2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 /* Handle HCI Event packets */
50 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
52 __u8 status = *((__u8 *) skb->data);
54 BT_DBG("%s status 0x%x", hdev->name, status);
59 if (test_bit(HCI_MGMT, &hdev->flags) &&
60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
65 hci_conn_check_pending(hdev);
68 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
70 __u8 status = *((__u8 *) skb->data);
72 BT_DBG("%s status 0x%x", hdev->name, status);
77 if (test_bit(HCI_MGMT, &hdev->flags) &&
78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
81 hci_conn_check_pending(hdev);
84 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86 BT_DBG("%s", hdev->name);
89 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 conn->link_mode &= ~HCI_LM_MASTER;
106 conn->link_mode |= HCI_LM_MASTER;
109 hci_dev_unlock(hdev);
112 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 conn->link_policy = __le16_to_cpu(rp->policy);
128 hci_dev_unlock(hdev);
131 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
134 struct hci_conn *conn;
137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
150 conn->link_policy = get_unaligned_le16(sent + 2);
152 hci_dev_unlock(hdev);
155 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164 hdev->link_policy = __le16_to_cpu(rp->policy);
167 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169 __u8 status = *((__u8 *) skb->data);
172 BT_DBG("%s status 0x%x", hdev->name, status);
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 hdev->link_policy = get_unaligned_le16(sent);
181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
184 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186 __u8 status = *((__u8 *) skb->data);
188 BT_DBG("%s status 0x%x", hdev->name, status);
190 clear_bit(HCI_RESET, &hdev->flags);
192 hci_req_complete(hdev, HCI_OP_RESET, status);
195 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
197 __u8 status = *((__u8 *) skb->data);
200 BT_DBG("%s status 0x%x", hdev->name, status);
202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
206 if (test_bit(HCI_MGMT, &hdev->flags))
207 mgmt_set_local_name_complete(hdev->id, sent, status);
212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
215 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
217 struct hci_rp_read_local_name *rp = (void *) skb->data;
219 BT_DBG("%s status 0x%x", hdev->name, rp->status);
224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
227 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
229 __u8 status = *((__u8 *) skb->data);
232 BT_DBG("%s status 0x%x", hdev->name, status);
234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
239 __u8 param = *((__u8 *) sent);
241 if (param == AUTH_ENABLED)
242 set_bit(HCI_AUTH, &hdev->flags);
244 clear_bit(HCI_AUTH, &hdev->flags);
247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
250 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
252 __u8 status = *((__u8 *) skb->data);
255 BT_DBG("%s status 0x%x", hdev->name, status);
257 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
262 __u8 param = *((__u8 *) sent);
265 set_bit(HCI_ENCRYPT, &hdev->flags);
267 clear_bit(HCI_ENCRYPT, &hdev->flags);
270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
273 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
275 __u8 status = *((__u8 *) skb->data);
278 BT_DBG("%s status 0x%x", hdev->name, status);
280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
285 __u8 param = *((__u8 *) sent);
286 int old_pscan, old_iscan;
288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
291 if (param & SCAN_INQUIRY) {
292 set_bit(HCI_ISCAN, &hdev->flags);
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
296 mgmt_discoverable(hdev->id, 0);
298 if (param & SCAN_PAGE) {
299 set_bit(HCI_PSCAN, &hdev->flags);
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
309 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
313 BT_DBG("%s status 0x%x", hdev->name, rp->status);
318 memcpy(hdev->dev_class, rp->dev_class, 3);
320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
324 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
326 __u8 status = *((__u8 *) skb->data);
329 BT_DBG("%s status 0x%x", hdev->name, status);
334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
338 memcpy(hdev->dev_class, sent, 3);
341 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
343 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
346 BT_DBG("%s status 0x%x", hdev->name, rp->status);
351 setting = __le16_to_cpu(rp->voice_setting);
353 if (hdev->voice_setting == setting)
356 hdev->voice_setting = setting;
358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
361 tasklet_disable(&hdev->tx_task);
362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
363 tasklet_enable(&hdev->tx_task);
367 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
369 __u8 status = *((__u8 *) skb->data);
373 BT_DBG("%s status 0x%x", hdev->name, status);
378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
382 setting = get_unaligned_le16(sent);
384 if (hdev->voice_setting == setting)
387 hdev->voice_setting = setting;
389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
392 tasklet_disable(&hdev->tx_task);
393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 tasklet_enable(&hdev->tx_task);
398 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
400 __u8 status = *((__u8 *) skb->data);
402 BT_DBG("%s status 0x%x", hdev->name, status);
404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
407 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
411 BT_DBG("%s status 0x%x", hdev->name, rp->status);
416 hdev->ssp_mode = rp->mode;
419 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
421 __u8 status = *((__u8 *) skb->data);
424 BT_DBG("%s status 0x%x", hdev->name, status);
429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
433 hdev->ssp_mode = *((__u8 *) sent);
436 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
438 if (hdev->features[6] & LMP_EXT_INQ)
441 if (hdev->features[3] & LMP_RSSI_INQ)
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
464 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
468 mode = hci_get_inquiry_mode(hdev);
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
473 static void hci_setup_event_mask(struct hci_dev *hdev)
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
480 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
481 * any event mask for pre 1.2 devices */
482 if (hdev->lmp_ver <= 1)
485 events[4] |= 0x01; /* Flow Specification Complete */
486 events[4] |= 0x02; /* Inquiry Result with RSSI */
487 events[4] |= 0x04; /* Read Remote Extended Features Complete */
488 events[5] |= 0x08; /* Synchronous Connection Complete */
489 events[5] |= 0x10; /* Synchronous Connection Changed */
491 if (hdev->features[3] & LMP_RSSI_INQ)
492 events[4] |= 0x04; /* Inquiry Result with RSSI */
494 if (hdev->features[5] & LMP_SNIFF_SUBR)
495 events[5] |= 0x20; /* Sniff Subrating */
497 if (hdev->features[5] & LMP_PAUSE_ENC)
498 events[5] |= 0x80; /* Encryption Key Refresh Complete */
500 if (hdev->features[6] & LMP_EXT_INQ)
