2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 /* Handle HCI Event packets */
50 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
52 __u8 status = *((__u8 *) skb->data);
54 BT_DBG("%s status 0x%x", hdev->name, status);
59 if (test_bit(HCI_MGMT, &hdev->flags) &&
60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
65 hci_conn_check_pending(hdev);
68 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
70 __u8 status = *((__u8 *) skb->data);
72 BT_DBG("%s status 0x%x", hdev->name, status);
77 if (test_bit(HCI_MGMT, &hdev->flags) &&
78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
81 hci_conn_check_pending(hdev);
84 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86 BT_DBG("%s", hdev->name);
89 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 conn->link_mode &= ~HCI_LM_MASTER;
106 conn->link_mode |= HCI_LM_MASTER;
109 hci_dev_unlock(hdev);
112 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 conn->link_policy = __le16_to_cpu(rp->policy);
128 hci_dev_unlock(hdev);
131 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
134 struct hci_conn *conn;
137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
150 conn->link_policy = get_unaligned_le16(sent + 2);
152 hci_dev_unlock(hdev);
155 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164 hdev->link_policy = __le16_to_cpu(rp->policy);
167 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169 __u8 status = *((__u8 *) skb->data);
172 BT_DBG("%s status 0x%x", hdev->name, status);
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 hdev->link_policy = get_unaligned_le16(sent);
181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
184 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186 __u8 status = *((__u8 *) skb->data);
188 BT_DBG("%s status 0x%x", hdev->name, status);
190 clear_bit(HCI_RESET, &hdev->flags);
192 hci_req_complete(hdev, HCI_OP_RESET, status);
195 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
197 __u8 status = *((__u8 *) skb->data);
200 BT_DBG("%s status 0x%x", hdev->name, status);
202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
206 if (test_bit(HCI_MGMT, &hdev->flags))
207 mgmt_set_local_name_complete(hdev->id, sent, status);
212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
215 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
217 struct hci_rp_read_local_name *rp = (void *) skb->data;
219 BT_DBG("%s status 0x%x", hdev->name, rp->status);
224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
227 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
229 __u8 status = *((__u8 *) skb->data);
232 BT_DBG("%s status 0x%x", hdev->name, status);
234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
239 __u8 param = *((__u8 *) sent);
241 if (param == AUTH_ENABLED)
242 set_bit(HCI_AUTH, &hdev->flags);
244 clear_bit(HCI_AUTH, &hdev->flags);
247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
250 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
252 __u8 status = *((__u8 *) skb->data);
255 BT_DBG("%s status 0x%x", hdev->name, status);
257 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
262 __u8 param = *((__u8 *) sent);
265 set_bit(HCI_ENCRYPT, &hdev->flags);
267 clear_bit(HCI_ENCRYPT, &hdev->flags);
270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
273 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
275 __u8 status = *((__u8 *) skb->data);
278 BT_DBG("%s status 0x%x", hdev->name, status);
280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
285 __u8 param = *((__u8 *) sent);
286 int old_pscan, old_iscan;
288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
291 if (param & SCAN_INQUIRY) {
292 set_bit(HCI_ISCAN, &hdev->flags);
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
296 mgmt_discoverable(hdev->id, 0);
298 if (param & SCAN_PAGE) {
299 set_bit(HCI_PSCAN, &hdev->flags);
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
309 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
313 BT_DBG("%s status 0x%x", hdev->name, rp->status);
318 memcpy(hdev->dev_class, rp->dev_class, 3);
320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
324 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
326 __u8 status = *((__u8 *) skb->data);
329 BT_DBG("%s status 0x%x", hdev->name, status);
334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
338 memcpy(hdev->dev_class, sent, 3);
341 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
343 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
346 BT_DBG("%s status 0x%x", hdev->name, rp->status);
351 setting = __le16_to_cpu(rp->voice_setting);
353 if (hdev->voice_setting == setting)
356 hdev->voice_setting = setting;
358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
361 tasklet_disable(&hdev->tx_task);
362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
363 tasklet_enable(&hdev->tx_task);
367 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
369 __u8 status = *((__u8 *) skb->data);
373 BT_DBG("%s status 0x%x", hdev->name, status);
378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
382 setting = get_unaligned_le16(sent);
384 if (hdev->voice_setting == setting)
387 hdev->voice_setting = setting;
389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
392 tasklet_disable(&hdev->tx_task);
393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 tasklet_enable(&hdev->tx_task);
398 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
400 __u8 status = *((__u8 *) skb->data);
402 BT_DBG("%s status 0x%x", hdev->name, status);
404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
407 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
411 BT_DBG("%s status 0x%x", hdev->name, rp->status);
416 hdev->ssp_mode = rp->mode;
419 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
421 __u8 status = *((__u8 *) skb->data);
424 BT_DBG("%s status 0x%x", hdev->name, status);
429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
433 hdev->ssp_mode = *((__u8 *) sent);
436 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
438 if (hdev->features[6] & LMP_EXT_INQ)
441 if (hdev->features[3] & LMP_RSSI_INQ)
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
464 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
468 mode = hci_get_inquiry_mode(hdev);
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
473 static void hci_setup_event_mask(struct hci_dev *hdev)
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
480 /* Events for 1.2 and newer controllers */
481 if (hdev->lmp_ver > 1) {
482 events[4] |= 0x01; /* Flow Specification Complete */
483 events[4] |= 0x02; /* Inquiry Result with RSSI */
484 events[4] |= 0x04; /* Read Remote Extended Features Complete */
485 events[5] |= 0x08; /* Synchronous Connection Complete */
486 events[5] |= 0x10; /* Synchronous Connection Changed */
489 if (hdev->features[3] & LMP_RSSI_INQ)
490 events[4] |= 0x04; /* Inquiry Result with RSSI */
492 if (hdev->features[5] & LMP_SNIFF_SUBR)
493 events[5] |= 0x20; /* Sniff Subrating */
495 if (hdev->features[5] & LMP_PAUSE_ENC)
496 events[5] |= 0x80; /* Encryption Key Refresh Complete */
498 if (hdev->features[6] & LMP_EXT_INQ)
