
145 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
148 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
149 if (l2cap_pi(s)->ident == ident)
155 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
159 s = __l2cap_get_chan_by_ident(l, ident);
162 read_unlock(&l->lock);
166 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
168 u16 cid = L2CAP_CID_DYN_START;
170 for (; cid < L2CAP_CID_DYN_END; cid++) {
171 if (!__l2cap_get_chan_by_scid(l, cid))
178 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
183 l2cap_pi(l->head)->prev_c = sk;
185 l2cap_pi(sk)->next_c = l->head;
186 l2cap_pi(sk)->prev_c = NULL;
190 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
192 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
194 write_lock_bh(&l->lock);
199 l2cap_pi(next)->prev_c = prev;
201 l2cap_pi(prev)->next_c = next;
202 write_unlock_bh(&l->lock);
207 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
209 struct l2cap_chan_list *l = &conn->chan_list;
211 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
212 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
214 conn->disc_reason = 0x13;
216 l2cap_pi(sk)->conn = conn;
218 if (sk->sk_type == SOCK_SEQPACKET) {
219 /* Alloc CID for connection-oriented socket */
220 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
221 } else if (sk->sk_type == SOCK_DGRAM) {
222 /* Connectionless socket */
223 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
224 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
225 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
227 /* Raw socket can send/recv signalling messages only */
228 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
229 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
230 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
233 __l2cap_chan_link(l, sk);
236 bt_accept_enqueue(parent, sk);
240 * Must be called on the locked socket. */
241 static void l2cap_chan_del(struct sock *sk, int err)
243 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
244 struct sock *parent = bt_sk(sk)->parent;
246 l2cap_sock_clear_timer(sk);
248 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
251 /* Unlink from channel list */
252 l2cap_chan_unlink(&conn->chan_list, sk);
253 l2cap_pi(sk)->conn = NULL;
254 hci_conn_put(conn->hcon);
257 sk->sk_state = BT_CLOSED;
258 sock_set_flag(sk, SOCK_ZAPPED);
264 bt_accept_unlink(sk);
265 parent->sk_data_ready(parent, 0);
267 sk->sk_state_change(sk);
270 /* Service level security */
271 static inline int l2cap_check_security(struct sock *sk)
273 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
276 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
277 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
278 auth_type = HCI_AT_NO_BONDING_MITM;
280 auth_type = HCI_AT_NO_BONDING;
282 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
283 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
285 switch (l2cap_pi(sk)->sec_level) {
286 case BT_SECURITY_HIGH:
287 auth_type = HCI_AT_GENERAL_BONDING_MITM;
289 case BT_SECURITY_MEDIUM:
290 auth_type = HCI_AT_GENERAL_BONDING;
293 auth_type = HCI_AT_NO_BONDING;
298 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
302 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
306 /* Get next available identificator.
307 * 1 - 128 are used by kernel.
308 * 129 - 199 are reserved.
309 * 200 - 254 are used by utilities like l2ping, etc.
312 spin_lock_bh(&conn->lock);
314 if (++conn->tx_ident > 128)
319 spin_unlock_bh(&conn->lock);
324 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
326 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
328 BT_DBG("code 0x%2.2x", code);
333 return hci_send_acl(conn->hcon, skb, 0);
336 static void l2cap_do_start(struct sock *sk)
338 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
340 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
341 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
344 if (l2cap_check_security(sk)) {
345 struct l2cap_conn_req req;
346 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
347 req.psm = l2cap_pi(sk)->psm;
349 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
351 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
352 L2CAP_CONN_REQ, sizeof(req), &req);
355 struct l2cap_info_req req;
356 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
358 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
359 conn->info_ident = l2cap_get_ident(conn);
361 mod_timer(&conn->info_timer, jiffies +
362 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
364 l2cap_send_cmd(conn, conn->info_ident,
365 L2CAP_INFO_REQ, sizeof(req), &req);
369 /* ---- L2CAP connections ---- */
370 static void l2cap_conn_start(struct l2cap_conn *conn)
372 struct l2cap_chan_list *l = &conn->chan_list;
375 BT_DBG("conn %p", conn);
379 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
382 if (sk->sk_type != SOCK_SEQPACKET) {
387 if (sk->sk_state == BT_CONNECT) {
388 if (l2cap_check_security(sk)) {
389 struct l2cap_conn_req req;
390 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
391 req.psm = l2cap_pi(sk)->psm;
393 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
395 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
396 L2CAP_CONN_REQ, sizeof(req), &req);
398 } else if (sk->sk_state == BT_CONNECT2) {
399 struct l2cap_conn_rsp rsp;
400 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
401 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
403 if (l2cap_check_security(sk)) {
404 if (bt_sk(sk)->defer_setup) {
405 struct sock *parent = bt_sk(sk)->parent;
406 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
407 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
408 parent->sk_data_ready(parent, 0);
411 sk->sk_state = BT_CONFIG;
412 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
413 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
416 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
417 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
420 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
421 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
427 read_unlock(&l->lock);
430 static void l2cap_conn_ready(struct l2cap_conn *conn)
432 struct l2cap_chan_list *l = &conn->chan_list;
435 BT_DBG("conn %p", conn);
439 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
442 if (sk->sk_type != SOCK_SEQPACKET) {
443 l2cap_sock_clear_timer(sk);
444 sk->sk_state = BT_CONNECTED;
445 sk->sk_state_change(sk);
446 } else if (sk->sk_state == BT_CONNECT)
452 read_unlock(&l->lock);
455 /* Notify sockets that we cannot guaranty reliability anymore */
456 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
458 struct l2cap_chan_list *l = &conn->chan_list;
461 BT_DBG("conn %p", conn);
465 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
466 if (l2cap_pi(sk)->force_reliable)
470 read_unlock(&l->lock);
473 static void l2cap_info_timeout(unsigned long arg)
475 struct l2cap_conn *conn = (void *) arg;
477 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
478 conn->info_ident = 0;
480 l2cap_conn_start(conn);
483 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
485 struct l2cap_conn *conn = hcon->l2cap_data;
490 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
494 hcon->l2cap_data = conn;
497 BT_DBG("hcon %p conn %p", hcon, conn);
499 conn->mtu = hcon->hdev->acl_mtu;
500 conn->src = &hcon->hdev->bdaddr;
501 conn->dst = &hcon->dst;
505 setup_timer(&conn->info_timer, l2cap_info_timeout,
506 (unsigned long) conn);
508 spin_lock_init(&conn->lock);
509 rwlock_init(&conn->chan_list.lock);
511 conn->disc_reason = 0x13;
516 static void l2cap_conn_del(struct hci_conn *hcon, int err)
518 struct l2cap_conn *conn = hcon->l2cap_data;
524 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
526 kfree_skb(conn->rx_skb);
529 while ((sk = conn->chan_list.head)) {
531 l2cap_chan_del(sk, err);
536 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
537 del_timer_sync(&conn->info_timer);
539 hcon->l2cap_data = NULL;
543 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
545 struct l2cap_chan_list *l = &conn->chan_list;
546 write_lock_bh(&l->lock);
547 __l2cap_chan_add(conn, sk, parent);
548 write_unlock_bh(&l->lock);
551 /* ---- Socket interface ---- */
552 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
555 struct hlist_node *node;
556 sk_for_each(sk, node, &l2cap_sk_list.head)
557 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
564 /* Find socket with psm and source bdaddr.