501 events[5] |= 0x40; /* Extended Inquiry Result */
503 if (hdev->features[6] & LMP_NO_FLUSH)
504 events[7] |= 0x01; /* Enhanced Flush Complete */
506 if (hdev->features[7] & LMP_LSTO)
507 events[6] |= 0x80; /* Link Supervision Timeout Changed */
509 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
510 events[6] |= 0x01; /* IO Capability Request */
511 events[6] |= 0x02; /* IO Capability Response */
512 events[6] |= 0x04; /* User Confirmation Request */
513 events[6] |= 0x08; /* User Passkey Request */
514 events[6] |= 0x10; /* Remote OOB Data Request */
515 events[6] |= 0x20; /* Simple Pairing Complete */
516 events[7] |= 0x04; /* User Passkey Notification */
517 events[7] |= 0x08; /* Keypress Notification */
518 events[7] |= 0x10; /* Remote Host Supported
519 * Features Notification */
522 if (hdev->features[4] & LMP_LE)
523 events[7] |= 0x20; /* LE Meta-Event */
525 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
528 static void hci_setup(struct hci_dev *hdev)
530 hci_setup_event_mask(hdev);
532 if (hdev->lmp_ver > 1)
533 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
535 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
537 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
540 if (hdev->features[3] & LMP_RSSI_INQ)
541 hci_setup_inquiry_mode(hdev);
543 if (hdev->features[7] & LMP_INQ_TX_PWR)
544 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
547 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
549 struct hci_rp_read_local_version *rp = (void *) skb->data;
551 BT_DBG("%s status 0x%x", hdev->name, rp->status);
556 hdev->hci_ver = rp->hci_ver;
557 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
558 hdev->lmp_ver = rp->lmp_ver;
559 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
560 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
562 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
564 hdev->hci_ver, hdev->hci_rev);
566 if (test_bit(HCI_INIT, &hdev->flags))
570 static void hci_setup_link_policy(struct hci_dev *hdev)
574 if (hdev->features[0] & LMP_RSWITCH)
575 link_policy |= HCI_LP_RSWITCH;
576 if (hdev->features[0] & LMP_HOLD)
577 link_policy |= HCI_LP_HOLD;
578 if (hdev->features[0] & LMP_SNIFF)
579 link_policy |= HCI_LP_SNIFF;
580 if (hdev->features[1] & LMP_PARK)
581 link_policy |= HCI_LP_PARK;
583 link_policy = cpu_to_le16(link_policy);
584 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
585 sizeof(link_policy), &link_policy);
588 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
590 struct hci_rp_read_local_commands *rp = (void *) skb->data;
592 BT_DBG("%s status 0x%x", hdev->name, rp->status);
597 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
599 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
600 hci_setup_link_policy(hdev);
603 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
606 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
608 struct hci_rp_read_local_features *rp = (void *) skb->data;
610 BT_DBG("%s status 0x%x", hdev->name, rp->status);
615 memcpy(hdev->features, rp->features, 8);
617 /* Adjust default settings according to features
618 * supported by device. */
620 if (hdev->features[0] & LMP_3SLOT)
621 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
623 if (hdev->features[0] & LMP_5SLOT)
624 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
626 if (hdev->features[1] & LMP_HV2) {
627 hdev->pkt_type |= (HCI_HV2);
628 hdev->esco_type |= (ESCO_HV2);
631 if (hdev->features[1] & LMP_HV3) {
632 hdev->pkt_type |= (HCI_HV3);
633 hdev->esco_type |= (ESCO_HV3);
636 if (hdev->features[3] & LMP_ESCO)
637 hdev->esco_type |= (ESCO_EV3);
639 if (hdev->features[4] & LMP_EV4)
640 hdev->esco_type |= (ESCO_EV4);
642 if (hdev->features[4] & LMP_EV5)
643 hdev->esco_type |= (ESCO_EV5);
645 if (hdev->features[5] & LMP_EDR_ESCO_2M)
646 hdev->esco_type |= (ESCO_2EV3);
648 if (hdev->features[5] & LMP_EDR_ESCO_3M)
649 hdev->esco_type |= (ESCO_3EV3);
651 if (hdev->features[5] & LMP_EDR_3S_ESCO)
652 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
654 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
655 hdev->features[0], hdev->features[1],
656 hdev->features[2], hdev->features[3],
657 hdev->features[4], hdev->features[5],
658 hdev->features[6], hdev->features[7]);
661 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
663 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
665 BT_DBG("%s status 0x%x", hdev->name, rp->status);
670 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
671 hdev->sco_mtu = rp->sco_mtu;
672 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
673 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
675 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
680 hdev->acl_cnt = hdev->acl_pkts;
681 hdev->sco_cnt = hdev->sco_pkts;
683 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
684 hdev->acl_mtu, hdev->acl_pkts,
685 hdev->sco_mtu, hdev->sco_pkts);
688 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
690 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
692 BT_DBG("%s status 0x%x", hdev->name, rp->status);
695 bacpy(&hdev->bdaddr, &rp->bdaddr);
697 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
700 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
702 __u8 status = *((__u8 *) skb->data);
704 BT_DBG("%s status 0x%x", hdev->name, status);
706 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
709 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
712 __u8 status = *((__u8 *) skb->data);
714 BT_DBG("%s status 0x%x", hdev->name, status);
716 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
719 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
721 __u8 status = *((__u8 *) skb->data);
723 BT_DBG("%s status 0x%x", hdev->name, status);
725 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
728 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
731 __u8 status = *((__u8 *) skb->data);
733 BT_DBG("%s status 0x%x", hdev->name, status);
735 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
738 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
741 __u8 status = *((__u8 *) skb->data);
743 BT_DBG("%s status 0x%x", hdev->name, status);
745 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
748 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
750 __u8 status = *((__u8 *) skb->data);
752 BT_DBG("%s status 0x%x", hdev->name, status);
754 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
757 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
759 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
760 struct hci_cp_pin_code_reply *cp;
761 struct hci_conn *conn;
763 BT_DBG("%s status 0x%x", hdev->name, rp->status);
765 if (test_bit(HCI_MGMT, &hdev->flags))
766 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
771 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
775 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
777 conn->pin_length = cp->pin_len;
780 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
782 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
784 BT_DBG("%s status 0x%x", hdev->name, rp->status);
786 if (test_bit(HCI_MGMT, &hdev->flags))
787 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