499 events[5] |= 0x40; /* Extended Inquiry Result */
501 if (hdev->features[6] & LMP_NO_FLUSH)
502 events[7] |= 0x01; /* Enhanced Flush Complete */
504 if (hdev->features[7] & LMP_LSTO)
505 events[6] |= 0x80; /* Link Supervision Timeout Changed */
507 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
508 events[6] |= 0x01; /* IO Capability Request */
509 events[6] |= 0x02; /* IO Capability Response */
510 events[6] |= 0x04; /* User Confirmation Request */
511 events[6] |= 0x08; /* User Passkey Request */
512 events[6] |= 0x10; /* Remote OOB Data Request */
513 events[6] |= 0x20; /* Simple Pairing Complete */
514 events[7] |= 0x04; /* User Passkey Notification */
515 events[7] |= 0x08; /* Keypress Notification */
516 events[7] |= 0x10; /* Remote Host Supported
517 * Features Notification */
520 if (hdev->features[4] & LMP_LE)
521 events[7] |= 0x20; /* LE Meta-Event */
523 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
526 static void hci_setup(struct hci_dev *hdev)
528 hci_setup_event_mask(hdev);
530 if (hdev->lmp_ver > 1)
531 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
533 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
535 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
538 if (hdev->features[3] & LMP_RSSI_INQ)
539 hci_setup_inquiry_mode(hdev);
541 if (hdev->features[7] & LMP_INQ_TX_PWR)
542 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
545 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
547 struct hci_rp_read_local_version *rp = (void *) skb->data;
549 BT_DBG("%s status 0x%x", hdev->name, rp->status);
554 hdev->hci_ver = rp->hci_ver;
555 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
556 hdev->lmp_ver = rp->lmp_ver;
557 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
558 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
560 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
562 hdev->hci_ver, hdev->hci_rev);
564 if (test_bit(HCI_INIT, &hdev->flags))
568 static void hci_setup_link_policy(struct hci_dev *hdev)
572 if (hdev->features[0] & LMP_RSWITCH)
573 link_policy |= HCI_LP_RSWITCH;
574 if (hdev->features[0] & LMP_HOLD)
575 link_policy |= HCI_LP_HOLD;
576 if (hdev->features[0] & LMP_SNIFF)
577 link_policy |= HCI_LP_SNIFF;
578 if (hdev->features[1] & LMP_PARK)
579 link_policy |= HCI_LP_PARK;
581 link_policy = cpu_to_le16(link_policy);
582 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
583 sizeof(link_policy), &link_policy);
586 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
588 struct hci_rp_read_local_commands *rp = (void *) skb->data;
590 BT_DBG("%s status 0x%x", hdev->name, rp->status);
595 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
597 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
598 hci_setup_link_policy(hdev);
601 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
604 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
606 struct hci_rp_read_local_features *rp = (void *) skb->data;
608 BT_DBG("%s status 0x%x", hdev->name, rp->status);
613 memcpy(hdev->features, rp->features, 8);
615 /* Adjust default settings according to features
616 * supported by device. */
618 if (hdev->features[0] & LMP_3SLOT)
619 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
621 if (hdev->features[0] & LMP_5SLOT)
622 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
624 if (hdev->features[1] & LMP_HV2) {
625 hdev->pkt_type |= (HCI_HV2);
626 hdev->esco_type |= (ESCO_HV2);
629 if (hdev->features[1] & LMP_HV3) {
630 hdev->pkt_type |= (HCI_HV3);
631 hdev->esco_type |= (ESCO_HV3);
634 if (hdev->features[3] & LMP_ESCO)
635 hdev->esco_type |= (ESCO_EV3);
637 if (hdev->features[4] & LMP_EV4)
638 hdev->esco_type |= (ESCO_EV4);
640 if (hdev->features[4] & LMP_EV5)
641 hdev->esco_type |= (ESCO_EV5);
643 if (hdev->features[5] & LMP_EDR_ESCO_2M)
644 hdev->esco_type |= (ESCO_2EV3);
646 if (hdev->features[5] & LMP_EDR_ESCO_3M)
647 hdev->esco_type |= (ESCO_3EV3);
649 if (hdev->features[5] & LMP_EDR_3S_ESCO)
650 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
652 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
653 hdev->features[0], hdev->features[1],
654 hdev->features[2], hdev->features[3],
655 hdev->features[4], hdev->features[5],
656 hdev->features[6], hdev->features[7]);
659 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
661 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
663 BT_DBG("%s status 0x%x", hdev->name, rp->status);
668 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
669 hdev->sco_mtu = rp->sco_mtu;
670 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
671 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
673 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
678 hdev->acl_cnt = hdev->acl_pkts;
679 hdev->sco_cnt = hdev->sco_pkts;
681 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
682 hdev->acl_mtu, hdev->acl_pkts,
683 hdev->sco_mtu, hdev->sco_pkts);
686 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
688 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
690 BT_DBG("%s status 0x%x", hdev->name, rp->status);
693 bacpy(&hdev->bdaddr, &rp->bdaddr);
695 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
698 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
700 __u8 status = *((__u8 *) skb->data);
702 BT_DBG("%s status 0x%x", hdev->name, status);
704 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
707 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
710 __u8 status = *((__u8 *) skb->data);
712 BT_DBG("%s status 0x%x", hdev->name, status);
714 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
717 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
719 __u8 status = *((__u8 *) skb->data);
721 BT_DBG("%s status 0x%x", hdev->name, status);
723 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
726 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
729 __u8 status = *((__u8 *) skb->data);
731 BT_DBG("%s status 0x%x", hdev->name, status);
733 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
736 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
739 __u8 status = *((__u8 *) skb->data);
741 BT_DBG("%s status 0x%x", hdev->name, status);
743 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
746 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
748 __u8 status = *((__u8 *) skb->data);
750 BT_DBG("%s status 0x%x", hdev->name, status);
752 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
755 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
757 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
758 struct hci_cp_pin_code_reply *cp;
759 struct hci_conn *conn;
761 BT_DBG("%s status 0x%x", hdev->name, rp->status);
763 if (test_bit(HCI_MGMT, &hdev->flags))
764 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
769 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
773 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
775 conn->pin_length = cp->pin_len;
778 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
780 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
782 BT_DBG("%s status 0x%x", hdev->name, rp->status);