565 * Returns closest match.
567 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
569 struct sock *sk = NULL, *sk1 = NULL;
570 struct hlist_node *node;
572 sk_for_each(sk, node, &l2cap_sk_list.head) {
573 if (state && sk->sk_state != state)
576 if (l2cap_pi(sk)->psm == psm) {
578 if (!bacmp(&bt_sk(sk)->src, src))
582 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
586 return node ? sk : sk1;
589 /* Find socket with given address (psm, src).
590 * Returns locked socket */
591 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
594 read_lock(&l2cap_sk_list.lock);
595 s = __l2cap_get_sock_by_psm(state, psm, src);
598 read_unlock(&l2cap_sk_list.lock);
602 static void l2cap_sock_destruct(struct sock *sk)
606 skb_queue_purge(&sk->sk_receive_queue);
607 skb_queue_purge(&sk->sk_write_queue);
610 static void l2cap_sock_cleanup_listen(struct sock *parent)
614 BT_DBG("parent %p", parent);
616 /* Close not yet accepted channels */
617 while ((sk = bt_accept_dequeue(parent, NULL)))
618 l2cap_sock_close(sk);
620 parent->sk_state = BT_CLOSED;
621 sock_set_flag(parent, SOCK_ZAPPED);
624 /* Kill socket (only if zapped and orphan)
625 * Must be called on unlocked socket.
627 static void l2cap_sock_kill(struct sock *sk)
629 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
632 BT_DBG("sk %p state %d", sk, sk->sk_state);
634 /* Kill poor orphan */
635 bt_sock_unlink(&l2cap_sk_list, sk);
636 sock_set_flag(sk, SOCK_DEAD);
640 static void __l2cap_sock_close(struct sock *sk, int reason)
642 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
644 switch (sk->sk_state) {
646 l2cap_sock_cleanup_listen(sk);
651 if (sk->sk_type == SOCK_SEQPACKET) {
652 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
653 struct l2cap_disconn_req req;
655 sk->sk_state = BT_DISCONN;
656 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
658 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
659 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
660 l2cap_send_cmd(conn, l2cap_get_ident(conn),
661 L2CAP_DISCONN_REQ, sizeof(req), &req);
663 l2cap_chan_del(sk, reason);
667 if (sk->sk_type == SOCK_SEQPACKET) {
668 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
669 struct l2cap_conn_rsp rsp;
672 if (bt_sk(sk)->defer_setup)
673 result = L2CAP_CR_SEC_BLOCK;
675 result = L2CAP_CR_BAD_PSM;
677 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
678 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
679 rsp.result = cpu_to_le16(result);
680 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
681 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
682 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
684 l2cap_chan_del(sk, reason);
689 l2cap_chan_del(sk, reason);
693 sock_set_flag(sk, SOCK_ZAPPED);
698 /* Must be called on unlocked socket. */
699 static void l2cap_sock_close(struct sock *sk)
701 l2cap_sock_clear_timer(sk);
703 __l2cap_sock_close(sk, ECONNRESET);
708 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
710 struct l2cap_pinfo *pi = l2cap_pi(sk);
715 sk->sk_type = parent->sk_type;
716 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
718 pi->imtu = l2cap_pi(parent)->imtu;
719 pi->omtu = l2cap_pi(parent)->omtu;
720 pi->mode = l2cap_pi(parent)->mode;
721 pi->fcs = l2cap_pi(parent)->fcs;
722 pi->sec_level = l2cap_pi(parent)->sec_level;
723 pi->role_switch = l2cap_pi(parent)->role_switch;
724 pi->force_reliable = l2cap_pi(parent)->force_reliable;
726 pi->imtu = L2CAP_DEFAULT_MTU;
728 pi->mode = L2CAP_MODE_BASIC;
729 pi->fcs = L2CAP_FCS_CRC16;
730 pi->sec_level = BT_SECURITY_LOW;
732 pi->force_reliable = 0;
735 /* Default config options */
737 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
740 static struct proto l2cap_proto = {
742 .owner = THIS_MODULE,
743 .obj_size = sizeof(struct l2cap_pinfo)
746 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
750 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
754 sock_init_data(sock, sk);
755 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
757 sk->sk_destruct = l2cap_sock_destruct;
758 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
760 sock_reset_flag(sk, SOCK_ZAPPED);
762 sk->sk_protocol = proto;
763 sk->sk_state = BT_OPEN;
765 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
767 bt_sock_link(&l2cap_sk_list, sk);
771 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
775 BT_DBG("sock %p", sock);
777 sock->state = SS_UNCONNECTED;
779 if (sock->type != SOCK_SEQPACKET &&
780 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
781 return -ESOCKTNOSUPPORT;
783 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
786 sock->ops = &l2cap_sock_ops;
788 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
792 l2cap_sock_init(sk, NULL);
796 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
798 struct sock *sk = sock->sk;
799 struct sockaddr_l2 la;
804 if (!addr || addr->sa_family != AF_BLUETOOTH)
807 memset(&la, 0, sizeof(la));
808 len = min_t(unsigned int, sizeof(la), alen);
809 memcpy(&la, addr, len);
816 if (sk->sk_state != BT_OPEN) {
821 if (la.l2_psm && __le16_to_cpu(la.l2_psm) < 0x1001 &&
822 !capable(CAP_NET_BIND_SERVICE)) {
827 write_lock_bh(&l2cap_sk_list.lock);
829 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
832 /* Save source address */
833 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
834 l2cap_pi(sk)->psm = la.l2_psm;
835 l2cap_pi(sk)->sport = la.l2_psm;
836 sk->sk_state = BT_BOUND;
838 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
839 __le16_to_cpu(la.l2_psm) == 0x0003)
840 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
843 write_unlock_bh(&l2cap_sk_list.lock);
850 static int l2cap_do_connect(struct sock *sk)
852 bdaddr_t *src = &bt_sk(sk)->src;
853 bdaddr_t *dst = &bt_sk(sk)->dst;
854 struct l2cap_conn *conn;
855 struct hci_conn *hcon;
856 struct hci_dev *hdev;
860 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
863 hdev = hci_get_route(dst, src);
865 return -EHOSTUNREACH;
867 hci_dev_lock_bh(hdev);
871 if (sk->sk_type == SOCK_RAW) {
872 switch (l2cap_pi(sk)->sec_level) {
873 case BT_SECURITY_HIGH:
874 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
876 case BT_SECURITY_MEDIUM:
877 auth_type = HCI_AT_DEDICATED_BONDING;
880 auth_type = HCI_AT_NO_BONDING;
883 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
884 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
885 auth_type = HCI_AT_NO_BONDING_MITM;
887 auth_type = HCI_AT_NO_BONDING;
889 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
890 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
892 switch (l2cap_pi(sk)->sec_level) {
893 case BT_SECURITY_HIGH:
894 auth_type = HCI_AT_GENERAL_BONDING_MITM;
896 case BT_SECURITY_MEDIUM:
897 auth_type = HCI_AT_GENERAL_BONDING;
900 auth_type = HCI_AT_NO_BONDING;
905 hcon = hci_connect(hdev, ACL_LINK, dst,
906 l2cap_pi(sk)->sec_level, auth_type);
910 conn = l2cap_conn_add(hcon, 0);
918 /* Update source addr of the socket */
919 bacpy(src, conn->src);
