2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth L2CAP core and sockets. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
53 #ifndef CONFIG_BT_L2CAP_DEBUG
60 static u32 l2cap_feat_mask = 0x0000;
62 static const struct proto_ops l2cap_sock_ops;
64 static struct bt_sock_list l2cap_sk_list = {
65 .lock = RW_LOCK_UNLOCKED
68 static void __l2cap_sock_close(struct sock *sk, int reason);
69 static void l2cap_sock_close(struct sock *sk);
70 static void l2cap_sock_kill(struct sock *sk);
72 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
73 u8 code, u8 ident, u16 dlen, void *data);
75 /* ---- L2CAP timers ---- */
76 static void l2cap_sock_timeout(unsigned long arg)
78 struct sock *sk = (struct sock *) arg;
80 BT_DBG("sock %p state %d", sk, sk->sk_state);
83 __l2cap_sock_close(sk, ETIMEDOUT);
90 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
92 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
93 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
96 static void l2cap_sock_clear_timer(struct sock *sk)
98 BT_DBG("sock %p state %d", sk, sk->sk_state);
99 sk_stop_timer(sk, &sk->sk_timer);
102 static void l2cap_sock_init_timer(struct sock *sk)
104 init_timer(&sk->sk_timer);
105 sk->sk_timer.function = l2cap_sock_timeout;
106 sk->sk_timer.data = (unsigned long)sk;
109 /* ---- L2CAP channels ---- */
110 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
113 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
114 if (l2cap_pi(s)->dcid == cid)
120 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
123 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
124 if (l2cap_pi(s)->scid == cid)
130 /* Find channel with given SCID.
131 * Returns locked socket */
132 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
136 s = __l2cap_get_chan_by_scid(l, cid);
137 if (s) bh_lock_sock(s);
138 read_unlock(&l->lock);
142 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
145 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
146 if (l2cap_pi(s)->ident == ident)
152 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
156 s = __l2cap_get_chan_by_ident(l, ident);
157 if (s) bh_lock_sock(s);
158 read_unlock(&l->lock);
162 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
166 for (; cid < 0xffff; cid++) {
167 if(!__l2cap_get_chan_by_scid(l, cid))
174 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
179 l2cap_pi(l->head)->prev_c = sk;
181 l2cap_pi(sk)->next_c = l->head;
182 l2cap_pi(sk)->prev_c = NULL;
186 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
188 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
190 write_lock_bh(&l->lock);
195 l2cap_pi(next)->prev_c = prev;
197 l2cap_pi(prev)->next_c = next;
198 write_unlock_bh(&l->lock);
203 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
205 struct l2cap_chan_list *l = &conn->chan_list;
207 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
209 l2cap_pi(sk)->conn = conn;
211 if (sk->sk_type == SOCK_SEQPACKET) {
212 /* Alloc CID for connection-oriented socket */
213 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
214 } else if (sk->sk_type == SOCK_DGRAM) {
215 /* Connectionless socket */
216 l2cap_pi(sk)->scid = 0x0002;
217 l2cap_pi(sk)->dcid = 0x0002;
218 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
220 /* Raw socket can send/recv signalling messages only */
221 l2cap_pi(sk)->scid = 0x0001;
222 l2cap_pi(sk)->dcid = 0x0001;
223 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
226 __l2cap_chan_link(l, sk);
229 bt_accept_enqueue(parent, sk);
233 * Must be called on the locked socket. */
234 static void l2cap_chan_del(struct sock *sk, int err)
236 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
237 struct sock *parent = bt_sk(sk)->parent;
239 l2cap_sock_clear_timer(sk);
241 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
244 /* Unlink from channel list */
245 l2cap_chan_unlink(&conn->chan_list, sk);
246 l2cap_pi(sk)->conn = NULL;
247 hci_conn_put(conn->hcon);
250 sk->sk_state = BT_CLOSED;
251 sock_set_flag(sk, SOCK_ZAPPED);
257 bt_accept_unlink(sk);
258 parent->sk_data_ready(parent, 0);
260 sk->sk_state_change(sk);
263 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
267 /* Get next available identificator.
268 * 1 - 128 are used by kernel.
269 * 129 - 199 are reserved.
270 * 200 - 254 are used by utilities like l2ping, etc.
273 spin_lock_bh(&conn->lock);
275 if (++conn->tx_ident > 128)
280 spin_unlock_bh(&conn->lock);
285 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
287 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
289 BT_DBG("code 0x%2.2x", code);
294 return hci_send_acl(conn->hcon, skb, 0);
297 /* ---- L2CAP connections ---- */
298 static void l2cap_conn_start(struct l2cap_conn *conn)
300 struct l2cap_chan_list *l = &conn->chan_list;
303 BT_DBG("conn %p", conn);
307 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
310 if (sk->sk_type != SOCK_SEQPACKET) {
311 l2cap_sock_clear_timer(sk);
312 sk->sk_state = BT_CONNECTED;
313 sk->sk_state_change(sk);
314 } else if (sk->sk_state == BT_CONNECT) {
315 struct l2cap_conn_req req;
316 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
317 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
318 req.psm = l2cap_pi(sk)->psm;
319 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
320 L2CAP_CONN_REQ, sizeof(req), &req);
326 read_unlock(&l->lock);
329 static void l2cap_conn_ready(struct l2cap_conn *conn)
331 BT_DBG("conn %p", conn);
333 if (conn->chan_list.head || !hlist_empty(&l2cap_sk_list.head)) {
334 struct l2cap_info_req req;
336 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
338 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
339 conn->info_ident = l2cap_get_ident(conn);
341 mod_timer(&conn->info_timer,
342 jiffies + msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
344 l2cap_send_cmd(conn, conn->info_ident,
345 L2CAP_INFO_REQ, sizeof(req), &req);
349 /* Notify sockets that we cannot guaranty reliability anymore */
350 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
352 struct l2cap_chan_list *l = &conn->chan_list;
355 BT_DBG("conn %p", conn);
359 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
360 if (l2cap_pi(sk)->link_mode & L2CAP_LM_RELIABLE)
364 read_unlock(&l->lock);
367 static void l2cap_info_timeout(unsigned long arg)
369 struct l2cap_conn *conn = (void *) arg;
371 conn->info_ident = 0;
373 l2cap_conn_start(conn);
376 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
378 struct l2cap_conn *conn = hcon->l2cap_data;
383 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
387 hcon->l2cap_data = conn;
390 BT_DBG("hcon %p conn %p", hcon, conn);
392 conn->mtu = hcon->hdev->acl_mtu;
393 conn->src = &hcon->hdev->bdaddr;
394 conn->dst = &hcon->dst;
398 init_timer(&conn->info_timer);
399 conn->info_timer.function = l2cap_info_timeout;
400 conn->info_timer.data = (unsigned long) conn;
402 spin_lock_init(&conn->lock);
403 rwlock_init(&conn->chan_list.lock);
408 static void l2cap_conn_del(struct hci_conn *hcon, int err)
410 struct l2cap_conn *conn = hcon->l2cap_data;
416 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
419 kfree_skb(conn->rx_skb);
422 while ((sk = conn->chan_list.head)) {
424 l2cap_chan_del(sk, err);
429 hcon->l2cap_data = NULL;
433 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
435 struct l2cap_chan_list *l = &conn->chan_list;
436 write_lock_bh(&l->lock);
437 __l2cap_chan_add(conn, sk, parent);
438 write_unlock_bh(&l->lock);
441 /* ---- Socket interface ---- */
442 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
445 struct hlist_node *node;
446 sk_for_each(sk, node, &l2cap_sk_list.head)
447 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
454 /* Find socket with psm and source bdaddr.
455 * Returns closest match.
457 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
459 struct sock *sk = NULL, *sk1 = NULL;
460 struct hlist_node *node;
462 sk_for_each(sk, node, &l2cap_sk_list.head) {
463 if (state && sk->sk_state != state)
466 if (l2cap_pi(sk)->psm == psm) {
468 if (!bacmp(&bt_sk(sk)->src, src))
472 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
476 return node ? sk : sk1;
479 /* Find socket with given address (psm, src).
480 * Returns locked socket */
481 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
484 read_lock(&l2cap_sk_list.lock);
485 s = __l2cap_get_sock_by_psm(state, psm, src);
486 if (s) bh_lock_sock(s);
487 read_unlock(&l2cap_sk_list.lock);
491 static void l2cap_sock_destruct(struct sock *sk)
495 skb_queue_purge(&sk->sk_receive_queue);
496 skb_queue_purge(&sk->sk_write_queue);
499 static void l2cap_sock_cleanup_listen(struct sock *parent)
503 BT_DBG("parent %p", parent);
505 /* Close not yet accepted channels */
506 while ((sk = bt_accept_dequeue(parent, NULL)))
507 l2cap_sock_close(sk);
509 parent->sk_state = BT_CLOSED;
510 sock_set_flag(parent, SOCK_ZAPPED);
513 /* Kill socket (only if zapped and orphan)
514 * Must be called on unlocked socket.
516 static void l2cap_sock_kill(struct sock *sk)
518 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
521 BT_DBG("sk %p state %d", sk, sk->sk_state);
523 /* Kill poor orphan */
524 bt_sock_unlink(&l2cap_sk_list, sk);
525 sock_set_flag(sk, SOCK_DEAD);
529 static void __l2cap_sock_close(struct sock *sk, int reason)
531 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
533 switch (sk->sk_state) {
535 l2cap_sock_cleanup_listen(sk);
541 if (sk->sk_type == SOCK_SEQPACKET) {
542 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
543 struct l2cap_disconn_req req;
545 sk->sk_state = BT_DISCONN;
546 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
548 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
549 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
550 l2cap_send_cmd(conn, l2cap_get_ident(conn),
551 L2CAP_DISCONN_REQ, sizeof(req), &req);
553 l2cap_chan_del(sk, reason);
559 l2cap_chan_del(sk, reason);
563 sock_set_flag(sk, SOCK_ZAPPED);
568 /* Must be called on unlocked socket. */
569 static void l2cap_sock_close(struct sock *sk)
571 l2cap_sock_clear_timer(sk);
573 __l2cap_sock_close(sk, ECONNRESET);
578 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
580 struct l2cap_pinfo *pi = l2cap_pi(sk);
585 sk->sk_type = parent->sk_type;
586 pi->imtu = l2cap_pi(parent)->imtu;
587 pi->omtu = l2cap_pi(parent)->omtu;
588 pi->link_mode = l2cap_pi(parent)->link_mode;
590 pi->imtu = L2CAP_DEFAULT_MTU;
595 /* Default config options */
597 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
600 static struct proto l2cap_proto = {
602 .owner = THIS_MODULE,
603 .obj_size = sizeof(struct l2cap_pinfo)
606 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
610 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, 1);
614 sock_init_data(sock, sk);
615 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
617 sk->sk_destruct = l2cap_sock_destruct;
618 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
620 sock_reset_flag(sk, SOCK_ZAPPED);
622 sk->sk_protocol = proto;
623 sk->sk_state = BT_OPEN;
625 l2cap_sock_init_timer(sk);
627 bt_sock_link(&l2cap_sk_list, sk);
631 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
635 BT_DBG("sock %p", sock);
637 sock->state = SS_UNCONNECTED;
639 if (sock->type != SOCK_SEQPACKET &&
640 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
641 return -ESOCKTNOSUPPORT;
643 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
646 sock->ops = &l2cap_sock_ops;
648 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
652 l2cap_sock_init(sk, NULL);
656 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
658 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
659 struct sock *sk = sock->sk;
662 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
664 if (!addr || addr->sa_family != AF_BLUETOOTH)
669 if (sk->sk_state != BT_OPEN) {
674 if (la->l2_psm && btohs(la->l2_psm) < 0x1001 &&
675 !capable(CAP_NET_BIND_SERVICE)) {
680 write_lock_bh(&l2cap_sk_list.lock);
682 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
685 /* Save source address */
686 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
687 l2cap_pi(sk)->psm = la->l2_psm;
688 l2cap_pi(sk)->sport = la->l2_psm;
689 sk->sk_state = BT_BOUND;
692 write_unlock_bh(&l2cap_sk_list.lock);
699 static int l2cap_do_connect(struct sock *sk)
701 bdaddr_t *src = &bt_sk(sk)->src;
702 bdaddr_t *dst = &bt_sk(sk)->dst;
703 struct l2cap_conn *conn;
704 struct hci_conn *hcon;
705 struct hci_dev *hdev;
708 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
710 if (!(hdev = hci_get_route(dst, src)))
711 return -EHOSTUNREACH;
713 hci_dev_lock_bh(hdev);
717 hcon = hci_connect(hdev, ACL_LINK, dst);
721 conn = l2cap_conn_add(hcon, 0);
729 /* Update source addr of the socket */
730 bacpy(src, conn->src);
732 l2cap_chan_add(conn, sk, NULL);
734 sk->sk_state = BT_CONNECT;
735 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
737 if (hcon->state == BT_CONNECTED) {
738 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)) {
739 l2cap_conn_ready(conn);
743 if (sk->sk_type == SOCK_SEQPACKET) {
744 struct l2cap_conn_req req;
745 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
746 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
747 req.psm = l2cap_pi(sk)->psm;
748 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
749 L2CAP_CONN_REQ, sizeof(req), &req);
751 l2cap_sock_clear_timer(sk);
752 sk->sk_state = BT_CONNECTED;
757 hci_dev_unlock_bh(hdev);
762 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
764 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
765 struct sock *sk = sock->sk;
772 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
777 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
782 switch(sk->sk_state) {
786 /* Already connecting */
790 /* Already connected */
803 /* Set destination address and psm */
804 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
805 l2cap_pi(sk)->psm = la->l2_psm;
807 if ((err = l2cap_do_connect(sk)))
811 err = bt_sock_wait_state(sk, BT_CONNECTED,
812 sock_sndtimeo(sk, flags & O_NONBLOCK));
818 static int l2cap_sock_listen(struct socket *sock, int backlog)
820 struct sock *sk = sock->sk;
823 BT_DBG("sk %p backlog %d", sk, backlog);
827 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
832 if (!l2cap_pi(sk)->psm) {
833 bdaddr_t *src = &bt_sk(sk)->src;
838 write_lock_bh(&l2cap_sk_list.lock);
840 for (psm = 0x1001; psm < 0x1100; psm += 2)
841 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
842 l2cap_pi(sk)->psm = htobs(psm);
843 l2cap_pi(sk)->sport = htobs(psm);
848 write_unlock_bh(&l2cap_sk_list.lock);
854 sk->sk_max_ack_backlog = backlog;
855 sk->sk_ack_backlog = 0;
856 sk->sk_state = BT_LISTEN;
863 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
865 DECLARE_WAITQUEUE(wait, current);
866 struct sock *sk = sock->sk, *nsk;
870 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
872 if (sk->sk_state != BT_LISTEN) {
877 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
879 BT_DBG("sk %p timeo %ld", sk, timeo);
881 /* Wait for an incoming connection. (wake-one). */
882 add_wait_queue_exclusive(sk->sk_sleep, &wait);
883 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
884 set_current_state(TASK_INTERRUPTIBLE);
891 timeo = schedule_timeout(timeo);
892 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
894 if (sk->sk_state != BT_LISTEN) {
899 if (signal_pending(current)) {
900 err = sock_intr_errno(timeo);
904 set_current_state(TASK_RUNNING);
905 remove_wait_queue(sk->sk_sleep, &wait);
910 newsock->state = SS_CONNECTED;
912 BT_DBG("new socket %p", nsk);
919 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
921 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
922 struct sock *sk = sock->sk;
924 BT_DBG("sock %p, sk %p", sock, sk);
926 addr->sa_family = AF_BLUETOOTH;
927 *len = sizeof(struct sockaddr_l2);
930 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
932 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
934 la->l2_psm = l2cap_pi(sk)->psm;
938 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
940 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
941 struct sk_buff *skb, **frag;
942 int err, hlen, count, sent=0;
943 struct l2cap_hdr *lh;
945 BT_DBG("sk %p len %d", sk, len);
947 /* First fragment (with L2CAP header) */
948 if (sk->sk_type == SOCK_DGRAM)
949 hlen = L2CAP_HDR_SIZE + 2;
951 hlen = L2CAP_HDR_SIZE;
953 count = min_t(unsigned int, (conn->mtu - hlen), len);
955 skb = bt_skb_send_alloc(sk, hlen + count,
956 msg->msg_flags & MSG_DONTWAIT, &err);
960 /* Create L2CAP header */
961 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
962 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
963 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
965 if (sk->sk_type == SOCK_DGRAM)
966 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
968 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
976 /* Continuation fragments (no L2CAP header) */
977 frag = &skb_shinfo(skb)->frag_list;
979 count = min_t(unsigned int, conn->mtu, len);
981 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
985 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
993 frag = &(*frag)->next;
996 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1006 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1008 struct sock *sk = sock->sk;
1011 BT_DBG("sock %p, sk %p", sock, sk);
1013 err = sock_error(sk);
1017 if (msg->msg_flags & MSG_OOB)
1020 /* Check outgoing MTU */
1021 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1026 if (sk->sk_state == BT_CONNECTED)
1027 err = l2cap_do_send(sk, msg, len);
1035 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1037 struct sock *sk = sock->sk;
1038 struct l2cap_options opts;
1042 BT_DBG("sk %p", sk);
1048 opts.imtu = l2cap_pi(sk)->imtu;
1049 opts.omtu = l2cap_pi(sk)->omtu;
1050 opts.flush_to = l2cap_pi(sk)->flush_to;
1053 len = min_t(unsigned int, sizeof(opts), optlen);
1054 if (copy_from_user((char *) &opts, optval, len)) {
1059 l2cap_pi(sk)->imtu = opts.imtu;
1060 l2cap_pi(sk)->omtu = opts.omtu;
1064 if (get_user(opt, (u32 __user *) optval)) {
1069 l2cap_pi(sk)->link_mode = opt;
1081 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1083 struct sock *sk = sock->sk;
1084 struct l2cap_options opts;
1085 struct l2cap_conninfo cinfo;
1088 BT_DBG("sk %p", sk);
1090 if (get_user(len, optlen))
1097 opts.imtu = l2cap_pi(sk)->imtu;
1098 opts.omtu = l2cap_pi(sk)->omtu;
1099 opts.flush_to = l2cap_pi(sk)->flush_to;
1102 len = min_t(unsigned int, len, sizeof(opts));
1103 if (copy_to_user(optval, (char *) &opts, len))
1109 if (put_user(l2cap_pi(sk)->link_mode, (u32 __user *) optval))
1113 case L2CAP_CONNINFO:
1114 if (sk->sk_state != BT_CONNECTED) {
1119 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1120 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1122 len = min_t(unsigned int, len, sizeof(cinfo));
1123 if (copy_to_user(optval, (char *) &cinfo, len))
1137 static int l2cap_sock_shutdown(struct socket *sock, int how)
1139 struct sock *sk = sock->sk;
1142 BT_DBG("sock %p, sk %p", sock, sk);
1148 if (!sk->sk_shutdown) {
1149 sk->sk_shutdown = SHUTDOWN_MASK;
1150 l2cap_sock_clear_timer(sk);
1151 __l2cap_sock_close(sk, 0);
1153 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1154 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1160 static int l2cap_sock_release(struct socket *sock)
1162 struct sock *sk = sock->sk;
1165 BT_DBG("sock %p, sk %p", sock, sk);
1170 err = l2cap_sock_shutdown(sock, 2);
1173 l2cap_sock_kill(sk);
1177 static void l2cap_chan_ready(struct sock *sk)
1179 struct sock *parent = bt_sk(sk)->parent;
1181 BT_DBG("sk %p, parent %p", sk, parent);
1183 l2cap_pi(sk)->conf_state = 0;
1184 l2cap_sock_clear_timer(sk);
1187 /* Outgoing channel.
1188 * Wake up socket sleeping on connect.
1190 sk->sk_state = BT_CONNECTED;
1191 sk->sk_state_change(sk);
1193 /* Incoming channel.
1194 * Wake up socket sleeping on accept.
1196 parent->sk_data_ready(parent, 0);
1200 /* Copy frame to all raw sockets on that connection */
1201 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1203 struct l2cap_chan_list *l = &conn->chan_list;
1204 struct sk_buff *nskb;
1207 BT_DBG("conn %p", conn);
1209 read_lock(&l->lock);
1210 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1211 if (sk->sk_type != SOCK_RAW)
1214 /* Don't send frame to the socket it came from */
1218 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1221 if (sock_queue_rcv_skb(sk, nskb))
1224 read_unlock(&l->lock);
1227 /* ---- L2CAP signalling commands ---- */
1228 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1229 u8 code, u8 ident, u16 dlen, void *data)
1231 struct sk_buff *skb, **frag;
1232 struct l2cap_cmd_hdr *cmd;
1233 struct l2cap_hdr *lh;
1236 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1238 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1239 count = min_t(unsigned int, conn->mtu, len);
1241 skb = bt_skb_alloc(count, GFP_ATOMIC);
1245 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1246 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1247 lh->cid = cpu_to_le16(0x0001);
1249 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1252 cmd->len = cpu_to_le16(dlen);
1255 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1256 memcpy(skb_put(skb, count), data, count);
1262 /* Continuation fragments (no L2CAP header) */
1263 frag = &skb_shinfo(skb)->frag_list;
1265 count = min_t(unsigned int, conn->mtu, len);
1267 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1271 memcpy(skb_put(*frag, count), data, count);
1276 frag = &(*frag)->next;
1286 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1288 struct l2cap_conf_opt *opt = *ptr;
1291 len = L2CAP_CONF_OPT_SIZE + opt->len;
1299 *val = *((u8 *) opt->val);
1303 *val = __le16_to_cpu(*((__le16 *) opt->val));
1307 *val = __le32_to_cpu(*((__le32 *) opt->val));
1311 *val = (unsigned long) opt->val;
1315 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1319 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1321 struct l2cap_conf_opt *opt = *ptr;
1323 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1330 *((u8 *) opt->val) = val;
1334 *((__le16 *) opt->val) = cpu_to_le16(val);
1338 *((__le32 *) opt->val) = cpu_to_le32(val);
1342 memcpy(opt->val, (void *) val, len);
1346 *ptr += L2CAP_CONF_OPT_SIZE + len;
1349 static int l2cap_build_conf_req(struct sock *sk, void *data)
1351 struct l2cap_pinfo *pi = l2cap_pi(sk);
1352 struct l2cap_conf_req *req = data;
1353 void *ptr = req->data;
1355 BT_DBG("sk %p", sk);
1357 if (pi->imtu != L2CAP_DEFAULT_MTU)
1358 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1360 /* FIXME: Need actual value of the flush timeout */
1361 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1362 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1364 req->dcid = cpu_to_le16(pi->dcid);
1365 req->flags = cpu_to_le16(0);
1370 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1372 struct l2cap_pinfo *pi = l2cap_pi(sk);
1373 struct l2cap_conf_rsp *rsp = data;
1374 void *ptr = rsp->data;
1375 void *req = pi->conf_req;
1376 int len = pi->conf_len;
1377 int type, hint, olen;
1379 u16 mtu = L2CAP_DEFAULT_MTU;
1380 u16 result = L2CAP_CONF_SUCCESS;
1382 BT_DBG("sk %p", sk);
1384 while (len >= L2CAP_CONF_OPT_SIZE) {
1385 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1391 case L2CAP_CONF_MTU:
1395 case L2CAP_CONF_FLUSH_TO:
1399 case L2CAP_CONF_QOS:
1406 result = L2CAP_CONF_UNKNOWN;
1407 *((u8 *) ptr++) = type;
1412 if (result == L2CAP_CONF_SUCCESS) {
1413 /* Configure output options and let the other side know
1414 * which ones we don't like. */
1417 result = L2CAP_CONF_UNACCEPT;
1420 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1423 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1426 rsp->scid = cpu_to_le16(pi->dcid);
1427 rsp->result = cpu_to_le16(result);
1428 rsp->flags = cpu_to_le16(0x0000);
1433 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1435 struct l2cap_conf_rsp *rsp = data;
1436 void *ptr = rsp->data;
1438 BT_DBG("sk %p", sk);
1440 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1441 rsp->result = cpu_to_le16(result);
1442 rsp->flags = cpu_to_le16(flags);
1447 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1449 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1451 if (rej->reason != 0x0000)
1454 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1455 cmd->ident == conn->info_ident) {
1456 conn->info_ident = 0;
1457 del_timer(&conn->info_timer);
1458 l2cap_conn_start(conn);
1464 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1466 struct l2cap_chan_list *list = &conn->chan_list;
1467 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1468 struct l2cap_conn_rsp rsp;
1469 struct sock *sk, *parent;
1470 int result = 0, status = 0;
1472 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1473 __le16 psm = req->psm;
1475 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1477 /* Check if we have socket listening on psm */
1478 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1480 result = L2CAP_CR_BAD_PSM;
1484 result = L2CAP_CR_NO_MEM;
1486 /* Check for backlog size */
1487 if (sk_acceptq_is_full(parent)) {
1488 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1492 sk = l2cap_sock_alloc(parent->sk_net, NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1496 write_lock_bh(&list->lock);
1498 /* Check if we already have channel with that dcid */
1499 if (__l2cap_get_chan_by_dcid(list, scid)) {
1500 write_unlock_bh(&list->lock);
1501 sock_set_flag(sk, SOCK_ZAPPED);
1502 l2cap_sock_kill(sk);
1506 hci_conn_hold(conn->hcon);
1508 l2cap_sock_init(sk, parent);
1509 bacpy(&bt_sk(sk)->src, conn->src);
1510 bacpy(&bt_sk(sk)->dst, conn->dst);
1511 l2cap_pi(sk)->psm = psm;
1512 l2cap_pi(sk)->dcid = scid;
1514 __l2cap_chan_add(conn, sk, parent);
1515 dcid = l2cap_pi(sk)->scid;
1517 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1519 /* Service level security */
1520 result = L2CAP_CR_PEND;
1521 status = L2CAP_CS_AUTHEN_PEND;
1522 sk->sk_state = BT_CONNECT2;
1523 l2cap_pi(sk)->ident = cmd->ident;
1525 if ((l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) ||
1526 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)) {
1527 if (!hci_conn_encrypt(conn->hcon))
1529 } else if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH) {
1530 if (!hci_conn_auth(conn->hcon))
1534 sk->sk_state = BT_CONFIG;
1535 result = status = 0;
1538 write_unlock_bh(&list->lock);
1541 bh_unlock_sock(parent);
1544 rsp.scid = cpu_to_le16(scid);
1545 rsp.dcid = cpu_to_le16(dcid);
1546 rsp.result = cpu_to_le16(result);
1547 rsp.status = cpu_to_le16(status);
1548 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1552 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1554 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1555 u16 scid, dcid, result, status;
1559 scid = __le16_to_cpu(rsp->scid);
1560 dcid = __le16_to_cpu(rsp->dcid);
1561 result = __le16_to_cpu(rsp->result);
1562 status = __le16_to_cpu(rsp->status);
1564 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1567 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1570 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1575 case L2CAP_CR_SUCCESS:
1576 sk->sk_state = BT_CONFIG;
1577 l2cap_pi(sk)->ident = 0;
1578 l2cap_pi(sk)->dcid = dcid;
1579 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1581 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1582 l2cap_build_conf_req(sk, req), req);
1589 l2cap_chan_del(sk, ECONNREFUSED);
1597 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1599 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1605 dcid = __le16_to_cpu(req->dcid);
1606 flags = __le16_to_cpu(req->flags);
1608 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1610 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1613 if (sk->sk_state == BT_DISCONN)
1616 /* Reject if config buffer is too small. */
1617 len = cmd_len - sizeof(*req);
1618 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
1619 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1620 l2cap_build_conf_rsp(sk, rsp,
1621 L2CAP_CONF_REJECT, flags), rsp);
1626 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
1627 l2cap_pi(sk)->conf_len += len;
1629 if (flags & 0x0001) {
1630 /* Incomplete config. Send empty response. */
1631 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1632 l2cap_build_conf_rsp(sk, rsp,
1633 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1637 /* Complete config. */
1638 len = l2cap_parse_conf_req(sk, rsp);
1642 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
1644 /* Reset config buffer. */
1645 l2cap_pi(sk)->conf_len = 0;
1647 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
1650 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
1651 sk->sk_state = BT_CONNECTED;
1652 l2cap_chan_ready(sk);
1656 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
1658 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1659 l2cap_build_conf_req(sk, req), req);
1667 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1669 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
1670 u16 scid, flags, result;
1673 scid = __le16_to_cpu(rsp->scid);
1674 flags = __le16_to_cpu(rsp->flags);
1675 result = __le16_to_cpu(rsp->result);
1677 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
1679 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1683 case L2CAP_CONF_SUCCESS:
1686 case L2CAP_CONF_UNACCEPT:
1687 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
1689 /* It does not make sense to adjust L2CAP parameters
1690 * that are currently defined in the spec. We simply
1691 * resend config request that we sent earlier. It is
1692 * stupid, but it helps qualification testing which
1693 * expects at least some response from us. */
1694 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1695 l2cap_build_conf_req(sk, req), req);
1700 sk->sk_state = BT_DISCONN;
1701 sk->sk_err = ECONNRESET;
1702 l2cap_sock_set_timer(sk, HZ * 5);
1704 struct l2cap_disconn_req req;
1705 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
1706 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
1707 l2cap_send_cmd(conn, l2cap_get_ident(conn),
1708 L2CAP_DISCONN_REQ, sizeof(req), &req);
1716 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
1718 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
1719 sk->sk_state = BT_CONNECTED;
1720 l2cap_chan_ready(sk);
1728 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1730 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
1731 struct l2cap_disconn_rsp rsp;
1735 scid = __le16_to_cpu(req->scid);
1736 dcid = __le16_to_cpu(req->dcid);
1738 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
1740 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1743 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1744 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1745 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
1747 sk->sk_shutdown = SHUTDOWN_MASK;
1749 l2cap_chan_del(sk, ECONNRESET);
1752 l2cap_sock_kill(sk);
1756 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1758 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
1762 scid = __le16_to_cpu(rsp->scid);
1763 dcid = __le16_to_cpu(rsp->dcid);
1765 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
1767 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1770 l2cap_chan_del(sk, 0);
1773 l2cap_sock_kill(sk);
1777 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1779 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1782 type = __le16_to_cpu(req->type);
1784 BT_DBG("type 0x%4.4x", type);
1786 if (type == L2CAP_IT_FEAT_MASK) {
1788 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
1789 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1790 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
1791 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
1792 l2cap_send_cmd(conn, cmd->ident,
1793 L2CAP_INFO_RSP, sizeof(buf), buf);
1795 struct l2cap_info_rsp rsp;
1796 rsp.type = cpu_to_le16(type);
1797 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
1798 l2cap_send_cmd(conn, cmd->ident,
1799 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
1805 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1807 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
1810 type = __le16_to_cpu(rsp->type);
1811 result = __le16_to_cpu(rsp->result);
1813 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
1815 conn->info_ident = 0;
1817 del_timer(&conn->info_timer);
1819 if (type == L2CAP_IT_FEAT_MASK)
1820 conn->feat_mask = __le32_to_cpu(get_unaligned((__le32 *) rsp->data));
1822 l2cap_conn_start(conn);
1827 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1829 u8 *data = skb->data;
1831 struct l2cap_cmd_hdr cmd;
1834 l2cap_raw_recv(conn, skb);
1836 while (len >= L2CAP_CMD_HDR_SIZE) {
1838 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
1839 data += L2CAP_CMD_HDR_SIZE;
1840 len -= L2CAP_CMD_HDR_SIZE;
1842 cmd_len = le16_to_cpu(cmd.len);
1844 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1846 if (cmd_len > len || !cmd.ident) {
1847 BT_DBG("corrupted command");
1852 case L2CAP_COMMAND_REJ:
1853 l2cap_command_rej(conn, &cmd, data);
1856 case L2CAP_CONN_REQ:
1857 err = l2cap_connect_req(conn, &cmd, data);
1860 case L2CAP_CONN_RSP:
1861 err = l2cap_connect_rsp(conn, &cmd, data);
1864 case L2CAP_CONF_REQ:
1865 err = l2cap_config_req(conn, &cmd, cmd_len, data);
1868 case L2CAP_CONF_RSP:
1869 err = l2cap_config_rsp(conn, &cmd, data);
1872 case L2CAP_DISCONN_REQ:
1873 err = l2cap_disconnect_req(conn, &cmd, data);
1876 case L2CAP_DISCONN_RSP:
1877 err = l2cap_disconnect_rsp(conn, &cmd, data);
1880 case L2CAP_ECHO_REQ:
1881 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
1884 case L2CAP_ECHO_RSP:
1887 case L2CAP_INFO_REQ:
1888 err = l2cap_information_req(conn, &cmd, data);
1891 case L2CAP_INFO_RSP:
1892 err = l2cap_information_rsp(conn, &cmd, data);
1896 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
1902 struct l2cap_cmd_rej rej;
1903 BT_DBG("error %d", err);
1905 /* FIXME: Map err to a valid reason */
1906 rej.reason = cpu_to_le16(0);
1907 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
1917 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
1921 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
1923 BT_DBG("unknown cid 0x%4.4x", cid);
1927 BT_DBG("sk %p, len %d", sk, skb->len);
1929 if (sk->sk_state != BT_CONNECTED)
1932 if (l2cap_pi(sk)->imtu < skb->len)
1935 /* If socket recv buffers overflows we drop data here
1936 * which is *bad* because L2CAP has to be reliable.
1937 * But we don't have any other choice. L2CAP doesn't
1938 * provide flow control mechanism. */
1940 if (!sock_queue_rcv_skb(sk, skb))
1953 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1957 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
1961 BT_DBG("sk %p, len %d", sk, skb->len);
1963 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
1966 if (l2cap_pi(sk)->imtu < skb->len)
1969 if (!sock_queue_rcv_skb(sk, skb))
1976 if (sk) bh_unlock_sock(sk);
1980 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
1982 struct l2cap_hdr *lh = (void *) skb->data;
1986 skb_pull(skb, L2CAP_HDR_SIZE);
1987 cid = __le16_to_cpu(lh->cid);
1988 len = __le16_to_cpu(lh->len);
1990 BT_DBG("len %d, cid 0x%4.4x", len, cid);
1994 l2cap_sig_channel(conn, skb);
1998 psm = get_unaligned((__le16 *) skb->data);
2000 l2cap_conless_channel(conn, psm, skb);
2004 l2cap_data_channel(conn, cid, skb);
2009 /* ---- L2CAP interface with lower layer (HCI) ---- */
2011 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2013 int exact = 0, lm1 = 0, lm2 = 0;
2014 register struct sock *sk;
2015 struct hlist_node *node;
2017 if (type != ACL_LINK)
2020 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2022 /* Find listening sockets and check their link_mode */
2023 read_lock(&l2cap_sk_list.lock);
2024 sk_for_each(sk, node, &l2cap_sk_list.head) {
2025 if (sk->sk_state != BT_LISTEN)
2028 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2029 lm1 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
2031 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
2032 lm2 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
2034 read_unlock(&l2cap_sk_list.lock);
2036 return exact ? lm1 : lm2;
2039 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2041 struct l2cap_conn *conn;
2043 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2045 if (hcon->type != ACL_LINK)
2049 conn = l2cap_conn_add(hcon, status);
2051 l2cap_conn_ready(conn);
2053 l2cap_conn_del(hcon, bt_err(status));
2058 static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2060 BT_DBG("hcon %p reason %d", hcon, reason);
2062 if (hcon->type != ACL_LINK)
2065 l2cap_conn_del(hcon, bt_err(reason));
2070 static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status)
2072 struct l2cap_chan_list *l;
2073 struct l2cap_conn *conn = conn = hcon->l2cap_data;
2074 struct l2cap_conn_rsp rsp;
2081 l = &conn->chan_list;
2083 BT_DBG("conn %p", conn);
2085 read_lock(&l->lock);
2087 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2090 if (sk->sk_state != BT_CONNECT2 ||
2091 (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) ||
2092 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)) {
2098 sk->sk_state = BT_CONFIG;
2101 sk->sk_state = BT_DISCONN;
2102 l2cap_sock_set_timer(sk, HZ/10);
2103 result = L2CAP_CR_SEC_BLOCK;
2106 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2107 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2108 rsp.result = cpu_to_le16(result);
2109 rsp.status = cpu_to_le16(0);
2110 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2111 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2116 read_unlock(&l->lock);
2120 static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status)
2122 struct l2cap_chan_list *l;
2123 struct l2cap_conn *conn = hcon->l2cap_data;
2124 struct l2cap_conn_rsp rsp;
2131 l = &conn->chan_list;
2133 BT_DBG("conn %p", conn);
2135 read_lock(&l->lock);
2137 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2140 if (sk->sk_state != BT_CONNECT2) {
2146 sk->sk_state = BT_CONFIG;
2149 sk->sk_state = BT_DISCONN;
2150 l2cap_sock_set_timer(sk, HZ/10);
2151 result = L2CAP_CR_SEC_BLOCK;
2154 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2155 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2156 rsp.result = cpu_to_le16(result);
2157 rsp.status = cpu_to_le16(0);
2158 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2159 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2161 if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)
2162 hci_conn_change_link_key(hcon);
2167 read_unlock(&l->lock);
2171 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2173 struct l2cap_conn *conn = hcon->l2cap_data;
2175 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2178 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2180 if (flags & ACL_START) {
2181 struct l2cap_hdr *hdr;
2185 BT_ERR("Unexpected start frame (len %d)", skb->len);
2186 kfree_skb(conn->rx_skb);
2187 conn->rx_skb = NULL;
2189 l2cap_conn_unreliable(conn, ECOMM);
2193 BT_ERR("Frame is too short (len %d)", skb->len);
2194 l2cap_conn_unreliable(conn, ECOMM);
2198 hdr = (struct l2cap_hdr *) skb->data;
2199 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2201 if (len == skb->len) {
2202 /* Complete frame received */
2203 l2cap_recv_frame(conn, skb);
2207 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2209 if (skb->len > len) {
2210 BT_ERR("Frame is too long (len %d, expected len %d)",
2212 l2cap_conn_unreliable(conn, ECOMM);
2216 /* Allocate skb for the complete frame (with header) */
2217 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2220 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2222 conn->rx_len = len - skb->len;
2224 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2226 if (!conn->rx_len) {
2227 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2228 l2cap_conn_unreliable(conn, ECOMM);
2232 if (skb->len > conn->rx_len) {
2233 BT_ERR("Fragment is too long (len %d, expected %d)",
2234 skb->len, conn->rx_len);
2235 kfree_skb(conn->rx_skb);
2236 conn->rx_skb = NULL;
2238 l2cap_conn_unreliable(conn, ECOMM);
2242 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2244 conn->rx_len -= skb->len;
2246 if (!conn->rx_len) {
2247 /* Complete frame received */
2248 l2cap_recv_frame(conn, conn->rx_skb);
2249 conn->rx_skb = NULL;
2258 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
2261 struct hlist_node *node;
2264 read_lock_bh(&l2cap_sk_list.lock);
2266 sk_for_each(sk, node, &l2cap_sk_list.head) {
2267 struct l2cap_pinfo *pi = l2cap_pi(sk);
2269 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d 0x%x\n",
2270 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2271 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2272 pi->imtu, pi->omtu, pi->link_mode);
2275 read_unlock_bh(&l2cap_sk_list.lock);
2280 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
2282 static const struct proto_ops l2cap_sock_ops = {
2283 .family = PF_BLUETOOTH,
2284 .owner = THIS_MODULE,
2285 .release = l2cap_sock_release,
2286 .bind = l2cap_sock_bind,
2287 .connect = l2cap_sock_connect,
2288 .listen = l2cap_sock_listen,
2289 .accept = l2cap_sock_accept,
2290 .getname = l2cap_sock_getname,
2291 .sendmsg = l2cap_sock_sendmsg,
2292 .recvmsg = bt_sock_recvmsg,
2293 .poll = bt_sock_poll,
2294 .mmap = sock_no_mmap,
2295 .socketpair = sock_no_socketpair,
2296 .ioctl = sock_no_ioctl,
2297 .shutdown = l2cap_sock_shutdown,
2298 .setsockopt = l2cap_sock_setsockopt,
2299 .getsockopt = l2cap_sock_getsockopt
2302 static struct net_proto_family l2cap_sock_family_ops = {
2303 .family = PF_BLUETOOTH,
2304 .owner = THIS_MODULE,
2305 .create = l2cap_sock_create,
2308 static struct hci_proto l2cap_hci_proto = {
2310 .id = HCI_PROTO_L2CAP,
2311 .connect_ind = l2cap_connect_ind,
2312 .connect_cfm = l2cap_connect_cfm,
2313 .disconn_ind = l2cap_disconn_ind,
2314 .auth_cfm = l2cap_auth_cfm,
2315 .encrypt_cfm = l2cap_encrypt_cfm,
2316 .recv_acldata = l2cap_recv_acldata
2319 static int __init l2cap_init(void)
2323 err = proto_register(&l2cap_proto, 0);
2327 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2329 BT_ERR("L2CAP socket registration failed");
2333 err = hci_register_proto(&l2cap_hci_proto);
2335 BT_ERR("L2CAP protocol registration failed");
2336 bt_sock_unregister(BTPROTO_L2CAP);
2340 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2341 BT_ERR("Failed to create L2CAP info file");
2343 BT_INFO("L2CAP ver %s", VERSION);
2344 BT_INFO("L2CAP socket layer initialized");
2349 proto_unregister(&l2cap_proto);
2353 static void __exit l2cap_exit(void)
2355 class_remove_file(bt_class, &class_attr_l2cap);
2357 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2358 BT_ERR("L2CAP socket unregistration failed");
2360 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2361 BT_ERR("L2CAP protocol unregistration failed");
2363 proto_unregister(&l2cap_proto);
2366 void l2cap_load(void)
2368 /* Dummy function to trigger automatic L2CAP module loading by
2369 * other modules that use L2CAP sockets but don't use any other
2370 * symbols from it. */
2373 EXPORT_SYMBOL(l2cap_load);
2375 module_init(l2cap_init);
2376 module_exit(l2cap_exit);
2378 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2379 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2380 MODULE_VERSION(VERSION);
2381 MODULE_LICENSE("GPL");
2382 MODULE_ALIAS("bt-proto-0");