784 if (test_bit(HCI_MGMT, &hdev->flags))
785 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
788 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
791 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
793 BT_DBG("%s status 0x%x", hdev->name, rp->status);
798 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
799 hdev->le_pkts = rp->le_max_pkt;
801 hdev->le_cnt = hdev->le_pkts;
803 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
805 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
808 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
810 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
812 BT_DBG("%s status 0x%x", hdev->name, rp->status);
814 if (test_bit(HCI_MGMT, &hdev->flags))
815 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
819 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
822 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
824 BT_DBG("%s status 0x%x", hdev->name, rp->status);
826 if (test_bit(HCI_MGMT, &hdev->flags))
827 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
831 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
834 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
836 BT_DBG("%s status 0x%x", hdev->name, rp->status);
838 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
839 rp->randomizer, rp->status);
842 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
844 BT_DBG("%s status 0x%x", hdev->name, status);
847 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
848 hci_conn_check_pending(hdev);
852 if (test_bit(HCI_MGMT, &hdev->flags) &&
853 !test_and_set_bit(HCI_INQUIRY,
855 mgmt_discovering(hdev->id, 1);
858 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
860 struct hci_cp_create_conn *cp;
861 struct hci_conn *conn;
863 BT_DBG("%s status 0x%x", hdev->name, status);
865 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
871 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
873 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
876 if (conn && conn->state == BT_CONNECT) {
877 if (status != 0x0c || conn->attempt > 2) {
878 conn->state = BT_CLOSED;
879 hci_proto_connect_cfm(conn, status);
882 conn->state = BT_CONNECT2;
886 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
889 conn->link_mode |= HCI_LM_MASTER;
891 BT_ERR("No memory for new connection");
895 hci_dev_unlock(hdev);
898 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
900 struct hci_cp_add_sco *cp;
901 struct hci_conn *acl, *sco;
904 BT_DBG("%s status 0x%x", hdev->name, status);
909 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
913 handle = __le16_to_cpu(cp->handle);
915 BT_DBG("%s handle %d", hdev->name, handle);
919 acl = hci_conn_hash_lookup_handle(hdev, handle);
923 sco->state = BT_CLOSED;
925 hci_proto_connect_cfm(sco, status);
930 hci_dev_unlock(hdev);
933 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
935 struct hci_cp_auth_requested *cp;
936 struct hci_conn *conn;
938 BT_DBG("%s status 0x%x", hdev->name, status);
943 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
949 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
951 if (conn->state == BT_CONFIG) {
952 hci_proto_connect_cfm(conn, status);
957 hci_dev_unlock(hdev);
960 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
962 struct hci_cp_set_conn_encrypt *cp;
963 struct hci_conn *conn;
965 BT_DBG("%s status 0x%x", hdev->name, status);
970 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
976 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
978 if (conn->state == BT_CONFIG) {
979 hci_proto_connect_cfm(conn, status);
984 hci_dev_unlock(hdev);
987 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
988 struct hci_conn *conn)
990 if (conn->state != BT_CONFIG || !conn->out)
993 if (conn->pending_sec_level == BT_SECURITY_SDP)
996 /* Only request authentication for SSP connections or non-SSP
997 * devices with sec_level HIGH */
998 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
999 conn->pending_sec_level != BT_SECURITY_HIGH)
1005 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1007 struct hci_cp_remote_name_req *cp;
1008 struct hci_conn *conn;
1010 BT_DBG("%s status 0x%x", hdev->name, status);
1012 /* If successful wait for the name req complete event before
1013 * checking for the need to do authentication */
1017 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1023 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1027 if (!hci_outgoing_auth_needed(hdev, conn))
1030 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1031 struct hci_cp_auth_requested cp;
1032 cp.handle = __cpu_to_le16(conn->handle);
1033 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1037 hci_dev_unlock(hdev);
1040 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1042 struct hci_cp_read_remote_features *cp;
1043 struct hci_conn *conn;
1045 BT_DBG("%s status 0x%x", hdev->name, status);
1050 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1056 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1058 if (conn->state == BT_CONFIG) {
1059 hci_proto_connect_cfm(conn, status);
1064 hci_dev_unlock(hdev);
1067 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1069 struct hci_cp_read_remote_ext_features *cp;
1070 struct hci_conn *conn;
1072 BT_DBG("%s status 0x%x", hdev->name, status);
1077 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1083 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1085 if (conn->state == BT_CONFIG) {
1086 hci_proto_connect_cfm(conn, status);
1091 hci_dev_unlock(hdev);
1094 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1096 struct hci_cp_setup_sync_conn *cp;
1097 struct hci_conn *acl, *sco;
1100 BT_DBG("%s status 0x%x", hdev->name, status);
1105 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1109 handle = __le16_to_cpu(cp->handle);
1111 BT_DBG("%s handle %d", hdev->name, handle);
1115 acl = hci_conn_hash_lookup_handle(hdev, handle);
1119 sco->state = BT_CLOSED;
1121 hci_proto_connect_cfm(sco, status);
1126 hci_dev_unlock(hdev);
1129 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1131 struct hci_cp_sniff_mode *cp;
1132 struct hci_conn *conn;
1134 BT_DBG("%s status 0x%x", hdev->name, status);
1139 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1147 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1149 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1150 hci_sco_setup(conn, status);
1153 hci_dev_unlock(hdev);
1156 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1158 struct hci_cp_exit_sniff_mode *cp;
1159 struct hci_conn *conn;
1161 BT_DBG("%s status 0x%x", hdev->name, status);
1166 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1172 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1174 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1176 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1177 hci_sco_setup(conn, status);
1180 hci_dev_unlock(hdev);
1183 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1185 struct hci_cp_le_create_conn *cp;
1186 struct hci_conn *conn;
1188 BT_DBG("%s status 0x%x", hdev->name, status);
