2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP core and sockets. */
29 #include <linux/module.h>
31 #include <linux/types.h>
32 #include <linux/capability.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/interrupt.h>
41 #include <linux/socket.h>
42 #include <linux/skbuff.h>
43 #include <linux/list.h>
44 #include <linux/device.h>
45 #include <linux/debugfs.h>
46 #include <linux/seq_file.h>
47 #include <linux/uaccess.h>
48 #include <linux/crc16.h>
51 #include <asm/system.h>
52 #include <asm/unaligned.h>
54 #include <net/bluetooth/bluetooth.h>
55 #include <net/bluetooth/hci_core.h>
56 #include <net/bluetooth/l2cap.h>
58 #define VERSION "2.15"
60 static int disable_ertm;
62 static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
63 static u8 l2cap_fixed_chan[8] = { 0x02, };
65 static const struct proto_ops l2cap_sock_ops;
67 static struct workqueue_struct *_busy_wq;
69 static struct bt_sock_list l2cap_sk_list = {
70 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
73 static void l2cap_busy_work(struct work_struct *work);
75 static void __l2cap_sock_close(struct sock *sk, int reason);
76 static void l2cap_sock_close(struct sock *sk);
77 static void l2cap_sock_kill(struct sock *sk);
79 static int l2cap_build_conf_req(struct sock *sk, void *data);
80 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
81 u8 code, u8 ident, u16 dlen, void *data);
83 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
85 /* ---- L2CAP timers ---- */
86 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
88 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
89 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
92 static void l2cap_sock_clear_timer(struct sock *sk)
94 BT_DBG("sock %p state %d", sk, sk->sk_state);
95 sk_stop_timer(sk, &sk->sk_timer);
98 static void l2cap_sock_timeout(unsigned long arg)
100 struct sock *sk = (struct sock *) arg;
103 BT_DBG("sock %p state %d", sk, sk->sk_state);
107 if (sock_owned_by_user(sk)) {
108 /* sk is owned by user. Try again later */
109 l2cap_sock_set_timer(sk, HZ / 5);
115 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
116 reason = ECONNREFUSED;
117 else if (sk->sk_state == BT_CONNECT &&
118 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
119 reason = ECONNREFUSED;
123 __l2cap_sock_close(sk, reason);
131 /* ---- L2CAP channels ---- */
132 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
135 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
136 if (l2cap_pi(s)->dcid == cid)
142 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
145 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
146 if (l2cap_pi(s)->scid == cid)
152 /* Find channel with given SCID.
153 * Returns locked socket */
154 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
158 s = __l2cap_get_chan_by_scid(l, cid);
161 read_unlock(&l->lock);
165 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
168 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
169 if (l2cap_pi(s)->ident == ident)
175 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
179 s = __l2cap_get_chan_by_ident(l, ident);
182 read_unlock(&l->lock);
186 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
188 u16 cid = L2CAP_CID_DYN_START;
190 for (; cid < L2CAP_CID_DYN_END; cid++) {
191 if (!__l2cap_get_chan_by_scid(l, cid))
198 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
203 l2cap_pi(l->head)->prev_c = sk;
205 l2cap_pi(sk)->next_c = l->head;
206 l2cap_pi(sk)->prev_c = NULL;
210 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
212 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
214 write_lock_bh(&l->lock);
219 l2cap_pi(next)->prev_c = prev;
221 l2cap_pi(prev)->next_c = next;
222 write_unlock_bh(&l->lock);
227 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
229 struct l2cap_chan_list *l = &conn->chan_list;
231 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
232 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
234 conn->disc_reason = 0x13;
236 l2cap_pi(sk)->conn = conn;
238 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
239 /* Alloc CID for connection-oriented socket */
240 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
241 } else if (sk->sk_type == SOCK_DGRAM) {
242 /* Connectionless socket */
243 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
244 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
245 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
247 /* Raw socket can send/recv signalling messages only */
248 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
249 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
250 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
253 __l2cap_chan_link(l, sk);
256 bt_accept_enqueue(parent, sk);
260 * Must be called on the locked socket. */
261 static void l2cap_chan_del(struct sock *sk, int err)
263 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
264 struct sock *parent = bt_sk(sk)->parent;
266 l2cap_sock_clear_timer(sk);
268 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
271 /* Unlink from channel list */
272 l2cap_chan_unlink(&conn->chan_list, sk);
273 l2cap_pi(sk)->conn = NULL;
274 hci_conn_put(conn->hcon);
277 sk->sk_state = BT_CLOSED;
278 sock_set_flag(sk, SOCK_ZAPPED);
284 bt_accept_unlink(sk);
285 parent->sk_data_ready(parent, 0);
287 sk->sk_state_change(sk);
289 skb_queue_purge(TX_QUEUE(sk));
291 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
292 struct srej_list *l, *tmp;
294 del_timer(&l2cap_pi(sk)->retrans_timer);
295 del_timer(&l2cap_pi(sk)->monitor_timer);
296 del_timer(&l2cap_pi(sk)->ack_timer);
298 skb_queue_purge(SREJ_QUEUE(sk));
299 skb_queue_purge(BUSY_QUEUE(sk));
301 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
308 /* Service level security */
309 static inline int l2cap_check_security(struct sock *sk)
311 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
314 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
315 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
316 auth_type = HCI_AT_NO_BONDING_MITM;
318 auth_type = HCI_AT_NO_BONDING;
320 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
321 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
323 switch (l2cap_pi(sk)->sec_level) {
324 case BT_SECURITY_HIGH:
325 auth_type = HCI_AT_GENERAL_BONDING_MITM;
327 case BT_SECURITY_MEDIUM:
328 auth_type = HCI_AT_GENERAL_BONDING;
331 auth_type = HCI_AT_NO_BONDING;
336 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
340 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
344 /* Get next available identificator.
345 * 1 - 128 are used by kernel.
346 * 129 - 199 are reserved.
347 * 200 - 254 are used by utilities like l2ping, etc.
350 spin_lock_bh(&conn->lock);
352 if (++conn->tx_ident > 128)
357 spin_unlock_bh(&conn->lock);
362 static inline void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
364 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
366 BT_DBG("code 0x%2.2x", code);
371 hci_send_acl(conn->hcon, skb, 0);
374 static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
377 struct l2cap_hdr *lh;
378 struct l2cap_conn *conn = pi->conn;
379 struct sock *sk = (struct sock *)pi;
380 int count, hlen = L2CAP_HDR_SIZE + 2;
382 if (sk->sk_state != BT_CONNECTED)
385 if (pi->fcs == L2CAP_FCS_CRC16)
388 BT_DBG("pi %p, control 0x%2.2x", pi, control);
390 count = min_t(unsigned int, conn->mtu, hlen);
391 control |= L2CAP_CTRL_FRAME_TYPE;
393 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
394 control |= L2CAP_CTRL_FINAL;
395 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
398 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
399 control |= L2CAP_CTRL_POLL;
400 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
403 skb = bt_skb_alloc(count, GFP_ATOMIC);
407 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
408 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
409 lh->cid = cpu_to_le16(pi->dcid);
410 put_unaligned_le16(control, skb_put(skb, 2));
412 if (pi->fcs == L2CAP_FCS_CRC16) {
413 u16 fcs = crc16(0, (u8 *)lh, count - 2);
414 put_unaligned_le16(fcs, skb_put(skb, 2));
417 hci_send_acl(pi->conn->hcon, skb, 0);
420 static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
422 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
423 control |= L2CAP_SUPER_RCV_NOT_READY;
424 pi->conn_state |= L2CAP_CONN_RNR_SENT;
426 control |= L2CAP_SUPER_RCV_READY;
428 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
430 l2cap_send_sframe(pi, control);
433 static inline int __l2cap_no_conn_pending(struct sock *sk)
435 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND);
438 static void l2cap_do_start(struct sock *sk)
440 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
442 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
443 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
446 if (l2cap_check_security(sk) && __l2cap_no_conn_pending(sk)) {
447 struct l2cap_conn_req req;
448 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
449 req.psm = l2cap_pi(sk)->psm;
451 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
452 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
454 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
455 L2CAP_CONN_REQ, sizeof(req), &req);
458 struct l2cap_info_req req;
459 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
461 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
462 conn->info_ident = l2cap_get_ident(conn);
464 mod_timer(&conn->info_timer, jiffies +
465 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
467 l2cap_send_cmd(conn, conn->info_ident,
468 L2CAP_INFO_REQ, sizeof(req), &req);
472 static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
474 u32 local_feat_mask = l2cap_feat_mask;
476 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
479 case L2CAP_MODE_ERTM:
480 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
481 case L2CAP_MODE_STREAMING:
482 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
488 static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
490 struct l2cap_disconn_req req;
495 skb_queue_purge(TX_QUEUE(sk));
497 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
498 del_timer(&l2cap_pi(sk)->retrans_timer);
499 del_timer(&l2cap_pi(sk)->monitor_timer);
500 del_timer(&l2cap_pi(sk)->ack_timer);
503 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
504 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
505 l2cap_send_cmd(conn, l2cap_get_ident(conn),
506 L2CAP_DISCONN_REQ, sizeof(req), &req);
508 sk->sk_state = BT_DISCONN;
512 /* ---- L2CAP connections ---- */
513 static void l2cap_conn_start(struct l2cap_conn *conn)
515 struct l2cap_chan_list *l = &conn->chan_list;
516 struct sock_del_list del, *tmp1, *tmp2;
519 BT_DBG("conn %p", conn);
521 INIT_LIST_HEAD(&del.list);
525 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
528 if (sk->sk_type != SOCK_SEQPACKET &&
529 sk->sk_type != SOCK_STREAM) {
534 if (sk->sk_state == BT_CONNECT) {
535 struct l2cap_conn_req req;
537 if (!l2cap_check_security(sk) ||
538 !__l2cap_no_conn_pending(sk)) {
543 if (!l2cap_mode_supported(l2cap_pi(sk)->mode,
545 && l2cap_pi(sk)->conf_state &
546 L2CAP_CONF_STATE2_DEVICE) {
547 tmp1 = kzalloc(sizeof(struct sock_del_list),
550 list_add_tail(&tmp1->list, &del.list);
555 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
556 req.psm = l2cap_pi(sk)->psm;
558 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
559 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
561 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
562 L2CAP_CONN_REQ, sizeof(req), &req);
564 } else if (sk->sk_state == BT_CONNECT2) {
565 struct l2cap_conn_rsp rsp;
567 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
568 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
570 if (l2cap_check_security(sk)) {
571 if (bt_sk(sk)->defer_setup) {
572 struct sock *parent = bt_sk(sk)->parent;
573 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
574 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
575 parent->sk_data_ready(parent, 0);
578 sk->sk_state = BT_CONFIG;
579 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
580 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
583 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
584 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
587 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
588 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
590 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT ||
591 rsp.result != L2CAP_CR_SUCCESS) {
596 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
597 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
598 l2cap_build_conf_req(sk, buf), buf);
599 l2cap_pi(sk)->num_conf_req++;
605 read_unlock(&l->lock);
607 list_for_each_entry_safe(tmp1, tmp2, &del.list, list) {
608 bh_lock_sock(tmp1->sk);
609 __l2cap_sock_close(tmp1->sk, ECONNRESET);
610 bh_unlock_sock(tmp1->sk);
611 list_del(&tmp1->list);
616 static void l2cap_conn_ready(struct l2cap_conn *conn)
618 struct l2cap_chan_list *l = &conn->chan_list;
621 BT_DBG("conn %p", conn);
625 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
628 if (sk->sk_type != SOCK_SEQPACKET &&
629 sk->sk_type != SOCK_STREAM) {
630 l2cap_sock_clear_timer(sk);
631 sk->sk_state = BT_CONNECTED;
632 sk->sk_state_change(sk);
633 } else if (sk->sk_state == BT_CONNECT)
639 read_unlock(&l->lock);
642 /* Notify sockets that we cannot guaranty reliability anymore */
643 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
645 struct l2cap_chan_list *l = &conn->chan_list;
648 BT_DBG("conn %p", conn);
652 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
653 if (l2cap_pi(sk)->force_reliable)
657 read_unlock(&l->lock);
660 static void l2cap_info_timeout(unsigned long arg)
662 struct l2cap_conn *conn = (void *) arg;
664 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
665 conn->info_ident = 0;
667 l2cap_conn_start(conn);
670 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
672 struct l2cap_conn *conn = hcon->l2cap_data;
677 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
681 hcon->l2cap_data = conn;
684 BT_DBG("hcon %p conn %p", hcon, conn);
686 conn->mtu = hcon->hdev->acl_mtu;
687 conn->src = &hcon->hdev->bdaddr;
688 conn->dst = &hcon->dst;
692 spin_lock_init(&conn->lock);
693 rwlock_init(&conn->chan_list.lock);
695 setup_timer(&conn->info_timer, l2cap_info_timeout,
696 (unsigned long) conn);
698 conn->disc_reason = 0x13;
703 static void l2cap_conn_del(struct hci_conn *hcon, int err)
705 struct l2cap_conn *conn = hcon->l2cap_data;
711 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
713 kfree_skb(conn->rx_skb);
716 while ((sk = conn->chan_list.head)) {
718 l2cap_chan_del(sk, err);
723 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
724 del_timer_sync(&conn->info_timer);
726 hcon->l2cap_data = NULL;
730 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
732 struct l2cap_chan_list *l = &conn->chan_list;
733 write_lock_bh(&l->lock);
734 __l2cap_chan_add(conn, sk, parent);
735 write_unlock_bh(&l->lock);
738 /* ---- Socket interface ---- */
739 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
742 struct hlist_node *node;
743 sk_for_each(sk, node, &l2cap_sk_list.head)
744 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
751 /* Find socket with psm and source bdaddr.
752 * Returns closest match.
754 static struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
756 struct sock *sk = NULL, *sk1 = NULL;
757 struct hlist_node *node;
759 read_lock(&l2cap_sk_list.lock);
761 sk_for_each(sk, node, &l2cap_sk_list.head) {
762 if (state && sk->sk_state != state)
765 if (l2cap_pi(sk)->psm == psm) {
767 if (!bacmp(&bt_sk(sk)->src, src))
771 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
776 read_unlock(&l2cap_sk_list.lock);
778 return node ? sk : sk1;
781 static void l2cap_sock_destruct(struct sock *sk)
785 skb_queue_purge(&sk->sk_receive_queue);
786 skb_queue_purge(&sk->sk_write_queue);
789 static void l2cap_sock_cleanup_listen(struct sock *parent)
793 BT_DBG("parent %p", parent);
795 /* Close not yet accepted channels */
796 while ((sk = bt_accept_dequeue(parent, NULL)))
797 l2cap_sock_close(sk);
799 parent->sk_state = BT_CLOSED;
800 sock_set_flag(parent, SOCK_ZAPPED);
803 /* Kill socket (only if zapped and orphan)
804 * Must be called on unlocked socket.
806 static void l2cap_sock_kill(struct sock *sk)
808 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
811 BT_DBG("sk %p state %d", sk, sk->sk_state);
813 /* Kill poor orphan */
814 bt_sock_unlink(&l2cap_sk_list, sk);
815 sock_set_flag(sk, SOCK_DEAD);
819 static void __l2cap_sock_close(struct sock *sk, int reason)
821 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
823 switch (sk->sk_state) {
825 l2cap_sock_cleanup_listen(sk);
830 if (sk->sk_type == SOCK_SEQPACKET ||
831 sk->sk_type == SOCK_STREAM) {
832 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
834 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
835 l2cap_send_disconn_req(conn, sk, reason);
837 l2cap_chan_del(sk, reason);
841 if (sk->sk_type == SOCK_SEQPACKET ||
842 sk->sk_type == SOCK_STREAM) {
843 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
844 struct l2cap_conn_rsp rsp;
847 if (bt_sk(sk)->defer_setup)
848 result = L2CAP_CR_SEC_BLOCK;
850 result = L2CAP_CR_BAD_PSM;
852 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
853 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
854 rsp.result = cpu_to_le16(result);
855 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
856 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
857 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
859 l2cap_chan_del(sk, reason);
864 l2cap_chan_del(sk, reason);
868 sock_set_flag(sk, SOCK_ZAPPED);
873 /* Must be called on unlocked socket. */
874 static void l2cap_sock_close(struct sock *sk)
876 l2cap_sock_clear_timer(sk);
878 __l2cap_sock_close(sk, ECONNRESET);
883 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
885 struct l2cap_pinfo *pi = l2cap_pi(sk);
890 sk->sk_type = parent->sk_type;
891 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
893 pi->imtu = l2cap_pi(parent)->imtu;
894 pi->omtu = l2cap_pi(parent)->omtu;
895 pi->conf_state = l2cap_pi(parent)->conf_state;
896 pi->mode = l2cap_pi(parent)->mode;
897 pi->fcs = l2cap_pi(parent)->fcs;
898 pi->max_tx = l2cap_pi(parent)->max_tx;
899 pi->tx_win = l2cap_pi(parent)->tx_win;
900 pi->sec_level = l2cap_pi(parent)->sec_level;
901 pi->role_switch = l2cap_pi(parent)->role_switch;
902 pi->force_reliable = l2cap_pi(parent)->force_reliable;
904 pi->imtu = L2CAP_DEFAULT_MTU;
906 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
907 pi->mode = L2CAP_MODE_ERTM;
908 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
910 pi->mode = L2CAP_MODE_BASIC;
912 pi->max_tx = L2CAP_DEFAULT_MAX_TX;
913 pi->fcs = L2CAP_FCS_CRC16;
914 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
915 pi->sec_level = BT_SECURITY_LOW;
917 pi->force_reliable = 0;
920 /* Default config options */
922 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
923 skb_queue_head_init(TX_QUEUE(sk));
924 skb_queue_head_init(SREJ_QUEUE(sk));
925 skb_queue_head_init(BUSY_QUEUE(sk));
926 INIT_LIST_HEAD(SREJ_LIST(sk));
929 static struct proto l2cap_proto = {
931 .owner = THIS_MODULE,
932 .obj_size = sizeof(struct l2cap_pinfo)
935 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
939 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
943 sock_init_data(sock, sk);
944 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
946 sk->sk_destruct = l2cap_sock_destruct;
947 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
949 sock_reset_flag(sk, SOCK_ZAPPED);
951 sk->sk_protocol = proto;
952 sk->sk_state = BT_OPEN;
954 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
956 bt_sock_link(&l2cap_sk_list, sk);
960 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
965 BT_DBG("sock %p", sock);
967 sock->state = SS_UNCONNECTED;
969 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
970 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
971 return -ESOCKTNOSUPPORT;
973 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
976 sock->ops = &l2cap_sock_ops;
978 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
982 l2cap_sock_init(sk, NULL);
986 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
988 struct sock *sk = sock->sk;
989 struct sockaddr_l2 la;
994 if (!addr || addr->sa_family != AF_BLUETOOTH)
997 memset(&la, 0, sizeof(la));
998 len = min_t(unsigned int, sizeof(la), alen);
999 memcpy(&la, addr, len);
1006 if (sk->sk_state != BT_OPEN) {
1012 __u16 psm = __le16_to_cpu(la.l2_psm);
1014 /* PSM must be odd and lsb of upper byte must be 0 */
1015 if ((psm & 0x0101) != 0x0001) {
1020 /* Restrict usage of well-known PSMs */
1021 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
1027 write_lock_bh(&l2cap_sk_list.lock);
1029 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
1032 /* Save source address */
1033 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
1034 l2cap_pi(sk)->psm = la.l2_psm;
1035 l2cap_pi(sk)->sport = la.l2_psm;
1036 sk->sk_state = BT_BOUND;
1038 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
1039 __le16_to_cpu(la.l2_psm) == 0x0003)
1040 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1043 write_unlock_bh(&l2cap_sk_list.lock);
1050 static int l2cap_do_connect(struct sock *sk)
1052 bdaddr_t *src = &bt_sk(sk)->src;
1053 bdaddr_t *dst = &bt_sk(sk)->dst;
1054 struct l2cap_conn *conn;
1055 struct hci_conn *hcon;
1056 struct hci_dev *hdev;
1060 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
1063 hdev = hci_get_route(dst, src);
1065 return -EHOSTUNREACH;
1067 hci_dev_lock_bh(hdev);
1071 if (sk->sk_type == SOCK_RAW) {
1072 switch (l2cap_pi(sk)->sec_level) {
1073 case BT_SECURITY_HIGH:
1074 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1076 case BT_SECURITY_MEDIUM:
1077 auth_type = HCI_AT_DEDICATED_BONDING;
1080 auth_type = HCI_AT_NO_BONDING;
1083 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
1084 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
1085 auth_type = HCI_AT_NO_BONDING_MITM;
1087 auth_type = HCI_AT_NO_BONDING;
1089 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
1090 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1092 switch (l2cap_pi(sk)->sec_level) {
1093 case BT_SECURITY_HIGH:
1094 auth_type = HCI_AT_GENERAL_BONDING_MITM;
1096 case BT_SECURITY_MEDIUM:
1097 auth_type = HCI_AT_GENERAL_BONDING;
1100 auth_type = HCI_AT_NO_BONDING;
1105 hcon = hci_connect(hdev, ACL_LINK, dst,
1106 l2cap_pi(sk)->sec_level, auth_type);
1110 conn = l2cap_conn_add(hcon, 0);
1118 /* Update source addr of the socket */
1119 bacpy(src, conn->src);
1121 l2cap_chan_add(conn, sk, NULL);
1123 sk->sk_state = BT_CONNECT;
1124 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1126 if (hcon->state == BT_CONNECTED) {
1127 if (sk->sk_type != SOCK_SEQPACKET &&
1128 sk->sk_type != SOCK_STREAM) {
1129 l2cap_sock_clear_timer(sk);
1130 sk->sk_state = BT_CONNECTED;
1136 hci_dev_unlock_bh(hdev);
1141 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
1143 struct sock *sk = sock->sk;
1144 struct sockaddr_l2 la;
1147 BT_DBG("sk %p", sk);
1149 if (!addr || alen < sizeof(addr->sa_family) ||
1150 addr->sa_family != AF_BLUETOOTH)
1153 memset(&la, 0, sizeof(la));
1154 len = min_t(unsigned int, sizeof(la), alen);
1155 memcpy(&la, addr, len);
1162 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
1168 switch (l2cap_pi(sk)->mode) {
1169 case L2CAP_MODE_BASIC:
1171 case L2CAP_MODE_ERTM:
1172 case L2CAP_MODE_STREAMING:
1181 switch (sk->sk_state) {
1185 /* Already connecting */
1189 /* Already connected */
1203 /* PSM must be odd and lsb of upper byte must be 0 */
1204 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
1205 sk->sk_type != SOCK_RAW) {
1210 /* Set destination address and psm */
1211 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
1212 l2cap_pi(sk)->psm = la.l2_psm;
1214 err = l2cap_do_connect(sk);
1219 err = bt_sock_wait_state(sk, BT_CONNECTED,
1220 sock_sndtimeo(sk, flags & O_NONBLOCK));
1226 static int l2cap_sock_listen(struct socket *sock, int backlog)
1228 struct sock *sk = sock->sk;
1231 BT_DBG("sk %p backlog %d", sk, backlog);
1235 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
1236 || sk->sk_state != BT_BOUND) {
1241 switch (l2cap_pi(sk)->mode) {
1242 case L2CAP_MODE_BASIC:
1244 case L2CAP_MODE_ERTM:
1245 case L2CAP_MODE_STREAMING:
1254 if (!l2cap_pi(sk)->psm) {
1255 bdaddr_t *src = &bt_sk(sk)->src;
1260 write_lock_bh(&l2cap_sk_list.lock);
1262 for (psm = 0x1001; psm < 0x1100; psm += 2)
1263 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1264 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1265 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1270 write_unlock_bh(&l2cap_sk_list.lock);
1276 sk->sk_max_ack_backlog = backlog;
1277 sk->sk_ack_backlog = 0;
1278 sk->sk_state = BT_LISTEN;
1285 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1287 DECLARE_WAITQUEUE(wait, current);
1288 struct sock *sk = sock->sk, *nsk;
1292 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1294 if (sk->sk_state != BT_LISTEN) {
1299 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1301 BT_DBG("sk %p timeo %ld", sk, timeo);
1303 /* Wait for an incoming connection. (wake-one). */
1304 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1305 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1306 set_current_state(TASK_INTERRUPTIBLE);
1313 timeo = schedule_timeout(timeo);
1314 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1316 if (sk->sk_state != BT_LISTEN) {
1321 if (signal_pending(current)) {
1322 err = sock_intr_errno(timeo);
1326 set_current_state(TASK_RUNNING);
1327 remove_wait_queue(sk_sleep(sk), &wait);
1332 newsock->state = SS_CONNECTED;
1334 BT_DBG("new socket %p", nsk);
1341 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1343 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1344 struct sock *sk = sock->sk;
1346 BT_DBG("sock %p, sk %p", sock, sk);
1348 addr->sa_family = AF_BLUETOOTH;
1349 *len = sizeof(struct sockaddr_l2);
1352 la->l2_psm = l2cap_pi(sk)->psm;
1353 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1354 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1356 la->l2_psm = l2cap_pi(sk)->sport;
1357 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1358 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
1364 static int __l2cap_wait_ack(struct sock *sk)
1366 DECLARE_WAITQUEUE(wait, current);
1370 add_wait_queue(sk_sleep(sk), &wait);
1371 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
1372 set_current_state(TASK_INTERRUPTIBLE);
1377 if (signal_pending(current)) {
1378 err = sock_intr_errno(timeo);
1383 timeo = schedule_timeout(timeo);
1386 err = sock_error(sk);
1390 set_current_state(TASK_RUNNING);
1391 remove_wait_queue(sk_sleep(sk), &wait);
1395 static void l2cap_monitor_timeout(unsigned long arg)
1397 struct sock *sk = (void *) arg;
1399 BT_DBG("sk %p", sk);
1402 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1403 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED);
1408 l2cap_pi(sk)->retry_count++;
1409 __mod_monitor_timer();
1411 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1415 static void l2cap_retrans_timeout(unsigned long arg)
1417 struct sock *sk = (void *) arg;
1419 BT_DBG("sk %p", sk);
1422 l2cap_pi(sk)->retry_count = 1;
1423 __mod_monitor_timer();
1425 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1427 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1431 static void l2cap_drop_acked_frames(struct sock *sk)
1433 struct sk_buff *skb;
1435 while ((skb = skb_peek(TX_QUEUE(sk))) &&
1436 l2cap_pi(sk)->unacked_frames) {
1437 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1440 skb = skb_dequeue(TX_QUEUE(sk));
1443 l2cap_pi(sk)->unacked_frames--;
1446 if (!l2cap_pi(sk)->unacked_frames)
1447 del_timer(&l2cap_pi(sk)->retrans_timer);
1450 static inline void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1452 struct l2cap_pinfo *pi = l2cap_pi(sk);
1454 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1456 hci_send_acl(pi->conn->hcon, skb, 0);
1459 static void l2cap_streaming_send(struct sock *sk)
1461 struct sk_buff *skb;
1462 struct l2cap_pinfo *pi = l2cap_pi(sk);
1465 while ((skb = skb_dequeue(TX_QUEUE(sk)))) {
1466 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
1467 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1468 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
1470 if (pi->fcs == L2CAP_FCS_CRC16) {
1471 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1472 put_unaligned_le16(fcs, skb->data + skb->len - 2);
1475 l2cap_do_send(sk, skb);
1477 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1481 static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1483 struct l2cap_pinfo *pi = l2cap_pi(sk);
1484 struct sk_buff *skb, *tx_skb;
1487 skb = skb_peek(TX_QUEUE(sk));
1492 if (bt_cb(skb)->tx_seq == tx_seq)
1495 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1498 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb)));
1500 if (pi->remote_max_tx &&
1501 bt_cb(skb)->retries == pi->remote_max_tx) {
1502 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1506 tx_skb = skb_clone(skb, GFP_ATOMIC);
1507 bt_cb(skb)->retries++;
1508 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1510 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1511 control |= L2CAP_CTRL_FINAL;
1512 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1515 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1516 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1518 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1520 if (pi->fcs == L2CAP_FCS_CRC16) {
1521 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1522 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1525 l2cap_do_send(sk, tx_skb);
1528 static int l2cap_ertm_send(struct sock *sk)
1530 struct sk_buff *skb, *tx_skb;
1531 struct l2cap_pinfo *pi = l2cap_pi(sk);
1535 if (sk->sk_state != BT_CONNECTED)
1538 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))) {
1540 if (pi->remote_max_tx &&
1541 bt_cb(skb)->retries == pi->remote_max_tx) {
1542 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1546 tx_skb = skb_clone(skb, GFP_ATOMIC);
1548 bt_cb(skb)->retries++;
1550 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1551 control &= L2CAP_CTRL_SAR;
1553 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1554 control |= L2CAP_CTRL_FINAL;
1555 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1557 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1558 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1559 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1562 if (pi->fcs == L2CAP_FCS_CRC16) {
1563 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1564 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1567 l2cap_do_send(sk, tx_skb);
1569 __mod_retrans_timer();
1571 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1572 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1574 pi->unacked_frames++;
1577 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1578 sk->sk_send_head = NULL;
1580 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1588 static int l2cap_retransmit_frames(struct sock *sk)
1590 struct l2cap_pinfo *pi = l2cap_pi(sk);
1593 if (!skb_queue_empty(TX_QUEUE(sk)))
1594 sk->sk_send_head = TX_QUEUE(sk)->next;
1596 pi->next_tx_seq = pi->expected_ack_seq;
1597 ret = l2cap_ertm_send(sk);
1601 static void l2cap_send_ack(struct l2cap_pinfo *pi)
1603 struct sock *sk = (struct sock *)pi;
1606 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1608 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1609 control |= L2CAP_SUPER_RCV_NOT_READY;
1610 pi->conn_state |= L2CAP_CONN_RNR_SENT;
1611 l2cap_send_sframe(pi, control);
1615 if (l2cap_ertm_send(sk) > 0)
1618 control |= L2CAP_SUPER_RCV_READY;
1619 l2cap_send_sframe(pi, control);
1622 static void l2cap_send_srejtail(struct sock *sk)
1624 struct srej_list *tail;
1627 control = L2CAP_SUPER_SELECT_REJECT;
1628 control |= L2CAP_CTRL_FINAL;
1630 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list);
1631 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1633 l2cap_send_sframe(l2cap_pi(sk), control);
1636 static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1638 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1639 struct sk_buff **frag;
1642 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1648 /* Continuation fragments (no L2CAP header) */
1649 frag = &skb_shinfo(skb)->frag_list;
1651 count = min_t(unsigned int, conn->mtu, len);
1653 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1656 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1662 frag = &(*frag)->next;
1668 static struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1670 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1671 struct sk_buff *skb;
1672 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1673 struct l2cap_hdr *lh;
1675 BT_DBG("sk %p len %d", sk, (int)len);
1677 count = min_t(unsigned int, (conn->mtu - hlen), len);
1678 skb = bt_skb_send_alloc(sk, count + hlen,
1679 msg->msg_flags & MSG_DONTWAIT, &err);
1681 return ERR_PTR(err);
1683 /* Create L2CAP header */
1684 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1685 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1686 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1687 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1689 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1690 if (unlikely(err < 0)) {
1692 return ERR_PTR(err);
1697 static struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1699 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1700 struct sk_buff *skb;
1701 int err, count, hlen = L2CAP_HDR_SIZE;
1702 struct l2cap_hdr *lh;
1704 BT_DBG("sk %p len %d", sk, (int)len);
1706 count = min_t(unsigned int, (conn->mtu - hlen), len);
1707 skb = bt_skb_send_alloc(sk, count + hlen,
1708 msg->msg_flags & MSG_DONTWAIT, &err);
1710 return ERR_PTR(err);
1712 /* Create L2CAP header */
1713 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1714 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1715 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1717 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1718 if (unlikely(err < 0)) {
1720 return ERR_PTR(err);
1725 static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1727 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1728 struct sk_buff *skb;
1729 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1730 struct l2cap_hdr *lh;
1732 BT_DBG("sk %p len %d", sk, (int)len);
1735 return ERR_PTR(-ENOTCONN);
1740 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1743 count = min_t(unsigned int, (conn->mtu - hlen), len);
1744 skb = bt_skb_send_alloc(sk, count + hlen,
1745 msg->msg_flags & MSG_DONTWAIT, &err);
1747 return ERR_PTR(err);
1749 /* Create L2CAP header */
1750 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1751 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1752 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1753 put_unaligned_le16(control, skb_put(skb, 2));
1755 put_unaligned_le16(sdulen, skb_put(skb, 2));
1757 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1758 if (unlikely(err < 0)) {
1760 return ERR_PTR(err);
1763 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1764 put_unaligned_le16(0, skb_put(skb, 2));
1766 bt_cb(skb)->retries = 0;
1770 static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1772 struct l2cap_pinfo *pi = l2cap_pi(sk);
1773 struct sk_buff *skb;
1774 struct sk_buff_head sar_queue;
1778 skb_queue_head_init(&sar_queue);
1779 control = L2CAP_SDU_START;
1780 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
1782 return PTR_ERR(skb);
1784 __skb_queue_tail(&sar_queue, skb);
1785 len -= pi->remote_mps;
1786 size += pi->remote_mps;
1791 if (len > pi->remote_mps) {
1792 control = L2CAP_SDU_CONTINUE;
1793 buflen = pi->remote_mps;
1795 control = L2CAP_SDU_END;
1799 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
1801 skb_queue_purge(&sar_queue);
1802 return PTR_ERR(skb);
1805 __skb_queue_tail(&sar_queue, skb);
1809 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1810 if (sk->sk_send_head == NULL)
1811 sk->sk_send_head = sar_queue.next;
1816 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1818 struct sock *sk = sock->sk;
1819 struct l2cap_pinfo *pi = l2cap_pi(sk);
1820 struct sk_buff *skb;
1824 BT_DBG("sock %p, sk %p", sock, sk);
1826 err = sock_error(sk);
1830 if (msg->msg_flags & MSG_OOB)
1835 if (sk->sk_state != BT_CONNECTED) {
1840 /* Connectionless channel */
1841 if (sk->sk_type == SOCK_DGRAM) {
1842 skb = l2cap_create_connless_pdu(sk, msg, len);
1846 l2cap_do_send(sk, skb);
1853 case L2CAP_MODE_BASIC:
1854 /* Check outgoing MTU */
1855 if (len > pi->omtu) {
1860 /* Create a basic PDU */
1861 skb = l2cap_create_basic_pdu(sk, msg, len);
1867 l2cap_do_send(sk, skb);
1871 case L2CAP_MODE_ERTM:
1872 case L2CAP_MODE_STREAMING:
1873 /* Entire SDU fits into one PDU */
1874 if (len <= pi->remote_mps) {
1875 control = L2CAP_SDU_UNSEGMENTED;
1876 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1881 __skb_queue_tail(TX_QUEUE(sk), skb);
1883 if (sk->sk_send_head == NULL)
1884 sk->sk_send_head = skb;
1887 /* Segment SDU into multiples PDUs */
1888 err = l2cap_sar_segment_sdu(sk, msg, len);
1893 if (pi->mode == L2CAP_MODE_STREAMING) {
1894 l2cap_streaming_send(sk);
1896 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY &&
1897 pi->conn_state && L2CAP_CONN_WAIT_F) {
1901 err = l2cap_ertm_send(sk);
1909 BT_DBG("bad state %1.1x", pi->mode);
1918 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1920 struct sock *sk = sock->sk;
1924 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1925 struct l2cap_conn_rsp rsp;
1926 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1929 sk->sk_state = BT_CONFIG;
1931 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1932 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1933 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1934 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1935 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1936 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1938 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) {
1943 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1944 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1945 l2cap_build_conf_req(sk, buf), buf);
1946 l2cap_pi(sk)->num_conf_req++;
1954 if (sock->type == SOCK_STREAM)
1955 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1957 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1960 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
1962 struct sock *sk = sock->sk;
1963 struct l2cap_options opts;
1967 BT_DBG("sk %p", sk);
1973 if (sk->sk_state == BT_CONNECTED) {
1978 opts.imtu = l2cap_pi(sk)->imtu;
1979 opts.omtu = l2cap_pi(sk)->omtu;
1980 opts.flush_to = l2cap_pi(sk)->flush_to;
1981 opts.mode = l2cap_pi(sk)->mode;
1982 opts.fcs = l2cap_pi(sk)->fcs;
1983 opts.max_tx = l2cap_pi(sk)->max_tx;
1984 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
1986 len = min_t(unsigned int, sizeof(opts), optlen);
1987 if (copy_from_user((char *) &opts, optval, len)) {
1992 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
1997 l2cap_pi(sk)->mode = opts.mode;
1998 switch (l2cap_pi(sk)->mode) {
1999 case L2CAP_MODE_BASIC:
2000 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
2002 case L2CAP_MODE_ERTM:
2003 case L2CAP_MODE_STREAMING:
2012 l2cap_pi(sk)->imtu = opts.imtu;
2013 l2cap_pi(sk)->omtu = opts.omtu;
2014 l2cap_pi(sk)->fcs = opts.fcs;
2015 l2cap_pi(sk)->max_tx = opts.max_tx;
2016 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
2020 if (get_user(opt, (u32 __user *) optval)) {
2025 if (opt & L2CAP_LM_AUTH)
2026 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
2027 if (opt & L2CAP_LM_ENCRYPT)
2028 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
2029 if (opt & L2CAP_LM_SECURE)
2030 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
2032 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
2033 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
2045 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
2047 struct sock *sk = sock->sk;
2048 struct bt_security sec;
2052 BT_DBG("sk %p", sk);
2054 if (level == SOL_L2CAP)
2055 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
2057 if (level != SOL_BLUETOOTH)
2058 return -ENOPROTOOPT;
2064 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2065 && sk->sk_type != SOCK_RAW) {
2070 sec.level = BT_SECURITY_LOW;
2072 len = min_t(unsigned int, sizeof(sec), optlen);
2073 if (copy_from_user((char *) &sec, optval, len)) {
2078 if (sec.level < BT_SECURITY_LOW ||
2079 sec.level > BT_SECURITY_HIGH) {
2084 l2cap_pi(sk)->sec_level = sec.level;
2087 case BT_DEFER_SETUP:
2088 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
2093 if (get_user(opt, (u32 __user *) optval)) {
2098 bt_sk(sk)->defer_setup = opt;
2110 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
2112 struct sock *sk = sock->sk;
2113 struct l2cap_options opts;
2114 struct l2cap_conninfo cinfo;
2118 BT_DBG("sk %p", sk);
2120 if (get_user(len, optlen))
2127 opts.imtu = l2cap_pi(sk)->imtu;
2128 opts.omtu = l2cap_pi(sk)->omtu;
2129 opts.flush_to = l2cap_pi(sk)->flush_to;
2130 opts.mode = l2cap_pi(sk)->mode;
2131 opts.fcs = l2cap_pi(sk)->fcs;
2132 opts.max_tx = l2cap_pi(sk)->max_tx;
2133 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
2135 len = min_t(unsigned int, len, sizeof(opts));
2136 if (copy_to_user(optval, (char *) &opts, len))
2142 switch (l2cap_pi(sk)->sec_level) {
2143 case BT_SECURITY_LOW:
2144 opt = L2CAP_LM_AUTH;
2146 case BT_SECURITY_MEDIUM:
2147 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
2149 case BT_SECURITY_HIGH:
2150 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2158 if (l2cap_pi(sk)->role_switch)
2159 opt |= L2CAP_LM_MASTER;
2161 if (l2cap_pi(sk)->force_reliable)
2162 opt |= L2CAP_LM_RELIABLE;
2164 if (put_user(opt, (u32 __user *) optval))
2168 case L2CAP_CONNINFO:
2169 if (sk->sk_state != BT_CONNECTED &&
2170 !(sk->sk_state == BT_CONNECT2 &&
2171 bt_sk(sk)->defer_setup)) {
2176 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
2177 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
2179 len = min_t(unsigned int, len, sizeof(cinfo));
2180 if (copy_to_user(optval, (char *) &cinfo, len))
2194 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
2196 struct sock *sk = sock->sk;
2197 struct bt_security sec;
2200 BT_DBG("sk %p", sk);
2202 if (level == SOL_L2CAP)
2203 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
2205 if (level != SOL_BLUETOOTH)
2206 return -ENOPROTOOPT;
2208 if (get_user(len, optlen))
2215 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2216 && sk->sk_type != SOCK_RAW) {
2221 sec.level = l2cap_pi(sk)->sec_level;
2223 len = min_t(unsigned int, len, sizeof(sec));
2224 if (copy_to_user(optval, (char *) &sec, len))
2229 case BT_DEFER_SETUP:
2230 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
2235 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
2249 static int l2cap_sock_shutdown(struct socket *sock, int how)
2251 struct sock *sk = sock->sk;
2254 BT_DBG("sock %p, sk %p", sock, sk);
2260 if (!sk->sk_shutdown) {
2261 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2262 err = __l2cap_wait_ack(sk);
2264 sk->sk_shutdown = SHUTDOWN_MASK;
2265 l2cap_sock_clear_timer(sk);
2266 __l2cap_sock_close(sk, 0);
2268 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
2269 err = bt_sock_wait_state(sk, BT_CLOSED,
2273 if (!err && sk->sk_err)
2280 static int l2cap_sock_release(struct socket *sock)
2282 struct sock *sk = sock->sk;
2285 BT_DBG("sock %p, sk %p", sock, sk);
2290 err = l2cap_sock_shutdown(sock, 2);
2293 l2cap_sock_kill(sk);
2297 static void l2cap_chan_ready(struct sock *sk)
2299 struct sock *parent = bt_sk(sk)->parent;
2301 BT_DBG("sk %p, parent %p", sk, parent);
2303 l2cap_pi(sk)->conf_state = 0;
2304 l2cap_sock_clear_timer(sk);
2307 /* Outgoing channel.
2308 * Wake up socket sleeping on connect.
2310 sk->sk_state = BT_CONNECTED;
2311 sk->sk_state_change(sk);
2313 /* Incoming channel.
2314 * Wake up socket sleeping on accept.
2316 parent->sk_data_ready(parent, 0);
2320 /* Copy frame to all raw sockets on that connection */
2321 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2323 struct l2cap_chan_list *l = &conn->chan_list;
2324 struct sk_buff *nskb;
2327 BT_DBG("conn %p", conn);
2329 read_lock(&l->lock);
2330 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2331 if (sk->sk_type != SOCK_RAW)
2334 /* Don't send frame to the socket it came from */
2337 nskb = skb_clone(skb, GFP_ATOMIC);
2341 if (sock_queue_rcv_skb(sk, nskb))
2344 read_unlock(&l->lock);
2347 /* ---- L2CAP signalling commands ---- */
2348 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2349 u8 code, u8 ident, u16 dlen, void *data)
2351 struct sk_buff *skb, **frag;
2352 struct l2cap_cmd_hdr *cmd;
2353 struct l2cap_hdr *lh;
2356 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2357 conn, code, ident, dlen);
2359 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2360 count = min_t(unsigned int, conn->mtu, len);
2362 skb = bt_skb_alloc(count, GFP_ATOMIC);
2366 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
2367 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
2368 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
2370 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2373 cmd->len = cpu_to_le16(dlen);
2376 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2377 memcpy(skb_put(skb, count), data, count);
2383 /* Continuation fragments (no L2CAP header) */
2384 frag = &skb_shinfo(skb)->frag_list;
2386 count = min_t(unsigned int, conn->mtu, len);
2388 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2392 memcpy(skb_put(*frag, count), data, count);
2397 frag = &(*frag)->next;
2407 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2409 struct l2cap_conf_opt *opt = *ptr;
2412 len = L2CAP_CONF_OPT_SIZE + opt->len;
2420 *val = *((u8 *) opt->val);
2424 *val = get_unaligned_le16(opt->val);
2428 *val = get_unaligned_le32(opt->val);
2432 *val = (unsigned long) opt->val;
2436 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2440 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2442 struct l2cap_conf_opt *opt = *ptr;
2444 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2451 *((u8 *) opt->val) = val;
2455 put_unaligned_le16(val, opt->val);
2459 put_unaligned_le32(val, opt->val);
2463 memcpy(opt->val, (void *) val, len);
2467 *ptr += L2CAP_CONF_OPT_SIZE + len;
2470 static void l2cap_ack_timeout(unsigned long arg)
2472 struct sock *sk = (void *) arg;
2475 l2cap_send_ack(l2cap_pi(sk));
2479 static inline void l2cap_ertm_init(struct sock *sk)
2481 l2cap_pi(sk)->expected_ack_seq = 0;
2482 l2cap_pi(sk)->unacked_frames = 0;
2483 l2cap_pi(sk)->buffer_seq = 0;
2484 l2cap_pi(sk)->num_acked = 0;
2485 l2cap_pi(sk)->frames_sent = 0;
2487 setup_timer(&l2cap_pi(sk)->retrans_timer,
2488 l2cap_retrans_timeout, (unsigned long) sk);
2489 setup_timer(&l2cap_pi(sk)->monitor_timer,
2490 l2cap_monitor_timeout, (unsigned long) sk);
2491 setup_timer(&l2cap_pi(sk)->ack_timer,
2492 l2cap_ack_timeout, (unsigned long) sk);
2494 __skb_queue_head_init(SREJ_QUEUE(sk));
2495 __skb_queue_head_init(BUSY_QUEUE(sk));
2497 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work);
2499 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
2502 static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2505 case L2CAP_MODE_STREAMING:
2506 case L2CAP_MODE_ERTM:
2507 if (l2cap_mode_supported(mode, remote_feat_mask))
2511 return L2CAP_MODE_BASIC;
2515 static int l2cap_build_conf_req(struct sock *sk, void *data)
2517 struct l2cap_pinfo *pi = l2cap_pi(sk);
2518 struct l2cap_conf_req *req = data;
2519 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
2520 void *ptr = req->data;
2522 BT_DBG("sk %p", sk);
2524 if (pi->num_conf_req || pi->num_conf_rsp)
2528 case L2CAP_MODE_STREAMING:
2529 case L2CAP_MODE_ERTM:
2530 if (pi->conf_state & L2CAP_CONF_STATE2_DEVICE)
2535 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2541 case L2CAP_MODE_BASIC:
2542 if (pi->imtu != L2CAP_DEFAULT_MTU)
2543 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2545 if (!(pi->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2546 !(pi->conn->feat_mask & L2CAP_FEAT_STREAMING))
2549 rfc.mode = L2CAP_MODE_BASIC;
2551 rfc.max_transmit = 0;
2552 rfc.retrans_timeout = 0;
2553 rfc.monitor_timeout = 0;
2554 rfc.max_pdu_size = 0;
2556 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2557 (unsigned long) &rfc);
2560 case L2CAP_MODE_ERTM:
2561 rfc.mode = L2CAP_MODE_ERTM;
2562 rfc.txwin_size = pi->tx_win;
2563 rfc.max_transmit = pi->max_tx;
2564 rfc.retrans_timeout = 0;
2565 rfc.monitor_timeout = 0;
2566 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2567 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2568 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2570 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2571 (unsigned long) &rfc);
2573 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2576 if (pi->fcs == L2CAP_FCS_NONE ||
2577 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2578 pi->fcs = L2CAP_FCS_NONE;
2579 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2583 case L2CAP_MODE_STREAMING:
2584 rfc.mode = L2CAP_MODE_STREAMING;
2586 rfc.max_transmit = 0;
2587 rfc.retrans_timeout = 0;
2588 rfc.monitor_timeout = 0;
2589 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2590 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2591 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2593 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2594 (unsigned long) &rfc);
2596 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2599 if (pi->fcs == L2CAP_FCS_NONE ||
2600 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2601 pi->fcs = L2CAP_FCS_NONE;
2602 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2607 /* FIXME: Need actual value of the flush timeout */
2608 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
2609 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
2611 req->dcid = cpu_to_le16(pi->dcid);
2612 req->flags = cpu_to_le16(0);
2617 static int l2cap_parse_conf_req(struct sock *sk, void *data)
2619 struct l2cap_pinfo *pi = l2cap_pi(sk);
2620 struct l2cap_conf_rsp *rsp = data;
2621 void *ptr = rsp->data;
2622 void *req = pi->conf_req;
2623 int len = pi->conf_len;
2624 int type, hint, olen;
2626 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2627 u16 mtu = L2CAP_DEFAULT_MTU;
2628 u16 result = L2CAP_CONF_SUCCESS;
2630 BT_DBG("sk %p", sk);
2632 while (len >= L2CAP_CONF_OPT_SIZE) {
2633 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
2635 hint = type & L2CAP_CONF_HINT;
2636 type &= L2CAP_CONF_MASK;
2639 case L2CAP_CONF_MTU:
2643 case L2CAP_CONF_FLUSH_TO:
2647 case L2CAP_CONF_QOS:
2650 case L2CAP_CONF_RFC:
2651 if (olen == sizeof(rfc))
2652 memcpy(&rfc, (void *) val, olen);
2655 case L2CAP_CONF_FCS:
2656 if (val == L2CAP_FCS_NONE)
2657 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
2665 result = L2CAP_CONF_UNKNOWN;
2666 *((u8 *) ptr++) = type;
2671 if (pi->num_conf_rsp || pi->num_conf_req > 1)
2675 case L2CAP_MODE_STREAMING:
2676 case L2CAP_MODE_ERTM:
2677 if (!(pi->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
2678 pi->mode = l2cap_select_mode(rfc.mode,
2679 pi->conn->feat_mask);
2683 if (pi->mode != rfc.mode)
2684 return -ECONNREFUSED;
2690 if (pi->mode != rfc.mode) {
2691 result = L2CAP_CONF_UNACCEPT;
2692 rfc.mode = pi->mode;
2694 if (pi->num_conf_rsp == 1)
2695 return -ECONNREFUSED;
2697 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2698 sizeof(rfc), (unsigned long) &rfc);
2702 if (result == L2CAP_CONF_SUCCESS) {
2703 /* Configure output options and let the other side know
2704 * which ones we don't like. */
2706 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2707 result = L2CAP_CONF_UNACCEPT;
2710 pi->conf_state |= L2CAP_CONF_MTU_DONE;
2712 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2715 case L2CAP_MODE_BASIC:
2716 pi->fcs = L2CAP_FCS_NONE;
2717 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2720 case L2CAP_MODE_ERTM:
2721 pi->remote_tx_win = rfc.txwin_size;
2722 pi->remote_max_tx = rfc.max_transmit;
2724 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
2725 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2727 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2729 rfc.retrans_timeout =
2730 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2731 rfc.monitor_timeout =
2732 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
2734 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2736 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2737 sizeof(rfc), (unsigned long) &rfc);
2741 case L2CAP_MODE_STREAMING:
2742 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
2743 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2745 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2747 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2749 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2750 sizeof(rfc), (unsigned long) &rfc);
2755 result = L2CAP_CONF_UNACCEPT;
2757 memset(&rfc, 0, sizeof(rfc));
2758 rfc.mode = pi->mode;
2761 if (result == L2CAP_CONF_SUCCESS)
2762 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
2764 rsp->scid = cpu_to_le16(pi->dcid);
2765 rsp->result = cpu_to_le16(result);
2766 rsp->flags = cpu_to_le16(0x0000);
2771 static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
2773 struct l2cap_pinfo *pi = l2cap_pi(sk);
2774 struct l2cap_conf_req *req = data;
2775 void *ptr = req->data;
2778 struct l2cap_conf_rfc rfc;
2780 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
2782 while (len >= L2CAP_CONF_OPT_SIZE) {
2783 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2786 case L2CAP_CONF_MTU:
2787 if (val < L2CAP_DEFAULT_MIN_MTU) {
2788 *result = L2CAP_CONF_UNACCEPT;
2789 pi->imtu = L2CAP_DEFAULT_MIN_MTU;
2792 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2795 case L2CAP_CONF_FLUSH_TO:
2797 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2801 case L2CAP_CONF_RFC:
2802 if (olen == sizeof(rfc))
2803 memcpy(&rfc, (void *)val, olen);
2805 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2806 rfc.mode != pi->mode)
2807 return -ECONNREFUSED;
2811 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2812 sizeof(rfc), (unsigned long) &rfc);
2817 if (pi->mode == L2CAP_MODE_BASIC && pi->mode != rfc.mode)
2818 return -ECONNREFUSED;
2820 pi->mode = rfc.mode;
2822 if (*result == L2CAP_CONF_SUCCESS) {
2824 case L2CAP_MODE_ERTM:
2825 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2826 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2827 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2829 case L2CAP_MODE_STREAMING:
2830 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2834 req->dcid = cpu_to_le16(pi->dcid);
2835 req->flags = cpu_to_le16(0x0000);
2840 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
2842 struct l2cap_conf_rsp *rsp = data;
2843 void *ptr = rsp->data;
2845 BT_DBG("sk %p", sk);
2847 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2848 rsp->result = cpu_to_le16(result);
2849 rsp->flags = cpu_to_le16(flags);
2854 static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
2856 struct l2cap_pinfo *pi = l2cap_pi(sk);
2859 struct l2cap_conf_rfc rfc;
2861 BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len);
2863 if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING))
2866 while (len >= L2CAP_CONF_OPT_SIZE) {
2867 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2870 case L2CAP_CONF_RFC:
2871 if (olen == sizeof(rfc))
2872 memcpy(&rfc, (void *)val, olen);
2879 case L2CAP_MODE_ERTM:
2880 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2881 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2882 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2884 case L2CAP_MODE_STREAMING:
2885 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2889 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2891 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2893 if (rej->reason != 0x0000)
2896 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2897 cmd->ident == conn->info_ident) {
2898 del_timer(&conn->info_timer);
2900 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2901 conn->info_ident = 0;
2903 l2cap_conn_start(conn);
2909 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2911 struct l2cap_chan_list *list = &conn->chan_list;
2912 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2913 struct l2cap_conn_rsp rsp;
2914 struct sock *parent, *sk = NULL;
2915 int result, status = L2CAP_CS_NO_INFO;
2917 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
2918 __le16 psm = req->psm;
2920 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2922 /* Check if we have socket listening on psm */
2923 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
2925 result = L2CAP_CR_BAD_PSM;
2929 bh_lock_sock(parent);
2931 /* Check if the ACL is secure enough (if not SDP) */
2932 if (psm != cpu_to_le16(0x0001) &&
2933 !hci_conn_check_link_mode(conn->hcon)) {
2934 conn->disc_reason = 0x05;
2935 result = L2CAP_CR_SEC_BLOCK;
2939 result = L2CAP_CR_NO_MEM;
2941 /* Check for backlog size */
2942 if (sk_acceptq_is_full(parent)) {
2943 BT_DBG("backlog full %d", parent->sk_ack_backlog);
2947 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
2951 write_lock_bh(&list->lock);
2953 /* Check if we already have channel with that dcid */
2954 if (__l2cap_get_chan_by_dcid(list, scid)) {
2955 write_unlock_bh(&list->lock);
2956 sock_set_flag(sk, SOCK_ZAPPED);
2957 l2cap_sock_kill(sk);
2961 hci_conn_hold(conn->hcon);
2963 l2cap_sock_init(sk, parent);
2964 bacpy(&bt_sk(sk)->src, conn->src);
2965 bacpy(&bt_sk(sk)->dst, conn->dst);
2966 l2cap_pi(sk)->psm = psm;
2967 l2cap_pi(sk)->dcid = scid;
2969 __l2cap_chan_add(conn, sk, parent);
2970 dcid = l2cap_pi(sk)->scid;
2972 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2974 l2cap_pi(sk)->ident = cmd->ident;
2976 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2977 if (l2cap_check_security(sk)) {
2978 if (bt_sk(sk)->defer_setup) {
2979 sk->sk_state = BT_CONNECT2;
2980 result = L2CAP_CR_PEND;
2981 status = L2CAP_CS_AUTHOR_PEND;
2982 parent->sk_data_ready(parent, 0);
2984 sk->sk_state = BT_CONFIG;
2985 result = L2CAP_CR_SUCCESS;
2986 status = L2CAP_CS_NO_INFO;
2989 sk->sk_state = BT_CONNECT2;
2990 result = L2CAP_CR_PEND;
2991 status = L2CAP_CS_AUTHEN_PEND;
2994 sk->sk_state = BT_CONNECT2;
2995 result = L2CAP_CR_PEND;
2996 status = L2CAP_CS_NO_INFO;
2999 write_unlock_bh(&list->lock);
3002 bh_unlock_sock(parent);
3005 rsp.scid = cpu_to_le16(scid);
3006 rsp.dcid = cpu_to_le16(dcid);
3007 rsp.result = cpu_to_le16(result);
3008 rsp.status = cpu_to_le16(status);
3009 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3011 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
3012 struct l2cap_info_req info;
3013 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3015 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
3016 conn->info_ident = l2cap_get_ident(conn);
3018 mod_timer(&conn->info_timer, jiffies +
3019 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
3021 l2cap_send_cmd(conn, conn->info_ident,
3022 L2CAP_INFO_REQ, sizeof(info), &info);
3025 if (sk && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) &&
3026 result == L2CAP_CR_SUCCESS) {
3028 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3029 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3030 l2cap_build_conf_req(sk, buf), buf);
3031 l2cap_pi(sk)->num_conf_req++;
3037 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3039 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3040 u16 scid, dcid, result, status;
3044 scid = __le16_to_cpu(rsp->scid);
3045 dcid = __le16_to_cpu(rsp->dcid);
3046 result = __le16_to_cpu(rsp->result);
3047 status = __le16_to_cpu(rsp->status);
3049 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
3052 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3056 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
3062 case L2CAP_CR_SUCCESS:
3063 sk->sk_state = BT_CONFIG;
3064 l2cap_pi(sk)->ident = 0;
3065 l2cap_pi(sk)->dcid = dcid;
3066 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
3068 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)
3071 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3073 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3074 l2cap_build_conf_req(sk, req), req);
3075 l2cap_pi(sk)->num_conf_req++;
3079 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
3083 /* don't delete l2cap channel if sk is owned by user */
3084 if (sock_owned_by_user(sk)) {
3085 sk->sk_state = BT_DISCONN;
3086 l2cap_sock_clear_timer(sk);
3087 l2cap_sock_set_timer(sk, HZ / 5);
3091 l2cap_chan_del(sk, ECONNREFUSED);
3099 static inline void set_default_fcs(struct l2cap_pinfo *pi)
3101 /* FCS is enabled only in ERTM or streaming mode, if one or both
3104 if (pi->mode != L2CAP_MODE_ERTM && pi->mode != L2CAP_MODE_STREAMING)
3105 pi->fcs = L2CAP_FCS_NONE;
3106 else if (!(pi->conf_state & L2CAP_CONF_NO_FCS_RECV))
3107 pi->fcs = L2CAP_FCS_CRC16;
3110 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
3112 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
3118 dcid = __le16_to_cpu(req->dcid);
3119 flags = __le16_to_cpu(req->flags);
3121 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
3123 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
3127 if (sk->sk_state != BT_CONFIG) {
3128 struct l2cap_cmd_rej rej;
3130 rej.reason = cpu_to_le16(0x0002);
3131 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
3136 /* Reject if config buffer is too small. */
3137 len = cmd_len - sizeof(*req);
3138 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
3139 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3140 l2cap_build_conf_rsp(sk, rsp,
3141 L2CAP_CONF_REJECT, flags), rsp);
3146 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
3147 l2cap_pi(sk)->conf_len += len;
3149 if (flags & 0x0001) {
3150 /* Incomplete config. Send empty response. */
3151 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3152 l2cap_build_conf_rsp(sk, rsp,
3153 L2CAP_CONF_SUCCESS, 0x0001), rsp);
3157 /* Complete config. */
3158 len = l2cap_parse_conf_req(sk, rsp);
3160 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3164 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
3165 l2cap_pi(sk)->num_conf_rsp++;
3167 /* Reset config buffer. */
3168 l2cap_pi(sk)->conf_len = 0;
3170 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
3173 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
3174 set_default_fcs(l2cap_pi(sk));
3176 sk->sk_state = BT_CONNECTED;
3178 l2cap_pi(sk)->next_tx_seq = 0;
3179 l2cap_pi(sk)->expected_tx_seq = 0;
3180 __skb_queue_head_init(TX_QUEUE(sk));
3181 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
3182 l2cap_ertm_init(sk);
3184 l2cap_chan_ready(sk);
3188 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
3190 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3191 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3192 l2cap_build_conf_req(sk, buf), buf);
3193 l2cap_pi(sk)->num_conf_req++;
3201 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3203 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
3204 u16 scid, flags, result;
3206 int len = cmd->len - sizeof(*rsp);
3208 scid = __le16_to_cpu(rsp->scid);
3209 flags = __le16_to_cpu(rsp->flags);
3210 result = __le16_to_cpu(rsp->result);
3212 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
3213 scid, flags, result);
3215 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3220 case L2CAP_CONF_SUCCESS:
3221 l2cap_conf_rfc_get(sk, rsp->data, len);
3224 case L2CAP_CONF_UNACCEPT:
3225 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
3228 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
3229 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3233 /* throw out any old stored conf requests */
3234 result = L2CAP_CONF_SUCCESS;
3235 len = l2cap_parse_conf_rsp(sk, rsp->data,
3238 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3242 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3243 L2CAP_CONF_REQ, len, req);
3244 l2cap_pi(sk)->num_conf_req++;
3245 if (result != L2CAP_CONF_SUCCESS)
3251 sk->sk_err = ECONNRESET;
3252 l2cap_sock_set_timer(sk, HZ * 5);
3253 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3260 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
3262 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
3263 set_default_fcs(l2cap_pi(sk));
3265 sk->sk_state = BT_CONNECTED;
3266 l2cap_pi(sk)->next_tx_seq = 0;
3267 l2cap_pi(sk)->expected_tx_seq = 0;
3268 __skb_queue_head_init(TX_QUEUE(sk));
3269 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
3270 l2cap_ertm_init(sk);
3272 l2cap_chan_ready(sk);
3280 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3282 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3283 struct l2cap_disconn_rsp rsp;
3287 scid = __le16_to_cpu(req->scid);
3288 dcid = __le16_to_cpu(req->dcid);
3290 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3292 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
3296 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3297 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
3298 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3300 sk->sk_shutdown = SHUTDOWN_MASK;
3302 /* don't delete l2cap channel if sk is owned by user */
3303 if (sock_owned_by_user(sk)) {
3304 sk->sk_state = BT_DISCONN;
3305 l2cap_sock_clear_timer(sk);
3306 l2cap_sock_set_timer(sk, HZ / 5);
3311 l2cap_chan_del(sk, ECONNRESET);
3314 l2cap_sock_kill(sk);
3318 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3320 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3324 scid = __le16_to_cpu(rsp->scid);
3325 dcid = __le16_to_cpu(rsp->dcid);
3327 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3329 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3333 /* don't delete l2cap channel if sk is owned by user */
3334 if (sock_owned_by_user(sk)) {
3335 sk->sk_state = BT_DISCONN;
3336 l2cap_sock_clear_timer(sk);
3337 l2cap_sock_set_timer(sk, HZ / 5);
3342 l2cap_chan_del(sk, 0);
3345 l2cap_sock_kill(sk);
3349 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3351 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
3354 type = __le16_to_cpu(req->type);
3356 BT_DBG("type 0x%4.4x", type);
3358 if (type == L2CAP_IT_FEAT_MASK) {
3360 u32 feat_mask = l2cap_feat_mask;
3361 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3362 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3363 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3365 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3367 put_unaligned_le32(feat_mask, rsp->data);
3368 l2cap_send_cmd(conn, cmd->ident,
3369 L2CAP_INFO_RSP, sizeof(buf), buf);
3370 } else if (type == L2CAP_IT_FIXED_CHAN) {
3372 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3373 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3374 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3375 memcpy(buf + 4, l2cap_fixed_chan, 8);
3376 l2cap_send_cmd(conn, cmd->ident,
3377 L2CAP_INFO_RSP, sizeof(buf), buf);
3379 struct l2cap_info_rsp rsp;
3380 rsp.type = cpu_to_le16(type);
3381 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3382 l2cap_send_cmd(conn, cmd->ident,
3383 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3389 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3391 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3394 type = __le16_to_cpu(rsp->type);
3395 result = __le16_to_cpu(rsp->result);
3397 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3399 del_timer(&conn->info_timer);
3401 if (result != L2CAP_IR_SUCCESS) {
3402 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3403 conn->info_ident = 0;
3405 l2cap_conn_start(conn);
3410 if (type == L2CAP_IT_FEAT_MASK) {
3411 conn->feat_mask = get_unaligned_le32(rsp->data);
3413 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
3414 struct l2cap_info_req req;
3415 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3417 conn->info_ident = l2cap_get_ident(conn);
3419 l2cap_send_cmd(conn, conn->info_ident,
3420 L2CAP_INFO_REQ, sizeof(req), &req);
3422 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3423 conn->info_ident = 0;
3425 l2cap_conn_start(conn);
3427 } else if (type == L2CAP_IT_FIXED_CHAN) {
3428 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3429 conn->info_ident = 0;
3431 l2cap_conn_start(conn);
3437 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
3439 u8 *data = skb->data;
3441 struct l2cap_cmd_hdr cmd;
3444 l2cap_raw_recv(conn, skb);
3446 while (len >= L2CAP_CMD_HDR_SIZE) {
3448 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3449 data += L2CAP_CMD_HDR_SIZE;
3450 len -= L2CAP_CMD_HDR_SIZE;
3452 cmd_len = le16_to_cpu(cmd.len);
3454 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
3456 if (cmd_len > len || !cmd.ident) {
3457 BT_DBG("corrupted command");
3462 case L2CAP_COMMAND_REJ:
3463 l2cap_command_rej(conn, &cmd, data);
3466 case L2CAP_CONN_REQ:
3467 err = l2cap_connect_req(conn, &cmd, data);
3470 case L2CAP_CONN_RSP:
3471 err = l2cap_connect_rsp(conn, &cmd, data);
3474 case L2CAP_CONF_REQ:
3475 err = l2cap_config_req(conn, &cmd, cmd_len, data);
3478 case L2CAP_CONF_RSP:
3479 err = l2cap_config_rsp(conn, &cmd, data);
3482 case L2CAP_DISCONN_REQ:
3483 err = l2cap_disconnect_req(conn, &cmd, data);
3486 case L2CAP_DISCONN_RSP:
3487 err = l2cap_disconnect_rsp(conn, &cmd, data);
3490 case L2CAP_ECHO_REQ:
3491 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
3494 case L2CAP_ECHO_RSP:
3497 case L2CAP_INFO_REQ:
3498 err = l2cap_information_req(conn, &cmd, data);
3501 case L2CAP_INFO_RSP:
3502 err = l2cap_information_rsp(conn, &cmd, data);
3506 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
3512 struct l2cap_cmd_rej rej;
3513 BT_DBG("error %d", err);
3515 /* FIXME: Map err to a valid reason */
3516 rej.reason = cpu_to_le16(0);
3517 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3527 static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3529 u16 our_fcs, rcv_fcs;
3530 int hdr_size = L2CAP_HDR_SIZE + 2;
3532 if (pi->fcs == L2CAP_FCS_CRC16) {
3533 skb_trim(skb, skb->len - 2);
3534 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3535 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3537 if (our_fcs != rcv_fcs)
3543 static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
3545 struct l2cap_pinfo *pi = l2cap_pi(sk);
3548 pi->frames_sent = 0;
3550 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3552 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3553 control |= L2CAP_SUPER_RCV_NOT_READY;
3554 l2cap_send_sframe(pi, control);
3555 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3558 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY)
3559 l2cap_retransmit_frames(sk);
3561 l2cap_ertm_send(sk);
3563 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
3564 pi->frames_sent == 0) {
3565 control |= L2CAP_SUPER_RCV_READY;
3566 l2cap_send_sframe(pi, control);
3570 static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3572 struct sk_buff *next_skb;
3573 struct l2cap_pinfo *pi = l2cap_pi(sk);
3574 int tx_seq_offset, next_tx_seq_offset;
3576 bt_cb(skb)->tx_seq = tx_seq;
3577 bt_cb(skb)->sar = sar;
3579 next_skb = skb_peek(SREJ_QUEUE(sk));
3581 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3585 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3586 if (tx_seq_offset < 0)
3587 tx_seq_offset += 64;
3590 if (bt_cb(next_skb)->tx_seq == tx_seq)
3593 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
3594 pi->buffer_seq) % 64;
3595 if (next_tx_seq_offset < 0)
3596 next_tx_seq_offset += 64;
3598 if (next_tx_seq_offset > tx_seq_offset) {
3599 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3603 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3606 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3608 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3613 static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3615 struct l2cap_pinfo *pi = l2cap_pi(sk);
3616 struct sk_buff *_skb;
3619 switch (control & L2CAP_CTRL_SAR) {
3620 case L2CAP_SDU_UNSEGMENTED:
3621 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3624 err = sock_queue_rcv_skb(sk, skb);
3630 case L2CAP_SDU_START:
3631 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3634 pi->sdu_len = get_unaligned_le16(skb->data);
3636 if (pi->sdu_len > pi->imtu)
3639 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3643 /* pull sdu_len bytes only after alloc, because of Local Busy
3644 * condition we have to be sure that this will be executed
3645 * only once, i.e., when alloc does not fail */
3648 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3650 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3651 pi->partial_sdu_len = skb->len;
3654 case L2CAP_SDU_CONTINUE:
3655 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3661 pi->partial_sdu_len += skb->len;
3662 if (pi->partial_sdu_len > pi->sdu_len)
3665 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3670 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3676 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) {
3677 pi->partial_sdu_len += skb->len;
3679 if (pi->partial_sdu_len > pi->imtu)
3682 if (pi->partial_sdu_len != pi->sdu_len)
3685 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3688 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3690 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3694 err = sock_queue_rcv_skb(sk, _skb);
3697 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3701 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY;
3702 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3716 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3721 static int l2cap_try_push_rx_skb(struct sock *sk)
3723 struct l2cap_pinfo *pi = l2cap_pi(sk);
3724 struct sk_buff *skb;
3728 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) {
3729 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3730 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3732 skb_queue_head(BUSY_QUEUE(sk), skb);
3736 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3739 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT))
3742 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3743 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
3744 l2cap_send_sframe(pi, control);
3745 l2cap_pi(sk)->retry_count = 1;
3747 del_timer(&pi->retrans_timer);
3748 __mod_monitor_timer();
3750 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
3753 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
3754 pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
3756 BT_DBG("sk %p, Exit local busy", sk);
3761 static void l2cap_busy_work(struct work_struct *work)
3763 DECLARE_WAITQUEUE(wait, current);
3764 struct l2cap_pinfo *pi =
3765 container_of(work, struct l2cap_pinfo, busy_work);
3766 struct sock *sk = (struct sock *)pi;
3767 int n_tries = 0, timeo = HZ/5, err;
3768 struct sk_buff *skb;
3772 add_wait_queue(sk_sleep(sk), &wait);
3773 while ((skb = skb_peek(BUSY_QUEUE(sk)))) {
3774 set_current_state(TASK_INTERRUPTIBLE);
3776 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3778 l2cap_send_disconn_req(pi->conn, sk, EBUSY);
3785 if (signal_pending(current)) {
3786 err = sock_intr_errno(timeo);
3791 timeo = schedule_timeout(timeo);
3794 err = sock_error(sk);
3798 if (l2cap_try_push_rx_skb(sk) == 0)
3802 set_current_state(TASK_RUNNING);
3803 remove_wait_queue(sk_sleep(sk), &wait);
3808 static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
3810 struct l2cap_pinfo *pi = l2cap_pi(sk);
3813 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3814 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3815 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3816 return l2cap_try_push_rx_skb(sk);
3821 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3823 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3827 /* Busy Condition */
3828 BT_DBG("sk %p, Enter local busy", sk);
3830 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY;
3831 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3832 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3834 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3835 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
3836 l2cap_send_sframe(pi, sctrl);
3838 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3840 del_timer(&pi->ack_timer);
3842 queue_work(_busy_wq, &pi->busy_work);
3847 static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3849 struct l2cap_pinfo *pi = l2cap_pi(sk);
3850 struct sk_buff *_skb;
3854 * TODO: We have to notify the userland if some data is lost with the
3858 switch (control & L2CAP_CTRL_SAR) {
3859 case L2CAP_SDU_UNSEGMENTED:
3860 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3865 err = sock_queue_rcv_skb(sk, skb);
3871 case L2CAP_SDU_START:
3872 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3877 pi->sdu_len = get_unaligned_le16(skb->data);
3880 if (pi->sdu_len > pi->imtu) {
3885 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3891 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3893 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3894 pi->partial_sdu_len = skb->len;
3898 case L2CAP_SDU_CONTINUE:
3899 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3902 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3904 pi->partial_sdu_len += skb->len;
3905 if (pi->partial_sdu_len > pi->sdu_len)
3913 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3916 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3918 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3919 pi->partial_sdu_len += skb->len;
3921 if (pi->partial_sdu_len > pi->imtu)
3924 if (pi->partial_sdu_len == pi->sdu_len) {
3925 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3926 err = sock_queue_rcv_skb(sk, _skb);
3941 static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3943 struct sk_buff *skb;
3946 while ((skb = skb_peek(SREJ_QUEUE(sk)))) {
3947 if (bt_cb(skb)->tx_seq != tx_seq)
3950 skb = skb_dequeue(SREJ_QUEUE(sk));
3951 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3952 l2cap_ertm_reassembly_sdu(sk, skb, control);
3953 l2cap_pi(sk)->buffer_seq_srej =
3954 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3955 tx_seq = (tx_seq + 1) % 64;
3959 static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3961 struct l2cap_pinfo *pi = l2cap_pi(sk);
3962 struct srej_list *l, *tmp;
3965 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
3966 if (l->tx_seq == tx_seq) {
3971 control = L2CAP_SUPER_SELECT_REJECT;
3972 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3973 l2cap_send_sframe(pi, control);
3975 list_add_tail(&l->list, SREJ_LIST(sk));
3979 static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3981 struct l2cap_pinfo *pi = l2cap_pi(sk);
3982 struct srej_list *new;
3985 while (tx_seq != pi->expected_tx_seq) {
3986 control = L2CAP_SUPER_SELECT_REJECT;
3987 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3988 l2cap_send_sframe(pi, control);
3990 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3991 new->tx_seq = pi->expected_tx_seq;
3992 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3993 list_add_tail(&new->list, SREJ_LIST(sk));
3995 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3998 static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
4000 struct l2cap_pinfo *pi = l2cap_pi(sk);
4001 u8 tx_seq = __get_txseq(rx_control);
4002 u8 req_seq = __get_reqseq(rx_control);
4003 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
4004 int tx_seq_offset, expected_tx_seq_offset;
4005 int num_to_ack = (pi->tx_win/6) + 1;
4008 BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq,
4011 if (L2CAP_CTRL_FINAL & rx_control &&
4012 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
4013 del_timer(&pi->monitor_timer);
4014 if (pi->unacked_frames > 0)
4015 __mod_retrans_timer();
4016 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
4019 pi->expected_ack_seq = req_seq;
4020 l2cap_drop_acked_frames(sk);
4022 if (tx_seq == pi->expected_tx_seq)
4025 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
4026 if (tx_seq_offset < 0)
4027 tx_seq_offset += 64;
4029 /* invalid tx_seq */
4030 if (tx_seq_offset >= pi->tx_win) {
4031 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4035 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY)
4038 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4039 struct srej_list *first;
4041 first = list_first_entry(SREJ_LIST(sk),
4042 struct srej_list, list);
4043 if (tx_seq == first->tx_seq) {
4044 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
4045 l2cap_check_srej_gap(sk, tx_seq);
4047 list_del(&first->list);
4050 if (list_empty(SREJ_LIST(sk))) {
4051 pi->buffer_seq = pi->buffer_seq_srej;
4052 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
4054 BT_DBG("sk %p, Exit SREJ_SENT", sk);
4057 struct srej_list *l;
4059 /* duplicated tx_seq */
4060 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0)
4063 list_for_each_entry(l, SREJ_LIST(sk), list) {
4064 if (l->tx_seq == tx_seq) {
4065 l2cap_resend_srejframe(sk, tx_seq);
4069 l2cap_send_srejframe(sk, tx_seq);
4072 expected_tx_seq_offset =
4073 (pi->expected_tx_seq - pi->buffer_seq) % 64;
4074 if (expected_tx_seq_offset < 0)
4075 expected_tx_seq_offset += 64;
4077 /* duplicated tx_seq */
4078 if (tx_seq_offset < expected_tx_seq_offset)
4081 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
4083 BT_DBG("sk %p, Enter SREJ", sk);
4085 INIT_LIST_HEAD(SREJ_LIST(sk));
4086 pi->buffer_seq_srej = pi->buffer_seq;
4088 __skb_queue_head_init(SREJ_QUEUE(sk));
4089 __skb_queue_head_init(BUSY_QUEUE(sk));
4090 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
4092 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
4094 l2cap_send_srejframe(sk, tx_seq);
4096 del_timer(&pi->ack_timer);
4101 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
4103 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4104 bt_cb(skb)->tx_seq = tx_seq;
4105 bt_cb(skb)->sar = sar;
4106 __skb_queue_tail(SREJ_QUEUE(sk), skb);
4110 err = l2cap_push_rx_skb(sk, skb, rx_control);
4114 if (rx_control & L2CAP_CTRL_FINAL) {
4115 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4116 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4118 l2cap_retransmit_frames(sk);
4123 pi->num_acked = (pi->num_acked + 1) % num_to_ack;
4124 if (pi->num_acked == num_to_ack - 1)
4134 static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
4136 struct l2cap_pinfo *pi = l2cap_pi(sk);
4138 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
4141 pi->expected_ack_seq = __get_reqseq(rx_control);
4142 l2cap_drop_acked_frames(sk);
4144 if (rx_control & L2CAP_CTRL_POLL) {
4145 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4146 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4147 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
4148 (pi->unacked_frames > 0))
4149 __mod_retrans_timer();
4151 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4152 l2cap_send_srejtail(sk);
4154 l2cap_send_i_or_rr_or_rnr(sk);
4157 } else if (rx_control & L2CAP_CTRL_FINAL) {
4158 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4160 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4161 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4163 l2cap_retransmit_frames(sk);
4166 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
4167 (pi->unacked_frames > 0))
4168 __mod_retrans_timer();
4170 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4171 if (pi->conn_state & L2CAP_CONN_SREJ_SENT)
4174 l2cap_ertm_send(sk);
4178 static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
4180 struct l2cap_pinfo *pi = l2cap_pi(sk);
4181 u8 tx_seq = __get_reqseq(rx_control);
4183 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4185 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4187 pi->expected_ack_seq = tx_seq;
4188 l2cap_drop_acked_frames(sk);
4190 if (rx_control & L2CAP_CTRL_FINAL) {
4191 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4192 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4194 l2cap_retransmit_frames(sk);
4196 l2cap_retransmit_frames(sk);
4198 if (pi->conn_state & L2CAP_CONN_WAIT_F)
4199 pi->conn_state |= L2CAP_CONN_REJ_ACT;
4202 static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
4204 struct l2cap_pinfo *pi = l2cap_pi(sk);
4205 u8 tx_seq = __get_reqseq(rx_control);
4207 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4209 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4211 if (rx_control & L2CAP_CTRL_POLL) {
4212 pi->expected_ack_seq = tx_seq;
4213 l2cap_drop_acked_frames(sk);
4215 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4216 l2cap_retransmit_one_frame(sk, tx_seq);
4218 l2cap_ertm_send(sk);
4220 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4221 pi->srej_save_reqseq = tx_seq;
4222 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
4224 } else if (rx_control & L2CAP_CTRL_FINAL) {
4225 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
4226 pi->srej_save_reqseq == tx_seq)
4227 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
4229 l2cap_retransmit_one_frame(sk, tx_seq);
4231 l2cap_retransmit_one_frame(sk, tx_seq);
4232 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4233 pi->srej_save_reqseq = tx_seq;
4234 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
4239 static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
4241 struct l2cap_pinfo *pi = l2cap_pi(sk);
4242 u8 tx_seq = __get_reqseq(rx_control);
4244 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4246 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
4247 pi->expected_ack_seq = tx_seq;
4248 l2cap_drop_acked_frames(sk);
4250 if (rx_control & L2CAP_CTRL_POLL)
4251 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4253 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
4254 del_timer(&pi->retrans_timer);
4255 if (rx_control & L2CAP_CTRL_POLL)
4256 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL);
4260 if (rx_control & L2CAP_CTRL_POLL)
4261 l2cap_send_srejtail(sk);
4263 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY);
4266 static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
4268 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
4270 if (L2CAP_CTRL_FINAL & rx_control &&
4271 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
4272 del_timer(&l2cap_pi(sk)->monitor_timer);
4273 if (l2cap_pi(sk)->unacked_frames > 0)
4274 __mod_retrans_timer();
4275 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F;
4278 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
4279 case L2CAP_SUPER_RCV_READY:
4280 l2cap_data_channel_rrframe(sk, rx_control);
4283 case L2CAP_SUPER_REJECT:
4284 l2cap_data_channel_rejframe(sk, rx_control);
4287 case L2CAP_SUPER_SELECT_REJECT:
4288 l2cap_data_channel_srejframe(sk, rx_control);
4291 case L2CAP_SUPER_RCV_NOT_READY:
4292 l2cap_data_channel_rnrframe(sk, rx_control);
4300 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
4302 struct l2cap_pinfo *pi = l2cap_pi(sk);
4305 int len, next_tx_seq_offset, req_seq_offset;
4307 control = get_unaligned_le16(skb->data);
4312 * We can just drop the corrupted I-frame here.
4313 * Receiver will miss it and start proper recovery
4314 * procedures and ask retransmission.
4316 if (l2cap_check_fcs(pi, skb))
4319 if (__is_sar_start(control) && __is_iframe(control))
4322 if (pi->fcs == L2CAP_FCS_CRC16)
4325 if (len > pi->mps) {
4326 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4330 req_seq = __get_reqseq(control);
4331 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
4332 if (req_seq_offset < 0)
4333 req_seq_offset += 64;
4335 next_tx_seq_offset =
4336 (pi->next_tx_seq - pi->expected_ack_seq) % 64;
4337 if (next_tx_seq_offset < 0)
4338 next_tx_seq_offset += 64;
4340 /* check for invalid req-seq */
4341 if (req_seq_offset > next_tx_seq_offset) {
4342 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4346 if (__is_iframe(control)) {
4348 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4352 l2cap_data_channel_iframe(sk, control, skb);
4356 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4360 l2cap_data_channel_sframe(sk, control, skb);
4370 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4373 struct l2cap_pinfo *pi;
4378 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
4380 BT_DBG("unknown cid 0x%4.4x", cid);
4386 BT_DBG("sk %p, len %d", sk, skb->len);
4388 if (sk->sk_state != BT_CONNECTED)
4392 case L2CAP_MODE_BASIC:
4393 /* If socket recv buffers overflows we drop data here
4394 * which is *bad* because L2CAP has to be reliable.
4395 * But we don't have any other choice. L2CAP doesn't
4396 * provide flow control mechanism. */
4398 if (pi->imtu < skb->len)
4401 if (!sock_queue_rcv_skb(sk, skb))
4405 case L2CAP_MODE_ERTM:
4406 if (!sock_owned_by_user(sk)) {
4407 l2cap_ertm_data_rcv(sk, skb);
4409 if (sk_add_backlog(sk, skb))
4415 case L2CAP_MODE_STREAMING:
4416 control = get_unaligned_le16(skb->data);
4420 if (l2cap_check_fcs(pi, skb))
4423 if (__is_sar_start(control))
4426 if (pi->fcs == L2CAP_FCS_CRC16)
4429 if (len > pi->mps || len < 0 || __is_sframe(control))
4432 tx_seq = __get_txseq(control);
4434 if (pi->expected_tx_seq == tx_seq)
4435 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
4437 pi->expected_tx_seq = (tx_seq + 1) % 64;
4439 l2cap_streaming_reassembly_sdu(sk, skb, control);
4444 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode);
4458 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
4462 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
4468 BT_DBG("sk %p, len %d", sk, skb->len);
4470 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
4473 if (l2cap_pi(sk)->imtu < skb->len)
4476 if (!sock_queue_rcv_skb(sk, skb))
4488 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4490 struct l2cap_hdr *lh = (void *) skb->data;
4494 skb_pull(skb, L2CAP_HDR_SIZE);
4495 cid = __le16_to_cpu(lh->cid);
4496 len = __le16_to_cpu(lh->len);
4498 if (len != skb->len) {
4503 BT_DBG("len %d, cid 0x%4.4x", len, cid);
4506 case L2CAP_CID_SIGNALING:
4507 l2cap_sig_channel(conn, skb);
4510 case L2CAP_CID_CONN_LESS:
4511 psm = get_unaligned_le16(skb->data);
4513 l2cap_conless_channel(conn, psm, skb);
4517 l2cap_data_channel(conn, cid, skb);
4522 /* ---- L2CAP interface with lower layer (HCI) ---- */
4524 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4526 int exact = 0, lm1 = 0, lm2 = 0;
4527 register struct sock *sk;
4528 struct hlist_node *node;
4530 if (type != ACL_LINK)
4533 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4535 /* Find listening sockets and check their link_mode */
4536 read_lock(&l2cap_sk_list.lock);
4537 sk_for_each(sk, node, &l2cap_sk_list.head) {
4538 if (sk->sk_state != BT_LISTEN)
4541 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
4542 lm1 |= HCI_LM_ACCEPT;
4543 if (l2cap_pi(sk)->role_switch)
4544 lm1 |= HCI_LM_MASTER;
4546 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4547 lm2 |= HCI_LM_ACCEPT;
4548 if (l2cap_pi(sk)->role_switch)
4549 lm2 |= HCI_LM_MASTER;
4552 read_unlock(&l2cap_sk_list.lock);
4554 return exact ? lm1 : lm2;
4557 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
4559 struct l2cap_conn *conn;
4561 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4563 if (hcon->type != ACL_LINK)
4567 conn = l2cap_conn_add(hcon, status);
4569 l2cap_conn_ready(conn);
4571 l2cap_conn_del(hcon, bt_err(status));
4576 static int l2cap_disconn_ind(struct hci_conn *hcon)
4578 struct l2cap_conn *conn = hcon->l2cap_data;
4580 BT_DBG("hcon %p", hcon);
4582 if (hcon->type != ACL_LINK || !conn)
4585 return conn->disc_reason;
4588 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
4590 BT_DBG("hcon %p reason %d", hcon, reason);
4592 if (hcon->type != ACL_LINK)
4595 l2cap_conn_del(hcon, bt_err(reason));
4600 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
4602 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
4605 if (encrypt == 0x00) {
4606 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
4607 l2cap_sock_clear_timer(sk);
4608 l2cap_sock_set_timer(sk, HZ * 5);
4609 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
4610 __l2cap_sock_close(sk, ECONNREFUSED);
4612 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
4613 l2cap_sock_clear_timer(sk);
4617 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4619 struct l2cap_chan_list *l;
4620 struct l2cap_conn *conn = hcon->l2cap_data;
4626 l = &conn->chan_list;
4628 BT_DBG("conn %p", conn);
4630 read_lock(&l->lock);
4632 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
4635 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
4640 if (!status && (sk->sk_state == BT_CONNECTED ||
4641 sk->sk_state == BT_CONFIG)) {
4642 l2cap_check_encryption(sk, encrypt);
4647 if (sk->sk_state == BT_CONNECT) {
4649 struct l2cap_conn_req req;
4650 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
4651 req.psm = l2cap_pi(sk)->psm;
4653 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
4654 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
4656 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4657 L2CAP_CONN_REQ, sizeof(req), &req);
4659 l2cap_sock_clear_timer(sk);
4660 l2cap_sock_set_timer(sk, HZ / 10);
4662 } else if (sk->sk_state == BT_CONNECT2) {
4663 struct l2cap_conn_rsp rsp;
4667 sk->sk_state = BT_CONFIG;
4668 result = L2CAP_CR_SUCCESS;
4670 sk->sk_state = BT_DISCONN;
4671 l2cap_sock_set_timer(sk, HZ / 10);
4672 result = L2CAP_CR_SEC_BLOCK;
4675 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
4676 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
4677 rsp.result = cpu_to_le16(result);
4678 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
4679 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4680 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
4686 read_unlock(&l->lock);
4691 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4693 struct l2cap_conn *conn = hcon->l2cap_data;
4695 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
4698 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4700 if (flags & ACL_START) {
4701 struct l2cap_hdr *hdr;
4707 BT_ERR("Unexpected start frame (len %d)", skb->len);
4708 kfree_skb(conn->rx_skb);
4709 conn->rx_skb = NULL;
4711 l2cap_conn_unreliable(conn, ECOMM);
4714 /* Start fragment always begin with Basic L2CAP header */
4715 if (skb->len < L2CAP_HDR_SIZE) {
4716 BT_ERR("Frame is too short (len %d)", skb->len);
4717 l2cap_conn_unreliable(conn, ECOMM);
4721 hdr = (struct l2cap_hdr *) skb->data;
4722 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
4723 cid = __le16_to_cpu(hdr->cid);
4725 if (len == skb->len) {
4726 /* Complete frame received */
4727 l2cap_recv_frame(conn, skb);
4731 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4733 if (skb->len > len) {
4734 BT_ERR("Frame is too long (len %d, expected len %d)",
4736 l2cap_conn_unreliable(conn, ECOMM);
4740 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
4742 if (sk && l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) {
4743 BT_ERR("Frame exceeding recv MTU (len %d, MTU %d)",
4744 len, l2cap_pi(sk)->imtu);
4746 l2cap_conn_unreliable(conn, ECOMM);
4753 /* Allocate skb for the complete frame (with header) */
4754 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4758 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4760 conn->rx_len = len - skb->len;
4762 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4764 if (!conn->rx_len) {
4765 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4766 l2cap_conn_unreliable(conn, ECOMM);
4770 if (skb->len > conn->rx_len) {
4771 BT_ERR("Fragment is too long (len %d, expected %d)",
4772 skb->len, conn->rx_len);
4773 kfree_skb(conn->rx_skb);
4774 conn->rx_skb = NULL;
4776 l2cap_conn_unreliable(conn, ECOMM);
4780 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4782 conn->rx_len -= skb->len;
4784 if (!conn->rx_len) {
4785 /* Complete frame received */
4786 l2cap_recv_frame(conn, conn->rx_skb);
4787 conn->rx_skb = NULL;
4796 static int l2cap_debugfs_show(struct seq_file *f, void *p)
4799 struct hlist_node *node;
4801 read_lock_bh(&l2cap_sk_list.lock);
4803 sk_for_each(sk, node, &l2cap_sk_list.head) {
4804 struct l2cap_pinfo *pi = l2cap_pi(sk);
4806 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
4807 batostr(&bt_sk(sk)->src),
4808 batostr(&bt_sk(sk)->dst),
4809 sk->sk_state, __le16_to_cpu(pi->psm),
4811 pi->imtu, pi->omtu, pi->sec_level);
4814 read_unlock_bh(&l2cap_sk_list.lock);
4819 static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4821 return single_open(file, l2cap_debugfs_show, inode->i_private);
4824 static const struct file_operations l2cap_debugfs_fops = {
4825 .open = l2cap_debugfs_open,
4827 .llseek = seq_lseek,
4828 .release = single_release,
4831 static struct dentry *l2cap_debugfs;
4833 static const struct proto_ops l2cap_sock_ops = {
4834 .family = PF_BLUETOOTH,
4835 .owner = THIS_MODULE,
4836 .release = l2cap_sock_release,
4837 .bind = l2cap_sock_bind,
4838 .connect = l2cap_sock_connect,
4839 .listen = l2cap_sock_listen,
4840 .accept = l2cap_sock_accept,
4841 .getname = l2cap_sock_getname,
4842 .sendmsg = l2cap_sock_sendmsg,
4843 .recvmsg = l2cap_sock_recvmsg,
4844 .poll = bt_sock_poll,
4845 .ioctl = bt_sock_ioctl,
4846 .mmap = sock_no_mmap,
4847 .socketpair = sock_no_socketpair,
4848 .shutdown = l2cap_sock_shutdown,
4849 .setsockopt = l2cap_sock_setsockopt,
4850 .getsockopt = l2cap_sock_getsockopt
4853 static const struct net_proto_family l2cap_sock_family_ops = {
4854 .family = PF_BLUETOOTH,
4855 .owner = THIS_MODULE,
4856 .create = l2cap_sock_create,
4859 static struct hci_proto l2cap_hci_proto = {
4861 .id = HCI_PROTO_L2CAP,
4862 .connect_ind = l2cap_connect_ind,
4863 .connect_cfm = l2cap_connect_cfm,
4864 .disconn_ind = l2cap_disconn_ind,
4865 .disconn_cfm = l2cap_disconn_cfm,
4866 .security_cfm = l2cap_security_cfm,
4867 .recv_acldata = l2cap_recv_acldata
4870 static int __init l2cap_init(void)
4874 err = proto_register(&l2cap_proto, 0);
4878 _busy_wq = create_singlethread_workqueue("l2cap");
4880 proto_unregister(&l2cap_proto);
4884 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
4886 BT_ERR("L2CAP socket registration failed");
4890 err = hci_register_proto(&l2cap_hci_proto);
4892 BT_ERR("L2CAP protocol registration failed");
4893 bt_sock_unregister(BTPROTO_L2CAP);
4898 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4899 bt_debugfs, NULL, &l2cap_debugfs_fops);
4901 BT_ERR("Failed to create L2CAP debug file");
4904 BT_INFO("L2CAP ver %s", VERSION);
4905 BT_INFO("L2CAP socket layer initialized");
4910 destroy_workqueue(_busy_wq);
4911 proto_unregister(&l2cap_proto);
4915 static void __exit l2cap_exit(void)
4917 debugfs_remove(l2cap_debugfs);
4919 flush_workqueue(_busy_wq);
4920 destroy_workqueue(_busy_wq);
4922 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
4923 BT_ERR("L2CAP socket unregistration failed");
4925 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4926 BT_ERR("L2CAP protocol unregistration failed");
4928 proto_unregister(&l2cap_proto);
4931 void l2cap_load(void)
4933 /* Dummy function to trigger automatic L2CAP module loading by
4934 * other modules that use L2CAP sockets but don't use any other
4935 * symbols from it. */
4937 EXPORT_SYMBOL(l2cap_load);
4939 module_init(l2cap_init);
4940 module_exit(l2cap_exit);
4942 module_param(disable_ertm, bool, 0644);
4943 MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
4945 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4946 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
4947 MODULE_VERSION(VERSION);
4948 MODULE_LICENSE("GPL");
4949 MODULE_ALIAS("bt-proto-0");
git.openpandora.org / pandora-kernel.git / blob