921 l2cap_chan_add(conn, sk, NULL);
923 sk->sk_state = BT_CONNECT;
924 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
926 if (hcon->state == BT_CONNECTED) {
927 if (sk->sk_type != SOCK_SEQPACKET) {
928 l2cap_sock_clear_timer(sk);
929 sk->sk_state = BT_CONNECTED;
935 hci_dev_unlock_bh(hdev);
940 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
942 struct sock *sk = sock->sk;
943 struct sockaddr_l2 la;
948 if (!addr || addr->sa_family != AF_BLUETOOTH)
951 memset(&la, 0, sizeof(la));
952 len = min_t(unsigned int, sizeof(la), alen);
953 memcpy(&la, addr, len);
960 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
965 switch (l2cap_pi(sk)->mode) {
966 case L2CAP_MODE_BASIC:
968 case L2CAP_MODE_ERTM:
969 case L2CAP_MODE_STREAMING:
978 switch (sk->sk_state) {
982 /* Already connecting */
986 /* Already connected */
999 /* Set destination address and psm */
1000 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
1001 l2cap_pi(sk)->psm = la.l2_psm;
1003 err = l2cap_do_connect(sk);
1008 err = bt_sock_wait_state(sk, BT_CONNECTED,
1009 sock_sndtimeo(sk, flags & O_NONBLOCK));
1015 static int l2cap_sock_listen(struct socket *sock, int backlog)
1017 struct sock *sk = sock->sk;
1020 BT_DBG("sk %p backlog %d", sk, backlog);
1024 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
1029 switch (l2cap_pi(sk)->mode) {
1030 case L2CAP_MODE_BASIC:
1032 case L2CAP_MODE_ERTM:
1033 case L2CAP_MODE_STREAMING:
1042 if (!l2cap_pi(sk)->psm) {
1043 bdaddr_t *src = &bt_sk(sk)->src;
1048 write_lock_bh(&l2cap_sk_list.lock);
1050 for (psm = 0x1001; psm < 0x1100; psm += 2)
1051 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1052 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1053 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1058 write_unlock_bh(&l2cap_sk_list.lock);
1064 sk->sk_max_ack_backlog = backlog;
1065 sk->sk_ack_backlog = 0;
1066 sk->sk_state = BT_LISTEN;
1073 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1075 DECLARE_WAITQUEUE(wait, current);
1076 struct sock *sk = sock->sk, *nsk;
1080 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1082 if (sk->sk_state != BT_LISTEN) {
1087 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1089 BT_DBG("sk %p timeo %ld", sk, timeo);
1091 /* Wait for an incoming connection. (wake-one). */
1092 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1093 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1094 set_current_state(TASK_INTERRUPTIBLE);
1101 timeo = schedule_timeout(timeo);
1102 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1104 if (sk->sk_state != BT_LISTEN) {
1109 if (signal_pending(current)) {
1110 err = sock_intr_errno(timeo);
1114 set_current_state(TASK_RUNNING);
1115 remove_wait_queue(sk->sk_sleep, &wait);
1120 newsock->state = SS_CONNECTED;
1122 BT_DBG("new socket %p", nsk);
1129 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1131 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1132 struct sock *sk = sock->sk;
1134 BT_DBG("sock %p, sk %p", sock, sk);
1136 addr->sa_family = AF_BLUETOOTH;
1137 *len = sizeof(struct sockaddr_l2);
1140 la->l2_psm = l2cap_pi(sk)->psm;
1141 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1142 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1144 la->l2_psm = l2cap_pi(sk)->sport;
1145 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1146 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
1152 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1154 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1155 struct sk_buff *skb, **frag;
1156 int err, hlen, count, sent = 0;
1157 struct l2cap_hdr *lh;
1159 BT_DBG("sk %p len %d", sk, len);
1161 /* First fragment (with L2CAP header) */
1162 if (sk->sk_type == SOCK_DGRAM)
1163 hlen = L2CAP_HDR_SIZE + 2;
1165 hlen = L2CAP_HDR_SIZE;
1167 count = min_t(unsigned int, (conn->mtu - hlen), len);
1169 skb = bt_skb_send_alloc(sk, hlen + count,
1170 msg->msg_flags & MSG_DONTWAIT, &err);
1174 /* Create L2CAP header */
1175 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1176 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1177 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1179 if (sk->sk_type == SOCK_DGRAM)
1180 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1182 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1190 /* Continuation fragments (no L2CAP header) */
1191 frag = &skb_shinfo(skb)->frag_list;
1193 count = min_t(unsigned int, conn->mtu, len);
1195 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1199 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1207 frag = &(*frag)->next;
1209 err = hci_send_acl(conn->hcon, skb, 0);
1220 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1222 struct sock *sk = sock->sk;
1225 BT_DBG("sock %p, sk %p", sock, sk);
1227 err = sock_error(sk);
1231 if (msg->msg_flags & MSG_OOB)
1234 /* Check outgoing MTU */
1235 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1240 if (sk->sk_state == BT_CONNECTED)
1241 err = l2cap_do_send(sk, msg, len);
1249 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1251 struct sock *sk = sock->sk;
1255 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1256 struct l2cap_conn_rsp rsp;
1258 sk->sk_state = BT_CONFIG;
1260 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1261 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1262 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1263 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1264 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1265 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1273 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1276 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1278 struct sock *sk = sock->sk;
1279 struct l2cap_options opts;
1283 BT_DBG("sk %p", sk);
1289 opts.imtu = l2cap_pi(sk)->imtu;
1290 opts.omtu = l2cap_pi(sk)->omtu;
1291 opts.flush_to = l2cap_pi(sk)->flush_to;
1292 opts.mode = l2cap_pi(sk)->mode;
1294 len = min_t(unsigned int, sizeof(opts), optlen);
1295 if (copy_from_user((char *) &opts, optval, len)) {
1300 l2cap_pi(sk)->imtu = opts.imtu;
1301 l2cap_pi(sk)->omtu = opts.omtu;
1302 l2cap_pi(sk)->mode = opts.mode;
1306 if (get_user(opt, (u32 __user *) optval)) {
1311 if (opt & L2CAP_LM_AUTH)
1312 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1313 if (opt & L2CAP_LM_ENCRYPT)
1314 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1315 if (opt & L2CAP_LM_SECURE)
1316 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1318 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1319 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1331 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1333 struct sock *sk = sock->sk;
1334 struct bt_security sec;
1338 BT_DBG("sk %p", sk);
1340 if (level == SOL_L2CAP)
1341 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1343 if (level != SOL_BLUETOOTH)
1344 return -ENOPROTOOPT;
1350 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1355 sec.level = BT_SECURITY_LOW;
