2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth L2CAP core and sockets. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
53 #define VERSION "2.13"
55 static u32 l2cap_feat_mask = 0x0080;
56 static u8 l2cap_fixed_chan[8] = { 0x02, };
58 static const struct proto_ops l2cap_sock_ops;
60 static struct bt_sock_list l2cap_sk_list = {
61 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
64 static void __l2cap_sock_close(struct sock *sk, int reason);
65 static void l2cap_sock_close(struct sock *sk);
66 static void l2cap_sock_kill(struct sock *sk);
68 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
71 /* ---- L2CAP timers ---- */
72 static void l2cap_sock_timeout(unsigned long arg)
74 struct sock *sk = (struct sock *) arg;
77 BT_DBG("sock %p state %d", sk, sk->sk_state);
81 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
82 reason = ECONNREFUSED;
83 else if (sk->sk_state == BT_CONNECT &&
84 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
85 reason = ECONNREFUSED;
89 __l2cap_sock_close(sk, reason);
97 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
99 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
100 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
103 static void l2cap_sock_clear_timer(struct sock *sk)
105 BT_DBG("sock %p state %d", sk, sk->sk_state);
106 sk_stop_timer(sk, &sk->sk_timer);
109 /* ---- L2CAP channels ---- */
110 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
113 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
114 if (l2cap_pi(s)->dcid == cid)
120 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
123 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
124 if (l2cap_pi(s)->scid == cid)
130 /* Find channel with given SCID.
131 * Returns locked socket */
132 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
136 s = __l2cap_get_chan_by_scid(l, cid);
137 if (s) bh_lock_sock(s);
138 read_unlock(&l->lock);
142 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
145 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
146 if (l2cap_pi(s)->ident == ident)
152 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
156 s = __l2cap_get_chan_by_ident(l, ident);
157 if (s) bh_lock_sock(s);
158 read_unlock(&l->lock);
162 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
166 for (; cid < 0xffff; cid++) {
167 if(!__l2cap_get_chan_by_scid(l, cid))
174 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
179 l2cap_pi(l->head)->prev_c = sk;
181 l2cap_pi(sk)->next_c = l->head;
182 l2cap_pi(sk)->prev_c = NULL;
186 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
188 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
190 write_lock_bh(&l->lock);
195 l2cap_pi(next)->prev_c = prev;
197 l2cap_pi(prev)->next_c = next;
198 write_unlock_bh(&l->lock);
203 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
205 struct l2cap_chan_list *l = &conn->chan_list;
207 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
209 conn->disc_reason = 0x13;
211 l2cap_pi(sk)->conn = conn;
213 if (sk->sk_type == SOCK_SEQPACKET) {
214 /* Alloc CID for connection-oriented socket */
215 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
216 } else if (sk->sk_type == SOCK_DGRAM) {
217 /* Connectionless socket */
218 l2cap_pi(sk)->scid = 0x0002;
219 l2cap_pi(sk)->dcid = 0x0002;
220 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
222 /* Raw socket can send/recv signalling messages only */
223 l2cap_pi(sk)->scid = 0x0001;
224 l2cap_pi(sk)->dcid = 0x0001;
225 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
228 __l2cap_chan_link(l, sk);
231 bt_accept_enqueue(parent, sk);
235 * Must be called on the locked socket. */
236 static void l2cap_chan_del(struct sock *sk, int err)
238 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
239 struct sock *parent = bt_sk(sk)->parent;
241 l2cap_sock_clear_timer(sk);
243 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
246 /* Unlink from channel list */
247 l2cap_chan_unlink(&conn->chan_list, sk);
248 l2cap_pi(sk)->conn = NULL;
249 hci_conn_put(conn->hcon);
252 sk->sk_state = BT_CLOSED;
253 sock_set_flag(sk, SOCK_ZAPPED);
259 bt_accept_unlink(sk);
260 parent->sk_data_ready(parent, 0);
262 sk->sk_state_change(sk);
265 /* Service level security */
266 static inline int l2cap_check_security(struct sock *sk)
268 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
271 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
272 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
273 auth_type = HCI_AT_NO_BONDING_MITM;
275 auth_type = HCI_AT_NO_BONDING;
277 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
278 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
280 switch (l2cap_pi(sk)->sec_level) {
281 case BT_SECURITY_HIGH:
282 auth_type = HCI_AT_GENERAL_BONDING_MITM;
284 case BT_SECURITY_MEDIUM:
285 auth_type = HCI_AT_GENERAL_BONDING;
288 auth_type = HCI_AT_NO_BONDING;
293 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
297 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
301 /* Get next available identificator.
302 * 1 - 128 are used by kernel.
303 * 129 - 199 are reserved.
304 * 200 - 254 are used by utilities like l2ping, etc.
307 spin_lock_bh(&conn->lock);
309 if (++conn->tx_ident > 128)
314 spin_unlock_bh(&conn->lock);
319 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
321 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
323 BT_DBG("code 0x%2.2x", code);
328 return hci_send_acl(conn->hcon, skb, 0);
331 static void l2cap_do_start(struct sock *sk)
333 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
335 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
336 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
339 if (l2cap_check_security(sk)) {
340 struct l2cap_conn_req req;
341 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
342 req.psm = l2cap_pi(sk)->psm;
344 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
346 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
347 L2CAP_CONN_REQ, sizeof(req), &req);
350 struct l2cap_info_req req;
351 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
353 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
354 conn->info_ident = l2cap_get_ident(conn);
356 mod_timer(&conn->info_timer, jiffies +
357 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
359 l2cap_send_cmd(conn, conn->info_ident,
360 L2CAP_INFO_REQ, sizeof(req), &req);
364 /* ---- L2CAP connections ---- */
365 static void l2cap_conn_start(struct l2cap_conn *conn)
367 struct l2cap_chan_list *l = &conn->chan_list;
370 BT_DBG("conn %p", conn);
374 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
377 if (sk->sk_type != SOCK_SEQPACKET) {
382 if (sk->sk_state == BT_CONNECT) {
383 if (l2cap_check_security(sk)) {
384 struct l2cap_conn_req req;
385 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
386 req.psm = l2cap_pi(sk)->psm;
388 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
390 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
391 L2CAP_CONN_REQ, sizeof(req), &req);
393 } else if (sk->sk_state == BT_CONNECT2) {
394 struct l2cap_conn_rsp rsp;
395 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
396 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
398 if (l2cap_check_security(sk)) {
399 if (bt_sk(sk)->defer_setup) {
400 struct sock *parent = bt_sk(sk)->parent;
401 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
402 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
403 parent->sk_data_ready(parent, 0);
406 sk->sk_state = BT_CONFIG;
407 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
408 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
411 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
412 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
415 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
416 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
422 read_unlock(&l->lock);
425 static void l2cap_conn_ready(struct l2cap_conn *conn)
427 struct l2cap_chan_list *l = &conn->chan_list;
430 BT_DBG("conn %p", conn);
434 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
437 if (sk->sk_type != SOCK_SEQPACKET) {
438 l2cap_sock_clear_timer(sk);
439 sk->sk_state = BT_CONNECTED;
440 sk->sk_state_change(sk);
441 } else if (sk->sk_state == BT_CONNECT)
447 read_unlock(&l->lock);
450 /* Notify sockets that we cannot guaranty reliability anymore */
451 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
453 struct l2cap_chan_list *l = &conn->chan_list;
456 BT_DBG("conn %p", conn);
460 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
461 if (l2cap_pi(sk)->force_reliable)
465 read_unlock(&l->lock);
468 static void l2cap_info_timeout(unsigned long arg)
470 struct l2cap_conn *conn = (void *) arg;
472 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
473 conn->info_ident = 0;
475 l2cap_conn_start(conn);
478 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
480 struct l2cap_conn *conn = hcon->l2cap_data;
485 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
489 hcon->l2cap_data = conn;
492 BT_DBG("hcon %p conn %p", hcon, conn);
494 conn->mtu = hcon->hdev->acl_mtu;
495 conn->src = &hcon->hdev->bdaddr;
496 conn->dst = &hcon->dst;
500 setup_timer(&conn->info_timer, l2cap_info_timeout,
501 (unsigned long) conn);
503 spin_lock_init(&conn->lock);
504 rwlock_init(&conn->chan_list.lock);
506 conn->disc_reason = 0x13;
511 static void l2cap_conn_del(struct hci_conn *hcon, int err)
513 struct l2cap_conn *conn = hcon->l2cap_data;
519 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
522 kfree_skb(conn->rx_skb);
525 while ((sk = conn->chan_list.head)) {
527 l2cap_chan_del(sk, err);
532 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
533 del_timer_sync(&conn->info_timer);
535 hcon->l2cap_data = NULL;
539 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
541 struct l2cap_chan_list *l = &conn->chan_list;
542 write_lock_bh(&l->lock);
543 __l2cap_chan_add(conn, sk, parent);
544 write_unlock_bh(&l->lock);
547 /* ---- Socket interface ---- */
548 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
551 struct hlist_node *node;
552 sk_for_each(sk, node, &l2cap_sk_list.head)
553 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
560 /* Find socket with psm and source bdaddr.
561 * Returns closest match.
563 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
565 struct sock *sk = NULL, *sk1 = NULL;
566 struct hlist_node *node;
568 sk_for_each(sk, node, &l2cap_sk_list.head) {
569 if (state && sk->sk_state != state)
572 if (l2cap_pi(sk)->psm == psm) {
574 if (!bacmp(&bt_sk(sk)->src, src))
578 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
582 return node ? sk : sk1;
585 /* Find socket with given address (psm, src).
586 * Returns locked socket */
587 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
590 read_lock(&l2cap_sk_list.lock);
591 s = __l2cap_get_sock_by_psm(state, psm, src);
592 if (s) bh_lock_sock(s);
593 read_unlock(&l2cap_sk_list.lock);
597 static void l2cap_sock_destruct(struct sock *sk)
601 skb_queue_purge(&sk->sk_receive_queue);
602 skb_queue_purge(&sk->sk_write_queue);
605 static void l2cap_sock_cleanup_listen(struct sock *parent)
609 BT_DBG("parent %p", parent);
611 /* Close not yet accepted channels */
612 while ((sk = bt_accept_dequeue(parent, NULL)))
613 l2cap_sock_close(sk);
615 parent->sk_state = BT_CLOSED;
616 sock_set_flag(parent, SOCK_ZAPPED);
619 /* Kill socket (only if zapped and orphan)
620 * Must be called on unlocked socket.
622 static void l2cap_sock_kill(struct sock *sk)
624 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
627 BT_DBG("sk %p state %d", sk, sk->sk_state);
629 /* Kill poor orphan */
630 bt_sock_unlink(&l2cap_sk_list, sk);
631 sock_set_flag(sk, SOCK_DEAD);
635 static void __l2cap_sock_close(struct sock *sk, int reason)
637 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
639 switch (sk->sk_state) {
641 l2cap_sock_cleanup_listen(sk);
646 if (sk->sk_type == SOCK_SEQPACKET) {
647 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
648 struct l2cap_disconn_req req;
650 sk->sk_state = BT_DISCONN;
651 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
653 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
654 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
655 l2cap_send_cmd(conn, l2cap_get_ident(conn),
656 L2CAP_DISCONN_REQ, sizeof(req), &req);
658 l2cap_chan_del(sk, reason);
662 if (sk->sk_type == SOCK_SEQPACKET) {
663 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
664 struct l2cap_conn_rsp rsp;
667 if (bt_sk(sk)->defer_setup)
668 result = L2CAP_CR_SEC_BLOCK;
670 result = L2CAP_CR_BAD_PSM;
672 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
673 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
674 rsp.result = cpu_to_le16(result);
675 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
676 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
677 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
679 l2cap_chan_del(sk, reason);
684 l2cap_chan_del(sk, reason);
688 sock_set_flag(sk, SOCK_ZAPPED);
693 /* Must be called on unlocked socket. */
694 static void l2cap_sock_close(struct sock *sk)
696 l2cap_sock_clear_timer(sk);
698 __l2cap_sock_close(sk, ECONNRESET);
703 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
705 struct l2cap_pinfo *pi = l2cap_pi(sk);
710 sk->sk_type = parent->sk_type;
711 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
713 pi->imtu = l2cap_pi(parent)->imtu;
714 pi->omtu = l2cap_pi(parent)->omtu;
715 pi->sec_level = l2cap_pi(parent)->sec_level;
716 pi->role_switch = l2cap_pi(parent)->role_switch;
717 pi->force_reliable = l2cap_pi(parent)->force_reliable;
719 pi->imtu = L2CAP_DEFAULT_MTU;
721 pi->sec_level = BT_SECURITY_LOW;
723 pi->force_reliable = 0;
726 /* Default config options */
728 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
731 static struct proto l2cap_proto = {
733 .owner = THIS_MODULE,
734 .obj_size = sizeof(struct l2cap_pinfo)
737 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
741 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
745 sock_init_data(sock, sk);
746 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
748 sk->sk_destruct = l2cap_sock_destruct;
749 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
751 sock_reset_flag(sk, SOCK_ZAPPED);
753 sk->sk_protocol = proto;
754 sk->sk_state = BT_OPEN;
756 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
758 bt_sock_link(&l2cap_sk_list, sk);
762 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
766 BT_DBG("sock %p", sock);
768 sock->state = SS_UNCONNECTED;
770 if (sock->type != SOCK_SEQPACKET &&
771 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
772 return -ESOCKTNOSUPPORT;
774 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
777 sock->ops = &l2cap_sock_ops;
779 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
783 l2cap_sock_init(sk, NULL);
787 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
789 struct sock *sk = sock->sk;
790 struct sockaddr_l2 la;
795 if (!addr || addr->sa_family != AF_BLUETOOTH)
798 memset(&la, 0, sizeof(la));
799 len = min_t(unsigned int, sizeof(la), alen);
800 memcpy(&la, addr, len);
804 if (sk->sk_state != BT_OPEN) {
809 if (la.l2_psm && btohs(la.l2_psm) < 0x1001 &&
810 !capable(CAP_NET_BIND_SERVICE)) {
815 write_lock_bh(&l2cap_sk_list.lock);
817 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
820 /* Save source address */
821 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
822 l2cap_pi(sk)->psm = la.l2_psm;
823 l2cap_pi(sk)->sport = la.l2_psm;
824 sk->sk_state = BT_BOUND;
826 if (btohs(la.l2_psm) == 0x0001 || btohs(la.l2_psm) == 0x0003)
827 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
830 write_unlock_bh(&l2cap_sk_list.lock);
837 static int l2cap_do_connect(struct sock *sk)
839 bdaddr_t *src = &bt_sk(sk)->src;
840 bdaddr_t *dst = &bt_sk(sk)->dst;
841 struct l2cap_conn *conn;
842 struct hci_conn *hcon;
843 struct hci_dev *hdev;
847 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
850 if (!(hdev = hci_get_route(dst, src)))
851 return -EHOSTUNREACH;
853 hci_dev_lock_bh(hdev);
857 if (sk->sk_type == SOCK_RAW) {
858 switch (l2cap_pi(sk)->sec_level) {
859 case BT_SECURITY_HIGH:
860 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
862 case BT_SECURITY_MEDIUM:
863 auth_type = HCI_AT_DEDICATED_BONDING;
866 auth_type = HCI_AT_NO_BONDING;
869 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
870 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
871 auth_type = HCI_AT_NO_BONDING_MITM;
873 auth_type = HCI_AT_NO_BONDING;
875 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
876 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
878 switch (l2cap_pi(sk)->sec_level) {
879 case BT_SECURITY_HIGH:
880 auth_type = HCI_AT_GENERAL_BONDING_MITM;
882 case BT_SECURITY_MEDIUM:
883 auth_type = HCI_AT_GENERAL_BONDING;
886 auth_type = HCI_AT_NO_BONDING;
891 hcon = hci_connect(hdev, ACL_LINK, dst,
892 l2cap_pi(sk)->sec_level, auth_type);
896 conn = l2cap_conn_add(hcon, 0);
904 /* Update source addr of the socket */
905 bacpy(src, conn->src);
907 l2cap_chan_add(conn, sk, NULL);
909 sk->sk_state = BT_CONNECT;
910 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
912 if (hcon->state == BT_CONNECTED) {
913 if (sk->sk_type != SOCK_SEQPACKET) {
914 l2cap_sock_clear_timer(sk);
915 sk->sk_state = BT_CONNECTED;
921 hci_dev_unlock_bh(hdev);
926 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
928 struct sock *sk = sock->sk;
929 struct sockaddr_l2 la;
936 if (!addr || addr->sa_family != AF_BLUETOOTH) {
941 memset(&la, 0, sizeof(la));
942 len = min_t(unsigned int, sizeof(la), alen);
943 memcpy(&la, addr, len);
945 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
950 switch(sk->sk_state) {
954 /* Already connecting */
958 /* Already connected */
971 /* Set destination address and psm */
972 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
973 l2cap_pi(sk)->psm = la.l2_psm;
975 if ((err = l2cap_do_connect(sk)))
979 err = bt_sock_wait_state(sk, BT_CONNECTED,
980 sock_sndtimeo(sk, flags & O_NONBLOCK));
986 static int l2cap_sock_listen(struct socket *sock, int backlog)
988 struct sock *sk = sock->sk;
991 BT_DBG("sk %p backlog %d", sk, backlog);
995 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
1000 if (!l2cap_pi(sk)->psm) {
1001 bdaddr_t *src = &bt_sk(sk)->src;
1006 write_lock_bh(&l2cap_sk_list.lock);
1008 for (psm = 0x1001; psm < 0x1100; psm += 2)
1009 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
1010 l2cap_pi(sk)->psm = htobs(psm);
1011 l2cap_pi(sk)->sport = htobs(psm);
1016 write_unlock_bh(&l2cap_sk_list.lock);
1022 sk->sk_max_ack_backlog = backlog;
1023 sk->sk_ack_backlog = 0;
1024 sk->sk_state = BT_LISTEN;
1031 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1033 DECLARE_WAITQUEUE(wait, current);
1034 struct sock *sk = sock->sk, *nsk;
1038 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1040 if (sk->sk_state != BT_LISTEN) {
1045 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1047 BT_DBG("sk %p timeo %ld", sk, timeo);
1049 /* Wait for an incoming connection. (wake-one). */
1050 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1051 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1052 set_current_state(TASK_INTERRUPTIBLE);
1059 timeo = schedule_timeout(timeo);
1060 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1062 if (sk->sk_state != BT_LISTEN) {
1067 if (signal_pending(current)) {
1068 err = sock_intr_errno(timeo);
1072 set_current_state(TASK_RUNNING);
1073 remove_wait_queue(sk->sk_sleep, &wait);
1078 newsock->state = SS_CONNECTED;
1080 BT_DBG("new socket %p", nsk);
1087 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1089 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1090 struct sock *sk = sock->sk;
1092 BT_DBG("sock %p, sk %p", sock, sk);
1094 addr->sa_family = AF_BLUETOOTH;
1095 *len = sizeof(struct sockaddr_l2);
1098 la->l2_psm = l2cap_pi(sk)->psm;
1099 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1100 la->l2_cid = htobs(l2cap_pi(sk)->dcid);
1102 la->l2_psm = l2cap_pi(sk)->sport;
1103 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1104 la->l2_cid = htobs(l2cap_pi(sk)->scid);
1110 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1112 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1113 struct sk_buff *skb, **frag;
1114 int err, hlen, count, sent=0;
1115 struct l2cap_hdr *lh;
1117 BT_DBG("sk %p len %d", sk, len);
1119 /* First fragment (with L2CAP header) */
1120 if (sk->sk_type == SOCK_DGRAM)
1121 hlen = L2CAP_HDR_SIZE + 2;
1123 hlen = L2CAP_HDR_SIZE;
1125 count = min_t(unsigned int, (conn->mtu - hlen), len);
1127 skb = bt_skb_send_alloc(sk, hlen + count,
1128 msg->msg_flags & MSG_DONTWAIT, &err);
1132 /* Create L2CAP header */
1133 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1134 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1135 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1137 if (sk->sk_type == SOCK_DGRAM)
1138 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1140 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1148 /* Continuation fragments (no L2CAP header) */
1149 frag = &skb_shinfo(skb)->frag_list;
1151 count = min_t(unsigned int, conn->mtu, len);
1153 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1157 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1165 frag = &(*frag)->next;
1168 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1178 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1180 struct sock *sk = sock->sk;
1183 BT_DBG("sock %p, sk %p", sock, sk);
1185 err = sock_error(sk);
1189 if (msg->msg_flags & MSG_OOB)
1192 /* Check outgoing MTU */
1193 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1198 if (sk->sk_state == BT_CONNECTED)
1199 err = l2cap_do_send(sk, msg, len);
1207 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1209 struct sock *sk = sock->sk;
1213 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1214 struct l2cap_conn_rsp rsp;
1216 sk->sk_state = BT_CONFIG;
1218 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1219 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1220 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1221 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1222 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1223 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1231 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1234 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1236 struct sock *sk = sock->sk;
1237 struct l2cap_options opts;
1241 BT_DBG("sk %p", sk);
1247 opts.imtu = l2cap_pi(sk)->imtu;
1248 opts.omtu = l2cap_pi(sk)->omtu;
1249 opts.flush_to = l2cap_pi(sk)->flush_to;
1250 opts.mode = L2CAP_MODE_BASIC;
1252 len = min_t(unsigned int, sizeof(opts), optlen);
1253 if (copy_from_user((char *) &opts, optval, len)) {
1258 l2cap_pi(sk)->imtu = opts.imtu;
1259 l2cap_pi(sk)->omtu = opts.omtu;
1263 if (get_user(opt, (u32 __user *) optval)) {
1268 if (opt & L2CAP_LM_AUTH)
1269 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1270 if (opt & L2CAP_LM_ENCRYPT)
1271 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1272 if (opt & L2CAP_LM_SECURE)
1273 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1275 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1276 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1288 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1290 struct sock *sk = sock->sk;
1291 struct bt_security sec;
1295 BT_DBG("sk %p", sk);
1297 if (level == SOL_L2CAP)
1298 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1300 if (level != SOL_BLUETOOTH)
1301 return -ENOPROTOOPT;
1307 if (sk->sk_type != SOCK_SEQPACKET) {
1312 sec.level = BT_SECURITY_LOW;
1314 len = min_t(unsigned int, sizeof(sec), optlen);
1315 if (copy_from_user((char *) &sec, optval, len)) {
1320 if (sec.level < BT_SECURITY_LOW ||
1321 sec.level > BT_SECURITY_HIGH) {
1326 l2cap_pi(sk)->sec_level = sec.level;
1329 case BT_DEFER_SETUP:
1330 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1335 if (get_user(opt, (u32 __user *) optval)) {
1340 bt_sk(sk)->defer_setup = opt;
1352 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1354 struct sock *sk = sock->sk;
1355 struct l2cap_options opts;
1356 struct l2cap_conninfo cinfo;
1360 BT_DBG("sk %p", sk);
1362 if (get_user(len, optlen))
1369 opts.imtu = l2cap_pi(sk)->imtu;
1370 opts.omtu = l2cap_pi(sk)->omtu;
1371 opts.flush_to = l2cap_pi(sk)->flush_to;
1372 opts.mode = L2CAP_MODE_BASIC;
1374 len = min_t(unsigned int, len, sizeof(opts));
1375 if (copy_to_user(optval, (char *) &opts, len))
1381 switch (l2cap_pi(sk)->sec_level) {
1382 case BT_SECURITY_LOW:
1383 opt = L2CAP_LM_AUTH;
1385 case BT_SECURITY_MEDIUM:
1386 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1388 case BT_SECURITY_HIGH:
1389 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1397 if (l2cap_pi(sk)->role_switch)
1398 opt |= L2CAP_LM_MASTER;
1400 if (l2cap_pi(sk)->force_reliable)
1401 opt |= L2CAP_LM_RELIABLE;
1403 if (put_user(opt, (u32 __user *) optval))
1407 case L2CAP_CONNINFO:
1408 if (sk->sk_state != BT_CONNECTED &&
1409 !(sk->sk_state == BT_CONNECT2 &&
1410 bt_sk(sk)->defer_setup)) {
1415 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1416 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1418 len = min_t(unsigned int, len, sizeof(cinfo));
1419 if (copy_to_user(optval, (char *) &cinfo, len))
1433 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1435 struct sock *sk = sock->sk;
1436 struct bt_security sec;
1439 BT_DBG("sk %p", sk);
1441 if (level == SOL_L2CAP)
1442 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1444 if (level != SOL_BLUETOOTH)
1445 return -ENOPROTOOPT;
1447 if (get_user(len, optlen))
1454 if (sk->sk_type != SOCK_SEQPACKET) {
1459 sec.level = l2cap_pi(sk)->sec_level;
1461 len = min_t(unsigned int, len, sizeof(sec));
1462 if (copy_to_user(optval, (char *) &sec, len))
1467 case BT_DEFER_SETUP:
1468 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1473 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1487 static int l2cap_sock_shutdown(struct socket *sock, int how)
1489 struct sock *sk = sock->sk;
1492 BT_DBG("sock %p, sk %p", sock, sk);
1498 if (!sk->sk_shutdown) {
1499 sk->sk_shutdown = SHUTDOWN_MASK;
1500 l2cap_sock_clear_timer(sk);
1501 __l2cap_sock_close(sk, 0);
1503 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1504 err = bt_sock_wait_state(sk, BT_CLOSED,
1511 static int l2cap_sock_release(struct socket *sock)
1513 struct sock *sk = sock->sk;
1516 BT_DBG("sock %p, sk %p", sock, sk);
1521 err = l2cap_sock_shutdown(sock, 2);
1524 l2cap_sock_kill(sk);
1528 static void l2cap_chan_ready(struct sock *sk)
1530 struct sock *parent = bt_sk(sk)->parent;
1532 BT_DBG("sk %p, parent %p", sk, parent);
1534 l2cap_pi(sk)->conf_state = 0;
1535 l2cap_sock_clear_timer(sk);
1538 /* Outgoing channel.
1539 * Wake up socket sleeping on connect.
1541 sk->sk_state = BT_CONNECTED;
1542 sk->sk_state_change(sk);
1544 /* Incoming channel.
1545 * Wake up socket sleeping on accept.
1547 parent->sk_data_ready(parent, 0);
1551 /* Copy frame to all raw sockets on that connection */
1552 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1554 struct l2cap_chan_list *l = &conn->chan_list;
1555 struct sk_buff *nskb;
1558 BT_DBG("conn %p", conn);
1560 read_lock(&l->lock);
1561 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1562 if (sk->sk_type != SOCK_RAW)
1565 /* Don't send frame to the socket it came from */
1569 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1572 if (sock_queue_rcv_skb(sk, nskb))
1575 read_unlock(&l->lock);
1578 /* ---- L2CAP signalling commands ---- */
1579 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1580 u8 code, u8 ident, u16 dlen, void *data)
1582 struct sk_buff *skb, **frag;
1583 struct l2cap_cmd_hdr *cmd;
1584 struct l2cap_hdr *lh;
1587 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1589 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1590 count = min_t(unsigned int, conn->mtu, len);
1592 skb = bt_skb_alloc(count, GFP_ATOMIC);
1596 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1597 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1598 lh->cid = cpu_to_le16(0x0001);
1600 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1603 cmd->len = cpu_to_le16(dlen);
1606 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1607 memcpy(skb_put(skb, count), data, count);
1613 /* Continuation fragments (no L2CAP header) */
1614 frag = &skb_shinfo(skb)->frag_list;
1616 count = min_t(unsigned int, conn->mtu, len);
1618 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1622 memcpy(skb_put(*frag, count), data, count);
1627 frag = &(*frag)->next;
1637 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1639 struct l2cap_conf_opt *opt = *ptr;
1642 len = L2CAP_CONF_OPT_SIZE + opt->len;
1650 *val = *((u8 *) opt->val);
1654 *val = __le16_to_cpu(*((__le16 *) opt->val));
1658 *val = __le32_to_cpu(*((__le32 *) opt->val));
1662 *val = (unsigned long) opt->val;
1666 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1670 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1672 struct l2cap_conf_opt *opt = *ptr;
1674 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1681 *((u8 *) opt->val) = val;
1685 *((__le16 *) opt->val) = cpu_to_le16(val);
1689 *((__le32 *) opt->val) = cpu_to_le32(val);
1693 memcpy(opt->val, (void *) val, len);
1697 *ptr += L2CAP_CONF_OPT_SIZE + len;
1700 static int l2cap_build_conf_req(struct sock *sk, void *data)
1702 struct l2cap_pinfo *pi = l2cap_pi(sk);
1703 struct l2cap_conf_req *req = data;
1704 void *ptr = req->data;
1706 BT_DBG("sk %p", sk);
1708 if (pi->imtu != L2CAP_DEFAULT_MTU)
1709 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1711 /* FIXME: Need actual value of the flush timeout */
1712 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1713 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1715 req->dcid = cpu_to_le16(pi->dcid);
1716 req->flags = cpu_to_le16(0);
1721 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1723 struct l2cap_pinfo *pi = l2cap_pi(sk);
1724 struct l2cap_conf_rsp *rsp = data;
1725 void *ptr = rsp->data;
1726 void *req = pi->conf_req;
1727 int len = pi->conf_len;
1728 int type, hint, olen;
1730 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1731 u16 mtu = L2CAP_DEFAULT_MTU;
1732 u16 result = L2CAP_CONF_SUCCESS;
1734 BT_DBG("sk %p", sk);
1736 while (len >= L2CAP_CONF_OPT_SIZE) {
1737 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1743 case L2CAP_CONF_MTU:
1747 case L2CAP_CONF_FLUSH_TO:
1751 case L2CAP_CONF_QOS:
1754 case L2CAP_CONF_RFC:
1755 if (olen == sizeof(rfc))
1756 memcpy(&rfc, (void *) val, olen);
1763 result = L2CAP_CONF_UNKNOWN;
1764 *((u8 *) ptr++) = type;
1769 if (result == L2CAP_CONF_SUCCESS) {
1770 /* Configure output options and let the other side know
1771 * which ones we don't like. */
1773 if (rfc.mode == L2CAP_MODE_BASIC) {
1775 result = L2CAP_CONF_UNACCEPT;
1778 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1781 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1783 result = L2CAP_CONF_UNACCEPT;
1785 memset(&rfc, 0, sizeof(rfc));
1786 rfc.mode = L2CAP_MODE_BASIC;
1788 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1789 sizeof(rfc), (unsigned long) &rfc);
1793 rsp->scid = cpu_to_le16(pi->dcid);
1794 rsp->result = cpu_to_le16(result);
1795 rsp->flags = cpu_to_le16(0x0000);
1800 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1802 struct l2cap_conf_rsp *rsp = data;
1803 void *ptr = rsp->data;
1805 BT_DBG("sk %p", sk);
1807 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1808 rsp->result = cpu_to_le16(result);
1809 rsp->flags = cpu_to_le16(flags);
1814 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1816 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1818 if (rej->reason != 0x0000)
1821 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1822 cmd->ident == conn->info_ident) {
1823 del_timer(&conn->info_timer);
1825 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
1826 conn->info_ident = 0;
1828 l2cap_conn_start(conn);
1834 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1836 struct l2cap_chan_list *list = &conn->chan_list;
1837 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1838 struct l2cap_conn_rsp rsp;
1839 struct sock *sk, *parent;
1840 int result, status = L2CAP_CS_NO_INFO;
1842 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1843 __le16 psm = req->psm;
1845 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1847 /* Check if we have socket listening on psm */
1848 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1850 result = L2CAP_CR_BAD_PSM;
1854 /* Check if the ACL is secure enough (if not SDP) */
1855 if (psm != cpu_to_le16(0x0001) &&
1856 !hci_conn_check_link_mode(conn->hcon)) {
1857 conn->disc_reason = 0x05;
1858 result = L2CAP_CR_SEC_BLOCK;
1862 result = L2CAP_CR_NO_MEM;
1864 /* Check for backlog size */
1865 if (sk_acceptq_is_full(parent)) {
1866 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1870 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1874 write_lock_bh(&list->lock);
1876 /* Check if we already have channel with that dcid */
1877 if (__l2cap_get_chan_by_dcid(list, scid)) {
1878 write_unlock_bh(&list->lock);
1879 sock_set_flag(sk, SOCK_ZAPPED);
1880 l2cap_sock_kill(sk);
1884 hci_conn_hold(conn->hcon);
1886 l2cap_sock_init(sk, parent);
1887 bacpy(&bt_sk(sk)->src, conn->src);
1888 bacpy(&bt_sk(sk)->dst, conn->dst);
1889 l2cap_pi(sk)->psm = psm;
1890 l2cap_pi(sk)->dcid = scid;
1892 __l2cap_chan_add(conn, sk, parent);
1893 dcid = l2cap_pi(sk)->scid;
1895 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1897 l2cap_pi(sk)->ident = cmd->ident;
1899 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
1900 if (l2cap_check_security(sk)) {
1901 if (bt_sk(sk)->defer_setup) {
1902 sk->sk_state = BT_CONNECT2;
1903 result = L2CAP_CR_PEND;
1904 status = L2CAP_CS_AUTHOR_PEND;
1905 parent->sk_data_ready(parent, 0);
1907 sk->sk_state = BT_CONFIG;
1908 result = L2CAP_CR_SUCCESS;
1909 status = L2CAP_CS_NO_INFO;
1912 sk->sk_state = BT_CONNECT2;
1913 result = L2CAP_CR_PEND;
1914 status = L2CAP_CS_AUTHEN_PEND;
1917 sk->sk_state = BT_CONNECT2;
1918 result = L2CAP_CR_PEND;
1919 status = L2CAP_CS_NO_INFO;
1922 write_unlock_bh(&list->lock);
1925 bh_unlock_sock(parent);
1928 rsp.scid = cpu_to_le16(scid);
1929 rsp.dcid = cpu_to_le16(dcid);
1930 rsp.result = cpu_to_le16(result);
1931 rsp.status = cpu_to_le16(status);
1932 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1934 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1935 struct l2cap_info_req info;
1936 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1938 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1939 conn->info_ident = l2cap_get_ident(conn);
1941 mod_timer(&conn->info_timer, jiffies +
1942 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1944 l2cap_send_cmd(conn, conn->info_ident,
1945 L2CAP_INFO_REQ, sizeof(info), &info);
1951 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1953 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1954 u16 scid, dcid, result, status;
1958 scid = __le16_to_cpu(rsp->scid);
1959 dcid = __le16_to_cpu(rsp->dcid);
1960 result = __le16_to_cpu(rsp->result);
1961 status = __le16_to_cpu(rsp->status);
1963 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1966 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1969 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1974 case L2CAP_CR_SUCCESS:
1975 sk->sk_state = BT_CONFIG;
1976 l2cap_pi(sk)->ident = 0;
1977 l2cap_pi(sk)->dcid = dcid;
1978 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1980 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
1982 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1983 l2cap_build_conf_req(sk, req), req);
1987 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
1991 l2cap_chan_del(sk, ECONNREFUSED);
1999 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2001 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2007 dcid = __le16_to_cpu(req->dcid);
2008 flags = __le16_to_cpu(req->flags);
2010 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2012 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2015 if (sk->sk_state == BT_DISCONN)
2018 /* Reject if config buffer is too small. */
2019 len = cmd_len - sizeof(*req);
2020 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2021 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2022 l2cap_build_conf_rsp(sk, rsp,
2023 L2CAP_CONF_REJECT, flags), rsp);
2028 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2029 l2cap_pi(sk)->conf_len += len;
2031 if (flags & 0x0001) {
2032 /* Incomplete config. Send empty response. */
2033 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2034 l2cap_build_conf_rsp(sk, rsp,
2035 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2039 /* Complete config. */
2040 len = l2cap_parse_conf_req(sk, rsp);
2044 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2046 /* Reset config buffer. */
2047 l2cap_pi(sk)->conf_len = 0;
2049 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2052 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2053 sk->sk_state = BT_CONNECTED;
2054 l2cap_chan_ready(sk);
2058 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2060 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2061 l2cap_build_conf_req(sk, buf), buf);
2069 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2071 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2072 u16 scid, flags, result;
2075 scid = __le16_to_cpu(rsp->scid);
2076 flags = __le16_to_cpu(rsp->flags);
2077 result = __le16_to_cpu(rsp->result);
2079 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
2081 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2085 case L2CAP_CONF_SUCCESS:
2088 case L2CAP_CONF_UNACCEPT:
2089 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2091 /* It does not make sense to adjust L2CAP parameters
2092 * that are currently defined in the spec. We simply
2093 * resend config request that we sent earlier. It is
2094 * stupid, but it helps qualification testing which
2095 * expects at least some response from us. */
2096 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2097 l2cap_build_conf_req(sk, req), req);
2102 sk->sk_state = BT_DISCONN;
2103 sk->sk_err = ECONNRESET;
2104 l2cap_sock_set_timer(sk, HZ * 5);
2106 struct l2cap_disconn_req req;
2107 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2108 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2109 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2110 L2CAP_DISCONN_REQ, sizeof(req), &req);
2118 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2120 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2121 sk->sk_state = BT_CONNECTED;
2122 l2cap_chan_ready(sk);
2130 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2132 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2133 struct l2cap_disconn_rsp rsp;
2137 scid = __le16_to_cpu(req->scid);
2138 dcid = __le16_to_cpu(req->dcid);
2140 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2142 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2145 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2146 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2147 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2149 sk->sk_shutdown = SHUTDOWN_MASK;
2151 l2cap_chan_del(sk, ECONNRESET);
2154 l2cap_sock_kill(sk);
2158 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2160 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2164 scid = __le16_to_cpu(rsp->scid);
2165 dcid = __le16_to_cpu(rsp->dcid);
2167 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2169 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2172 l2cap_chan_del(sk, 0);
2175 l2cap_sock_kill(sk);
2179 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2181 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2184 type = __le16_to_cpu(req->type);
2186 BT_DBG("type 0x%4.4x", type);
2188 if (type == L2CAP_IT_FEAT_MASK) {
2190 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2191 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2192 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2193 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2194 l2cap_send_cmd(conn, cmd->ident,
2195 L2CAP_INFO_RSP, sizeof(buf), buf);
2196 } else if (type == L2CAP_IT_FIXED_CHAN) {
2198 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2199 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2200 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2201 memcpy(buf + 4, l2cap_fixed_chan, 8);
2202 l2cap_send_cmd(conn, cmd->ident,
2203 L2CAP_INFO_RSP, sizeof(buf), buf);
2205 struct l2cap_info_rsp rsp;
2206 rsp.type = cpu_to_le16(type);
2207 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2208 l2cap_send_cmd(conn, cmd->ident,
2209 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2215 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2217 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2220 type = __le16_to_cpu(rsp->type);
2221 result = __le16_to_cpu(rsp->result);
2223 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2225 del_timer(&conn->info_timer);
2227 if (type == L2CAP_IT_FEAT_MASK) {
2228 conn->feat_mask = get_unaligned_le32(rsp->data);
2230 if (conn->feat_mask & 0x0080) {
2231 struct l2cap_info_req req;
2232 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2234 conn->info_ident = l2cap_get_ident(conn);
2236 l2cap_send_cmd(conn, conn->info_ident,
2237 L2CAP_INFO_REQ, sizeof(req), &req);
2239 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2240 conn->info_ident = 0;
2242 l2cap_conn_start(conn);
2244 } else if (type == L2CAP_IT_FIXED_CHAN) {
2245 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2246 conn->info_ident = 0;
2248 l2cap_conn_start(conn);
2254 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2256 u8 *data = skb->data;
2258 struct l2cap_cmd_hdr cmd;
2261 l2cap_raw_recv(conn, skb);
2263 while (len >= L2CAP_CMD_HDR_SIZE) {
2265 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2266 data += L2CAP_CMD_HDR_SIZE;
2267 len -= L2CAP_CMD_HDR_SIZE;
2269 cmd_len = le16_to_cpu(cmd.len);
2271 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
2273 if (cmd_len > len || !cmd.ident) {
2274 BT_DBG("corrupted command");
2279 case L2CAP_COMMAND_REJ:
2280 l2cap_command_rej(conn, &cmd, data);
2283 case L2CAP_CONN_REQ:
2284 err = l2cap_connect_req(conn, &cmd, data);
2287 case L2CAP_CONN_RSP:
2288 err = l2cap_connect_rsp(conn, &cmd, data);
2291 case L2CAP_CONF_REQ:
2292 err = l2cap_config_req(conn, &cmd, cmd_len, data);
2295 case L2CAP_CONF_RSP:
2296 err = l2cap_config_rsp(conn, &cmd, data);
2299 case L2CAP_DISCONN_REQ:
2300 err = l2cap_disconnect_req(conn, &cmd, data);
2303 case L2CAP_DISCONN_RSP:
2304 err = l2cap_disconnect_rsp(conn, &cmd, data);
2307 case L2CAP_ECHO_REQ:
2308 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
2311 case L2CAP_ECHO_RSP:
2314 case L2CAP_INFO_REQ:
2315 err = l2cap_information_req(conn, &cmd, data);
2318 case L2CAP_INFO_RSP:
2319 err = l2cap_information_rsp(conn, &cmd, data);
2323 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2329 struct l2cap_cmd_rej rej;
2330 BT_DBG("error %d", err);
2332 /* FIXME: Map err to a valid reason */
2333 rej.reason = cpu_to_le16(0);
2334 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2344 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2348 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2350 BT_DBG("unknown cid 0x%4.4x", cid);
2354 BT_DBG("sk %p, len %d", sk, skb->len);
2356 if (sk->sk_state != BT_CONNECTED)
2359 if (l2cap_pi(sk)->imtu < skb->len)
2362 /* If socket recv buffers overflows we drop data here
2363 * which is *bad* because L2CAP has to be reliable.
2364 * But we don't have any other choice. L2CAP doesn't
2365 * provide flow control mechanism. */
2367 if (!sock_queue_rcv_skb(sk, skb))
2380 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
2384 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2388 BT_DBG("sk %p, len %d", sk, skb->len);
2390 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2393 if (l2cap_pi(sk)->imtu < skb->len)
2396 if (!sock_queue_rcv_skb(sk, skb))
2403 if (sk) bh_unlock_sock(sk);
2407 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2409 struct l2cap_hdr *lh = (void *) skb->data;
2413 skb_pull(skb, L2CAP_HDR_SIZE);
2414 cid = __le16_to_cpu(lh->cid);
2415 len = __le16_to_cpu(lh->len);
2417 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2421 l2cap_sig_channel(conn, skb);
2425 psm = get_unaligned((__le16 *) skb->data);
2427 l2cap_conless_channel(conn, psm, skb);
2431 l2cap_data_channel(conn, cid, skb);
2436 /* ---- L2CAP interface with lower layer (HCI) ---- */
2438 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2440 int exact = 0, lm1 = 0, lm2 = 0;
2441 register struct sock *sk;
2442 struct hlist_node *node;
2444 if (type != ACL_LINK)
2447 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2449 /* Find listening sockets and check their link_mode */
2450 read_lock(&l2cap_sk_list.lock);
2451 sk_for_each(sk, node, &l2cap_sk_list.head) {
2452 if (sk->sk_state != BT_LISTEN)
2455 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2456 lm1 |= HCI_LM_ACCEPT;
2457 if (l2cap_pi(sk)->role_switch)
2458 lm1 |= HCI_LM_MASTER;
2460 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2461 lm2 |= HCI_LM_ACCEPT;
2462 if (l2cap_pi(sk)->role_switch)
2463 lm2 |= HCI_LM_MASTER;
2466 read_unlock(&l2cap_sk_list.lock);
2468 return exact ? lm1 : lm2;
2471 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2473 struct l2cap_conn *conn;
2475 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2477 if (hcon->type != ACL_LINK)
2481 conn = l2cap_conn_add(hcon, status);
2483 l2cap_conn_ready(conn);
2485 l2cap_conn_del(hcon, bt_err(status));
2490 static int l2cap_disconn_ind(struct hci_conn *hcon)
2492 struct l2cap_conn *conn = hcon->l2cap_data;
2494 BT_DBG("hcon %p", hcon);
2496 if (hcon->type != ACL_LINK || !conn)
2499 return conn->disc_reason;
2502 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
2504 BT_DBG("hcon %p reason %d", hcon, reason);
2506 if (hcon->type != ACL_LINK)
2509 l2cap_conn_del(hcon, bt_err(reason));
2514 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2516 if (sk->sk_type != SOCK_SEQPACKET)
2519 if (encrypt == 0x00) {
2520 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2521 l2cap_sock_clear_timer(sk);
2522 l2cap_sock_set_timer(sk, HZ * 5);
2523 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2524 __l2cap_sock_close(sk, ECONNREFUSED);
2526 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2527 l2cap_sock_clear_timer(sk);
2531 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2533 struct l2cap_chan_list *l;
2534 struct l2cap_conn *conn = hcon->l2cap_data;
2540 l = &conn->chan_list;
2542 BT_DBG("conn %p", conn);
2544 read_lock(&l->lock);
2546 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2549 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
2554 if (!status && (sk->sk_state == BT_CONNECTED ||
2555 sk->sk_state == BT_CONFIG)) {
2556 l2cap_check_encryption(sk, encrypt);
2561 if (sk->sk_state == BT_CONNECT) {
2563 struct l2cap_conn_req req;
2564 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2565 req.psm = l2cap_pi(sk)->psm;
2567 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2569 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2570 L2CAP_CONN_REQ, sizeof(req), &req);
2572 l2cap_sock_clear_timer(sk);
2573 l2cap_sock_set_timer(sk, HZ / 10);
2575 } else if (sk->sk_state == BT_CONNECT2) {
2576 struct l2cap_conn_rsp rsp;
2580 sk->sk_state = BT_CONFIG;
2581 result = L2CAP_CR_SUCCESS;
2583 sk->sk_state = BT_DISCONN;
2584 l2cap_sock_set_timer(sk, HZ / 10);
2585 result = L2CAP_CR_SEC_BLOCK;
2588 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2589 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2590 rsp.result = cpu_to_le16(result);
2591 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2592 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2593 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2599 read_unlock(&l->lock);
2604 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2606 struct l2cap_conn *conn = hcon->l2cap_data;
2608 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2611 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2613 if (flags & ACL_START) {
2614 struct l2cap_hdr *hdr;
2618 BT_ERR("Unexpected start frame (len %d)", skb->len);
2619 kfree_skb(conn->rx_skb);
2620 conn->rx_skb = NULL;
2622 l2cap_conn_unreliable(conn, ECOMM);
2626 BT_ERR("Frame is too short (len %d)", skb->len);
2627 l2cap_conn_unreliable(conn, ECOMM);
2631 hdr = (struct l2cap_hdr *) skb->data;
2632 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2634 if (len == skb->len) {
2635 /* Complete frame received */
2636 l2cap_recv_frame(conn, skb);
2640 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2642 if (skb->len > len) {
2643 BT_ERR("Frame is too long (len %d, expected len %d)",
2645 l2cap_conn_unreliable(conn, ECOMM);
2649 /* Allocate skb for the complete frame (with header) */
2650 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2653 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2655 conn->rx_len = len - skb->len;
2657 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2659 if (!conn->rx_len) {
2660 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2661 l2cap_conn_unreliable(conn, ECOMM);
2665 if (skb->len > conn->rx_len) {
2666 BT_ERR("Fragment is too long (len %d, expected %d)",
2667 skb->len, conn->rx_len);
2668 kfree_skb(conn->rx_skb);
2669 conn->rx_skb = NULL;
2671 l2cap_conn_unreliable(conn, ECOMM);
2675 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2677 conn->rx_len -= skb->len;
2679 if (!conn->rx_len) {
2680 /* Complete frame received */
2681 l2cap_recv_frame(conn, conn->rx_skb);
2682 conn->rx_skb = NULL;
2691 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
2694 struct hlist_node *node;
2697 read_lock_bh(&l2cap_sk_list.lock);
2699 sk_for_each(sk, node, &l2cap_sk_list.head) {
2700 struct l2cap_pinfo *pi = l2cap_pi(sk);
2702 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
2703 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2704 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2705 pi->imtu, pi->omtu, pi->sec_level);
2708 read_unlock_bh(&l2cap_sk_list.lock);
2713 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
2715 static const struct proto_ops l2cap_sock_ops = {
2716 .family = PF_BLUETOOTH,
2717 .owner = THIS_MODULE,
2718 .release = l2cap_sock_release,
2719 .bind = l2cap_sock_bind,
2720 .connect = l2cap_sock_connect,
2721 .listen = l2cap_sock_listen,
2722 .accept = l2cap_sock_accept,
2723 .getname = l2cap_sock_getname,
2724 .sendmsg = l2cap_sock_sendmsg,
2725 .recvmsg = l2cap_sock_recvmsg,
2726 .poll = bt_sock_poll,
2727 .ioctl = bt_sock_ioctl,
2728 .mmap = sock_no_mmap,
2729 .socketpair = sock_no_socketpair,
2730 .shutdown = l2cap_sock_shutdown,
2731 .setsockopt = l2cap_sock_setsockopt,
2732 .getsockopt = l2cap_sock_getsockopt
2735 static struct net_proto_family l2cap_sock_family_ops = {
2736 .family = PF_BLUETOOTH,
2737 .owner = THIS_MODULE,
2738 .create = l2cap_sock_create,
2741 static struct hci_proto l2cap_hci_proto = {
2743 .id = HCI_PROTO_L2CAP,
2744 .connect_ind = l2cap_connect_ind,
2745 .connect_cfm = l2cap_connect_cfm,
2746 .disconn_ind = l2cap_disconn_ind,
2747 .disconn_cfm = l2cap_disconn_cfm,
2748 .security_cfm = l2cap_security_cfm,
2749 .recv_acldata = l2cap_recv_acldata
2752 static int __init l2cap_init(void)
2756 err = proto_register(&l2cap_proto, 0);
2760 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2762 BT_ERR("L2CAP socket registration failed");
2766 err = hci_register_proto(&l2cap_hci_proto);
2768 BT_ERR("L2CAP protocol registration failed");
2769 bt_sock_unregister(BTPROTO_L2CAP);
2773 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2774 BT_ERR("Failed to create L2CAP info file");
2776 BT_INFO("L2CAP ver %s", VERSION);
2777 BT_INFO("L2CAP socket layer initialized");
2782 proto_unregister(&l2cap_proto);
2786 static void __exit l2cap_exit(void)
2788 class_remove_file(bt_class, &class_attr_l2cap);
2790 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2791 BT_ERR("L2CAP socket unregistration failed");
2793 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2794 BT_ERR("L2CAP protocol unregistration failed");
2796 proto_unregister(&l2cap_proto);
2799 void l2cap_load(void)
2801 /* Dummy function to trigger automatic L2CAP module loading by
2802 * other modules that use L2CAP sockets but don't use any other
2803 * symbols from it. */
2806 EXPORT_SYMBOL(l2cap_load);
2808 module_init(l2cap_init);
2809 module_exit(l2cap_exit);
2811 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2812 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2813 MODULE_VERSION(VERSION);
2814 MODULE_LICENSE("GPL");
2815 MODULE_ALIAS("bt-proto-0");
git.openpandora.org / pandora-kernel.git / blob