1190 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1196 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1198 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1202 if (conn && conn->state == BT_CONNECT) {
1203 conn->state = BT_CLOSED;
1204 hci_proto_connect_cfm(conn, status);
1209 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1213 BT_ERR("No memory for new connection");
1217 hci_dev_unlock(hdev);
1220 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1222 __u8 status = *((__u8 *) skb->data);
1224 BT_DBG("%s status %d", hdev->name, status);
1226 if (test_bit(HCI_MGMT, &hdev->flags) &&
1227 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1228 mgmt_discovering(hdev->id, 0);
1230 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1232 hci_conn_check_pending(hdev);
1235 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1237 struct inquiry_data data;
1238 struct inquiry_info *info = (void *) (skb->data + 1);
1239 int num_rsp = *((__u8 *) skb->data);
1241 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1248 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1250 if (test_bit(HCI_MGMT, &hdev->flags))
1251 mgmt_discovering(hdev->id, 1);
1254 for (; num_rsp; num_rsp--, info++) {
1255 bacpy(&data.bdaddr, &info->bdaddr);
1256 data.pscan_rep_mode = info->pscan_rep_mode;
1257 data.pscan_period_mode = info->pscan_period_mode;
1258 data.pscan_mode = info->pscan_mode;
1259 memcpy(data.dev_class, info->dev_class, 3);
1260 data.clock_offset = info->clock_offset;
1262 data.ssp_mode = 0x00;
1263 hci_inquiry_cache_update(hdev, &data);
1264 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1268 hci_dev_unlock(hdev);
1271 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1273 struct hci_ev_conn_complete *ev = (void *) skb->data;
1274 struct hci_conn *conn;
1276 BT_DBG("%s", hdev->name);
1280 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1282 if (ev->link_type != SCO_LINK)
1285 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1289 conn->type = SCO_LINK;
1293 conn->handle = __le16_to_cpu(ev->handle);
1295 if (conn->type == ACL_LINK) {
1296 conn->state = BT_CONFIG;
1297 hci_conn_hold(conn);
1298 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1299 mgmt_connected(hdev->id, &ev->bdaddr);
1301 conn->state = BT_CONNECTED;
1303 hci_conn_hold_device(conn);
1304 hci_conn_add_sysfs(conn);
1306 if (test_bit(HCI_AUTH, &hdev->flags))
1307 conn->link_mode |= HCI_LM_AUTH;
1309 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1310 conn->link_mode |= HCI_LM_ENCRYPT;
1312 /* Get remote features */
1313 if (conn->type == ACL_LINK) {
1314 struct hci_cp_read_remote_features cp;
1315 cp.handle = ev->handle;
1316 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1320 /* Set packet type for incoming connection */
1321 if (!conn->out && hdev->hci_ver < 3) {
1322 struct hci_cp_change_conn_ptype cp;
1323 cp.handle = ev->handle;
1324 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1325 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1329 conn->state = BT_CLOSED;
1330 if (conn->type == ACL_LINK)
1331 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1334 if (conn->type == ACL_LINK)
1335 hci_sco_setup(conn, ev->status);
1338 hci_proto_connect_cfm(conn, ev->status);
1340 } else if (ev->link_type != ACL_LINK)
1341 hci_proto_connect_cfm(conn, ev->status);
1344 hci_dev_unlock(hdev);
1346 hci_conn_check_pending(hdev);
1349 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1351 struct hci_ev_conn_request *ev = (void *) skb->data;
1352 int mask = hdev->link_mode;
1354 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1355 batostr(&ev->bdaddr), ev->link_type);
1357 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1359 if ((mask & HCI_LM_ACCEPT) &&
1360 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1361 /* Connection accepted */
1362 struct inquiry_entry *ie;
1363 struct hci_conn *conn;
1367 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1369 memcpy(ie->data.dev_class, ev->dev_class, 3);
1371 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1373 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1375 BT_ERR("No memory for new connection");
1376 hci_dev_unlock(hdev);
1381 memcpy(conn->dev_class, ev->dev_class, 3);
1382 conn->state = BT_CONNECT;
1384 hci_dev_unlock(hdev);
1386 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1387 struct hci_cp_accept_conn_req cp;
1389 bacpy(&cp.bdaddr, &ev->bdaddr);
1391 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1392 cp.role = 0x00; /* Become master */
1394 cp.role = 0x01; /* Remain slave */
1396 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1399 struct hci_cp_accept_sync_conn_req cp;
1401 bacpy(&cp.bdaddr, &ev->bdaddr);
1402 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1404 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1405 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1406 cp.max_latency = cpu_to_le16(0xffff);
1407 cp.content_format = cpu_to_le16(hdev->voice_setting);
1408 cp.retrans_effort = 0xff;
1410 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1414 /* Connection rejected */
1415 struct hci_cp_reject_conn_req cp;
1417 bacpy(&cp.bdaddr, &ev->bdaddr);
1419 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1423 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1425 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1426 struct hci_conn *conn;
1428 BT_DBG("%s status %d", hdev->name, ev->status);
1431 mgmt_disconnect_failed(hdev->id);
1437 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1441 conn->state = BT_CLOSED;
1443 if (conn->type == ACL_LINK)
1444 mgmt_disconnected(hdev->id, &conn->dst);
1446 hci_proto_disconn_cfm(conn, ev->reason);
1450 hci_dev_unlock(hdev);
1453 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1455 struct hci_ev_auth_complete *ev = (void *) skb->data;
1456 struct hci_conn *conn;
1458 BT_DBG("%s status %d", hdev->name, ev->status);
1462 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1465 conn->link_mode |= HCI_LM_AUTH;
1466 conn->sec_level = conn->pending_sec_level;
1468 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1471 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1473 if (conn->state == BT_CONFIG) {
1474 if (!ev->status && hdev->ssp_mode > 0 &&
1475 conn->ssp_mode > 0) {
1476 struct hci_cp_set_conn_encrypt cp;
1477 cp.handle = ev->handle;
1479 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1482 conn->state = BT_CONNECTED;
1483 hci_proto_connect_cfm(conn, ev->status);
1487 hci_auth_cfm(conn, ev->status);
1489 hci_conn_hold(conn);
1490 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1494 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1496 struct hci_cp_set_conn_encrypt cp;
1497 cp.handle = ev->handle;
1499 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1502 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1503 hci_encrypt_cfm(conn, ev->status, 0x00);
1508 hci_dev_unlock(hdev);
1511 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1513 struct hci_ev_remote_name *ev = (void *) skb->data;
1514 struct hci_conn *conn;
1516 BT_DBG("%s", hdev->name);
1518 hci_conn_check_pending(hdev);