1357 len = min_t(unsigned int, sizeof(sec), optlen);
1358 if (copy_from_user((char *) &sec, optval, len)) {
1363 if (sec.level < BT_SECURITY_LOW ||
1364 sec.level > BT_SECURITY_HIGH) {
1369 l2cap_pi(sk)->sec_level = sec.level;
1372 case BT_DEFER_SETUP:
1373 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1378 if (get_user(opt, (u32 __user *) optval)) {
1383 bt_sk(sk)->defer_setup = opt;
1395 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1397 struct sock *sk = sock->sk;
1398 struct l2cap_options opts;
1399 struct l2cap_conninfo cinfo;
1403 BT_DBG("sk %p", sk);
1405 if (get_user(len, optlen))
1412 opts.imtu = l2cap_pi(sk)->imtu;
1413 opts.omtu = l2cap_pi(sk)->omtu;
1414 opts.flush_to = l2cap_pi(sk)->flush_to;
1415 opts.mode = l2cap_pi(sk)->mode;
1417 len = min_t(unsigned int, len, sizeof(opts));
1418 if (copy_to_user(optval, (char *) &opts, len))
1424 switch (l2cap_pi(sk)->sec_level) {
1425 case BT_SECURITY_LOW:
1426 opt = L2CAP_LM_AUTH;
1428 case BT_SECURITY_MEDIUM:
1429 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1431 case BT_SECURITY_HIGH:
1432 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1440 if (l2cap_pi(sk)->role_switch)
1441 opt |= L2CAP_LM_MASTER;
1443 if (l2cap_pi(sk)->force_reliable)
1444 opt |= L2CAP_LM_RELIABLE;
1446 if (put_user(opt, (u32 __user *) optval))
1450 case L2CAP_CONNINFO:
1451 if (sk->sk_state != BT_CONNECTED &&
1452 !(sk->sk_state == BT_CONNECT2 &&
1453 bt_sk(sk)->defer_setup)) {
1458 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1459 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1461 len = min_t(unsigned int, len, sizeof(cinfo));
1462 if (copy_to_user(optval, (char *) &cinfo, len))
1476 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1478 struct sock *sk = sock->sk;
1479 struct bt_security sec;
1482 BT_DBG("sk %p", sk);
1484 if (level == SOL_L2CAP)
1485 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1487 if (level != SOL_BLUETOOTH)
1488 return -ENOPROTOOPT;
1490 if (get_user(len, optlen))
1497 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1502 sec.level = l2cap_pi(sk)->sec_level;
1504 len = min_t(unsigned int, len, sizeof(sec));
1505 if (copy_to_user(optval, (char *) &sec, len))
1510 case BT_DEFER_SETUP:
1511 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1516 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1530 static int l2cap_sock_shutdown(struct socket *sock, int how)
1532 struct sock *sk = sock->sk;
1535 BT_DBG("sock %p, sk %p", sock, sk);
1541 if (!sk->sk_shutdown) {
1542 sk->sk_shutdown = SHUTDOWN_MASK;
1543 l2cap_sock_clear_timer(sk);
1544 __l2cap_sock_close(sk, 0);
1546 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1547 err = bt_sock_wait_state(sk, BT_CLOSED,
1554 static int l2cap_sock_release(struct socket *sock)
1556 struct sock *sk = sock->sk;
1559 BT_DBG("sock %p, sk %p", sock, sk);
1564 err = l2cap_sock_shutdown(sock, 2);
1567 l2cap_sock_kill(sk);
1571 static void l2cap_chan_ready(struct sock *sk)
1573 struct sock *parent = bt_sk(sk)->parent;
1575 BT_DBG("sk %p, parent %p", sk, parent);
1577 l2cap_pi(sk)->conf_state = 0;
1578 l2cap_sock_clear_timer(sk);
1581 /* Outgoing channel.
1582 * Wake up socket sleeping on connect.
1584 sk->sk_state = BT_CONNECTED;
1585 sk->sk_state_change(sk);
1587 /* Incoming channel.
1588 * Wake up socket sleeping on accept.
1590 parent->sk_data_ready(parent, 0);
1594 /* Copy frame to all raw sockets on that connection */
1595 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1597 struct l2cap_chan_list *l = &conn->chan_list;
1598 struct sk_buff *nskb;
1601 BT_DBG("conn %p", conn);
1603 read_lock(&l->lock);
1604 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1605 if (sk->sk_type != SOCK_RAW)
1608 /* Don't send frame to the socket it came from */
1611 nskb = skb_clone(skb, GFP_ATOMIC);
1615 if (sock_queue_rcv_skb(sk, nskb))
1618 read_unlock(&l->lock);
1621 /* ---- L2CAP signalling commands ---- */
1622 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1623 u8 code, u8 ident, u16 dlen, void *data)
1625 struct sk_buff *skb, **frag;
1626 struct l2cap_cmd_hdr *cmd;
1627 struct l2cap_hdr *lh;
1630 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1631 conn, code, ident, dlen);
1633 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1634 count = min_t(unsigned int, conn->mtu, len);
1636 skb = bt_skb_alloc(count, GFP_ATOMIC);
1640 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1641 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1642 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1644 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1647 cmd->len = cpu_to_le16(dlen);
1650 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1651 memcpy(skb_put(skb, count), data, count);
1657 /* Continuation fragments (no L2CAP header) */
1658 frag = &skb_shinfo(skb)->frag_list;
1660 count = min_t(unsigned int, conn->mtu, len);
1662 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1666 memcpy(skb_put(*frag, count), data, count);
1671 frag = &(*frag)->next;
1681 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1683 struct l2cap_conf_opt *opt = *ptr;
1686 len = L2CAP_CONF_OPT_SIZE + opt->len;
1694 *val = *((u8 *) opt->val);
1698 *val = __le16_to_cpu(*((__le16 *) opt->val));
1702 *val = __le32_to_cpu(*((__le32 *) opt->val));
1706 *val = (unsigned long) opt->val;
1710 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1714 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1716 struct l2cap_conf_opt *opt = *ptr;
1718 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1725 *((u8 *) opt->val) = val;
1729 *((__le16 *) opt->val) = cpu_to_le16(val);
1733 *((__le32 *) opt->val) = cpu_to_le32(val);
1737 memcpy(opt->val, (void *) val, len);
1741 *ptr += L2CAP_CONF_OPT_SIZE + len;
1744 static int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
1746 u32 local_feat_mask = l2cap_feat_mask;
1748 local_feat_mask |= L2CAP_FEAT_ERTM;
1751 case L2CAP_MODE_ERTM:
1752 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
1753 case L2CAP_MODE_STREAMING:
1754 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
1760 static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1763 case L2CAP_MODE_STREAMING:
1764 case L2CAP_MODE_ERTM:
1765 if (l2cap_mode_supported(mode, remote_feat_mask))
1769 return L2CAP_MODE_BASIC;
1773 static int l2cap_build_conf_req(struct sock *sk, void *data)
1775 struct l2cap_pinfo *pi = l2cap_pi(sk);
1776 struct l2cap_conf_req *req = data;
1777 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_ERTM };
1778 void *ptr = req->data;
1780 BT_DBG("sk %p", sk);
1782 if (pi->num_conf_req || pi->num_conf_rsp)
1786 case L2CAP_MODE_STREAMING:
1787 case L2CAP_MODE_ERTM:
1788 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
1789 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask)) {
1790 struct l2cap_disconn_req req;
1791 req.dcid = cpu_to_le16(pi->dcid);
1792 req.scid = cpu_to_le16(pi->scid);