790 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
793 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
795 BT_DBG("%s status 0x%x", hdev->name, rp->status);
800 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
801 hdev->le_pkts = rp->le_max_pkt;
803 hdev->le_cnt = hdev->le_pkts;
805 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
807 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
810 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
812 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
814 BT_DBG("%s status 0x%x", hdev->name, rp->status);
816 if (test_bit(HCI_MGMT, &hdev->flags))
817 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
821 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
824 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
826 BT_DBG("%s status 0x%x", hdev->name, rp->status);
828 if (test_bit(HCI_MGMT, &hdev->flags))
829 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
833 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
836 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
838 BT_DBG("%s status 0x%x", hdev->name, rp->status);
840 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
841 rp->randomizer, rp->status);
844 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
846 BT_DBG("%s status 0x%x", hdev->name, status);
849 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
850 hci_conn_check_pending(hdev);
854 if (test_bit(HCI_MGMT, &hdev->flags) &&
855 !test_and_set_bit(HCI_INQUIRY,
857 mgmt_discovering(hdev->id, 1);
860 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
862 struct hci_cp_create_conn *cp;
863 struct hci_conn *conn;
865 BT_DBG("%s status 0x%x", hdev->name, status);
867 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
873 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
875 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
878 if (conn && conn->state == BT_CONNECT) {
879 if (status != 0x0c || conn->attempt > 2) {
880 conn->state = BT_CLOSED;
881 hci_proto_connect_cfm(conn, status);
884 conn->state = BT_CONNECT2;
888 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
891 conn->link_mode |= HCI_LM_MASTER;
893 BT_ERR("No memory for new connection");
897 hci_dev_unlock(hdev);
900 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
902 struct hci_cp_add_sco *cp;
903 struct hci_conn *acl, *sco;
906 BT_DBG("%s status 0x%x", hdev->name, status);
911 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
915 handle = __le16_to_cpu(cp->handle);
917 BT_DBG("%s handle %d", hdev->name, handle);
921 acl = hci_conn_hash_lookup_handle(hdev, handle);
925 sco->state = BT_CLOSED;
927 hci_proto_connect_cfm(sco, status);
932 hci_dev_unlock(hdev);
935 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
937 struct hci_cp_auth_requested *cp;
938 struct hci_conn *conn;
940 BT_DBG("%s status 0x%x", hdev->name, status);
945 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
951 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
953 if (conn->state == BT_CONFIG) {
954 hci_proto_connect_cfm(conn, status);
959 hci_dev_unlock(hdev);
962 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
964 struct hci_cp_set_conn_encrypt *cp;
965 struct hci_conn *conn;
967 BT_DBG("%s status 0x%x", hdev->name, status);
972 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
978 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
980 if (conn->state == BT_CONFIG) {
981 hci_proto_connect_cfm(conn, status);
986 hci_dev_unlock(hdev);
989 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
990 struct hci_conn *conn)
992 if (conn->state != BT_CONFIG || !conn->out)
995 if (conn->pending_sec_level == BT_SECURITY_SDP)
998 /* Only request authentication for SSP connections or non-SSP
999 * devices with sec_level HIGH */
1000 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1001 conn->pending_sec_level != BT_SECURITY_HIGH)
1007 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1009 struct hci_cp_remote_name_req *cp;
1010 struct hci_conn *conn;
1012 BT_DBG("%s status 0x%x", hdev->name, status);
1014 /* If successful wait for the name req complete event before
1015 * checking for the need to do authentication */
1019 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1025 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1029 if (!hci_outgoing_auth_needed(hdev, conn))
1032 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1033 struct hci_cp_auth_requested cp;
1034 cp.handle = __cpu_to_le16(conn->handle);
1035 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1039 hci_dev_unlock(hdev);
1042 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1044 struct hci_cp_read_remote_features *cp;
1045 struct hci_conn *conn;
1047 BT_DBG("%s status 0x%x", hdev->name, status);
1052 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1060 if (conn->state == BT_CONFIG) {
1061 hci_proto_connect_cfm(conn, status);
1066 hci_dev_unlock(hdev);
1069 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1071 struct hci_cp_read_remote_ext_features *cp;
1072 struct hci_conn *conn;
1074 BT_DBG("%s status 0x%x", hdev->name, status);
1079 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1085 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1087 if (conn->state == BT_CONFIG) {
1088 hci_proto_connect_cfm(conn, status);
1093 hci_dev_unlock(hdev);
1096 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1098 struct hci_cp_setup_sync_conn *cp;
1099 struct hci_conn *acl, *sco;
1102 BT_DBG("%s status 0x%x", hdev->name, status);
1107 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1111 handle = __le16_to_cpu(cp->handle);
1113 BT_DBG("%s handle %d", hdev->name, handle);
1117 acl = hci_conn_hash_lookup_handle(hdev, handle);
1121 sco->state = BT_CLOSED;
1123 hci_proto_connect_cfm(sco, status);
1128 hci_dev_unlock(hdev);
1131 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1133 struct hci_cp_sniff_mode *cp;
1134 struct hci_conn *conn;
1136 BT_DBG("%s status 0x%x", hdev->name, status);
1141 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1147 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1149 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1151 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1152 hci_sco_setup(conn, status);
1155 hci_dev_unlock(hdev);
1158 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1160 struct hci_cp_exit_sniff_mode *cp;
1161 struct hci_conn *conn;
1163 BT_DBG("%s status 0x%x", hdev->name, status);
1168 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1174 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1176 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1178 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1179 hci_sco_setup(conn, status);
1182 hci_dev_unlock(hdev);
1185 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1187 struct hci_cp_le_create_conn *cp;
1188 struct hci_conn *conn;
1190 BT_DBG("%s status 0x%x", hdev->name, status);
1192 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1198 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1200 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1204 if (conn && conn->state == BT_CONNECT) {
1205 conn->state = BT_CLOSED;
1206 hci_proto_connect_cfm(conn, status);
1211 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1215 BT_ERR("No memory for new connection");
1219 hci_dev_unlock(hdev);
1222 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1224 __u8 status = *((__u8 *) skb->data);
1226 BT_DBG("%s status %d", hdev->name, status);
1228 if (test_bit(HCI_MGMT, &hdev->flags) &&
1229 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1230 mgmt_discovering(hdev->id, 0);
1232 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1234 hci_conn_check_pending(hdev);
1237 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1239 struct inquiry_data data;
1240 struct inquiry_info *info = (void *) (skb->data + 1);
1241 int num_rsp = *((__u8 *) skb->data);
1243 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1250 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1252 if (test_bit(HCI_MGMT, &hdev->flags))
1253 mgmt_discovering(hdev->id, 1);
1256 for (; num_rsp; num_rsp--, info++) {
1257 bacpy(&data.bdaddr, &info->bdaddr);
1258 data.pscan_rep_mode = info->pscan_rep_mode;
1259 data.pscan_period_mode = info->pscan_period_mode;
1260 data.pscan_mode = info->pscan_mode;
1261 memcpy(data.dev_class, info->dev_class, 3);
1262 data.clock_offset = info->clock_offset;
1264 data.ssp_mode = 0x00;
1265 hci_inquiry_cache_update(hdev, &data);
1266 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1270 hci_dev_unlock(hdev);
1273 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1275 struct hci_ev_conn_complete *ev = (void *) skb->data;
1276 struct hci_conn *conn;
1278 BT_DBG("%s", hdev->name);
1282 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1284 if (ev->link_type != SCO_LINK)
1287 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1291 conn->type = SCO_LINK;
1295 conn->handle = __le16_to_cpu(ev->handle);
1297 if (conn->type == ACL_LINK) {
1298 conn->state = BT_CONFIG;
1299 hci_conn_hold(conn);
1300 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1301 mgmt_connected(hdev->id, &ev->bdaddr);
1303 conn->state = BT_CONNECTED;
1305 hci_conn_hold_device(conn);
1306 hci_conn_add_sysfs(conn);
1308 if (test_bit(HCI_AUTH, &hdev->flags))
1309 conn->link_mode |= HCI_LM_AUTH;
1311 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1312 conn->link_mode |= HCI_LM_ENCRYPT;
1314 /* Get remote features */
1315 if (conn->type == ACL_LINK) {
1316 struct hci_cp_read_remote_features cp;
1317 cp.handle = ev->handle;
1318 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1322 /* Set packet type for incoming connection */
1323 if (!conn->out && hdev->hci_ver < 3) {
1324 struct hci_cp_change_conn_ptype cp;
1325 cp.handle = ev->handle;
1326 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1327 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1331 conn->state = BT_CLOSED;
1332 if (conn->type == ACL_LINK)
1333 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1336 if (conn->type == ACL_LINK)
1337 hci_sco_setup(conn, ev->status);
1340 hci_proto_connect_cfm(conn, ev->status);
1342 } else if (ev->link_type != ACL_LINK)
1343 hci_proto_connect_cfm(conn, ev->status);
1346 hci_dev_unlock(hdev);
1348 hci_conn_check_pending(hdev);
1351 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1353 struct hci_ev_conn_request *ev = (void *) skb->data;
1354 int mask = hdev->link_mode;
1356 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1357 batostr(&ev->bdaddr), ev->link_type);
1359 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1361 if ((mask & HCI_LM_ACCEPT) &&
1362 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1363 /* Connection accepted */
1364 struct inquiry_entry *ie;
1365 struct hci_conn *conn;
1369 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1371 memcpy(ie->data.dev_class, ev->dev_class, 3);
1373 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1375 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1377 BT_ERR("No memory for new connection");
1378 hci_dev_unlock(hdev);
1383 memcpy(conn->dev_class, ev->dev_class, 3);
1384 conn->state = BT_CONNECT;
1386 hci_dev_unlock(hdev);
1388 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1389 struct hci_cp_accept_conn_req cp;
1391 bacpy(&cp.bdaddr, &ev->bdaddr);
1393 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1394 cp.role = 0x00; /* Become master */
1396 cp.role = 0x01; /* Remain slave */
1398 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1401 struct hci_cp_accept_sync_conn_req cp;
1403 bacpy(&cp.bdaddr, &ev->bdaddr);
1404 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1406 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1407 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1408 cp.max_latency = cpu_to_le16(0xffff);
1409 cp.content_format = cpu_to_le16(hdev->voice_setting);
1410 cp.retrans_effort = 0xff;
1412 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1416 /* Connection rejected */
1417 struct hci_cp_reject_conn_req cp;
1419 bacpy(&cp.bdaddr, &ev->bdaddr);
1421 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1425 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1427 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1428 struct hci_conn *conn;
1430 BT_DBG("%s status %d", hdev->name, ev->status);
1433 mgmt_disconnect_failed(hdev->id);
1439 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1443 conn->state = BT_CLOSED;
1445 if (conn->type == ACL_LINK || conn->type == LE_LINK)
1446 mgmt_disconnected(hdev->id, &conn->dst);
1448 hci_proto_disconn_cfm(conn, ev->reason);
1452 hci_dev_unlock(hdev);
1455 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1457 struct hci_ev_auth_complete *ev = (void *) skb->data;
1458 struct hci_conn *conn;
1460 BT_DBG("%s status %d", hdev->name, ev->status);
1464 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1467 conn->link_mode |= HCI_LM_AUTH;
1468 conn->sec_level = conn->pending_sec_level;
1470 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1473 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1475 if (conn->state == BT_CONFIG) {
1476 if (!ev->status && hdev->ssp_mode > 0 &&
1477 conn->ssp_mode > 0) {
1478 struct hci_cp_set_conn_encrypt cp;
1479 cp.handle = ev->handle;
1481 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1484 conn->state = BT_CONNECTED;
1485 hci_proto_connect_cfm(conn, ev->status);
1489 hci_auth_cfm(conn, ev->status);
1491 hci_conn_hold(conn);
1492 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1496 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1498 struct hci_cp_set_conn_encrypt cp;
1499 cp.handle = ev->handle;
1501 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1504 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1505 hci_encrypt_cfm(conn, ev->status, 0x00);
1510 hci_dev_unlock(hdev);
1513 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1515 struct hci_ev_remote_name *ev = (void *) skb->data;
1516 struct hci_conn *conn;
1518 BT_DBG("%s", hdev->name);
1520 hci_conn_check_pending(hdev);
1524 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1525 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1527 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1531 if (!hci_outgoing_auth_needed(hdev, conn))
1534 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1535 struct hci_cp_auth_requested cp;
1536 cp.handle = __cpu_to_le16(conn->handle);
1537 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1541 hci_dev_unlock(hdev);
1544 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1546 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1547 struct hci_conn *conn;
1549 BT_DBG("%s status %d", hdev->name, ev->status);
1553 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1557 /* Encryption implies authentication */
1558 conn->link_mode |= HCI_LM_AUTH;
1559 conn->link_mode |= HCI_LM_ENCRYPT;
1561 conn->link_mode &= ~HCI_LM_ENCRYPT;
1564 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1566 if (conn->state == BT_CONFIG) {
1568 conn->state = BT_CONNECTED;
1570 hci_proto_connect_cfm(conn, ev->status);
1573 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1576 hci_dev_unlock(hdev);
1579 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1581 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1582 struct hci_conn *conn;
1584 BT_DBG("%s status %d", hdev->name, ev->status);
1588 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1591 conn->link_mode |= HCI_LM_SECURE;
1593 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1595 hci_key_change_cfm(conn, ev->status);
1598 hci_dev_unlock(hdev);
1601 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1603 struct hci_ev_remote_features *ev = (void *) skb->data;
1604 struct hci_conn *conn;
1606 BT_DBG("%s status %d", hdev->name, ev->status);
1610 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1615 memcpy(conn->features, ev->features, 8);
1617 if (conn->state != BT_CONFIG)
1620 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1621 struct hci_cp_read_remote_ext_features cp;
1622 cp.handle = ev->handle;
1624 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1630 struct hci_cp_remote_name_req cp;
1631 memset(&cp, 0, sizeof(cp));
1632 bacpy(&cp.bdaddr, &conn->dst);
1633 cp.pscan_rep_mode = 0x02;
1634 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1637 if (!hci_outgoing_auth_needed(hdev, conn)) {
1638 conn->state = BT_CONNECTED;
1639 hci_proto_connect_cfm(conn, ev->status);
1644 hci_dev_unlock(hdev);
1647 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1649 BT_DBG("%s", hdev->name);
1652 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1654 BT_DBG("%s", hdev->name);
1657 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1659 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1662 skb_pull(skb, sizeof(*ev));
1664 opcode = __le16_to_cpu(ev->opcode);
1667 case HCI_OP_INQUIRY_CANCEL:
1668 hci_cc_inquiry_cancel(hdev, skb);
1671 case HCI_OP_EXIT_PERIODIC_INQ:
1672 hci_cc_exit_periodic_inq(hdev, skb);
1675 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1676 hci_cc_remote_name_req_cancel(hdev, skb);
1679 case HCI_OP_ROLE_DISCOVERY:
1680 hci_cc_role_discovery(hdev, skb);
1683 case HCI_OP_READ_LINK_POLICY:
1684 hci_cc_read_link_policy(hdev, skb);
1687 case HCI_OP_WRITE_LINK_POLICY:
1688 hci_cc_write_link_policy(hdev, skb);
1691 case HCI_OP_READ_DEF_LINK_POLICY:
1692 hci_cc_read_def_link_policy(hdev, skb);
1695 case HCI_OP_WRITE_DEF_LINK_POLICY:
1696 hci_cc_write_def_link_policy(hdev, skb);
1700 hci_cc_reset(hdev, skb);
1703 case HCI_OP_WRITE_LOCAL_NAME:
1704 hci_cc_write_local_name(hdev, skb);
1707 case HCI_OP_READ_LOCAL_NAME:
1708 hci_cc_read_local_name(hdev, skb);
1711 case HCI_OP_WRITE_AUTH_ENABLE:
1712 hci_cc_write_auth_enable(hdev, skb);
1715 case HCI_OP_WRITE_ENCRYPT_MODE:
1716 hci_cc_write_encrypt_mode(hdev, skb);
1719 case HCI_OP_WRITE_SCAN_ENABLE:
1720 hci_cc_write_scan_enable(hdev, skb);
1723 case HCI_OP_READ_CLASS_OF_DEV:
1724 hci_cc_read_class_of_dev(hdev, skb);
1727 case HCI_OP_WRITE_CLASS_OF_DEV:
1728 hci_cc_write_class_of_dev(hdev, skb);
1731 case HCI_OP_READ_VOICE_SETTING:
1732 hci_cc_read_voice_setting(hdev, skb);
1735 case HCI_OP_WRITE_VOICE_SETTING:
1736 hci_cc_write_voice_setting(hdev, skb);
1739 case HCI_OP_HOST_BUFFER_SIZE:
1740 hci_cc_host_buffer_size(hdev, skb);
1743 case HCI_OP_READ_SSP_MODE:
1744 hci_cc_read_ssp_mode(hdev, skb);
1747 case HCI_OP_WRITE_SSP_MODE:
1748 hci_cc_write_ssp_mode(hdev, skb);
1751 case HCI_OP_READ_LOCAL_VERSION:
1752 hci_cc_read_local_version(hdev, skb);
1755 case HCI_OP_READ_LOCAL_COMMANDS:
1756 hci_cc_read_local_commands(hdev, skb);
1759 case HCI_OP_READ_LOCAL_FEATURES:
1760 hci_cc_read_local_features(hdev, skb);
1763 case HCI_OP_READ_BUFFER_SIZE:
1764 hci_cc_read_buffer_size(hdev, skb);
1767 case HCI_OP_READ_BD_ADDR:
1768 hci_cc_read_bd_addr(hdev, skb);
1771 case HCI_OP_WRITE_CA_TIMEOUT:
1772 hci_cc_write_ca_timeout(hdev, skb);
1775 case HCI_OP_DELETE_STORED_LINK_KEY:
1776 hci_cc_delete_stored_link_key(hdev, skb);
1779 case HCI_OP_SET_EVENT_MASK:
1780 hci_cc_set_event_mask(hdev, skb);
1783 case HCI_OP_WRITE_INQUIRY_MODE:
1784 hci_cc_write_inquiry_mode(hdev, skb);
1787 case HCI_OP_READ_INQ_RSP_TX_POWER:
1788 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1791 case HCI_OP_SET_EVENT_FLT:
1792 hci_cc_set_event_flt(hdev, skb);
1795 case HCI_OP_PIN_CODE_REPLY:
1796 hci_cc_pin_code_reply(hdev, skb);
1799 case HCI_OP_PIN_CODE_NEG_REPLY:
1800 hci_cc_pin_code_neg_reply(hdev, skb);
1803 case HCI_OP_READ_LOCAL_OOB_DATA:
1804 hci_cc_read_local_oob_data_reply(hdev, skb);
1807 case HCI_OP_LE_READ_BUFFER_SIZE:
1808 hci_cc_le_read_buffer_size(hdev, skb);
1811 case HCI_OP_USER_CONFIRM_REPLY:
1812 hci_cc_user_confirm_reply(hdev, skb);
1815 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1816 hci_cc_user_confirm_neg_reply(hdev, skb);
1820 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1824 if (ev->opcode != HCI_OP_NOP)
1825 del_timer(&hdev->cmd_timer);
1828 atomic_set(&hdev->cmd_cnt, 1);
1829 if (!skb_queue_empty(&hdev->cmd_q))
1830 tasklet_schedule(&hdev->cmd_task);
1834 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1836 struct hci_ev_cmd_status *ev = (void *) skb->data;
1839 skb_pull(skb, sizeof(*ev));
1841 opcode = __le16_to_cpu(ev->opcode);
1844 case HCI_OP_INQUIRY:
1845 hci_cs_inquiry(hdev, ev->status);
1848 case HCI_OP_CREATE_CONN:
1849 hci_cs_create_conn(hdev, ev->status);
1852 case HCI_OP_ADD_SCO:
1853 hci_cs_add_sco(hdev, ev->status);
1856 case HCI_OP_AUTH_REQUESTED:
1857 hci_cs_auth_requested(hdev, ev->status);
1860 case HCI_OP_SET_CONN_ENCRYPT:
1861 hci_cs_set_conn_encrypt(hdev, ev->status);
1864 case HCI_OP_REMOTE_NAME_REQ:
1865 hci_cs_remote_name_req(hdev, ev->status);
1868 case HCI_OP_READ_REMOTE_FEATURES:
1869 hci_cs_read_remote_features(hdev, ev->status);
1872 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1873 hci_cs_read_remote_ext_features(hdev, ev->status);
1876 case HCI_OP_SETUP_SYNC_CONN:
1877 hci_cs_setup_sync_conn(hdev, ev->status);
1880 case HCI_OP_SNIFF_MODE:
1881 hci_cs_sniff_mode(hdev, ev->status);
1884 case HCI_OP_EXIT_SNIFF_MODE:
1885 hci_cs_exit_sniff_mode(hdev, ev->status);
1888 case HCI_OP_DISCONNECT:
1889 if (ev->status != 0)
1890 mgmt_disconnect_failed(hdev->id);
1893 case HCI_OP_LE_CREATE_CONN:
1894 hci_cs_le_create_conn(hdev, ev->status);
1898 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1902 if (ev->opcode != HCI_OP_NOP)
1903 del_timer(&hdev->cmd_timer);
1905 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
1906 atomic_set(&hdev->cmd_cnt, 1);
1907 if (!skb_queue_empty(&hdev->cmd_q))
1908 tasklet_schedule(&hdev->cmd_task);
1912 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1914 struct hci_ev_role_change *ev = (void *) skb->data;
1915 struct hci_conn *conn;
1917 BT_DBG("%s status %d", hdev->name, ev->status);
1921 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1925 conn->link_mode &= ~HCI_LM_MASTER;
1927 conn->link_mode |= HCI_LM_MASTER;
1930 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1932 hci_role_switch_cfm(conn, ev->status, ev->role);
1935 hci_dev_unlock(hdev);
1938 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1940 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1944 skb_pull(skb, sizeof(*ev));
1946 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1948 if (skb->len < ev->num_hndl * 4) {
1949 BT_DBG("%s bad parameters", hdev->name);
1953 tasklet_disable(&hdev->tx_task);
1955 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1956 struct hci_conn *conn;
1957 __u16 handle, count;
1959 handle = get_unaligned_le16(ptr++);
1960 count = get_unaligned_le16(ptr++);
1962 conn = hci_conn_hash_lookup_handle(hdev, handle);
1964 conn->sent -= count;
1966 if (conn->type == ACL_LINK) {
1967 hdev->acl_cnt += count;
1968 if (hdev->acl_cnt > hdev->acl_pkts)
1969 hdev->acl_cnt = hdev->acl_pkts;
1970 } else if (conn->type == LE_LINK) {
1971 if (hdev->le_pkts) {
1972 hdev->le_cnt += count;
1973 if (hdev->le_cnt > hdev->le_pkts)
1974 hdev->le_cnt = hdev->le_pkts;
1976 hdev->acl_cnt += count;
1977 if (hdev->acl_cnt > hdev->acl_pkts)
1978 hdev->acl_cnt = hdev->acl_pkts;
1981 hdev->sco_cnt += count;
1982 if (hdev->sco_cnt > hdev->sco_pkts)
1983 hdev->sco_cnt = hdev->sco_pkts;
1988 tasklet_schedule(&hdev->tx_task);
1990 tasklet_enable(&hdev->tx_task);
1993 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1995 struct hci_ev_mode_change *ev = (void *) skb->data;
1996 struct hci_conn *conn;
1998 BT_DBG("%s status %d", hdev->name, ev->status);
2002 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2004 conn->mode = ev->mode;
2005 conn->interval = __le16_to_cpu(ev->interval);
2007 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2008 if (conn->mode == HCI_CM_ACTIVE)
2009 conn->power_save = 1;
2011 conn->power_save = 0;
2014 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2015 hci_sco_setup(conn, ev->status);
2018 hci_dev_unlock(hdev);
2021 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2023 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2024 struct hci_conn *conn;
2026 BT_DBG("%s", hdev->name);
2030 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2031 if (conn && conn->state == BT_CONNECTED) {
2032 hci_conn_hold(conn);
2033 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2037 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2038 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2039 sizeof(ev->bdaddr), &ev->bdaddr);
2040 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2043 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2048 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2051 hci_dev_unlock(hdev);
2054 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2056 struct hci_ev_link_key_req *ev = (void *) skb->data;
2057 struct hci_cp_link_key_reply cp;
2058 struct hci_conn *conn;
2059 struct link_key *key;
2061 BT_DBG("%s", hdev->name);
2063 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2068 key = hci_find_link_key(hdev, &ev->bdaddr);
2070 BT_DBG("%s link key not found for %s", hdev->name,
2071 batostr(&ev->bdaddr));
2075 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2076 batostr(&ev->bdaddr));
2078 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2079 key->type == HCI_LK_DEBUG_COMBINATION) {
2080 BT_DBG("%s ignoring debug key", hdev->name);
2084 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2086 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2087 conn->auth_type != 0xff &&
2088 (conn->auth_type & 0x01)) {
2089 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2093 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2094 conn->pending_sec_level == BT_SECURITY_HIGH) {
2095 BT_DBG("%s ignoring key unauthenticated for high \
2096 security", hdev->name);
2100 conn->key_type = key->type;
2101 conn->pin_length = key->pin_len;
2104 bacpy(&cp.bdaddr, &ev->bdaddr);
2105 memcpy(cp.link_key, key->val, 16);
2107 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2109 hci_dev_unlock(hdev);
2114 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2115 hci_dev_unlock(hdev);
2118 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2120 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2121 struct hci_conn *conn;
2124 BT_DBG("%s", hdev->name);
2128 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2130 hci_conn_hold(conn);
2131 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2132 pin_len = conn->pin_length;
2134 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2135 conn->key_type = ev->key_type;
2140 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2141 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2142 ev->key_type, pin_len);
2144 hci_dev_unlock(hdev);
2147 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2149 struct hci_ev_clock_offset *ev = (void *) skb->data;
2150 struct hci_conn *conn;
2152 BT_DBG("%s status %d", hdev->name, ev->status);
2156 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2157 if (conn && !ev->status) {
2158 struct inquiry_entry *ie;
2160 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2162 ie->data.clock_offset = ev->clock_offset;
2163 ie->timestamp = jiffies;
2167 hci_dev_unlock(hdev);
2170 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2172 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2173 struct hci_conn *conn;
2175 BT_DBG("%s status %d", hdev->name, ev->status);
2179 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2180 if (conn && !ev->status)
2181 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2183 hci_dev_unlock(hdev);
2186 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2188 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2189 struct inquiry_entry *ie;
2191 BT_DBG("%s", hdev->name);
2195 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2197 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2198 ie->timestamp = jiffies;
2201 hci_dev_unlock(hdev);
2204 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2206 struct inquiry_data data;
2207 int num_rsp = *((__u8 *) skb->data);
2209 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2216 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2218 if (test_bit(HCI_MGMT, &hdev->flags))
2219 mgmt_discovering(hdev->id, 1);
2222 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2223 struct inquiry_info_with_rssi_and_pscan_mode *info;
2224 info = (void *) (skb->data + 1);
2226 for (; num_rsp; num_rsp--, info++) {
2227 bacpy(&data.bdaddr, &info->bdaddr);
2228 data.pscan_rep_mode = info->pscan_rep_mode;
2229 data.pscan_period_mode = info->pscan_period_mode;
2230 data.pscan_mode = info->pscan_mode;
2231 memcpy(data.dev_class, info->dev_class, 3);
2232 data.clock_offset = info->clock_offset;
2233 data.rssi = info->rssi;
2234 data.ssp_mode = 0x00;
2235 hci_inquiry_cache_update(hdev, &data);
2236 mgmt_device_found(hdev->id, &info->bdaddr,
2237 info->dev_class, info->rssi,
2241 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2243 for (; num_rsp; num_rsp--, info++) {
2244 bacpy(&data.bdaddr, &info->bdaddr);
2245 data.pscan_rep_mode = info->pscan_rep_mode;
2246 data.pscan_period_mode = info->pscan_period_mode;
2247 data.pscan_mode = 0x00;
2248 memcpy(data.dev_class, info->dev_class, 3);
2249 data.clock_offset = info->clock_offset;
2250 data.rssi = info->rssi;
2251 data.ssp_mode = 0x00;
2252 hci_inquiry_cache_update(hdev, &data);
2253 mgmt_device_found(hdev->id, &info->bdaddr,
2254 info->dev_class, info->rssi,
2259 hci_dev_unlock(hdev);
2262 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2264 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2265 struct hci_conn *conn;
2267 BT_DBG("%s", hdev->name);
2271 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2275 if (!ev->status && ev->page == 0x01) {
2276 struct inquiry_entry *ie;
2278 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2280 ie->data.ssp_mode = (ev->features[0] & 0x01);
2282 conn->ssp_mode = (ev->features[0] & 0x01);
2285 if (conn->state != BT_CONFIG)
2289 struct hci_cp_remote_name_req cp;
2290 memset(&cp, 0, sizeof(cp));
2291 bacpy(&cp.bdaddr, &conn->dst);
2292 cp.pscan_rep_mode = 0x02;
2293 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2296 if (!hci_outgoing_auth_needed(hdev, conn)) {
2297 conn->state = BT_CONNECTED;
2298 hci_proto_connect_cfm(conn, ev->status);
2303 hci_dev_unlock(hdev);
2306 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2308 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2309 struct hci_conn *conn;
2311 BT_DBG("%s status %d", hdev->name, ev->status);
2315 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2317 if (ev->link_type == ESCO_LINK)
2320 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2324 conn->type = SCO_LINK;
2327 switch (ev->status) {
2329 conn->handle = __le16_to_cpu(ev->handle);
2330 conn->state = BT_CONNECTED;
2332 hci_conn_hold_device(conn);
2333 hci_conn_add_sysfs(conn);
2336 case 0x11: /* Unsupported Feature or Parameter Value */
2337 case 0x1c: /* SCO interval rejected */
2338 case 0x1a: /* Unsupported Remote Feature */
2339 case 0x1f: /* Unspecified error */
2340 if (conn->out && conn->attempt < 2) {
2341 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2342 (hdev->esco_type & EDR_ESCO_MASK);
2343 hci_setup_sync(conn, conn->link->handle);
2349 conn->state = BT_CLOSED;
2353 hci_proto_connect_cfm(conn, ev->status);
2358 hci_dev_unlock(hdev);
2361 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2363 BT_DBG("%s", hdev->name);
2366 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2368 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2370 BT_DBG("%s status %d", hdev->name, ev->status);
2373 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2375 struct inquiry_data data;
2376 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2377 int num_rsp = *((__u8 *) skb->data);
2379 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2384 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2386 if (test_bit(HCI_MGMT, &hdev->flags))
2387 mgmt_discovering(hdev->id, 1);
2392 for (; num_rsp; num_rsp--, info++) {
2393 bacpy(&data.bdaddr, &info->bdaddr);
2394 data.pscan_rep_mode = info->pscan_rep_mode;
2395 data.pscan_period_mode = info->pscan_period_mode;
2396 data.pscan_mode = 0x00;
2397 memcpy(data.dev_class, info->dev_class, 3);
2398 data.clock_offset = info->clock_offset;
2399 data.rssi = info->rssi;
2400 data.ssp_mode = 0x01;
2401 hci_inquiry_cache_update(hdev, &data);
2402 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2403 info->rssi, info->data);
2406 hci_dev_unlock(hdev);
2409 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2411 /* If remote requests dedicated bonding follow that lead */
2412 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2413 /* If both remote and local IO capabilities allow MITM
2414 * protection then require it, otherwise don't */
2415 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2421 /* If remote requests no-bonding follow that lead */
2422 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2423 return conn->remote_auth | (conn->auth_type & 0x01);
2425 return conn->auth_type;
2428 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2430 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2431 struct hci_conn *conn;
2433 BT_DBG("%s", hdev->name);
2437 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2441 hci_conn_hold(conn);
2443 if (!test_bit(HCI_MGMT, &hdev->flags))
2446 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2447 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2448 struct hci_cp_io_capability_reply cp;
2450 bacpy(&cp.bdaddr, &ev->bdaddr);
2451 cp.capability = conn->io_capability;
2452 conn->auth_type = hci_get_auth_req(conn);
2453 cp.authentication = conn->auth_type;
2455 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2456 hci_find_remote_oob_data(hdev, &conn->dst))
2461 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2464 struct hci_cp_io_capability_neg_reply cp;
2466 bacpy(&cp.bdaddr, &ev->bdaddr);
2467 cp.reason = 0x18; /* Pairing not allowed */
2469 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2474 hci_dev_unlock(hdev);
2477 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2479 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2480 struct hci_conn *conn;
2482 BT_DBG("%s", hdev->name);
2486 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2490 conn->remote_cap = ev->capability;
2491 conn->remote_oob = ev->oob_data;
2492 conn->remote_auth = ev->authentication;
2495 hci_dev_unlock(hdev);
2498 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2499 struct sk_buff *skb)
2501 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2502 int loc_mitm, rem_mitm, confirm_hint = 0;
2503 struct hci_conn *conn;
2505 BT_DBG("%s", hdev->name);
2509 if (!test_bit(HCI_MGMT, &hdev->flags))
2512 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2516 loc_mitm = (conn->auth_type & 0x01);
2517 rem_mitm = (conn->remote_auth & 0x01);
2519 /* If we require MITM but the remote device can't provide that
2520 * (it has NoInputNoOutput) then reject the confirmation
2521 * request. The only exception is when we're dedicated bonding
2522 * initiators (connect_cfm_cb set) since then we always have the MITM
2524 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2525 BT_DBG("Rejecting request: remote device can't provide MITM");
2526 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2527 sizeof(ev->bdaddr), &ev->bdaddr);
2531 /* If no side requires MITM protection; auto-accept */
2532 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2533 (!rem_mitm || conn->io_capability == 0x03)) {
2535 /* If we're not the initiators request authorization to
2536 * proceed from user space (mgmt_user_confirm with
2537 * confirm_hint set to 1). */
2538 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2539 BT_DBG("Confirming auto-accept as acceptor");
2544 BT_DBG("Auto-accept of user confirmation with %ums delay",
2545 hdev->auto_accept_delay);
2547 if (hdev->auto_accept_delay > 0) {
2548 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2549 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2553 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2554 sizeof(ev->bdaddr), &ev->bdaddr);
2559 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2563 hci_dev_unlock(hdev);
2566 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2568 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2569 struct hci_conn *conn;
2571 BT_DBG("%s", hdev->name);
2575 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2579 /* To avoid duplicate auth_failed events to user space we check
2580 * the HCI_CONN_AUTH_PEND flag which will be set if we
2581 * initiated the authentication. A traditional auth_complete
2582 * event gets always produced as initiator and is also mapped to
2583 * the mgmt_auth_failed event */
2584 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2585 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2590 hci_dev_unlock(hdev);
2593 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2595 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2596 struct inquiry_entry *ie;
2598 BT_DBG("%s", hdev->name);
2602 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2604 ie->data.ssp_mode = (ev->features[0] & 0x01);
2606 hci_dev_unlock(hdev);
2609 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2610 struct sk_buff *skb)
2612 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2613 struct oob_data *data;
2615 BT_DBG("%s", hdev->name);
2619 if (!test_bit(HCI_MGMT, &hdev->flags))
2622 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2624 struct hci_cp_remote_oob_data_reply cp;
2626 bacpy(&cp.bdaddr, &ev->bdaddr);
2627 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2628 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2630 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2633 struct hci_cp_remote_oob_data_neg_reply cp;
2635 bacpy(&cp.bdaddr, &ev->bdaddr);
2636 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2641 hci_dev_unlock(hdev);
2644 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2646 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2647 struct hci_conn *conn;
2649 BT_DBG("%s status %d", hdev->name, ev->status);
2653 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2655 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2657 BT_ERR("No memory for new connection");
2658 hci_dev_unlock(hdev);
2664 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
2665 hci_proto_connect_cfm(conn, ev->status);
2666 conn->state = BT_CLOSED;
2671 mgmt_connected(hdev->id, &ev->bdaddr);
2673 conn->handle = __le16_to_cpu(ev->handle);
2674 conn->state = BT_CONNECTED;
2676 hci_conn_hold_device(conn);
2677 hci_conn_add_sysfs(conn);
2679 hci_proto_connect_cfm(conn, ev->status);
2682 hci_dev_unlock(hdev);
2685 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2687 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2689 skb_pull(skb, sizeof(*le_ev));
2691 switch (le_ev->subevent) {
2692 case HCI_EV_LE_CONN_COMPLETE:
2693 hci_le_conn_complete_evt(hdev, skb);
2701 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2703 struct hci_event_hdr *hdr = (void *) skb->data;
2704 __u8 event = hdr->evt;
2706 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2709 case HCI_EV_INQUIRY_COMPLETE:
2710 hci_inquiry_complete_evt(hdev, skb);
2713 case HCI_EV_INQUIRY_RESULT:
2714 hci_inquiry_result_evt(hdev, skb);
2717 case HCI_EV_CONN_COMPLETE:
2718 hci_conn_complete_evt(hdev, skb);
2721 case HCI_EV_CONN_REQUEST:
2722 hci_conn_request_evt(hdev, skb);
2725 case HCI_EV_DISCONN_COMPLETE:
2726 hci_disconn_complete_evt(hdev, skb);
2729 case HCI_EV_AUTH_COMPLETE:
2730 hci_auth_complete_evt(hdev, skb);
2733 case HCI_EV_REMOTE_NAME:
2734 hci_remote_name_evt(hdev, skb);
2737 case HCI_EV_ENCRYPT_CHANGE:
2738 hci_encrypt_change_evt(hdev, skb);
2741 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2742 hci_change_link_key_complete_evt(hdev, skb);
2745 case HCI_EV_REMOTE_FEATURES:
2746 hci_remote_features_evt(hdev, skb);
2749 case HCI_EV_REMOTE_VERSION:
2750 hci_remote_version_evt(hdev, skb);
2753 case HCI_EV_QOS_SETUP_COMPLETE:
2754 hci_qos_setup_complete_evt(hdev, skb);
2757 case HCI_EV_CMD_COMPLETE:
2758 hci_cmd_complete_evt(hdev, skb);
2761 case HCI_EV_CMD_STATUS:
2762 hci_cmd_status_evt(hdev, skb);
2765 case HCI_EV_ROLE_CHANGE:
2766 hci_role_change_evt(hdev, skb);
2769 case HCI_EV_NUM_COMP_PKTS:
2770 hci_num_comp_pkts_evt(hdev, skb);
2773 case HCI_EV_MODE_CHANGE:
2774 hci_mode_change_evt(hdev, skb);
2777 case HCI_EV_PIN_CODE_REQ:
2778 hci_pin_code_request_evt(hdev, skb);
2781 case HCI_EV_LINK_KEY_REQ:
2782 hci_link_key_request_evt(hdev, skb);
2785 case HCI_EV_LINK_KEY_NOTIFY:
2786 hci_link_key_notify_evt(hdev, skb);
2789 case HCI_EV_CLOCK_OFFSET:
2790 hci_clock_offset_evt(hdev, skb);
2793 case HCI_EV_PKT_TYPE_CHANGE:
2794 hci_pkt_type_change_evt(hdev, skb);
2797 case HCI_EV_PSCAN_REP_MODE:
2798 hci_pscan_rep_mode_evt(hdev, skb);
2801 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2802 hci_inquiry_result_with_rssi_evt(hdev, skb);
2805 case HCI_EV_REMOTE_EXT_FEATURES:
2806 hci_remote_ext_features_evt(hdev, skb);
2809 case HCI_EV_SYNC_CONN_COMPLETE:
2810 hci_sync_conn_complete_evt(hdev, skb);
2813 case HCI_EV_SYNC_CONN_CHANGED:
2814 hci_sync_conn_changed_evt(hdev, skb);
2817 case HCI_EV_SNIFF_SUBRATE:
2818 hci_sniff_subrate_evt(hdev, skb);
2821 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2822 hci_extended_inquiry_result_evt(hdev, skb);
2825 case HCI_EV_IO_CAPA_REQUEST:
2826 hci_io_capa_request_evt(hdev, skb);
2829 case HCI_EV_IO_CAPA_REPLY:
2830 hci_io_capa_reply_evt(hdev, skb);
2833 case HCI_EV_USER_CONFIRM_REQUEST:
2834 hci_user_confirm_request_evt(hdev, skb);
2837 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2838 hci_simple_pair_complete_evt(hdev, skb);
2841 case HCI_EV_REMOTE_HOST_FEATURES:
2842 hci_remote_host_features_evt(hdev, skb);
2845 case HCI_EV_LE_META:
2846 hci_le_meta_evt(hdev, skb);
2849 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
2850 hci_remote_oob_data_request_evt(hdev, skb);
2854 BT_DBG("%s event 0x%x", hdev->name, event);
2859 hdev->stat.evt_rx++;
2862 /* Generate internal stack event */
2863 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
2865 struct hci_event_hdr *hdr;
2866 struct hci_ev_stack_internal *ev;
2867 struct sk_buff *skb;
2869 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
2873 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
2874 hdr->evt = HCI_EV_STACK_INTERNAL;
2875 hdr->plen = sizeof(*ev) + dlen;
2877 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
2879 memcpy(ev->data, data, dlen);
2881 bt_cb(skb)->incoming = 1;
2882 __net_timestamp(skb);
2884 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
2885 skb->dev = (void *) hdev;
2886 hci_send_to_sock(hdev, skb, NULL);
git.openpandora.org / pandora-kernel.git / blob