1522 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1523 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1525 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1529 if (!hci_outgoing_auth_needed(hdev, conn))
1532 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1533 struct hci_cp_auth_requested cp;
1534 cp.handle = __cpu_to_le16(conn->handle);
1535 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1539 hci_dev_unlock(hdev);
1542 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1544 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1545 struct hci_conn *conn;
1547 BT_DBG("%s status %d", hdev->name, ev->status);
1551 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1555 /* Encryption implies authentication */
1556 conn->link_mode |= HCI_LM_AUTH;
1557 conn->link_mode |= HCI_LM_ENCRYPT;
1559 conn->link_mode &= ~HCI_LM_ENCRYPT;
1562 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1564 if (conn->state == BT_CONFIG) {
1566 conn->state = BT_CONNECTED;
1568 hci_proto_connect_cfm(conn, ev->status);
1571 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1574 hci_dev_unlock(hdev);
1577 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1579 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1580 struct hci_conn *conn;
1582 BT_DBG("%s status %d", hdev->name, ev->status);
1586 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1589 conn->link_mode |= HCI_LM_SECURE;
1591 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1593 hci_key_change_cfm(conn, ev->status);
1596 hci_dev_unlock(hdev);
1599 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1601 struct hci_ev_remote_features *ev = (void *) skb->data;
1602 struct hci_conn *conn;
1604 BT_DBG("%s status %d", hdev->name, ev->status);
1608 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1613 memcpy(conn->features, ev->features, 8);
1615 if (conn->state != BT_CONFIG)
1618 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1619 struct hci_cp_read_remote_ext_features cp;
1620 cp.handle = ev->handle;
1622 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1628 struct hci_cp_remote_name_req cp;
1629 memset(&cp, 0, sizeof(cp));
1630 bacpy(&cp.bdaddr, &conn->dst);
1631 cp.pscan_rep_mode = 0x02;
1632 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1635 if (!hci_outgoing_auth_needed(hdev, conn)) {
1636 conn->state = BT_CONNECTED;
1637 hci_proto_connect_cfm(conn, ev->status);
1642 hci_dev_unlock(hdev);
1645 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1647 BT_DBG("%s", hdev->name);
1650 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1652 BT_DBG("%s", hdev->name);
1655 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1657 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1660 skb_pull(skb, sizeof(*ev));
1662 opcode = __le16_to_cpu(ev->opcode);
1665 case HCI_OP_INQUIRY_CANCEL:
1666 hci_cc_inquiry_cancel(hdev, skb);
1669 case HCI_OP_EXIT_PERIODIC_INQ:
1670 hci_cc_exit_periodic_inq(hdev, skb);
1673 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1674 hci_cc_remote_name_req_cancel(hdev, skb);
1677 case HCI_OP_ROLE_DISCOVERY:
1678 hci_cc_role_discovery(hdev, skb);
1681 case HCI_OP_READ_LINK_POLICY:
1682 hci_cc_read_link_policy(hdev, skb);
1685 case HCI_OP_WRITE_LINK_POLICY:
1686 hci_cc_write_link_policy(hdev, skb);
1689 case HCI_OP_READ_DEF_LINK_POLICY:
1690 hci_cc_read_def_link_policy(hdev, skb);
1693 case HCI_OP_WRITE_DEF_LINK_POLICY:
1694 hci_cc_write_def_link_policy(hdev, skb);
1698 hci_cc_reset(hdev, skb);
1701 case HCI_OP_WRITE_LOCAL_NAME:
1702 hci_cc_write_local_name(hdev, skb);
1705 case HCI_OP_READ_LOCAL_NAME:
1706 hci_cc_read_local_name(hdev, skb);
1709 case HCI_OP_WRITE_AUTH_ENABLE:
1710 hci_cc_write_auth_enable(hdev, skb);
1713 case HCI_OP_WRITE_ENCRYPT_MODE:
1714 hci_cc_write_encrypt_mode(hdev, skb);
1717 case HCI_OP_WRITE_SCAN_ENABLE:
1718 hci_cc_write_scan_enable(hdev, skb);
1721 case HCI_OP_READ_CLASS_OF_DEV:
1722 hci_cc_read_class_of_dev(hdev, skb);
1725 case HCI_OP_WRITE_CLASS_OF_DEV:
1726 hci_cc_write_class_of_dev(hdev, skb);
1729 case HCI_OP_READ_VOICE_SETTING:
1730 hci_cc_read_voice_setting(hdev, skb);
1733 case HCI_OP_WRITE_VOICE_SETTING:
1734 hci_cc_write_voice_setting(hdev, skb);
1737 case HCI_OP_HOST_BUFFER_SIZE:
1738 hci_cc_host_buffer_size(hdev, skb);
1741 case HCI_OP_READ_SSP_MODE:
1742 hci_cc_read_ssp_mode(hdev, skb);
1745 case HCI_OP_WRITE_SSP_MODE:
1746 hci_cc_write_ssp_mode(hdev, skb);
1749 case HCI_OP_READ_LOCAL_VERSION:
1750 hci_cc_read_local_version(hdev, skb);
1753 case HCI_OP_READ_LOCAL_COMMANDS:
1754 hci_cc_read_local_commands(hdev, skb);
1757 case HCI_OP_READ_LOCAL_FEATURES:
1758 hci_cc_read_local_features(hdev, skb);
1761 case HCI_OP_READ_BUFFER_SIZE:
1762 hci_cc_read_buffer_size(hdev, skb);
1765 case HCI_OP_READ_BD_ADDR:
1766 hci_cc_read_bd_addr(hdev, skb);
1769 case HCI_OP_WRITE_CA_TIMEOUT:
1770 hci_cc_write_ca_timeout(hdev, skb);
1773 case HCI_OP_DELETE_STORED_LINK_KEY:
1774 hci_cc_delete_stored_link_key(hdev, skb);
1777 case HCI_OP_SET_EVENT_MASK:
1778 hci_cc_set_event_mask(hdev, skb);
1781 case HCI_OP_WRITE_INQUIRY_MODE:
1782 hci_cc_write_inquiry_mode(hdev, skb);
1785 case HCI_OP_READ_INQ_RSP_TX_POWER:
1786 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1789 case HCI_OP_SET_EVENT_FLT:
1790 hci_cc_set_event_flt(hdev, skb);
1793 case HCI_OP_PIN_CODE_REPLY:
1794 hci_cc_pin_code_reply(hdev, skb);
1797 case HCI_OP_PIN_CODE_NEG_REPLY:
1798 hci_cc_pin_code_neg_reply(hdev, skb);
1801 case HCI_OP_READ_LOCAL_OOB_DATA:
1802 hci_cc_read_local_oob_data_reply(hdev, skb);
1805 case HCI_OP_LE_READ_BUFFER_SIZE:
1806 hci_cc_le_read_buffer_size(hdev, skb);
1809 case HCI_OP_USER_CONFIRM_REPLY:
1810 hci_cc_user_confirm_reply(hdev, skb);
1813 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1814 hci_cc_user_confirm_neg_reply(hdev, skb);
1818 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1822 if (ev->opcode != HCI_OP_NOP)
1823 del_timer(&hdev->cmd_timer);
1826 atomic_set(&hdev->cmd_cnt, 1);
1827 if (!skb_queue_empty(&hdev->cmd_q))
1828 tasklet_schedule(&hdev->cmd_task);
1832 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1834 struct hci_ev_cmd_status *ev = (void *) skb->data;
1837 skb_pull(skb, sizeof(*ev));
1839 opcode = __le16_to_cpu(ev->opcode);
1842 case HCI_OP_INQUIRY:
1843 hci_cs_inquiry(hdev, ev->status);
1846 case HCI_OP_CREATE_CONN:
1847 hci_cs_create_conn(hdev, ev->status);
1850 case HCI_OP_ADD_SCO:
1851 hci_cs_add_sco(hdev, ev->status);
1854 case HCI_OP_AUTH_REQUESTED:
1855 hci_cs_auth_requested(hdev, ev->status);
1858 case HCI_OP_SET_CONN_ENCRYPT:
1859 hci_cs_set_conn_encrypt(hdev, ev->status);
1862 case HCI_OP_REMOTE_NAME_REQ:
1863 hci_cs_remote_name_req(hdev, ev->status);
1866 case HCI_OP_READ_REMOTE_FEATURES:
1867 hci_cs_read_remote_features(hdev, ev->status);
1870 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1871 hci_cs_read_remote_ext_features(hdev, ev->status);
1874 case HCI_OP_SETUP_SYNC_CONN:
1875 hci_cs_setup_sync_conn(hdev, ev->status);
1878 case HCI_OP_SNIFF_MODE:
1879 hci_cs_sniff_mode(hdev, ev->status);
1882 case HCI_OP_EXIT_SNIFF_MODE:
1883 hci_cs_exit_sniff_mode(hdev, ev->status);
1886 case HCI_OP_DISCONNECT:
1887 if (ev->status != 0)
1888 mgmt_disconnect_failed(hdev->id);
1891 case HCI_OP_LE_CREATE_CONN:
1892 hci_cs_le_create_conn(hdev, ev->status);
1896 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1900 if (ev->opcode != HCI_OP_NOP)
1901 del_timer(&hdev->cmd_timer);
1903 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
1904 atomic_set(&hdev->cmd_cnt, 1);
1905 if (!skb_queue_empty(&hdev->cmd_q))
1906 tasklet_schedule(&hdev->cmd_task);
1910 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1912 struct hci_ev_role_change *ev = (void *) skb->data;
1913 struct hci_conn *conn;
1915 BT_DBG("%s status %d", hdev->name, ev->status);
1919 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1923 conn->link_mode &= ~HCI_LM_MASTER;
1925 conn->link_mode |= HCI_LM_MASTER;
1928 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1930 hci_role_switch_cfm(conn, ev->status, ev->role);
1933 hci_dev_unlock(hdev);
1936 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1938 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1942 skb_pull(skb, sizeof(*ev));
1944 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1946 if (skb->len < ev->num_hndl * 4) {
1947 BT_DBG("%s bad parameters", hdev->name);
1951 tasklet_disable(&hdev->tx_task);
1953 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1954 struct hci_conn *conn;
1955 __u16 handle, count;
1957 handle = get_unaligned_le16(ptr++);
1958 count = get_unaligned_le16(ptr++);
1960 conn = hci_conn_hash_lookup_handle(hdev, handle);
1962 conn->sent -= count;
1964 if (conn->type == ACL_LINK) {
1965 hdev->acl_cnt += count;
1966 if (hdev->acl_cnt > hdev->acl_pkts)
1967 hdev->acl_cnt = hdev->acl_pkts;
1968 } else if (conn->type == LE_LINK) {
1969 if (hdev->le_pkts) {
1970 hdev->le_cnt += count;
1971 if (hdev->le_cnt > hdev->le_pkts)
1972 hdev->le_cnt = hdev->le_pkts;
1974 hdev->acl_cnt += count;
1975 if (hdev->acl_cnt > hdev->acl_pkts)
1976 hdev->acl_cnt = hdev->acl_pkts;
1979 hdev->sco_cnt += count;
1980 if (hdev->sco_cnt > hdev->sco_pkts)
1981 hdev->sco_cnt = hdev->sco_pkts;
1986 tasklet_schedule(&hdev->tx_task);
1988 tasklet_enable(&hdev->tx_task);
1991 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1993 struct hci_ev_mode_change *ev = (void *) skb->data;
1994 struct hci_conn *conn;
1996 BT_DBG("%s status %d", hdev->name, ev->status);
2000 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2002 conn->mode = ev->mode;
2003 conn->interval = __le16_to_cpu(ev->interval);
2005 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2006 if (conn->mode == HCI_CM_ACTIVE)
2007 conn->power_save = 1;
2009 conn->power_save = 0;
2012 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2013 hci_sco_setup(conn, ev->status);
2016 hci_dev_unlock(hdev);
2019 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2021 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2022 struct hci_conn *conn;
2024 BT_DBG("%s", hdev->name);
2028 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2029 if (conn && conn->state == BT_CONNECTED) {
2030 hci_conn_hold(conn);
2031 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2035 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2036 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2037 sizeof(ev->bdaddr), &ev->bdaddr);
2039 if (test_bit(HCI_MGMT, &hdev->flags)) {
2042 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2047 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2050 hci_dev_unlock(hdev);
2053 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2055 struct hci_ev_link_key_req *ev = (void *) skb->data;
2056 struct hci_cp_link_key_reply cp;
2057 struct hci_conn *conn;
2058 struct link_key *key;
2060 BT_DBG("%s", hdev->name);
2062 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2067 key = hci_find_link_key(hdev, &ev->bdaddr);
2069 BT_DBG("%s link key not found for %s", hdev->name,
2070 batostr(&ev->bdaddr));
2074 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2075 batostr(&ev->bdaddr));
2077 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2078 key->type == HCI_LK_DEBUG_COMBINATION) {
2079 BT_DBG("%s ignoring debug key", hdev->name);
2083 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2085 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2086 conn->auth_type != 0xff &&
2087 (conn->auth_type & 0x01)) {
2088 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2092 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2093 conn->pending_sec_level == BT_SECURITY_HIGH) {
2094 BT_DBG("%s ignoring key unauthenticated for high \
2095 security", hdev->name);
2099 conn->key_type = key->type;
2100 conn->pin_length = key->pin_len;
2103 bacpy(&cp.bdaddr, &ev->bdaddr);
2104 memcpy(cp.link_key, key->val, 16);
2106 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2108 hci_dev_unlock(hdev);
2113 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2114 hci_dev_unlock(hdev);
2117 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2119 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2120 struct hci_conn *conn;
2123 BT_DBG("%s", hdev->name);
2127 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2129 hci_conn_hold(conn);
2130 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2131 pin_len = conn->pin_length;
2133 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2134 conn->key_type = ev->key_type;
2139 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2140 hci_add_link_key(hdev, 1, &ev->bdaddr, ev->link_key,
2141 ev->key_type, pin_len);
2143 hci_dev_unlock(hdev);
2146 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2148 struct hci_ev_clock_offset *ev = (void *) skb->data;
2149 struct hci_conn *conn;
2151 BT_DBG("%s status %d", hdev->name, ev->status);
2155 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2156 if (conn && !ev->status) {
2157 struct inquiry_entry *ie;
2159 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2161 ie->data.clock_offset = ev->clock_offset;
2162 ie->timestamp = jiffies;
2166 hci_dev_unlock(hdev);
2169 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2171 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2172 struct hci_conn *conn;
2174 BT_DBG("%s status %d", hdev->name, ev->status);
2178 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2179 if (conn && !ev->status)
2180 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2182 hci_dev_unlock(hdev);
2185 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2187 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2188 struct inquiry_entry *ie;
2190 BT_DBG("%s", hdev->name);
2194 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2196 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2197 ie->timestamp = jiffies;
2200 hci_dev_unlock(hdev);
2203 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2205 struct inquiry_data data;
2206 int num_rsp = *((__u8 *) skb->data);
2208 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2215 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2217 if (test_bit(HCI_MGMT, &hdev->flags))
2218 mgmt_discovering(hdev->id, 1);