1793 l2cap_send_cmd(pi->conn, l2cap_get_ident(pi->conn),
1794 L2CAP_DISCONN_REQ, sizeof(req), &req);
1798 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
1804 case L2CAP_MODE_BASIC:
1805 if (pi->imtu != L2CAP_DEFAULT_MTU)
1806 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1809 case L2CAP_MODE_ERTM:
1810 rfc.mode = L2CAP_MODE_ERTM;
1811 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
1812 rfc.max_transmit = L2CAP_DEFAULT_MAX_RECEIVE;
1813 rfc.retrans_timeout = 0;
1814 rfc.monitor_timeout = 0;
1815 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_RX_APDU);
1817 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1818 sizeof(rfc), (unsigned long) &rfc);
1821 case L2CAP_MODE_STREAMING:
1822 rfc.mode = L2CAP_MODE_STREAMING;
1824 rfc.max_transmit = 0;
1825 rfc.retrans_timeout = 0;
1826 rfc.monitor_timeout = 0;
1827 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_RX_APDU);
1829 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1830 sizeof(rfc), (unsigned long) &rfc);
1834 /* FIXME: Need actual value of the flush timeout */
1835 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1836 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1838 req->dcid = cpu_to_le16(pi->dcid);
1839 req->flags = cpu_to_le16(0);
1844 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1846 struct l2cap_pinfo *pi = l2cap_pi(sk);
1847 struct l2cap_conf_rsp *rsp = data;
1848 void *ptr = rsp->data;
1849 void *req = pi->conf_req;
1850 int len = pi->conf_len;
1851 int type, hint, olen;
1853 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1854 u16 mtu = L2CAP_DEFAULT_MTU;
1855 u16 result = L2CAP_CONF_SUCCESS;
1857 BT_DBG("sk %p", sk);
1859 while (len >= L2CAP_CONF_OPT_SIZE) {
1860 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1862 hint = type & L2CAP_CONF_HINT;
1863 type &= L2CAP_CONF_MASK;
1866 case L2CAP_CONF_MTU:
1870 case L2CAP_CONF_FLUSH_TO:
1874 case L2CAP_CONF_QOS:
1877 case L2CAP_CONF_RFC:
1878 if (olen == sizeof(rfc))
1879 memcpy(&rfc, (void *) val, olen);
1886 result = L2CAP_CONF_UNKNOWN;
1887 *((u8 *) ptr++) = type;
1892 if (pi->num_conf_rsp || pi->num_conf_req)
1896 case L2CAP_MODE_STREAMING:
1897 case L2CAP_MODE_ERTM:
1898 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
1899 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
1900 return -ECONNREFUSED;
1903 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
1908 if (pi->mode != rfc.mode) {
1909 result = L2CAP_CONF_UNACCEPT;
1910 rfc.mode = pi->mode;
1912 if (pi->num_conf_rsp == 1)
1913 return -ECONNREFUSED;
1915 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1916 sizeof(rfc), (unsigned long) &rfc);
1920 if (result == L2CAP_CONF_SUCCESS) {
1921 /* Configure output options and let the other side know
1922 * which ones we don't like. */
1924 if (mtu < L2CAP_DEFAULT_MIN_MTU)
1925 result = L2CAP_CONF_UNACCEPT;
1928 pi->conf_state |= L2CAP_CONF_MTU_DONE;
1930 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1933 case L2CAP_MODE_BASIC:
1934 pi->fcs = L2CAP_FCS_NONE;
1935 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1938 case L2CAP_MODE_ERTM:
1939 pi->remote_tx_win = rfc.txwin_size;
1940 pi->remote_max_tx = rfc.max_transmit;
1941 pi->max_pdu_size = rfc.max_pdu_size;
1943 rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
1944 rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
1946 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1949 case L2CAP_MODE_STREAMING:
1950 pi->remote_tx_win = rfc.txwin_size;
1951 pi->max_pdu_size = rfc.max_pdu_size;
1953 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1957 result = L2CAP_CONF_UNACCEPT;
1959 memset(&rfc, 0, sizeof(rfc));
1960 rfc.mode = pi->mode;
1963 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1964 sizeof(rfc), (unsigned long) &rfc);
1966 if (result == L2CAP_CONF_SUCCESS)
1967 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1969 rsp->scid = cpu_to_le16(pi->dcid);
1970 rsp->result = cpu_to_le16(result);
1971 rsp->flags = cpu_to_le16(0x0000);
1976 static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
1978 struct l2cap_pinfo *pi = l2cap_pi(sk);
1979 struct l2cap_conf_req *req = data;
1980 void *ptr = req->data;
1983 struct l2cap_conf_rfc rfc;
1985 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
1987 while (len >= L2CAP_CONF_OPT_SIZE) {
1988 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
1991 case L2CAP_CONF_MTU:
1992 if (val < L2CAP_DEFAULT_MIN_MTU) {
1993 *result = L2CAP_CONF_UNACCEPT;
1994 pi->omtu = L2CAP_DEFAULT_MIN_MTU;
1997 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2000 case L2CAP_CONF_FLUSH_TO:
2002 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2006 case L2CAP_CONF_RFC:
2007 if (olen == sizeof(rfc))
2008 memcpy(&rfc, (void *)val, olen);
2010 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2011 rfc.mode != pi->mode)
2012 return -ECONNREFUSED;
2014 pi->mode = rfc.mode;
2017 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2018 sizeof(rfc), (unsigned long) &rfc);
2023 if (*result == L2CAP_CONF_SUCCESS) {
2025 case L2CAP_MODE_ERTM:
2026 pi->remote_tx_win = rfc.txwin_size;
2027 pi->retrans_timeout = rfc.retrans_timeout;
2028 pi->monitor_timeout = rfc.monitor_timeout;
2029 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2031 case L2CAP_MODE_STREAMING:
2032 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2037 req->dcid = cpu_to_le16(pi->dcid);
2038 req->flags = cpu_to_le16(0x0000);
2043 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
2045 struct l2cap_conf_rsp *rsp = data;
2046 void *ptr = rsp->data;
2048 BT_DBG("sk %p", sk);
2050 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2051 rsp->result = cpu_to_le16(result);
2052 rsp->flags = cpu_to_le16(flags);
2057 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2059 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2061 if (rej->reason != 0x0000)
2064 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2065 cmd->ident == conn->info_ident) {
2066 del_timer(&conn->info_timer);
2068 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2069 conn->info_ident = 0;
2071 l2cap_conn_start(conn);
2077 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2079 struct l2cap_chan_list *list = &conn->chan_list;
2080 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2081 struct l2cap_conn_rsp rsp;
2082 struct sock *sk, *parent;
2083 int result, status = L2CAP_CS_NO_INFO;
2085 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
2086 __le16 psm = req->psm;
2088 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2090 /* Check if we have socket listening on psm */
2091 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
2093 result = L2CAP_CR_BAD_PSM;
2097 /* Check if the ACL is secure enough (if not SDP) */
2098 if (psm != cpu_to_le16(0x0001) &&
2099 !hci_conn_check_link_mode(conn->hcon)) {
2100 conn->disc_reason = 0x05;
2101 result = L2CAP_CR_SEC_BLOCK;
2105 result = L2CAP_CR_NO_MEM;
2107 /* Check for backlog size */
2108 if (sk_acceptq_is_full(parent)) {
