2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth L2CAP core and sockets. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <linux/uaccess.h>
46 #include <asm/system.h>
47 #include <asm/unaligned.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
53 #define VERSION "2.13"
55 static u32 l2cap_feat_mask = 0x0080;
56 static u8 l2cap_fixed_chan[8] = { 0x02, };
58 static const struct proto_ops l2cap_sock_ops;
60 static struct bt_sock_list l2cap_sk_list = {
61 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
64 static void __l2cap_sock_close(struct sock *sk, int reason);
65 static void l2cap_sock_close(struct sock *sk);
66 static void l2cap_sock_kill(struct sock *sk);
68 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
71 /* ---- L2CAP timers ---- */
72 static void l2cap_sock_timeout(unsigned long arg)
74 struct sock *sk = (struct sock *) arg;
77 BT_DBG("sock %p state %d", sk, sk->sk_state);
81 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
82 reason = ECONNREFUSED;
83 else if (sk->sk_state == BT_CONNECT &&
84 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
85 reason = ECONNREFUSED;
89 __l2cap_sock_close(sk, reason);
97 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
99 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
100 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
103 static void l2cap_sock_clear_timer(struct sock *sk)
105 BT_DBG("sock %p state %d", sk, sk->sk_state);
106 sk_stop_timer(sk, &sk->sk_timer);
109 /* ---- L2CAP channels ---- */
110 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
113 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
114 if (l2cap_pi(s)->dcid == cid)
120 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
123 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
124 if (l2cap_pi(s)->scid == cid)
130 /* Find channel with given SCID.
131 * Returns locked socket */
132 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
136 s = __l2cap_get_chan_by_scid(l, cid);
139 read_unlock(&l->lock);
143 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
146 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
147 if (l2cap_pi(s)->ident == ident)
153 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
157 s = __l2cap_get_chan_by_ident(l, ident);
160 read_unlock(&l->lock);
164 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
166 u16 cid = L2CAP_CID_DYN_START;
168 for (; cid < L2CAP_CID_DYN_END; cid++) {
169 if (!__l2cap_get_chan_by_scid(l, cid))
176 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
181 l2cap_pi(l->head)->prev_c = sk;
183 l2cap_pi(sk)->next_c = l->head;
184 l2cap_pi(sk)->prev_c = NULL;
188 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
190 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
192 write_lock_bh(&l->lock);
197 l2cap_pi(next)->prev_c = prev;
199 l2cap_pi(prev)->next_c = next;
200 write_unlock_bh(&l->lock);
205 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
207 struct l2cap_chan_list *l = &conn->chan_list;
209 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
210 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
212 conn->disc_reason = 0x13;
214 l2cap_pi(sk)->conn = conn;
216 if (sk->sk_type == SOCK_SEQPACKET) {
217 /* Alloc CID for connection-oriented socket */
218 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
219 } else if (sk->sk_type == SOCK_DGRAM) {
220 /* Connectionless socket */
221 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
222 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
223 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
225 /* Raw socket can send/recv signalling messages only */
226 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
227 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
228 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
231 __l2cap_chan_link(l, sk);
234 bt_accept_enqueue(parent, sk);
238 * Must be called on the locked socket. */
239 static void l2cap_chan_del(struct sock *sk, int err)
241 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
242 struct sock *parent = bt_sk(sk)->parent;
244 l2cap_sock_clear_timer(sk);
246 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
249 /* Unlink from channel list */
250 l2cap_chan_unlink(&conn->chan_list, sk);
251 l2cap_pi(sk)->conn = NULL;
252 hci_conn_put(conn->hcon);
255 sk->sk_state = BT_CLOSED;
256 sock_set_flag(sk, SOCK_ZAPPED);
262 bt_accept_unlink(sk);
263 parent->sk_data_ready(parent, 0);
265 sk->sk_state_change(sk);
268 /* Service level security */
269 static inline int l2cap_check_security(struct sock *sk)
271 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
274 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
275 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
276 auth_type = HCI_AT_NO_BONDING_MITM;
278 auth_type = HCI_AT_NO_BONDING;
280 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
281 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
283 switch (l2cap_pi(sk)->sec_level) {
284 case BT_SECURITY_HIGH:
285 auth_type = HCI_AT_GENERAL_BONDING_MITM;
287 case BT_SECURITY_MEDIUM:
288 auth_type = HCI_AT_GENERAL_BONDING;
291 auth_type = HCI_AT_NO_BONDING;
296 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
300 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
304 /* Get next available identificator.
305 * 1 - 128 are used by kernel.
306 * 129 - 199 are reserved.
307 * 200 - 254 are used by utilities like l2ping, etc.
310 spin_lock_bh(&conn->lock);
312 if (++conn->tx_ident > 128)
317 spin_unlock_bh(&conn->lock);
322 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
324 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
326 BT_DBG("code 0x%2.2x", code);
331 return hci_send_acl(conn->hcon, skb, 0);
334 static void l2cap_do_start(struct sock *sk)
336 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
338 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
339 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
342 if (l2cap_check_security(sk)) {
343 struct l2cap_conn_req req;
344 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
345 req.psm = l2cap_pi(sk)->psm;
347 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
349 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
350 L2CAP_CONN_REQ, sizeof(req), &req);
353 struct l2cap_info_req req;
354 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
356 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
357 conn->info_ident = l2cap_get_ident(conn);
359 mod_timer(&conn->info_timer, jiffies +
360 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
362 l2cap_send_cmd(conn, conn->info_ident,
363 L2CAP_INFO_REQ, sizeof(req), &req);
367 /* ---- L2CAP connections ---- */
368 static void l2cap_conn_start(struct l2cap_conn *conn)
370 struct l2cap_chan_list *l = &conn->chan_list;
373 BT_DBG("conn %p", conn);
377 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
380 if (sk->sk_type != SOCK_SEQPACKET) {
385 if (sk->sk_state == BT_CONNECT) {
386 if (l2cap_check_security(sk)) {
387 struct l2cap_conn_req req;
388 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
389 req.psm = l2cap_pi(sk)->psm;
391 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
393 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
394 L2CAP_CONN_REQ, sizeof(req), &req);
396 } else if (sk->sk_state == BT_CONNECT2) {
397 struct l2cap_conn_rsp rsp;
398 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
399 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
401 if (l2cap_check_security(sk)) {
402 if (bt_sk(sk)->defer_setup) {
403 struct sock *parent = bt_sk(sk)->parent;
404 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
405 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
406 parent->sk_data_ready(parent, 0);
409 sk->sk_state = BT_CONFIG;
410 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
411 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
414 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
415 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
418 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
419 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
425 read_unlock(&l->lock);
428 static void l2cap_conn_ready(struct l2cap_conn *conn)
430 struct l2cap_chan_list *l = &conn->chan_list;
433 BT_DBG("conn %p", conn);
437 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
440 if (sk->sk_type != SOCK_SEQPACKET) {
441 l2cap_sock_clear_timer(sk);
442 sk->sk_state = BT_CONNECTED;
443 sk->sk_state_change(sk);
444 } else if (sk->sk_state == BT_CONNECT)
450 read_unlock(&l->lock);
453 /* Notify sockets that we cannot guaranty reliability anymore */
454 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
456 struct l2cap_chan_list *l = &conn->chan_list;
459 BT_DBG("conn %p", conn);
463 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
464 if (l2cap_pi(sk)->force_reliable)
468 read_unlock(&l->lock);
471 static void l2cap_info_timeout(unsigned long arg)
473 struct l2cap_conn *conn = (void *) arg;
475 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
476 conn->info_ident = 0;
478 l2cap_conn_start(conn);
481 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
483 struct l2cap_conn *conn = hcon->l2cap_data;
488 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
492 hcon->l2cap_data = conn;
495 BT_DBG("hcon %p conn %p", hcon, conn);
497 conn->mtu = hcon->hdev->acl_mtu;
498 conn->src = &hcon->hdev->bdaddr;
499 conn->dst = &hcon->dst;
503 setup_timer(&conn->info_timer, l2cap_info_timeout,
504 (unsigned long) conn);
506 spin_lock_init(&conn->lock);
507 rwlock_init(&conn->chan_list.lock);
509 conn->disc_reason = 0x13;
514 static void l2cap_conn_del(struct hci_conn *hcon, int err)
516 struct l2cap_conn *conn = hcon->l2cap_data;
522 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
524 kfree_skb(conn->rx_skb);
527 while ((sk = conn->chan_list.head)) {
529 l2cap_chan_del(sk, err);
534 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
535 del_timer_sync(&conn->info_timer);
537 hcon->l2cap_data = NULL;
541 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
543 struct l2cap_chan_list *l = &conn->chan_list;
544 write_lock_bh(&l->lock);
545 __l2cap_chan_add(conn, sk, parent);
546 write_unlock_bh(&l->lock);
549 /* ---- Socket interface ---- */
550 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
553 struct hlist_node *node;
554 sk_for_each(sk, node, &l2cap_sk_list.head)
555 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
562 /* Find socket with psm and source bdaddr.
563 * Returns closest match.
565 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
567 struct sock *sk = NULL, *sk1 = NULL;
568 struct hlist_node *node;
570 sk_for_each(sk, node, &l2cap_sk_list.head) {
571 if (state && sk->sk_state != state)
574 if (l2cap_pi(sk)->psm == psm) {
576 if (!bacmp(&bt_sk(sk)->src, src))
580 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
584 return node ? sk : sk1;
587 /* Find socket with given address (psm, src).
588 * Returns locked socket */
589 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
592 read_lock(&l2cap_sk_list.lock);
593 s = __l2cap_get_sock_by_psm(state, psm, src);
596 read_unlock(&l2cap_sk_list.lock);
600 static void l2cap_sock_destruct(struct sock *sk)
604 skb_queue_purge(&sk->sk_receive_queue);
605 skb_queue_purge(&sk->sk_write_queue);
608 static void l2cap_sock_cleanup_listen(struct sock *parent)
612 BT_DBG("parent %p", parent);
614 /* Close not yet accepted channels */
615 while ((sk = bt_accept_dequeue(parent, NULL)))
616 l2cap_sock_close(sk);
618 parent->sk_state = BT_CLOSED;
619 sock_set_flag(parent, SOCK_ZAPPED);
622 /* Kill socket (only if zapped and orphan)
623 * Must be called on unlocked socket.
625 static void l2cap_sock_kill(struct sock *sk)
627 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
630 BT_DBG("sk %p state %d", sk, sk->sk_state);
632 /* Kill poor orphan */
633 bt_sock_unlink(&l2cap_sk_list, sk);
634 sock_set_flag(sk, SOCK_DEAD);
638 static void __l2cap_sock_close(struct sock *sk, int reason)
640 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
642 switch (sk->sk_state) {
644 l2cap_sock_cleanup_listen(sk);
649 if (sk->sk_type == SOCK_SEQPACKET) {
650 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
651 struct l2cap_disconn_req req;
653 sk->sk_state = BT_DISCONN;
654 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
656 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
657 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
658 l2cap_send_cmd(conn, l2cap_get_ident(conn),
659 L2CAP_DISCONN_REQ, sizeof(req), &req);
661 l2cap_chan_del(sk, reason);
665 if (sk->sk_type == SOCK_SEQPACKET) {
666 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
667 struct l2cap_conn_rsp rsp;
670 if (bt_sk(sk)->defer_setup)
671 result = L2CAP_CR_SEC_BLOCK;
673 result = L2CAP_CR_BAD_PSM;
675 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
676 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
677 rsp.result = cpu_to_le16(result);
678 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
679 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
680 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
682 l2cap_chan_del(sk, reason);
687 l2cap_chan_del(sk, reason);
691 sock_set_flag(sk, SOCK_ZAPPED);
696 /* Must be called on unlocked socket. */
697 static void l2cap_sock_close(struct sock *sk)
699 l2cap_sock_clear_timer(sk);
701 __l2cap_sock_close(sk, ECONNRESET);
706 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
708 struct l2cap_pinfo *pi = l2cap_pi(sk);
713 sk->sk_type = parent->sk_type;
714 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
716 pi->imtu = l2cap_pi(parent)->imtu;
717 pi->omtu = l2cap_pi(parent)->omtu;
718 pi->sec_level = l2cap_pi(parent)->sec_level;
719 pi->role_switch = l2cap_pi(parent)->role_switch;
720 pi->force_reliable = l2cap_pi(parent)->force_reliable;
722 pi->imtu = L2CAP_DEFAULT_MTU;
724 pi->sec_level = BT_SECURITY_LOW;
726 pi->force_reliable = 0;
729 /* Default config options */
731 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
734 static struct proto l2cap_proto = {
736 .owner = THIS_MODULE,
737 .obj_size = sizeof(struct l2cap_pinfo)
740 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
744 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
748 sock_init_data(sock, sk);
749 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
751 sk->sk_destruct = l2cap_sock_destruct;
752 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
754 sock_reset_flag(sk, SOCK_ZAPPED);
756 sk->sk_protocol = proto;
757 sk->sk_state = BT_OPEN;
759 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
761 bt_sock_link(&l2cap_sk_list, sk);
765 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
769 BT_DBG("sock %p", sock);
771 sock->state = SS_UNCONNECTED;
773 if (sock->type != SOCK_SEQPACKET &&
774 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
775 return -ESOCKTNOSUPPORT;
777 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
780 sock->ops = &l2cap_sock_ops;
782 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
786 l2cap_sock_init(sk, NULL);
790 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
792 struct sock *sk = sock->sk;
793 struct sockaddr_l2 la;
798 if (!addr || addr->sa_family != AF_BLUETOOTH)
801 memset(&la, 0, sizeof(la));
802 len = min_t(unsigned int, sizeof(la), alen);
803 memcpy(&la, addr, len);
810 if (sk->sk_state != BT_OPEN) {
815 if (la.l2_psm && btohs(la.l2_psm) < 0x1001 &&
816 !capable(CAP_NET_BIND_SERVICE)) {
821 write_lock_bh(&l2cap_sk_list.lock);
823 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
826 /* Save source address */
827 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
828 l2cap_pi(sk)->psm = la.l2_psm;
829 l2cap_pi(sk)->sport = la.l2_psm;
830 sk->sk_state = BT_BOUND;
832 if (btohs(la.l2_psm) == 0x0001 || btohs(la.l2_psm) == 0x0003)
833 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
836 write_unlock_bh(&l2cap_sk_list.lock);
843 static int l2cap_do_connect(struct sock *sk)
845 bdaddr_t *src = &bt_sk(sk)->src;
846 bdaddr_t *dst = &bt_sk(sk)->dst;
847 struct l2cap_conn *conn;
848 struct hci_conn *hcon;
849 struct hci_dev *hdev;
853 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
856 hdev = hci_get_route(dst, src);
858 return -EHOSTUNREACH;
860 hci_dev_lock_bh(hdev);
864 if (sk->sk_type == SOCK_RAW) {
865 switch (l2cap_pi(sk)->sec_level) {
866 case BT_SECURITY_HIGH:
867 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
869 case BT_SECURITY_MEDIUM:
870 auth_type = HCI_AT_DEDICATED_BONDING;
873 auth_type = HCI_AT_NO_BONDING;
876 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
877 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
878 auth_type = HCI_AT_NO_BONDING_MITM;
880 auth_type = HCI_AT_NO_BONDING;
882 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
883 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
885 switch (l2cap_pi(sk)->sec_level) {
886 case BT_SECURITY_HIGH:
887 auth_type = HCI_AT_GENERAL_BONDING_MITM;
889 case BT_SECURITY_MEDIUM:
890 auth_type = HCI_AT_GENERAL_BONDING;
893 auth_type = HCI_AT_NO_BONDING;
898 hcon = hci_connect(hdev, ACL_LINK, dst,
899 l2cap_pi(sk)->sec_level, auth_type);
903 conn = l2cap_conn_add(hcon, 0);
911 /* Update source addr of the socket */
912 bacpy(src, conn->src);
914 l2cap_chan_add(conn, sk, NULL);
916 sk->sk_state = BT_CONNECT;
917 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
919 if (hcon->state == BT_CONNECTED) {
920 if (sk->sk_type != SOCK_SEQPACKET) {
921 l2cap_sock_clear_timer(sk);
922 sk->sk_state = BT_CONNECTED;
928 hci_dev_unlock_bh(hdev);
933 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
935 struct sock *sk = sock->sk;
936 struct sockaddr_l2 la;
941 if (!addr || addr->sa_family != AF_BLUETOOTH)
944 memset(&la, 0, sizeof(la));
945 len = min_t(unsigned int, sizeof(la), alen);
946 memcpy(&la, addr, len);
953 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
958 switch (sk->sk_state) {
962 /* Already connecting */
966 /* Already connected */
979 /* Set destination address and psm */
980 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
981 l2cap_pi(sk)->psm = la.l2_psm;
983 err = l2cap_do_connect(sk);
988 err = bt_sock_wait_state(sk, BT_CONNECTED,
989 sock_sndtimeo(sk, flags & O_NONBLOCK));
995 static int l2cap_sock_listen(struct socket *sock, int backlog)
997 struct sock *sk = sock->sk;
1000 BT_DBG("sk %p backlog %d", sk, backlog);
1004 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
1009 if (!l2cap_pi(sk)->psm) {
1010 bdaddr_t *src = &bt_sk(sk)->src;
1015 write_lock_bh(&l2cap_sk_list.lock);
1017 for (psm = 0x1001; psm < 0x1100; psm += 2)
1018 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
1019 l2cap_pi(sk)->psm = htobs(psm);
1020 l2cap_pi(sk)->sport = htobs(psm);
1025 write_unlock_bh(&l2cap_sk_list.lock);
1031 sk->sk_max_ack_backlog = backlog;
1032 sk->sk_ack_backlog = 0;
1033 sk->sk_state = BT_LISTEN;
1040 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1042 DECLARE_WAITQUEUE(wait, current);
1043 struct sock *sk = sock->sk, *nsk;
1047 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1049 if (sk->sk_state != BT_LISTEN) {
1054 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1056 BT_DBG("sk %p timeo %ld", sk, timeo);
1058 /* Wait for an incoming connection. (wake-one). */
1059 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1060 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1061 set_current_state(TASK_INTERRUPTIBLE);
1068 timeo = schedule_timeout(timeo);
1069 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1071 if (sk->sk_state != BT_LISTEN) {
1076 if (signal_pending(current)) {
1077 err = sock_intr_errno(timeo);
1081 set_current_state(TASK_RUNNING);
1082 remove_wait_queue(sk->sk_sleep, &wait);
1087 newsock->state = SS_CONNECTED;
1089 BT_DBG("new socket %p", nsk);
1096 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1098 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1099 struct sock *sk = sock->sk;
1101 BT_DBG("sock %p, sk %p", sock, sk);
1103 addr->sa_family = AF_BLUETOOTH;
1104 *len = sizeof(struct sockaddr_l2);
1107 la->l2_psm = l2cap_pi(sk)->psm;
1108 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1109 la->l2_cid = htobs(l2cap_pi(sk)->dcid);
1111 la->l2_psm = l2cap_pi(sk)->sport;
1112 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1113 la->l2_cid = htobs(l2cap_pi(sk)->scid);
1119 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1121 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1122 struct sk_buff *skb, **frag;
1123 int err, hlen, count, sent = 0;
1124 struct l2cap_hdr *lh;
1126 BT_DBG("sk %p len %d", sk, len);
1128 /* First fragment (with L2CAP header) */
1129 if (sk->sk_type == SOCK_DGRAM)
1130 hlen = L2CAP_HDR_SIZE + 2;
1132 hlen = L2CAP_HDR_SIZE;
1134 count = min_t(unsigned int, (conn->mtu - hlen), len);
1136 skb = bt_skb_send_alloc(sk, hlen + count,
1137 msg->msg_flags & MSG_DONTWAIT, &err);
1141 /* Create L2CAP header */
1142 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1143 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1144 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1146 if (sk->sk_type == SOCK_DGRAM)
1147 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1149 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1157 /* Continuation fragments (no L2CAP header) */
1158 frag = &skb_shinfo(skb)->frag_list;
1160 count = min_t(unsigned int, conn->mtu, len);
1162 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1166 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1174 frag = &(*frag)->next;
1176 err = hci_send_acl(conn->hcon, skb, 0);
1187 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1189 struct sock *sk = sock->sk;
1192 BT_DBG("sock %p, sk %p", sock, sk);
1194 err = sock_error(sk);
1198 if (msg->msg_flags & MSG_OOB)
1201 /* Check outgoing MTU */
1202 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1207 if (sk->sk_state == BT_CONNECTED)
1208 err = l2cap_do_send(sk, msg, len);
1216 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1218 struct sock *sk = sock->sk;
1222 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1223 struct l2cap_conn_rsp rsp;
1225 sk->sk_state = BT_CONFIG;
1227 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1228 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1229 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1230 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1231 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1232 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1240 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1243 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1245 struct sock *sk = sock->sk;
1246 struct l2cap_options opts;
1250 BT_DBG("sk %p", sk);
1256 opts.imtu = l2cap_pi(sk)->imtu;
1257 opts.omtu = l2cap_pi(sk)->omtu;
1258 opts.flush_to = l2cap_pi(sk)->flush_to;
1259 opts.mode = L2CAP_MODE_BASIC;
1261 len = min_t(unsigned int, sizeof(opts), optlen);
1262 if (copy_from_user((char *) &opts, optval, len)) {
1267 l2cap_pi(sk)->imtu = opts.imtu;
1268 l2cap_pi(sk)->omtu = opts.omtu;
1272 if (get_user(opt, (u32 __user *) optval)) {
1277 if (opt & L2CAP_LM_AUTH)
1278 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1279 if (opt & L2CAP_LM_ENCRYPT)
1280 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1281 if (opt & L2CAP_LM_SECURE)
1282 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1284 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1285 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1297 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1299 struct sock *sk = sock->sk;
1300 struct bt_security sec;
1304 BT_DBG("sk %p", sk);
1306 if (level == SOL_L2CAP)
1307 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1309 if (level != SOL_BLUETOOTH)
1310 return -ENOPROTOOPT;
1316 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1321 sec.level = BT_SECURITY_LOW;
1323 len = min_t(unsigned int, sizeof(sec), optlen);
1324 if (copy_from_user((char *) &sec, optval, len)) {
1329 if (sec.level < BT_SECURITY_LOW ||
1330 sec.level > BT_SECURITY_HIGH) {
1335 l2cap_pi(sk)->sec_level = sec.level;
1338 case BT_DEFER_SETUP:
1339 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1344 if (get_user(opt, (u32 __user *) optval)) {
1349 bt_sk(sk)->defer_setup = opt;
1361 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1363 struct sock *sk = sock->sk;
1364 struct l2cap_options opts;
1365 struct l2cap_conninfo cinfo;
1369 BT_DBG("sk %p", sk);
1371 if (get_user(len, optlen))
1378 opts.imtu = l2cap_pi(sk)->imtu;
1379 opts.omtu = l2cap_pi(sk)->omtu;
1380 opts.flush_to = l2cap_pi(sk)->flush_to;
1381 opts.mode = L2CAP_MODE_BASIC;
1383 len = min_t(unsigned int, len, sizeof(opts));
1384 if (copy_to_user(optval, (char *) &opts, len))
1390 switch (l2cap_pi(sk)->sec_level) {
1391 case BT_SECURITY_LOW:
1392 opt = L2CAP_LM_AUTH;
1394 case BT_SECURITY_MEDIUM:
1395 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1397 case BT_SECURITY_HIGH:
1398 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1406 if (l2cap_pi(sk)->role_switch)
1407 opt |= L2CAP_LM_MASTER;
1409 if (l2cap_pi(sk)->force_reliable)
1410 opt |= L2CAP_LM_RELIABLE;
1412 if (put_user(opt, (u32 __user *) optval))
1416 case L2CAP_CONNINFO:
1417 if (sk->sk_state != BT_CONNECTED &&
1418 !(sk->sk_state == BT_CONNECT2 &&
1419 bt_sk(sk)->defer_setup)) {
1424 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1425 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1427 len = min_t(unsigned int, len, sizeof(cinfo));
1428 if (copy_to_user(optval, (char *) &cinfo, len))
1442 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1444 struct sock *sk = sock->sk;
1445 struct bt_security sec;
1448 BT_DBG("sk %p", sk);
1450 if (level == SOL_L2CAP)
1451 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1453 if (level != SOL_BLUETOOTH)
1454 return -ENOPROTOOPT;
1456 if (get_user(len, optlen))
1463 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1468 sec.level = l2cap_pi(sk)->sec_level;
1470 len = min_t(unsigned int, len, sizeof(sec));
1471 if (copy_to_user(optval, (char *) &sec, len))
1476 case BT_DEFER_SETUP:
1477 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1482 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1496 static int l2cap_sock_shutdown(struct socket *sock, int how)
1498 struct sock *sk = sock->sk;
1501 BT_DBG("sock %p, sk %p", sock, sk);
1507 if (!sk->sk_shutdown) {
1508 sk->sk_shutdown = SHUTDOWN_MASK;
1509 l2cap_sock_clear_timer(sk);
1510 __l2cap_sock_close(sk, 0);
1512 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1513 err = bt_sock_wait_state(sk, BT_CLOSED,
1520 static int l2cap_sock_release(struct socket *sock)
1522 struct sock *sk = sock->sk;
1525 BT_DBG("sock %p, sk %p", sock, sk);
1530 err = l2cap_sock_shutdown(sock, 2);
1533 l2cap_sock_kill(sk);
1537 static void l2cap_chan_ready(struct sock *sk)
1539 struct sock *parent = bt_sk(sk)->parent;
1541 BT_DBG("sk %p, parent %p", sk, parent);
1543 l2cap_pi(sk)->conf_state = 0;
1544 l2cap_sock_clear_timer(sk);
1547 /* Outgoing channel.
1548 * Wake up socket sleeping on connect.
1550 sk->sk_state = BT_CONNECTED;
1551 sk->sk_state_change(sk);
1553 /* Incoming channel.
1554 * Wake up socket sleeping on accept.
1556 parent->sk_data_ready(parent, 0);
1560 /* Copy frame to all raw sockets on that connection */
1561 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1563 struct l2cap_chan_list *l = &conn->chan_list;
1564 struct sk_buff *nskb;
1567 BT_DBG("conn %p", conn);
1569 read_lock(&l->lock);
1570 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1571 if (sk->sk_type != SOCK_RAW)
1574 /* Don't send frame to the socket it came from */
1577 nskb = skb_clone(skb, GFP_ATOMIC);
1581 if (sock_queue_rcv_skb(sk, nskb))
1584 read_unlock(&l->lock);
1587 /* ---- L2CAP signalling commands ---- */
1588 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1589 u8 code, u8 ident, u16 dlen, void *data)
1591 struct sk_buff *skb, **frag;
1592 struct l2cap_cmd_hdr *cmd;
1593 struct l2cap_hdr *lh;
1596 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1597 conn, code, ident, dlen);
1599 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1600 count = min_t(unsigned int, conn->mtu, len);
1602 skb = bt_skb_alloc(count, GFP_ATOMIC);
1606 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1607 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1608 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1610 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1613 cmd->len = cpu_to_le16(dlen);
1616 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1617 memcpy(skb_put(skb, count), data, count);
1623 /* Continuation fragments (no L2CAP header) */
1624 frag = &skb_shinfo(skb)->frag_list;
1626 count = min_t(unsigned int, conn->mtu, len);
1628 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1632 memcpy(skb_put(*frag, count), data, count);
1637 frag = &(*frag)->next;
1647 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1649 struct l2cap_conf_opt *opt = *ptr;
1652 len = L2CAP_CONF_OPT_SIZE + opt->len;
1660 *val = *((u8 *) opt->val);
1664 *val = __le16_to_cpu(*((__le16 *) opt->val));
1668 *val = __le32_to_cpu(*((__le32 *) opt->val));
1672 *val = (unsigned long) opt->val;
1676 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1680 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1682 struct l2cap_conf_opt *opt = *ptr;
1684 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1691 *((u8 *) opt->val) = val;
1695 *((__le16 *) opt->val) = cpu_to_le16(val);
1699 *((__le32 *) opt->val) = cpu_to_le32(val);
1703 memcpy(opt->val, (void *) val, len);
1707 *ptr += L2CAP_CONF_OPT_SIZE + len;
1710 static int l2cap_build_conf_req(struct sock *sk, void *data)
1712 struct l2cap_pinfo *pi = l2cap_pi(sk);
1713 struct l2cap_conf_req *req = data;
1714 void *ptr = req->data;
1716 BT_DBG("sk %p", sk);
1718 if (pi->imtu != L2CAP_DEFAULT_MTU)
1719 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1721 /* FIXME: Need actual value of the flush timeout */
1722 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1723 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1725 req->dcid = cpu_to_le16(pi->dcid);
1726 req->flags = cpu_to_le16(0);
1731 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1733 struct l2cap_pinfo *pi = l2cap_pi(sk);
1734 struct l2cap_conf_rsp *rsp = data;
1735 void *ptr = rsp->data;
1736 void *req = pi->conf_req;
1737 int len = pi->conf_len;
1738 int type, hint, olen;
1740 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1741 u16 mtu = L2CAP_DEFAULT_MTU;
1742 u16 result = L2CAP_CONF_SUCCESS;
1744 BT_DBG("sk %p", sk);
1746 while (len >= L2CAP_CONF_OPT_SIZE) {
1747 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1749 hint = type & L2CAP_CONF_HINT;
1753 case L2CAP_CONF_MTU:
1757 case L2CAP_CONF_FLUSH_TO:
1761 case L2CAP_CONF_QOS:
1764 case L2CAP_CONF_RFC:
1765 if (olen == sizeof(rfc))
1766 memcpy(&rfc, (void *) val, olen);
1773 result = L2CAP_CONF_UNKNOWN;
1774 *((u8 *) ptr++) = type;
1779 if (result == L2CAP_CONF_SUCCESS) {
1780 /* Configure output options and let the other side know
1781 * which ones we don't like. */
1783 if (rfc.mode == L2CAP_MODE_BASIC) {
1785 result = L2CAP_CONF_UNACCEPT;
1788 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1791 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1793 result = L2CAP_CONF_UNACCEPT;
1795 memset(&rfc, 0, sizeof(rfc));
1796 rfc.mode = L2CAP_MODE_BASIC;
1798 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1799 sizeof(rfc), (unsigned long) &rfc);
1803 rsp->scid = cpu_to_le16(pi->dcid);
1804 rsp->result = cpu_to_le16(result);
1805 rsp->flags = cpu_to_le16(0x0000);
1810 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1812 struct l2cap_conf_rsp *rsp = data;
1813 void *ptr = rsp->data;
1815 BT_DBG("sk %p", sk);
1817 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1818 rsp->result = cpu_to_le16(result);
1819 rsp->flags = cpu_to_le16(flags);
1824 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1826 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1828 if (rej->reason != 0x0000)
1831 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1832 cmd->ident == conn->info_ident) {
1833 del_timer(&conn->info_timer);
1835 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
1836 conn->info_ident = 0;
1838 l2cap_conn_start(conn);
1844 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1846 struct l2cap_chan_list *list = &conn->chan_list;
1847 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1848 struct l2cap_conn_rsp rsp;
1849 struct sock *sk, *parent;
1850 int result, status = L2CAP_CS_NO_INFO;
1852 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1853 __le16 psm = req->psm;
1855 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1857 /* Check if we have socket listening on psm */
1858 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1860 result = L2CAP_CR_BAD_PSM;
1864 /* Check if the ACL is secure enough (if not SDP) */
1865 if (psm != cpu_to_le16(0x0001) &&
1866 !hci_conn_check_link_mode(conn->hcon)) {
1867 conn->disc_reason = 0x05;
1868 result = L2CAP_CR_SEC_BLOCK;
1872 result = L2CAP_CR_NO_MEM;
1874 /* Check for backlog size */
1875 if (sk_acceptq_is_full(parent)) {
1876 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1880 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1884 write_lock_bh(&list->lock);
1886 /* Check if we already have channel with that dcid */
1887 if (__l2cap_get_chan_by_dcid(list, scid)) {
1888 write_unlock_bh(&list->lock);
1889 sock_set_flag(sk, SOCK_ZAPPED);
1890 l2cap_sock_kill(sk);
1894 hci_conn_hold(conn->hcon);
1896 l2cap_sock_init(sk, parent);
1897 bacpy(&bt_sk(sk)->src, conn->src);
1898 bacpy(&bt_sk(sk)->dst, conn->dst);
1899 l2cap_pi(sk)->psm = psm;
1900 l2cap_pi(sk)->dcid = scid;
1902 __l2cap_chan_add(conn, sk, parent);
1903 dcid = l2cap_pi(sk)->scid;
1905 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1907 l2cap_pi(sk)->ident = cmd->ident;
1909 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
1910 if (l2cap_check_security(sk)) {
1911 if (bt_sk(sk)->defer_setup) {
1912 sk->sk_state = BT_CONNECT2;
1913 result = L2CAP_CR_PEND;
1914 status = L2CAP_CS_AUTHOR_PEND;
1915 parent->sk_data_ready(parent, 0);
1917 sk->sk_state = BT_CONFIG;
1918 result = L2CAP_CR_SUCCESS;
1919 status = L2CAP_CS_NO_INFO;
1922 sk->sk_state = BT_CONNECT2;
1923 result = L2CAP_CR_PEND;
1924 status = L2CAP_CS_AUTHEN_PEND;
1927 sk->sk_state = BT_CONNECT2;
1928 result = L2CAP_CR_PEND;
1929 status = L2CAP_CS_NO_INFO;
1932 write_unlock_bh(&list->lock);
1935 bh_unlock_sock(parent);
1938 rsp.scid = cpu_to_le16(scid);
1939 rsp.dcid = cpu_to_le16(dcid);
1940 rsp.result = cpu_to_le16(result);
1941 rsp.status = cpu_to_le16(status);
1942 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1944 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1945 struct l2cap_info_req info;
1946 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1948 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1949 conn->info_ident = l2cap_get_ident(conn);
1951 mod_timer(&conn->info_timer, jiffies +
1952 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1954 l2cap_send_cmd(conn, conn->info_ident,
1955 L2CAP_INFO_REQ, sizeof(info), &info);
1961 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1963 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1964 u16 scid, dcid, result, status;
1968 scid = __le16_to_cpu(rsp->scid);
1969 dcid = __le16_to_cpu(rsp->dcid);
1970 result = __le16_to_cpu(rsp->result);
1971 status = __le16_to_cpu(rsp->status);
1973 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1976 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
1980 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
1986 case L2CAP_CR_SUCCESS:
1987 sk->sk_state = BT_CONFIG;
1988 l2cap_pi(sk)->ident = 0;
1989 l2cap_pi(sk)->dcid = dcid;
1990 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1992 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
1994 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1995 l2cap_build_conf_req(sk, req), req);
1999 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
2003 l2cap_chan_del(sk, ECONNREFUSED);
2011 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2013 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2019 dcid = __le16_to_cpu(req->dcid);
2020 flags = __le16_to_cpu(req->flags);
2022 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2024 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2028 if (sk->sk_state == BT_DISCONN)
2031 /* Reject if config buffer is too small. */
2032 len = cmd_len - sizeof(*req);
2033 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2034 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2035 l2cap_build_conf_rsp(sk, rsp,
2036 L2CAP_CONF_REJECT, flags), rsp);
2041 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2042 l2cap_pi(sk)->conf_len += len;
2044 if (flags & 0x0001) {
2045 /* Incomplete config. Send empty response. */
2046 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2047 l2cap_build_conf_rsp(sk, rsp,
2048 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2052 /* Complete config. */
2053 len = l2cap_parse_conf_req(sk, rsp);
2057 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2059 /* Reset config buffer. */
2060 l2cap_pi(sk)->conf_len = 0;
2062 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2065 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2066 sk->sk_state = BT_CONNECTED;
2067 l2cap_chan_ready(sk);
2071 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2073 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2074 l2cap_build_conf_req(sk, buf), buf);
2082 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2084 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2085 u16 scid, flags, result;
2088 scid = __le16_to_cpu(rsp->scid);
2089 flags = __le16_to_cpu(rsp->flags);
2090 result = __le16_to_cpu(rsp->result);
2092 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2093 scid, flags, result);
2095 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2100 case L2CAP_CONF_SUCCESS:
2103 case L2CAP_CONF_UNACCEPT:
2104 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2106 /* It does not make sense to adjust L2CAP parameters
2107 * that are currently defined in the spec. We simply
2108 * resend config request that we sent earlier. It is
2109 * stupid, but it helps qualification testing which
2110 * expects at least some response from us. */
2111 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2112 l2cap_build_conf_req(sk, req), req);
2117 sk->sk_state = BT_DISCONN;
2118 sk->sk_err = ECONNRESET;
2119 l2cap_sock_set_timer(sk, HZ * 5);
2121 struct l2cap_disconn_req req;
2122 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2123 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2124 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2125 L2CAP_DISCONN_REQ, sizeof(req), &req);
2133 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2135 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2136 sk->sk_state = BT_CONNECTED;
2137 l2cap_chan_ready(sk);
2145 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2147 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2148 struct l2cap_disconn_rsp rsp;
2152 scid = __le16_to_cpu(req->scid);
2153 dcid = __le16_to_cpu(req->dcid);
2155 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2157 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2161 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2162 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2163 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2165 sk->sk_shutdown = SHUTDOWN_MASK;
2167 l2cap_chan_del(sk, ECONNRESET);
2170 l2cap_sock_kill(sk);
2174 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2176 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2180 scid = __le16_to_cpu(rsp->scid);
2181 dcid = __le16_to_cpu(rsp->dcid);
2183 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2185 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2189 l2cap_chan_del(sk, 0);
2192 l2cap_sock_kill(sk);
2196 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2198 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2201 type = __le16_to_cpu(req->type);
2203 BT_DBG("type 0x%4.4x", type);
2205 if (type == L2CAP_IT_FEAT_MASK) {
2207 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2208 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2209 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2210 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2211 l2cap_send_cmd(conn, cmd->ident,
2212 L2CAP_INFO_RSP, sizeof(buf), buf);
2213 } else if (type == L2CAP_IT_FIXED_CHAN) {
2215 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2216 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2217 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2218 memcpy(buf + 4, l2cap_fixed_chan, 8);
2219 l2cap_send_cmd(conn, cmd->ident,
2220 L2CAP_INFO_RSP, sizeof(buf), buf);
2222 struct l2cap_info_rsp rsp;
2223 rsp.type = cpu_to_le16(type);
2224 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2225 l2cap_send_cmd(conn, cmd->ident,
2226 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2232 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2234 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2237 type = __le16_to_cpu(rsp->type);
2238 result = __le16_to_cpu(rsp->result);
2240 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2242 del_timer(&conn->info_timer);
2244 if (type == L2CAP_IT_FEAT_MASK) {
2245 conn->feat_mask = get_unaligned_le32(rsp->data);
2247 if (conn->feat_mask & 0x0080) {
2248 struct l2cap_info_req req;
2249 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2251 conn->info_ident = l2cap_get_ident(conn);
2253 l2cap_send_cmd(conn, conn->info_ident,
2254 L2CAP_INFO_REQ, sizeof(req), &req);
2256 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2257 conn->info_ident = 0;
2259 l2cap_conn_start(conn);
2261 } else if (type == L2CAP_IT_FIXED_CHAN) {
2262 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2263 conn->info_ident = 0;
2265 l2cap_conn_start(conn);
2271 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2273 u8 *data = skb->data;
2275 struct l2cap_cmd_hdr cmd;
2278 l2cap_raw_recv(conn, skb);
2280 while (len >= L2CAP_CMD_HDR_SIZE) {
2282 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2283 data += L2CAP_CMD_HDR_SIZE;
2284 len -= L2CAP_CMD_HDR_SIZE;
2286 cmd_len = le16_to_cpu(cmd.len);
2288 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
2290 if (cmd_len > len || !cmd.ident) {
2291 BT_DBG("corrupted command");
2296 case L2CAP_COMMAND_REJ:
2297 l2cap_command_rej(conn, &cmd, data);
2300 case L2CAP_CONN_REQ:
2301 err = l2cap_connect_req(conn, &cmd, data);
2304 case L2CAP_CONN_RSP:
2305 err = l2cap_connect_rsp(conn, &cmd, data);
2308 case L2CAP_CONF_REQ:
2309 err = l2cap_config_req(conn, &cmd, cmd_len, data);
2312 case L2CAP_CONF_RSP:
2313 err = l2cap_config_rsp(conn, &cmd, data);
2316 case L2CAP_DISCONN_REQ:
2317 err = l2cap_disconnect_req(conn, &cmd, data);
2320 case L2CAP_DISCONN_RSP:
2321 err = l2cap_disconnect_rsp(conn, &cmd, data);
2324 case L2CAP_ECHO_REQ:
2325 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
2328 case L2CAP_ECHO_RSP:
2331 case L2CAP_INFO_REQ:
2332 err = l2cap_information_req(conn, &cmd, data);
2335 case L2CAP_INFO_RSP:
2336 err = l2cap_information_rsp(conn, &cmd, data);
2340 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2346 struct l2cap_cmd_rej rej;
2347 BT_DBG("error %d", err);
2349 /* FIXME: Map err to a valid reason */
2350 rej.reason = cpu_to_le16(0);
2351 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2361 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2365 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2367 BT_DBG("unknown cid 0x%4.4x", cid);
2371 BT_DBG("sk %p, len %d", sk, skb->len);
2373 if (sk->sk_state != BT_CONNECTED)
2376 if (l2cap_pi(sk)->imtu < skb->len)
2379 /* If socket recv buffers overflows we drop data here
2380 * which is *bad* because L2CAP has to be reliable.
2381 * But we don't have any other choice. L2CAP doesn't
2382 * provide flow control mechanism. */
2384 if (!sock_queue_rcv_skb(sk, skb))
2397 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
2401 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2405 BT_DBG("sk %p, len %d", sk, skb->len);
2407 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2410 if (l2cap_pi(sk)->imtu < skb->len)
2413 if (!sock_queue_rcv_skb(sk, skb))
2425 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2427 struct l2cap_hdr *lh = (void *) skb->data;
2431 skb_pull(skb, L2CAP_HDR_SIZE);
2432 cid = __le16_to_cpu(lh->cid);
2433 len = __le16_to_cpu(lh->len);
2435 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2438 case L2CAP_CID_SIGNALING:
2439 l2cap_sig_channel(conn, skb);
2442 case L2CAP_CID_CONN_LESS:
2443 psm = get_unaligned((__le16 *) skb->data);
2445 l2cap_conless_channel(conn, psm, skb);
2449 l2cap_data_channel(conn, cid, skb);
2454 /* ---- L2CAP interface with lower layer (HCI) ---- */
2456 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2458 int exact = 0, lm1 = 0, lm2 = 0;
2459 register struct sock *sk;
2460 struct hlist_node *node;
2462 if (type != ACL_LINK)
2465 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2467 /* Find listening sockets and check their link_mode */
2468 read_lock(&l2cap_sk_list.lock);
2469 sk_for_each(sk, node, &l2cap_sk_list.head) {
2470 if (sk->sk_state != BT_LISTEN)
2473 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2474 lm1 |= HCI_LM_ACCEPT;
2475 if (l2cap_pi(sk)->role_switch)
2476 lm1 |= HCI_LM_MASTER;
2478 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2479 lm2 |= HCI_LM_ACCEPT;
2480 if (l2cap_pi(sk)->role_switch)
2481 lm2 |= HCI_LM_MASTER;
2484 read_unlock(&l2cap_sk_list.lock);
2486 return exact ? lm1 : lm2;
2489 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2491 struct l2cap_conn *conn;
2493 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2495 if (hcon->type != ACL_LINK)
2499 conn = l2cap_conn_add(hcon, status);
2501 l2cap_conn_ready(conn);
2503 l2cap_conn_del(hcon, bt_err(status));
2508 static int l2cap_disconn_ind(struct hci_conn *hcon)
2510 struct l2cap_conn *conn = hcon->l2cap_data;
2512 BT_DBG("hcon %p", hcon);
2514 if (hcon->type != ACL_LINK || !conn)
2517 return conn->disc_reason;
2520 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
2522 BT_DBG("hcon %p reason %d", hcon, reason);
2524 if (hcon->type != ACL_LINK)
2527 l2cap_conn_del(hcon, bt_err(reason));
2532 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2534 if (sk->sk_type != SOCK_SEQPACKET)
2537 if (encrypt == 0x00) {
2538 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2539 l2cap_sock_clear_timer(sk);
2540 l2cap_sock_set_timer(sk, HZ * 5);
2541 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2542 __l2cap_sock_close(sk, ECONNREFUSED);
2544 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2545 l2cap_sock_clear_timer(sk);
2549 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2551 struct l2cap_chan_list *l;
2552 struct l2cap_conn *conn = hcon->l2cap_data;
2558 l = &conn->chan_list;
2560 BT_DBG("conn %p", conn);
2562 read_lock(&l->lock);
2564 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2567 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
2572 if (!status && (sk->sk_state == BT_CONNECTED ||
2573 sk->sk_state == BT_CONFIG)) {
2574 l2cap_check_encryption(sk, encrypt);
2579 if (sk->sk_state == BT_CONNECT) {
2581 struct l2cap_conn_req req;
2582 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2583 req.psm = l2cap_pi(sk)->psm;
2585 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2587 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2588 L2CAP_CONN_REQ, sizeof(req), &req);
2590 l2cap_sock_clear_timer(sk);
2591 l2cap_sock_set_timer(sk, HZ / 10);
2593 } else if (sk->sk_state == BT_CONNECT2) {
2594 struct l2cap_conn_rsp rsp;
2598 sk->sk_state = BT_CONFIG;
2599 result = L2CAP_CR_SUCCESS;
2601 sk->sk_state = BT_DISCONN;
2602 l2cap_sock_set_timer(sk, HZ / 10);
2603 result = L2CAP_CR_SEC_BLOCK;
2606 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2607 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2608 rsp.result = cpu_to_le16(result);
2609 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2610 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2611 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2617 read_unlock(&l->lock);
2622 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2624 struct l2cap_conn *conn = hcon->l2cap_data;
2626 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2629 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2631 if (flags & ACL_START) {
2632 struct l2cap_hdr *hdr;
2636 BT_ERR("Unexpected start frame (len %d)", skb->len);
2637 kfree_skb(conn->rx_skb);
2638 conn->rx_skb = NULL;
2640 l2cap_conn_unreliable(conn, ECOMM);
2644 BT_ERR("Frame is too short (len %d)", skb->len);
2645 l2cap_conn_unreliable(conn, ECOMM);
2649 hdr = (struct l2cap_hdr *) skb->data;
2650 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2652 if (len == skb->len) {
2653 /* Complete frame received */
2654 l2cap_recv_frame(conn, skb);
2658 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2660 if (skb->len > len) {
2661 BT_ERR("Frame is too long (len %d, expected len %d)",
2663 l2cap_conn_unreliable(conn, ECOMM);
2667 /* Allocate skb for the complete frame (with header) */
2668 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
2672 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2674 conn->rx_len = len - skb->len;
2676 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2678 if (!conn->rx_len) {
2679 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2680 l2cap_conn_unreliable(conn, ECOMM);
2684 if (skb->len > conn->rx_len) {
2685 BT_ERR("Fragment is too long (len %d, expected %d)",
2686 skb->len, conn->rx_len);
2687 kfree_skb(conn->rx_skb);
2688 conn->rx_skb = NULL;
2690 l2cap_conn_unreliable(conn, ECOMM);
2694 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2696 conn->rx_len -= skb->len;
2698 if (!conn->rx_len) {
2699 /* Complete frame received */
2700 l2cap_recv_frame(conn, conn->rx_skb);
2701 conn->rx_skb = NULL;
2710 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
2713 struct hlist_node *node;
2716 read_lock_bh(&l2cap_sk_list.lock);
2718 sk_for_each(sk, node, &l2cap_sk_list.head) {
2719 struct l2cap_pinfo *pi = l2cap_pi(sk);
2721 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
2722 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2723 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2724 pi->imtu, pi->omtu, pi->sec_level);
2727 read_unlock_bh(&l2cap_sk_list.lock);
2732 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
2734 static const struct proto_ops l2cap_sock_ops = {
2735 .family = PF_BLUETOOTH,
2736 .owner = THIS_MODULE,
2737 .release = l2cap_sock_release,
2738 .bind = l2cap_sock_bind,
2739 .connect = l2cap_sock_connect,
2740 .listen = l2cap_sock_listen,
2741 .accept = l2cap_sock_accept,
2742 .getname = l2cap_sock_getname,
2743 .sendmsg = l2cap_sock_sendmsg,
2744 .recvmsg = l2cap_sock_recvmsg,
2745 .poll = bt_sock_poll,
2746 .ioctl = bt_sock_ioctl,
2747 .mmap = sock_no_mmap,
2748 .socketpair = sock_no_socketpair,
2749 .shutdown = l2cap_sock_shutdown,
2750 .setsockopt = l2cap_sock_setsockopt,
2751 .getsockopt = l2cap_sock_getsockopt
2754 static struct net_proto_family l2cap_sock_family_ops = {
2755 .family = PF_BLUETOOTH,
2756 .owner = THIS_MODULE,
2757 .create = l2cap_sock_create,
2760 static struct hci_proto l2cap_hci_proto = {
2762 .id = HCI_PROTO_L2CAP,
2763 .connect_ind = l2cap_connect_ind,
2764 .connect_cfm = l2cap_connect_cfm,
2765 .disconn_ind = l2cap_disconn_ind,
2766 .disconn_cfm = l2cap_disconn_cfm,
2767 .security_cfm = l2cap_security_cfm,
2768 .recv_acldata = l2cap_recv_acldata
2771 static int __init l2cap_init(void)
2775 err = proto_register(&l2cap_proto, 0);
2779 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2781 BT_ERR("L2CAP socket registration failed");
2785 err = hci_register_proto(&l2cap_hci_proto);
2787 BT_ERR("L2CAP protocol registration failed");
2788 bt_sock_unregister(BTPROTO_L2CAP);
2792 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2793 BT_ERR("Failed to create L2CAP info file");
2795 BT_INFO("L2CAP ver %s", VERSION);
2796 BT_INFO("L2CAP socket layer initialized");
2801 proto_unregister(&l2cap_proto);
2805 static void __exit l2cap_exit(void)
2807 class_remove_file(bt_class, &class_attr_l2cap);
2809 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2810 BT_ERR("L2CAP socket unregistration failed");
2812 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2813 BT_ERR("L2CAP protocol unregistration failed");
2815 proto_unregister(&l2cap_proto);
2818 void l2cap_load(void)
2820 /* Dummy function to trigger automatic L2CAP module loading by
2821 * other modules that use L2CAP sockets but don't use any other
2822 * symbols from it. */
2825 EXPORT_SYMBOL(l2cap_load);
2827 module_init(l2cap_init);
2828 module_exit(l2cap_exit);
2830 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2831 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2832 MODULE_VERSION(VERSION);
2833 MODULE_LICENSE("GPL");
2834 MODULE_ALIAS("bt-proto-0");