2221 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2222 struct inquiry_info_with_rssi_and_pscan_mode *info;
2223 info = (void *) (skb->data + 1);
2225 for (; num_rsp; num_rsp--, info++) {
2226 bacpy(&data.bdaddr, &info->bdaddr);
2227 data.pscan_rep_mode = info->pscan_rep_mode;
2228 data.pscan_period_mode = info->pscan_period_mode;
2229 data.pscan_mode = info->pscan_mode;
2230 memcpy(data.dev_class, info->dev_class, 3);
2231 data.clock_offset = info->clock_offset;
2232 data.rssi = info->rssi;
2233 data.ssp_mode = 0x00;
2234 hci_inquiry_cache_update(hdev, &data);
2235 mgmt_device_found(hdev->id, &info->bdaddr,
2236 info->dev_class, info->rssi,
2240 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2242 for (; num_rsp; num_rsp--, info++) {
2243 bacpy(&data.bdaddr, &info->bdaddr);
2244 data.pscan_rep_mode = info->pscan_rep_mode;
2245 data.pscan_period_mode = info->pscan_period_mode;
2246 data.pscan_mode = 0x00;
2247 memcpy(data.dev_class, info->dev_class, 3);
2248 data.clock_offset = info->clock_offset;
2249 data.rssi = info->rssi;
2250 data.ssp_mode = 0x00;
2251 hci_inquiry_cache_update(hdev, &data);
2252 mgmt_device_found(hdev->id, &info->bdaddr,
2253 info->dev_class, info->rssi,
2258 hci_dev_unlock(hdev);
2261 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2263 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2264 struct hci_conn *conn;
2266 BT_DBG("%s", hdev->name);
2270 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2274 if (!ev->status && ev->page == 0x01) {
2275 struct inquiry_entry *ie;
2277 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2279 ie->data.ssp_mode = (ev->features[0] & 0x01);
2281 conn->ssp_mode = (ev->features[0] & 0x01);
2284 if (conn->state != BT_CONFIG)
2288 struct hci_cp_remote_name_req cp;
2289 memset(&cp, 0, sizeof(cp));
2290 bacpy(&cp.bdaddr, &conn->dst);
2291 cp.pscan_rep_mode = 0x02;
2292 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2295 if (!hci_outgoing_auth_needed(hdev, conn)) {
2296 conn->state = BT_CONNECTED;
2297 hci_proto_connect_cfm(conn, ev->status);
2302 hci_dev_unlock(hdev);
2305 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2307 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2308 struct hci_conn *conn;
2310 BT_DBG("%s status %d", hdev->name, ev->status);
2314 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2316 if (ev->link_type == ESCO_LINK)
2319 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2323 conn->type = SCO_LINK;
2326 switch (ev->status) {
2328 conn->handle = __le16_to_cpu(ev->handle);
2329 conn->state = BT_CONNECTED;
2331 hci_conn_hold_device(conn);
2332 hci_conn_add_sysfs(conn);
2335 case 0x11: /* Unsupported Feature or Parameter Value */
2336 case 0x1c: /* SCO interval rejected */
2337 case 0x1a: /* Unsupported Remote Feature */
2338 case 0x1f: /* Unspecified error */
2339 if (conn->out && conn->attempt < 2) {
2340 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2341 (hdev->esco_type & EDR_ESCO_MASK);
2342 hci_setup_sync(conn, conn->link->handle);
2348 conn->state = BT_CLOSED;
2352 hci_proto_connect_cfm(conn, ev->status);
2357 hci_dev_unlock(hdev);
2360 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2362 BT_DBG("%s", hdev->name);
2365 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2367 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2369 BT_DBG("%s status %d", hdev->name, ev->status);
2372 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2374 struct inquiry_data data;
2375 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2376 int num_rsp = *((__u8 *) skb->data);
2378 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2383 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2385 if (test_bit(HCI_MGMT, &hdev->flags))
2386 mgmt_discovering(hdev->id, 1);
2391 for (; num_rsp; num_rsp--, info++) {
2392 bacpy(&data.bdaddr, &info->bdaddr);
2393 data.pscan_rep_mode = info->pscan_rep_mode;
2394 data.pscan_period_mode = info->pscan_period_mode;
2395 data.pscan_mode = 0x00;
2396 memcpy(data.dev_class, info->dev_class, 3);
2397 data.clock_offset = info->clock_offset;
2398 data.rssi = info->rssi;
2399 data.ssp_mode = 0x01;
2400 hci_inquiry_cache_update(hdev, &data);
2401 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2402 info->rssi, info->data);
2405 hci_dev_unlock(hdev);
2408 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2410 /* If remote requests dedicated bonding follow that lead */
2411 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2412 /* If both remote and local IO capabilities allow MITM
2413 * protection then require it, otherwise don't */
2414 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2420 /* If remote requests no-bonding follow that lead */
2421 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2422 return conn->remote_auth | (conn->auth_type & 0x01);
2424 return conn->auth_type;
2427 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2429 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2430 struct hci_conn *conn;
2432 BT_DBG("%s", hdev->name);
2436 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2440 hci_conn_hold(conn);
2442 if (!test_bit(HCI_MGMT, &hdev->flags))
2445 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2446 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2447 struct hci_cp_io_capability_reply cp;
2449 bacpy(&cp.bdaddr, &ev->bdaddr);
2450 cp.capability = conn->io_capability;
2451 cp.authentication = hci_get_auth_req(conn);
2453 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2454 hci_find_remote_oob_data(hdev, &conn->dst))
2459 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2462 struct hci_cp_io_capability_neg_reply cp;
2464 bacpy(&cp.bdaddr, &ev->bdaddr);
2465 cp.reason = 0x16; /* Pairing not allowed */
2467 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2472 hci_dev_unlock(hdev);
2475 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2477 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2478 struct hci_conn *conn;
2480 BT_DBG("%s", hdev->name);
2484 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2488 conn->remote_cap = ev->capability;
2489 conn->remote_oob = ev->oob_data;
2490 conn->remote_auth = ev->authentication;
2493 hci_dev_unlock(hdev);
2496 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2497 struct sk_buff *skb)
2499 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2500 int loc_mitm, rem_mitm;
2501 struct hci_conn *conn;
2503 BT_DBG("%s", hdev->name);
2507 if (!test_bit(HCI_MGMT, &hdev->flags))
2510 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2514 loc_mitm = (conn->auth_type & 0x01);
2515 rem_mitm = (conn->remote_auth & 0x01);
2517 /* If we require MITM but the remote device can't provide that
2518 * (it has NoInputNoOutput) then reject the confirmation
2519 * request. The only exception is when we're dedicated bonding
2520 * initiators (connect_cfm_cb set) since then we always have the MITM
2522 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2523 BT_DBG("Rejecting request: remote device can't provide MITM");
2524 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2525 sizeof(ev->bdaddr), &ev->bdaddr);
2529 /* If no side requires MITM protection; auto-accept */
2530 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2531 (!rem_mitm || conn->io_capability == 0x03)) {
2532 BT_DBG("Auto-accept of user confirmation with %ums delay",
2533 hdev->auto_accept_delay);
2535 if (hdev->auto_accept_delay > 0) {
2536 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2537 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2541 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2542 sizeof(ev->bdaddr), &ev->bdaddr);
2546 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey);
2549 hci_dev_unlock(hdev);
2552 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2554 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2555 struct hci_conn *conn;
2557 BT_DBG("%s", hdev->name);
2561 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2565 /* To avoid duplicate auth_failed events to user space we check
2566 * the HCI_CONN_AUTH_PEND flag which will be set if we
2567 * initiated the authentication. A traditional auth_complete
2568 * event gets always produced as initiator and is also mapped to
2569 * the mgmt_auth_failed event */
2570 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2571 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2576 hci_dev_unlock(hdev);
2579 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2581 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2582 struct inquiry_entry *ie;
2584 BT_DBG("%s", hdev->name);
2588 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2590 ie->data.ssp_mode = (ev->features[0] & 0x01);
2592 hci_dev_unlock(hdev);
2595 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2596 struct sk_buff *skb)
2598 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2599 struct oob_data *data;
2601 BT_DBG("%s", hdev->name);
2605 if (!test_bit(HCI_MGMT, &hdev->flags))
2608 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2610 struct hci_cp_remote_oob_data_reply cp;
2612 bacpy(&cp.bdaddr, &ev->bdaddr);
2613 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2614 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2616 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2619 struct hci_cp_remote_oob_data_neg_reply cp;
2621 bacpy(&cp.bdaddr, &ev->bdaddr);
2622 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2627 hci_dev_unlock(hdev);
2630 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2632 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2633 struct hci_conn *conn;
2635 BT_DBG("%s status %d", hdev->name, ev->status);
2639 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2641 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2643 BT_ERR("No memory for new connection");
2644 hci_dev_unlock(hdev);
2650 hci_proto_connect_cfm(conn, ev->status);
2651 conn->state = BT_CLOSED;
2656 conn->handle = __le16_to_cpu(ev->handle);
2657 conn->state = BT_CONNECTED;
2659 hci_conn_hold_device(conn);
2660 hci_conn_add_sysfs(conn);
2662 hci_proto_connect_cfm(conn, ev->status);
2665 hci_dev_unlock(hdev);
2668 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2670 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2672 skb_pull(skb, sizeof(*le_ev));
2674 switch (le_ev->subevent) {
2675 case HCI_EV_LE_CONN_COMPLETE:
2676 hci_le_conn_complete_evt(hdev, skb);
2684 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2686 struct hci_event_hdr *hdr = (void *) skb->data;
2687 __u8 event = hdr->evt;
2689 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2692 case HCI_EV_INQUIRY_COMPLETE:
2693 hci_inquiry_complete_evt(hdev, skb);
2696 case HCI_EV_INQUIRY_RESULT:
2697 hci_inquiry_result_evt(hdev, skb);
2700 case HCI_EV_CONN_COMPLETE:
2701 hci_conn_complete_evt(hdev, skb);
2704 case HCI_EV_CONN_REQUEST:
2705 hci_conn_request_evt(hdev, skb);
2708 case HCI_EV_DISCONN_COMPLETE:
2709 hci_disconn_complete_evt(hdev, skb);
2712 case HCI_EV_AUTH_COMPLETE:
2713 hci_auth_complete_evt(hdev, skb);
2716 case HCI_EV_REMOTE_NAME:
2717 hci_remote_name_evt(hdev, skb);
2720 case HCI_EV_ENCRYPT_CHANGE:
2721 hci_encrypt_change_evt(hdev, skb);
2724 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2725 hci_change_link_key_complete_evt(hdev, skb);
2728 case HCI_EV_REMOTE_FEATURES:
2729 hci_remote_features_evt(hdev, skb);
2732 case HCI_EV_REMOTE_VERSION:
2733 hci_remote_version_evt(hdev, skb);
2736 case HCI_EV_QOS_SETUP_COMPLETE:
2737 hci_qos_setup_complete_evt(hdev, skb);
2740 case HCI_EV_CMD_COMPLETE:
2741 hci_cmd_complete_evt(hdev, skb);
2744 case HCI_EV_CMD_STATUS:
2745 hci_cmd_status_evt(hdev, skb);
2748 case HCI_EV_ROLE_CHANGE:
2749 hci_role_change_evt(hdev, skb);
2752 case HCI_EV_NUM_COMP_PKTS:
2753 hci_num_comp_pkts_evt(hdev, skb);
2756 case HCI_EV_MODE_CHANGE:
2757 hci_mode_change_evt(hdev, skb);
2760 case HCI_EV_PIN_CODE_REQ:
2761 hci_pin_code_request_evt(hdev, skb);
2764 case HCI_EV_LINK_KEY_REQ:
2765 hci_link_key_request_evt(hdev, skb);
2768 case HCI_EV_LINK_KEY_NOTIFY:
2769 hci_link_key_notify_evt(hdev, skb);
2772 case HCI_EV_CLOCK_OFFSET:
2773 hci_clock_offset_evt(hdev, skb);
2776 case HCI_EV_PKT_TYPE_CHANGE:
2777 hci_pkt_type_change_evt(hdev, skb);
2780 case HCI_EV_PSCAN_REP_MODE:
2781 hci_pscan_rep_mode_evt(hdev, skb);
2784 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2785 hci_inquiry_result_with_rssi_evt(hdev, skb);
2788 case HCI_EV_REMOTE_EXT_FEATURES:
2789 hci_remote_ext_features_evt(hdev, skb);
2792 case HCI_EV_SYNC_CONN_COMPLETE:
2793 hci_sync_conn_complete_evt(hdev, skb);
2796 case HCI_EV_SYNC_CONN_CHANGED:
2797 hci_sync_conn_changed_evt(hdev, skb);
2800 case HCI_EV_SNIFF_SUBRATE:
2801 hci_sniff_subrate_evt(hdev, skb);
2804 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2805 hci_extended_inquiry_result_evt(hdev, skb);
2808 case HCI_EV_IO_CAPA_REQUEST:
2809 hci_io_capa_request_evt(hdev, skb);
2812 case HCI_EV_IO_CAPA_REPLY:
2813 hci_io_capa_reply_evt(hdev, skb);
2816 case HCI_EV_USER_CONFIRM_REQUEST:
2817 hci_user_confirm_request_evt(hdev, skb);
2820 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2821 hci_simple_pair_complete_evt(hdev, skb);
2824 case HCI_EV_REMOTE_HOST_FEATURES:
2825 hci_remote_host_features_evt(hdev, skb);
2828 case HCI_EV_LE_META:
2829 hci_le_meta_evt(hdev, skb);
2832 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
2833 hci_remote_oob_data_request_evt(hdev, skb);
2837 BT_DBG("%s event 0x%x", hdev->name, event);
2842 hdev->stat.evt_rx++;
2845 /* Generate internal stack event */
2846 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
2848 struct hci_event_hdr *hdr;
2849 struct hci_ev_stack_internal *ev;
2850 struct sk_buff *skb;
2852 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
2856 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
2857 hdr->evt = HCI_EV_STACK_INTERNAL;
2858 hdr->plen = sizeof(*ev) + dlen;
2860 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
2862 memcpy(ev->data, data, dlen);
2864 bt_cb(skb)->incoming = 1;
2865 __net_timestamp(skb);
2867 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
2868 skb->dev = (void *) hdev;
2869 hci_send_to_sock(hdev, skb, NULL);