2109 BT_DBG("backlog full %d", parent->sk_ack_backlog);
2113 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
2117 write_lock_bh(&list->lock);
2119 /* Check if we already have channel with that dcid */
2120 if (__l2cap_get_chan_by_dcid(list, scid)) {
2121 write_unlock_bh(&list->lock);
2122 sock_set_flag(sk, SOCK_ZAPPED);
2123 l2cap_sock_kill(sk);
2127 hci_conn_hold(conn->hcon);
2129 l2cap_sock_init(sk, parent);
2130 bacpy(&bt_sk(sk)->src, conn->src);
2131 bacpy(&bt_sk(sk)->dst, conn->dst);
2132 l2cap_pi(sk)->psm = psm;
2133 l2cap_pi(sk)->dcid = scid;
2135 __l2cap_chan_add(conn, sk, parent);
2136 dcid = l2cap_pi(sk)->scid;
2138 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2140 l2cap_pi(sk)->ident = cmd->ident;
2142 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2143 if (l2cap_check_security(sk)) {
2144 if (bt_sk(sk)->defer_setup) {
2145 sk->sk_state = BT_CONNECT2;
2146 result = L2CAP_CR_PEND;
2147 status = L2CAP_CS_AUTHOR_PEND;
2148 parent->sk_data_ready(parent, 0);
2150 sk->sk_state = BT_CONFIG;
2151 result = L2CAP_CR_SUCCESS;
2152 status = L2CAP_CS_NO_INFO;
2155 sk->sk_state = BT_CONNECT2;
2156 result = L2CAP_CR_PEND;
2157 status = L2CAP_CS_AUTHEN_PEND;
2160 sk->sk_state = BT_CONNECT2;
2161 result = L2CAP_CR_PEND;
2162 status = L2CAP_CS_NO_INFO;
2165 write_unlock_bh(&list->lock);
2168 bh_unlock_sock(parent);
2171 rsp.scid = cpu_to_le16(scid);
2172 rsp.dcid = cpu_to_le16(dcid);
2173 rsp.result = cpu_to_le16(result);
2174 rsp.status = cpu_to_le16(status);
2175 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2177 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2178 struct l2cap_info_req info;
2179 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2181 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2182 conn->info_ident = l2cap_get_ident(conn);
2184 mod_timer(&conn->info_timer, jiffies +
2185 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2187 l2cap_send_cmd(conn, conn->info_ident,
2188 L2CAP_INFO_REQ, sizeof(info), &info);
2194 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2196 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2197 u16 scid, dcid, result, status;
2201 scid = __le16_to_cpu(rsp->scid);
2202 dcid = __le16_to_cpu(rsp->dcid);
2203 result = __le16_to_cpu(rsp->result);
2204 status = __le16_to_cpu(rsp->status);
2206 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2209 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2213 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
2219 case L2CAP_CR_SUCCESS:
2220 sk->sk_state = BT_CONFIG;
2221 l2cap_pi(sk)->ident = 0;
2222 l2cap_pi(sk)->dcid = dcid;
2223 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2225 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2227 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2228 l2cap_build_conf_req(sk, req), req);
2229 l2cap_pi(sk)->num_conf_req++;
2233 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
2237 l2cap_chan_del(sk, ECONNREFUSED);
2245 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2247 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2253 dcid = __le16_to_cpu(req->dcid);
2254 flags = __le16_to_cpu(req->flags);
2256 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2258 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2262 if (sk->sk_state == BT_DISCONN)
2265 /* Reject if config buffer is too small. */
2266 len = cmd_len - sizeof(*req);
2267 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2268 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2269 l2cap_build_conf_rsp(sk, rsp,
2270 L2CAP_CONF_REJECT, flags), rsp);
2275 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2276 l2cap_pi(sk)->conf_len += len;
2278 if (flags & 0x0001) {
2279 /* Incomplete config. Send empty response. */
2280 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2281 l2cap_build_conf_rsp(sk, rsp,
2282 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2286 /* Complete config. */
2287 len = l2cap_parse_conf_req(sk, rsp);
2289 struct l2cap_disconn_req req;
2290 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2291 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2292 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2293 L2CAP_DISCONN_REQ, sizeof(req), &req);
2297 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2298 l2cap_pi(sk)->num_conf_rsp++;
2300 /* Reset config buffer. */
2301 l2cap_pi(sk)->conf_len = 0;
2303 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2306 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2307 sk->sk_state = BT_CONNECTED;
2308 l2cap_chan_ready(sk);
2312 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2314 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2315 l2cap_build_conf_req(sk, buf), buf);
2316 l2cap_pi(sk)->num_conf_req++;
2324 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2326 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2327 u16 scid, flags, result;
2330 scid = __le16_to_cpu(rsp->scid);
2331 flags = __le16_to_cpu(rsp->flags);
2332 result = __le16_to_cpu(rsp->result);
2334 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2335 scid, flags, result);
2337 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2342 case L2CAP_CONF_SUCCESS:
2345 case L2CAP_CONF_UNACCEPT:
2346 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2347 int len = cmd->len - sizeof(*rsp);
2350 /* throw out any old stored conf requests */
2351 result = L2CAP_CONF_SUCCESS;
2352 len = l2cap_parse_conf_rsp(sk, rsp->data,
2355 struct l2cap_disconn_req req;
2356 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2357 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2358 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2359 L2CAP_DISCONN_REQ, sizeof(req), &req);
2363 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2364 L2CAP_CONF_REQ, len, req);
2365 l2cap_pi(sk)->num_conf_req++;
2366 if (result != L2CAP_CONF_SUCCESS)
2372 sk->sk_state = BT_DISCONN;
2373 sk->sk_err = ECONNRESET;
2374 l2cap_sock_set_timer(sk, HZ * 5);
2376 struct l2cap_disconn_req req;
2377 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2378 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2379 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2380 L2CAP_DISCONN_REQ, sizeof(req), &req);
2388 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2390 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2391 sk->sk_state = BT_CONNECTED;
2392 l2cap_chan_ready(sk);
2400 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2402 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2403 struct l2cap_disconn_rsp rsp;
2407 scid = __le16_to_cpu(req->scid);
2408 dcid = __le16_to_cpu(req->dcid);
2410 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2412 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2416 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2417 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2418 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2420 sk->sk_shutdown = SHUTDOWN_MASK;
2422 l2cap_chan_del(sk, ECONNRESET);
2425 l2cap_sock_kill(sk);
2429 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2431 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2435 scid = __le16_to_cpu(rsp->scid);
2436 dcid = __le16_to_cpu(rsp->dcid);
2438 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2440 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2444 l2cap_chan_del(sk, 0);
2447 l2cap_sock_kill(sk);
2451 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2453 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2456 type = __le16_to_cpu(req->type);
2458 BT_DBG("type 0x%4.4x", type);
2460 if (type == L2CAP_IT_FEAT_MASK) {
2462 u32 feat_mask = l2cap_feat_mask;
2463 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2464 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2465 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2467 feat_mask |= L2CAP_FEAT_ERTM;
2468 put_unaligned(cpu_to_le32(feat_mask), (__le32 *) rsp->data);
2469 l2cap_send_cmd(conn, cmd->ident,
2470 L2CAP_INFO_RSP, sizeof(buf), buf);
2471 } else if (type == L2CAP_IT_FIXED_CHAN) {
2473 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2474 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2475 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2476 memcpy(buf + 4, l2cap_fixed_chan, 8);
2477 l2cap_send_cmd(conn, cmd->ident,
2478 L2CAP_INFO_RSP, sizeof(buf), buf);
2480 struct l2cap_info_rsp rsp;
2481 rsp.type = cpu_to_le16(type);
2482 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2483 l2cap_send_cmd(conn, cmd->ident,
2484 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2490 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2492 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2495 type = __le16_to_cpu(rsp->type);
2496 result = __le16_to_cpu(rsp->result);
2498 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2500 del_timer(&conn->info_timer);
2502 if (type == L2CAP_IT_FEAT_MASK) {
2503 conn->feat_mask = get_unaligned_le32(rsp->data);
2505 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
2506 struct l2cap_info_req req;
2507 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2509 conn->info_ident = l2cap_get_ident(conn);
2511 l2cap_send_cmd(conn, conn->info_ident,
2512 L2CAP_INFO_REQ, sizeof(req), &req);
2514 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2515 conn->info_ident = 0;
2517 l2cap_conn_start(conn);
2519 } else if (type == L2CAP_IT_FIXED_CHAN) {
2520 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2521 conn->info_ident = 0;
2523 l2cap_conn_start(conn);
2529 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2531 u8 *data = skb->data;
2533 struct l2cap_cmd_hdr cmd;
2536 l2cap_raw_recv(conn, skb);
2538 while (len >= L2CAP_CMD_HDR_SIZE) {
2540 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2541 data += L2CAP_CMD_HDR_SIZE;
2542 len -= L2CAP_CMD_HDR_SIZE;
2544 cmd_len = le16_to_cpu(cmd.len);
2546 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
2548 if (cmd_len > len || !cmd.ident) {
2549 BT_DBG("corrupted command");
2554 case L2CAP_COMMAND_REJ:
2555 l2cap_command_rej(conn, &cmd, data);
2558 case L2CAP_CONN_REQ:
2559 err = l2cap_connect_req(conn, &cmd, data);
2562 case L2CAP_CONN_RSP:
2563 err = l2cap_connect_rsp(conn, &cmd, data);
2566 case L2CAP_CONF_REQ:
2567 err = l2cap_config_req(conn, &cmd, cmd_len, data);
2570 case L2CAP_CONF_RSP:
2571 err = l2cap_config_rsp(conn, &cmd, data);
2574 case L2CAP_DISCONN_REQ:
2575 err = l2cap_disconnect_req(conn, &cmd, data);
2578 case L2CAP_DISCONN_RSP:
2579 err = l2cap_disconnect_rsp(conn, &cmd, data);
2582 case L2CAP_ECHO_REQ:
2583 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
2586 case L2CAP_ECHO_RSP:
2589 case L2CAP_INFO_REQ:
2590 err = l2cap_information_req(conn, &cmd, data);
2593 case L2CAP_INFO_RSP:
2594 err = l2cap_information_rsp(conn, &cmd, data);
2598 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2604 struct l2cap_cmd_rej rej;
2605 BT_DBG("error %d", err);
2607 /* FIXME: Map err to a valid reason */
2608 rej.reason = cpu_to_le16(0);
2609 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2619 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2623 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2625 BT_DBG("unknown cid 0x%4.4x", cid);
2629 BT_DBG("sk %p, len %d", sk, skb->len);
2631 if (sk->sk_state != BT_CONNECTED)
2634 if (l2cap_pi(sk)->imtu < skb->len)
2637 /* If socket recv buffers overflows we drop data here
2638 * which is *bad* because L2CAP has to be reliable.
2639 * But we don't have any other choice. L2CAP doesn't
2640 * provide flow control mechanism. */
2642 if (!sock_queue_rcv_skb(sk, skb))
2655 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
2659 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2663 BT_DBG("sk %p, len %d", sk, skb->len);
2665 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2668 if (l2cap_pi(sk)->imtu < skb->len)
2671 if (!sock_queue_rcv_skb(sk, skb))
2683 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2685 struct l2cap_hdr *lh = (void *) skb->data;
2689 skb_pull(skb, L2CAP_HDR_SIZE);
2690 cid = __le16_to_cpu(lh->cid);
2691 len = __le16_to_cpu(lh->len);
2693 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2696 case L2CAP_CID_SIGNALING:
2697 l2cap_sig_channel(conn, skb);
2700 case L2CAP_CID_CONN_LESS:
2701 psm = get_unaligned((__le16 *) skb->data);
2703 l2cap_conless_channel(conn, psm, skb);
2707 l2cap_data_channel(conn, cid, skb);
2712 /* ---- L2CAP interface with lower layer (HCI) ---- */
2714 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2716 int exact = 0, lm1 = 0, lm2 = 0;
2717 register struct sock *sk;
2718 struct hlist_node *node;
2720 if (type != ACL_LINK)
2723 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2725 /* Find listening sockets and check their link_mode */
2726 read_lock(&l2cap_sk_list.lock);
2727 sk_for_each(sk, node, &l2cap_sk_list.head) {
2728 if (sk->sk_state != BT_LISTEN)
2731 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2732 lm1 |= HCI_LM_ACCEPT;
2733 if (l2cap_pi(sk)->role_switch)
2734 lm1 |= HCI_LM_MASTER;
2736 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2737 lm2 |= HCI_LM_ACCEPT;
2738 if (l2cap_pi(sk)->role_switch)
2739 lm2 |= HCI_LM_MASTER;
2742 read_unlock(&l2cap_sk_list.lock);
2744 return exact ? lm1 : lm2;
2747 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2749 struct l2cap_conn *conn;
2751 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2753 if (hcon->type != ACL_LINK)
2757 conn = l2cap_conn_add(hcon, status);
2759 l2cap_conn_ready(conn);
2761 l2cap_conn_del(hcon, bt_err(status));
2766 static int l2cap_disconn_ind(struct hci_conn *hcon)
2768 struct l2cap_conn *conn = hcon->l2cap_data;
2770 BT_DBG("hcon %p", hcon);
2772 if (hcon->type != ACL_LINK || !conn)
2775 return conn->disc_reason;
2778 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
2780 BT_DBG("hcon %p reason %d", hcon, reason);
2782 if (hcon->type != ACL_LINK)
2785 l2cap_conn_del(hcon, bt_err(reason));
2790 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2792 if (sk->sk_type != SOCK_SEQPACKET)
2795 if (encrypt == 0x00) {
2796 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2797 l2cap_sock_clear_timer(sk);
2798 l2cap_sock_set_timer(sk, HZ * 5);
2799 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2800 __l2cap_sock_close(sk, ECONNREFUSED);
2802 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2803 l2cap_sock_clear_timer(sk);
2807 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2809 struct l2cap_chan_list *l;
2810 struct l2cap_conn *conn = hcon->l2cap_data;
2816 l = &conn->chan_list;
2818 BT_DBG("conn %p", conn);
2820 read_lock(&l->lock);
2822 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2825 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
2830 if (!status && (sk->sk_state == BT_CONNECTED ||
2831 sk->sk_state == BT_CONFIG)) {
2832 l2cap_check_encryption(sk, encrypt);
2837 if (sk->sk_state == BT_CONNECT) {
2839 struct l2cap_conn_req req;
2840 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2841 req.psm = l2cap_pi(sk)->psm;
2843 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2845 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2846 L2CAP_CONN_REQ, sizeof(req), &req);
2848 l2cap_sock_clear_timer(sk);
2849 l2cap_sock_set_timer(sk, HZ / 10);
2851 } else if (sk->sk_state == BT_CONNECT2) {
2852 struct l2cap_conn_rsp rsp;
2856 sk->sk_state = BT_CONFIG;
2857 result = L2CAP_CR_SUCCESS;
2859 sk->sk_state = BT_DISCONN;
2860 l2cap_sock_set_timer(sk, HZ / 10);
2861 result = L2CAP_CR_SEC_BLOCK;
2864 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2865 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2866 rsp.result = cpu_to_le16(result);
2867 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2868 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2869 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2875 read_unlock(&l->lock);
2880 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2882 struct l2cap_conn *conn = hcon->l2cap_data;
2884 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2887 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2889 if (flags & ACL_START) {
2890 struct l2cap_hdr *hdr;
2894 BT_ERR("Unexpected start frame (len %d)", skb->len);
2895 kfree_skb(conn->rx_skb);
2896 conn->rx_skb = NULL;
2898 l2cap_conn_unreliable(conn, ECOMM);
2902 BT_ERR("Frame is too short (len %d)", skb->len);
2903 l2cap_conn_unreliable(conn, ECOMM);
2907 hdr = (struct l2cap_hdr *) skb->data;
2908 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2910 if (len == skb->len) {
2911 /* Complete frame received */
2912 l2cap_recv_frame(conn, skb);
2916 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2918 if (skb->len > len) {
2919 BT_ERR("Frame is too long (len %d, expected len %d)",
2921 l2cap_conn_unreliable(conn, ECOMM);
2925 /* Allocate skb for the complete frame (with header) */
2926 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
2930 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2932 conn->rx_len = len - skb->len;
2934 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2936 if (!conn->rx_len) {
2937 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2938 l2cap_conn_unreliable(conn, ECOMM);
2942 if (skb->len > conn->rx_len) {
2943 BT_ERR("Fragment is too long (len %d, expected %d)",
2944 skb->len, conn->rx_len);
2945 kfree_skb(conn->rx_skb);
2946 conn->rx_skb = NULL;
2948 l2cap_conn_unreliable(conn, ECOMM);
2952 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2954 conn->rx_len -= skb->len;
2956 if (!conn->rx_len) {
2957 /* Complete frame received */
2958 l2cap_recv_frame(conn, conn->rx_skb);
2959 conn->rx_skb = NULL;
2968 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
2971 struct hlist_node *node;
2974 read_lock_bh(&l2cap_sk_list.lock);
2976 sk_for_each(sk, node, &l2cap_sk_list.head) {
2977 struct l2cap_pinfo *pi = l2cap_pi(sk);
2979 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
2980 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2981 sk->sk_state, __le16_to_cpu(pi->psm), pi->scid,
2982 pi->dcid, pi->imtu, pi->omtu, pi->sec_level);
2985 read_unlock_bh(&l2cap_sk_list.lock);
2990 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
2992 static const struct proto_ops l2cap_sock_ops = {
2993 .family = PF_BLUETOOTH,
2994 .owner = THIS_MODULE,
2995 .release = l2cap_sock_release,
2996 .bind = l2cap_sock_bind,
2997 .connect = l2cap_sock_connect,
2998 .listen = l2cap_sock_listen,
2999 .accept = l2cap_sock_accept,
3000 .getname = l2cap_sock_getname,
3001 .sendmsg = l2cap_sock_sendmsg,
3002 .recvmsg = l2cap_sock_recvmsg,
3003 .poll = bt_sock_poll,
3004 .ioctl = bt_sock_ioctl,
3005 .mmap = sock_no_mmap,
3006 .socketpair = sock_no_socketpair,
3007 .shutdown = l2cap_sock_shutdown,
3008 .setsockopt = l2cap_sock_setsockopt,
3009 .getsockopt = l2cap_sock_getsockopt
3012 static struct net_proto_family l2cap_sock_family_ops = {
3013 .family = PF_BLUETOOTH,
3014 .owner = THIS_MODULE,
3015 .create = l2cap_sock_create,
3018 static struct hci_proto l2cap_hci_proto = {
3020 .id = HCI_PROTO_L2CAP,
3021 .connect_ind = l2cap_connect_ind,
3022 .connect_cfm = l2cap_connect_cfm,
3023 .disconn_ind = l2cap_disconn_ind,
3024 .disconn_cfm = l2cap_disconn_cfm,
3025 .security_cfm = l2cap_security_cfm,
3026 .recv_acldata = l2cap_recv_acldata
3029 static int __init l2cap_init(void)
3033 err = proto_register(&l2cap_proto, 0);
3037 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
3039 BT_ERR("L2CAP socket registration failed");
3043 err = hci_register_proto(&l2cap_hci_proto);
3045 BT_ERR("L2CAP protocol registration failed");
3046 bt_sock_unregister(BTPROTO_L2CAP);
3050 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
3051 BT_ERR("Failed to create L2CAP info file");
3053 BT_INFO("L2CAP ver %s", VERSION);
3054 BT_INFO("L2CAP socket layer initialized");
3059 proto_unregister(&l2cap_proto);
3063 static void __exit l2cap_exit(void)
3065 class_remove_file(bt_class, &class_attr_l2cap);
3067 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
3068 BT_ERR("L2CAP socket unregistration failed");
3070 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
3071 BT_ERR("L2CAP protocol unregistration failed");
3073 proto_unregister(&l2cap_proto);
3076 void l2cap_load(void)
3078 /* Dummy function to trigger automatic L2CAP module loading by
3079 * other modules that use L2CAP sockets but don't use any other
3080 * symbols from it. */
3083 EXPORT_SYMBOL(l2cap_load);
3085 module_init(l2cap_init);
3086 module_exit(l2cap_exit);
3088 module_param(enable_ertm, bool, 0644);
3089 MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
3091 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
3092 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
3093 MODULE_VERSION(VERSION);
3094 MODULE_LICENSE("GPL");
3095 MODULE_ALIAS("bt-proto-0");
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob