2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth L2CAP core and sockets. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <linux/debugfs.h>
44 #include <linux/seq_file.h>
45 #include <linux/uaccess.h>
46 #include <linux/crc16.h>
49 #include <asm/system.h>
50 #include <asm/unaligned.h>
52 #include <net/bluetooth/bluetooth.h>
53 #include <net/bluetooth/hci_core.h>
54 #include <net/bluetooth/l2cap.h>
56 #define VERSION "2.14"
58 static int enable_ertm = 0;
59 static int max_transmit = L2CAP_DEFAULT_MAX_TX;
61 static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
62 static u8 l2cap_fixed_chan[8] = { 0x02, };
64 static const struct proto_ops l2cap_sock_ops;
66 static struct bt_sock_list l2cap_sk_list = {
67 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
70 static void __l2cap_sock_close(struct sock *sk, int reason);
71 static void l2cap_sock_close(struct sock *sk);
72 static void l2cap_sock_kill(struct sock *sk);
74 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
75 u8 code, u8 ident, u16 dlen, void *data);
77 /* ---- L2CAP timers ---- */
78 static void l2cap_sock_timeout(unsigned long arg)
80 struct sock *sk = (struct sock *) arg;
83 BT_DBG("sock %p state %d", sk, sk->sk_state);
87 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
88 reason = ECONNREFUSED;
89 else if (sk->sk_state == BT_CONNECT &&
90 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
91 reason = ECONNREFUSED;
95 __l2cap_sock_close(sk, reason);
103 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
105 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
106 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
109 static void l2cap_sock_clear_timer(struct sock *sk)
111 BT_DBG("sock %p state %d", sk, sk->sk_state);
112 sk_stop_timer(sk, &sk->sk_timer);
115 /* ---- L2CAP channels ---- */
116 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
119 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
120 if (l2cap_pi(s)->dcid == cid)
126 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
129 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
130 if (l2cap_pi(s)->scid == cid)
136 /* Find channel with given SCID.
137 * Returns locked socket */
138 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
142 s = __l2cap_get_chan_by_scid(l, cid);
145 read_unlock(&l->lock);
149 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
152 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
153 if (l2cap_pi(s)->ident == ident)
159 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
163 s = __l2cap_get_chan_by_ident(l, ident);
166 read_unlock(&l->lock);
170 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
172 u16 cid = L2CAP_CID_DYN_START;
174 for (; cid < L2CAP_CID_DYN_END; cid++) {
175 if (!__l2cap_get_chan_by_scid(l, cid))
182 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
187 l2cap_pi(l->head)->prev_c = sk;
189 l2cap_pi(sk)->next_c = l->head;
190 l2cap_pi(sk)->prev_c = NULL;
194 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
196 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
198 write_lock_bh(&l->lock);
203 l2cap_pi(next)->prev_c = prev;
205 l2cap_pi(prev)->next_c = next;
206 write_unlock_bh(&l->lock);
211 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
213 struct l2cap_chan_list *l = &conn->chan_list;
215 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
216 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
218 conn->disc_reason = 0x13;
220 l2cap_pi(sk)->conn = conn;
222 if (sk->sk_type == SOCK_SEQPACKET) {
223 /* Alloc CID for connection-oriented socket */
224 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
225 } else if (sk->sk_type == SOCK_DGRAM) {
226 /* Connectionless socket */
227 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
228 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
229 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
231 /* Raw socket can send/recv signalling messages only */
232 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
233 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
234 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
237 __l2cap_chan_link(l, sk);
240 bt_accept_enqueue(parent, sk);
244 * Must be called on the locked socket. */
245 static void l2cap_chan_del(struct sock *sk, int err)
247 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
248 struct sock *parent = bt_sk(sk)->parent;
250 l2cap_sock_clear_timer(sk);
252 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
255 /* Unlink from channel list */
256 l2cap_chan_unlink(&conn->chan_list, sk);
257 l2cap_pi(sk)->conn = NULL;
258 hci_conn_put(conn->hcon);
261 sk->sk_state = BT_CLOSED;
262 sock_set_flag(sk, SOCK_ZAPPED);
268 bt_accept_unlink(sk);
269 parent->sk_data_ready(parent, 0);
271 sk->sk_state_change(sk);
274 /* Service level security */
275 static inline int l2cap_check_security(struct sock *sk)
277 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
280 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
281 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
282 auth_type = HCI_AT_NO_BONDING_MITM;
284 auth_type = HCI_AT_NO_BONDING;
286 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
287 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
289 switch (l2cap_pi(sk)->sec_level) {
290 case BT_SECURITY_HIGH:
291 auth_type = HCI_AT_GENERAL_BONDING_MITM;
293 case BT_SECURITY_MEDIUM:
294 auth_type = HCI_AT_GENERAL_BONDING;
297 auth_type = HCI_AT_NO_BONDING;
302 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
306 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
310 /* Get next available identificator.
311 * 1 - 128 are used by kernel.
312 * 129 - 199 are reserved.
313 * 200 - 254 are used by utilities like l2ping, etc.
316 spin_lock_bh(&conn->lock);
318 if (++conn->tx_ident > 128)
323 spin_unlock_bh(&conn->lock);
328 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
330 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
332 BT_DBG("code 0x%2.2x", code);
337 return hci_send_acl(conn->hcon, skb, 0);
340 static inline int l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
343 struct l2cap_hdr *lh;
344 struct l2cap_conn *conn = pi->conn;
345 int count, hlen = L2CAP_HDR_SIZE + 2;
347 if (pi->fcs == L2CAP_FCS_CRC16)
350 BT_DBG("pi %p, control 0x%2.2x", pi, control);
352 count = min_t(unsigned int, conn->mtu, hlen);
353 control |= L2CAP_CTRL_FRAME_TYPE;
355 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
356 control |= L2CAP_CTRL_FINAL;
357 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
360 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
361 control |= L2CAP_CTRL_POLL;
362 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
365 skb = bt_skb_alloc(count, GFP_ATOMIC);
369 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
370 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
371 lh->cid = cpu_to_le16(pi->dcid);
372 put_unaligned_le16(control, skb_put(skb, 2));
374 if (pi->fcs == L2CAP_FCS_CRC16) {
375 u16 fcs = crc16(0, (u8 *)lh, count - 2);
376 put_unaligned_le16(fcs, skb_put(skb, 2));
379 return hci_send_acl(pi->conn->hcon, skb, 0);
382 static inline int l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
384 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY)
385 control |= L2CAP_SUPER_RCV_NOT_READY;
387 control |= L2CAP_SUPER_RCV_READY;
389 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
391 return l2cap_send_sframe(pi, control);
394 static void l2cap_do_start(struct sock *sk)
396 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
398 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
399 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
402 if (l2cap_check_security(sk)) {
403 struct l2cap_conn_req req;
404 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
405 req.psm = l2cap_pi(sk)->psm;
407 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
409 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
410 L2CAP_CONN_REQ, sizeof(req), &req);
413 struct l2cap_info_req req;
414 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
416 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
417 conn->info_ident = l2cap_get_ident(conn);
419 mod_timer(&conn->info_timer, jiffies +
420 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
422 l2cap_send_cmd(conn, conn->info_ident,
423 L2CAP_INFO_REQ, sizeof(req), &req);
427 static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk)
429 struct l2cap_disconn_req req;
431 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
432 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
433 l2cap_send_cmd(conn, l2cap_get_ident(conn),
434 L2CAP_DISCONN_REQ, sizeof(req), &req);
437 /* ---- L2CAP connections ---- */
438 static void l2cap_conn_start(struct l2cap_conn *conn)
440 struct l2cap_chan_list *l = &conn->chan_list;
443 BT_DBG("conn %p", conn);
447 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
450 if (sk->sk_type != SOCK_SEQPACKET) {
455 if (sk->sk_state == BT_CONNECT) {
456 if (l2cap_check_security(sk)) {
457 struct l2cap_conn_req req;
458 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
459 req.psm = l2cap_pi(sk)->psm;
461 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
463 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
464 L2CAP_CONN_REQ, sizeof(req), &req);
466 } else if (sk->sk_state == BT_CONNECT2) {
467 struct l2cap_conn_rsp rsp;
468 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
469 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
471 if (l2cap_check_security(sk)) {
472 if (bt_sk(sk)->defer_setup) {
473 struct sock *parent = bt_sk(sk)->parent;
474 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
475 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
476 parent->sk_data_ready(parent, 0);
479 sk->sk_state = BT_CONFIG;
480 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
481 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
484 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
485 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
488 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
489 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
495 read_unlock(&l->lock);
498 static void l2cap_conn_ready(struct l2cap_conn *conn)
500 struct l2cap_chan_list *l = &conn->chan_list;
503 BT_DBG("conn %p", conn);
507 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
510 if (sk->sk_type != SOCK_SEQPACKET) {
511 l2cap_sock_clear_timer(sk);
512 sk->sk_state = BT_CONNECTED;
513 sk->sk_state_change(sk);
514 } else if (sk->sk_state == BT_CONNECT)
520 read_unlock(&l->lock);
523 /* Notify sockets that we cannot guaranty reliability anymore */
524 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
526 struct l2cap_chan_list *l = &conn->chan_list;
529 BT_DBG("conn %p", conn);
533 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
534 if (l2cap_pi(sk)->force_reliable)
538 read_unlock(&l->lock);
541 static void l2cap_info_timeout(unsigned long arg)
543 struct l2cap_conn *conn = (void *) arg;
545 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
546 conn->info_ident = 0;
548 l2cap_conn_start(conn);
551 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
553 struct l2cap_conn *conn = hcon->l2cap_data;
558 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
562 hcon->l2cap_data = conn;
565 BT_DBG("hcon %p conn %p", hcon, conn);
567 conn->mtu = hcon->hdev->acl_mtu;
568 conn->src = &hcon->hdev->bdaddr;
569 conn->dst = &hcon->dst;
573 spin_lock_init(&conn->lock);
574 rwlock_init(&conn->chan_list.lock);
576 setup_timer(&conn->info_timer, l2cap_info_timeout,
577 (unsigned long) conn);
579 conn->disc_reason = 0x13;
584 static void l2cap_conn_del(struct hci_conn *hcon, int err)
586 struct l2cap_conn *conn = hcon->l2cap_data;
592 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
594 kfree_skb(conn->rx_skb);
597 while ((sk = conn->chan_list.head)) {
599 l2cap_chan_del(sk, err);
604 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
605 del_timer_sync(&conn->info_timer);
607 hcon->l2cap_data = NULL;
611 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
613 struct l2cap_chan_list *l = &conn->chan_list;
614 write_lock_bh(&l->lock);
615 __l2cap_chan_add(conn, sk, parent);
616 write_unlock_bh(&l->lock);
619 /* ---- Socket interface ---- */
620 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
623 struct hlist_node *node;
624 sk_for_each(sk, node, &l2cap_sk_list.head)
625 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
632 /* Find socket with psm and source bdaddr.
633 * Returns closest match.
635 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
637 struct sock *sk = NULL, *sk1 = NULL;
638 struct hlist_node *node;
640 sk_for_each(sk, node, &l2cap_sk_list.head) {
641 if (state && sk->sk_state != state)
644 if (l2cap_pi(sk)->psm == psm) {
646 if (!bacmp(&bt_sk(sk)->src, src))
650 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
654 return node ? sk : sk1;
657 /* Find socket with given address (psm, src).
658 * Returns locked socket */
659 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
662 read_lock(&l2cap_sk_list.lock);
663 s = __l2cap_get_sock_by_psm(state, psm, src);
666 read_unlock(&l2cap_sk_list.lock);
670 static void l2cap_sock_destruct(struct sock *sk)
674 skb_queue_purge(&sk->sk_receive_queue);
675 skb_queue_purge(&sk->sk_write_queue);
678 static void l2cap_sock_cleanup_listen(struct sock *parent)
682 BT_DBG("parent %p", parent);
684 /* Close not yet accepted channels */
685 while ((sk = bt_accept_dequeue(parent, NULL)))
686 l2cap_sock_close(sk);
688 parent->sk_state = BT_CLOSED;
689 sock_set_flag(parent, SOCK_ZAPPED);
692 /* Kill socket (only if zapped and orphan)
693 * Must be called on unlocked socket.
695 static void l2cap_sock_kill(struct sock *sk)
697 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
700 BT_DBG("sk %p state %d", sk, sk->sk_state);
702 /* Kill poor orphan */
703 bt_sock_unlink(&l2cap_sk_list, sk);
704 sock_set_flag(sk, SOCK_DEAD);
708 static void __l2cap_sock_close(struct sock *sk, int reason)
710 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
712 switch (sk->sk_state) {
714 l2cap_sock_cleanup_listen(sk);
719 if (sk->sk_type == SOCK_SEQPACKET) {
720 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
722 sk->sk_state = BT_DISCONN;
723 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
724 l2cap_send_disconn_req(conn, sk);
726 l2cap_chan_del(sk, reason);
730 if (sk->sk_type == SOCK_SEQPACKET) {
731 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
732 struct l2cap_conn_rsp rsp;
735 if (bt_sk(sk)->defer_setup)
736 result = L2CAP_CR_SEC_BLOCK;
738 result = L2CAP_CR_BAD_PSM;
740 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
741 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
742 rsp.result = cpu_to_le16(result);
743 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
744 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
745 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
747 l2cap_chan_del(sk, reason);
752 l2cap_chan_del(sk, reason);
756 sock_set_flag(sk, SOCK_ZAPPED);
761 /* Must be called on unlocked socket. */
762 static void l2cap_sock_close(struct sock *sk)
764 l2cap_sock_clear_timer(sk);
766 __l2cap_sock_close(sk, ECONNRESET);
771 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
773 struct l2cap_pinfo *pi = l2cap_pi(sk);
778 sk->sk_type = parent->sk_type;
779 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
781 pi->imtu = l2cap_pi(parent)->imtu;
782 pi->omtu = l2cap_pi(parent)->omtu;
783 pi->mode = l2cap_pi(parent)->mode;
784 pi->fcs = l2cap_pi(parent)->fcs;
785 pi->sec_level = l2cap_pi(parent)->sec_level;
786 pi->role_switch = l2cap_pi(parent)->role_switch;
787 pi->force_reliable = l2cap_pi(parent)->force_reliable;
789 pi->imtu = L2CAP_DEFAULT_MTU;
791 pi->mode = L2CAP_MODE_BASIC;
792 pi->fcs = L2CAP_FCS_CRC16;
793 pi->sec_level = BT_SECURITY_LOW;
795 pi->force_reliable = 0;
798 /* Default config options */
800 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
801 skb_queue_head_init(TX_QUEUE(sk));
802 skb_queue_head_init(SREJ_QUEUE(sk));
803 INIT_LIST_HEAD(SREJ_LIST(sk));
806 static struct proto l2cap_proto = {
808 .owner = THIS_MODULE,
809 .obj_size = sizeof(struct l2cap_pinfo)
812 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
816 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
820 sock_init_data(sock, sk);
821 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
823 sk->sk_destruct = l2cap_sock_destruct;
824 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
826 sock_reset_flag(sk, SOCK_ZAPPED);
828 sk->sk_protocol = proto;
829 sk->sk_state = BT_OPEN;
831 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
833 bt_sock_link(&l2cap_sk_list, sk);
837 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
842 BT_DBG("sock %p", sock);
844 sock->state = SS_UNCONNECTED;
846 if (sock->type != SOCK_SEQPACKET &&
847 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
848 return -ESOCKTNOSUPPORT;
850 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
853 sock->ops = &l2cap_sock_ops;
855 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
859 l2cap_sock_init(sk, NULL);
863 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
865 struct sock *sk = sock->sk;
866 struct sockaddr_l2 la;
871 if (!addr || addr->sa_family != AF_BLUETOOTH)
874 memset(&la, 0, sizeof(la));
875 len = min_t(unsigned int, sizeof(la), alen);
876 memcpy(&la, addr, len);
883 if (sk->sk_state != BT_OPEN) {
888 if (la.l2_psm && __le16_to_cpu(la.l2_psm) < 0x1001 &&
889 !capable(CAP_NET_BIND_SERVICE)) {
894 write_lock_bh(&l2cap_sk_list.lock);
896 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
899 /* Save source address */
900 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
901 l2cap_pi(sk)->psm = la.l2_psm;
902 l2cap_pi(sk)->sport = la.l2_psm;
903 sk->sk_state = BT_BOUND;
905 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
906 __le16_to_cpu(la.l2_psm) == 0x0003)
907 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
910 write_unlock_bh(&l2cap_sk_list.lock);
917 static int l2cap_do_connect(struct sock *sk)
919 bdaddr_t *src = &bt_sk(sk)->src;
920 bdaddr_t *dst = &bt_sk(sk)->dst;
921 struct l2cap_conn *conn;
922 struct hci_conn *hcon;
923 struct hci_dev *hdev;
927 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
930 hdev = hci_get_route(dst, src);
932 return -EHOSTUNREACH;
934 hci_dev_lock_bh(hdev);
938 if (sk->sk_type == SOCK_RAW) {
939 switch (l2cap_pi(sk)->sec_level) {
940 case BT_SECURITY_HIGH:
941 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
943 case BT_SECURITY_MEDIUM:
944 auth_type = HCI_AT_DEDICATED_BONDING;
947 auth_type = HCI_AT_NO_BONDING;
950 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
951 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
952 auth_type = HCI_AT_NO_BONDING_MITM;
954 auth_type = HCI_AT_NO_BONDING;
956 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
957 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
959 switch (l2cap_pi(sk)->sec_level) {
960 case BT_SECURITY_HIGH:
961 auth_type = HCI_AT_GENERAL_BONDING_MITM;
963 case BT_SECURITY_MEDIUM:
964 auth_type = HCI_AT_GENERAL_BONDING;
967 auth_type = HCI_AT_NO_BONDING;
972 hcon = hci_connect(hdev, ACL_LINK, dst,
973 l2cap_pi(sk)->sec_level, auth_type);
977 conn = l2cap_conn_add(hcon, 0);
985 /* Update source addr of the socket */
986 bacpy(src, conn->src);
988 l2cap_chan_add(conn, sk, NULL);
990 sk->sk_state = BT_CONNECT;
991 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
993 if (hcon->state == BT_CONNECTED) {
994 if (sk->sk_type != SOCK_SEQPACKET) {
995 l2cap_sock_clear_timer(sk);
996 sk->sk_state = BT_CONNECTED;
1002 hci_dev_unlock_bh(hdev);
1007 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
1009 struct sock *sk = sock->sk;
1010 struct sockaddr_l2 la;
1013 BT_DBG("sk %p", sk);
1015 if (!addr || alen < sizeof(addr->sa_family) ||
1016 addr->sa_family != AF_BLUETOOTH)
1019 memset(&la, 0, sizeof(la));
1020 len = min_t(unsigned int, sizeof(la), alen);
1021 memcpy(&la, addr, len);
1028 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
1033 switch (l2cap_pi(sk)->mode) {
1034 case L2CAP_MODE_BASIC:
1036 case L2CAP_MODE_ERTM:
1037 case L2CAP_MODE_STREAMING:
1046 switch (sk->sk_state) {
1050 /* Already connecting */
1054 /* Already connected */
1067 /* Set destination address and psm */
1068 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
1069 l2cap_pi(sk)->psm = la.l2_psm;
1071 err = l2cap_do_connect(sk);
1076 err = bt_sock_wait_state(sk, BT_CONNECTED,
1077 sock_sndtimeo(sk, flags & O_NONBLOCK));
1083 static int l2cap_sock_listen(struct socket *sock, int backlog)
1085 struct sock *sk = sock->sk;
1088 BT_DBG("sk %p backlog %d", sk, backlog);
1092 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
1097 switch (l2cap_pi(sk)->mode) {
1098 case L2CAP_MODE_BASIC:
1100 case L2CAP_MODE_ERTM:
1101 case L2CAP_MODE_STREAMING:
1110 if (!l2cap_pi(sk)->psm) {
1111 bdaddr_t *src = &bt_sk(sk)->src;
1116 write_lock_bh(&l2cap_sk_list.lock);
1118 for (psm = 0x1001; psm < 0x1100; psm += 2)
1119 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1120 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1121 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1126 write_unlock_bh(&l2cap_sk_list.lock);
1132 sk->sk_max_ack_backlog = backlog;
1133 sk->sk_ack_backlog = 0;
1134 sk->sk_state = BT_LISTEN;
1141 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1143 DECLARE_WAITQUEUE(wait, current);
1144 struct sock *sk = sock->sk, *nsk;
1148 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1150 if (sk->sk_state != BT_LISTEN) {
1155 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1157 BT_DBG("sk %p timeo %ld", sk, timeo);
1159 /* Wait for an incoming connection. (wake-one). */
1160 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1161 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1162 set_current_state(TASK_INTERRUPTIBLE);
1169 timeo = schedule_timeout(timeo);
1170 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1172 if (sk->sk_state != BT_LISTEN) {
1177 if (signal_pending(current)) {
1178 err = sock_intr_errno(timeo);
1182 set_current_state(TASK_RUNNING);
1183 remove_wait_queue(sk_sleep(sk), &wait);
1188 newsock->state = SS_CONNECTED;
1190 BT_DBG("new socket %p", nsk);
1197 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1199 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1200 struct sock *sk = sock->sk;
1202 BT_DBG("sock %p, sk %p", sock, sk);
1204 addr->sa_family = AF_BLUETOOTH;
1205 *len = sizeof(struct sockaddr_l2);
1208 la->l2_psm = l2cap_pi(sk)->psm;
1209 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1210 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1212 la->l2_psm = l2cap_pi(sk)->sport;
1213 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1214 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
1220 static void l2cap_monitor_timeout(unsigned long arg)
1222 struct sock *sk = (void *) arg;
1226 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1227 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
1232 l2cap_pi(sk)->retry_count++;
1233 __mod_monitor_timer();
1235 control = L2CAP_CTRL_POLL;
1236 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1240 static void l2cap_retrans_timeout(unsigned long arg)
1242 struct sock *sk = (void *) arg;
1246 l2cap_pi(sk)->retry_count = 1;
1247 __mod_monitor_timer();
1249 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1251 control = L2CAP_CTRL_POLL;
1252 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1256 static void l2cap_drop_acked_frames(struct sock *sk)
1258 struct sk_buff *skb;
1260 while ((skb = skb_peek(TX_QUEUE(sk)))) {
1261 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1264 skb = skb_dequeue(TX_QUEUE(sk));
1267 l2cap_pi(sk)->unacked_frames--;
1270 if (!l2cap_pi(sk)->unacked_frames)
1271 del_timer(&l2cap_pi(sk)->retrans_timer);
1276 static inline int l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1278 struct l2cap_pinfo *pi = l2cap_pi(sk);
1281 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1283 err = hci_send_acl(pi->conn->hcon, skb, 0);
1290 static int l2cap_streaming_send(struct sock *sk)
1292 struct sk_buff *skb, *tx_skb;
1293 struct l2cap_pinfo *pi = l2cap_pi(sk);
1297 while ((skb = sk->sk_send_head)) {
1298 tx_skb = skb_clone(skb, GFP_ATOMIC);
1300 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1301 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1302 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1304 if (pi->fcs == L2CAP_FCS_CRC16) {
1305 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1306 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1309 err = l2cap_do_send(sk, tx_skb);
1311 l2cap_send_disconn_req(pi->conn, sk);
1315 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1317 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1318 sk->sk_send_head = NULL;
1320 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1322 skb = skb_dequeue(TX_QUEUE(sk));
1328 static int l2cap_retransmit_frame(struct sock *sk, u8 tx_seq)
1330 struct l2cap_pinfo *pi = l2cap_pi(sk);
1331 struct sk_buff *skb, *tx_skb;
1335 skb = skb_peek(TX_QUEUE(sk));
1337 if (bt_cb(skb)->tx_seq != tx_seq) {
1338 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1340 skb = skb_queue_next(TX_QUEUE(sk), skb);
1344 if (pi->remote_max_tx &&
1345 bt_cb(skb)->retries == pi->remote_max_tx) {
1346 l2cap_send_disconn_req(pi->conn, sk);
1350 tx_skb = skb_clone(skb, GFP_ATOMIC);
1351 bt_cb(skb)->retries++;
1352 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1353 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1354 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1355 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1357 if (pi->fcs == L2CAP_FCS_CRC16) {
1358 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1359 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1362 err = l2cap_do_send(sk, tx_skb);
1364 l2cap_send_disconn_req(pi->conn, sk);
1372 static int l2cap_ertm_send(struct sock *sk)
1374 struct sk_buff *skb, *tx_skb;
1375 struct l2cap_pinfo *pi = l2cap_pi(sk);
1379 if (pi->conn_state & L2CAP_CONN_WAIT_F)
1382 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) &&
1383 !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) {
1385 if (pi->remote_max_tx &&
1386 bt_cb(skb)->retries == pi->remote_max_tx) {
1387 l2cap_send_disconn_req(pi->conn, sk);
1391 tx_skb = skb_clone(skb, GFP_ATOMIC);
1393 bt_cb(skb)->retries++;
1395 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1396 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1397 control |= L2CAP_CTRL_FINAL;
1398 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1400 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1401 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1402 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1405 if (pi->fcs == L2CAP_FCS_CRC16) {
1406 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1407 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1410 err = l2cap_do_send(sk, tx_skb);
1412 l2cap_send_disconn_req(pi->conn, sk);
1415 __mod_retrans_timer();
1417 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1418 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1420 pi->unacked_frames++;
1423 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1424 sk->sk_send_head = NULL;
1426 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1434 static int l2cap_send_ack(struct l2cap_pinfo *pi)
1436 struct sock *sk = (struct sock *)pi;
1439 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1441 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1442 control |= L2CAP_SUPER_RCV_NOT_READY;
1443 return l2cap_send_sframe(pi, control);
1444 } else if (l2cap_ertm_send(sk) == 0) {
1445 control |= L2CAP_SUPER_RCV_READY;
1446 return l2cap_send_sframe(pi, control);
1451 static int l2cap_send_srejtail(struct sock *sk)
1453 struct srej_list *tail;
1456 control = L2CAP_SUPER_SELECT_REJECT;
1457 control |= L2CAP_CTRL_FINAL;
1459 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list);
1460 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1462 l2cap_send_sframe(l2cap_pi(sk), control);
1467 static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1469 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1470 struct sk_buff **frag;
1473 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1480 /* Continuation fragments (no L2CAP header) */
1481 frag = &skb_shinfo(skb)->frag_list;
1483 count = min_t(unsigned int, conn->mtu, len);
1485 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1488 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1494 frag = &(*frag)->next;
1500 static struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1502 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1503 struct sk_buff *skb;
1504 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1505 struct l2cap_hdr *lh;
1507 BT_DBG("sk %p len %d", sk, (int)len);
1509 count = min_t(unsigned int, (conn->mtu - hlen), len);
1510 skb = bt_skb_send_alloc(sk, count + hlen,
1511 msg->msg_flags & MSG_DONTWAIT, &err);
1513 return ERR_PTR(-ENOMEM);
1515 /* Create L2CAP header */
1516 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1517 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1518 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1519 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1521 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1522 if (unlikely(err < 0)) {
1524 return ERR_PTR(err);
1529 static struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1531 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1532 struct sk_buff *skb;
1533 int err, count, hlen = L2CAP_HDR_SIZE;
1534 struct l2cap_hdr *lh;
1536 BT_DBG("sk %p len %d", sk, (int)len);
1538 count = min_t(unsigned int, (conn->mtu - hlen), len);
1539 skb = bt_skb_send_alloc(sk, count + hlen,
1540 msg->msg_flags & MSG_DONTWAIT, &err);
1542 return ERR_PTR(-ENOMEM);
1544 /* Create L2CAP header */
1545 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1546 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1547 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1549 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1550 if (unlikely(err < 0)) {
1552 return ERR_PTR(err);
1557 static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1559 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1560 struct sk_buff *skb;
1561 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1562 struct l2cap_hdr *lh;
1564 BT_DBG("sk %p len %d", sk, (int)len);
1569 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1572 count = min_t(unsigned int, (conn->mtu - hlen), len);
1573 skb = bt_skb_send_alloc(sk, count + hlen,
1574 msg->msg_flags & MSG_DONTWAIT, &err);
1576 return ERR_PTR(-ENOMEM);
1578 /* Create L2CAP header */
1579 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1580 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1581 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1582 put_unaligned_le16(control, skb_put(skb, 2));
1584 put_unaligned_le16(sdulen, skb_put(skb, 2));
1586 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1587 if (unlikely(err < 0)) {
1589 return ERR_PTR(err);
1592 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1593 put_unaligned_le16(0, skb_put(skb, 2));
1595 bt_cb(skb)->retries = 0;
1599 static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1601 struct l2cap_pinfo *pi = l2cap_pi(sk);
1602 struct sk_buff *skb;
1603 struct sk_buff_head sar_queue;
1607 __skb_queue_head_init(&sar_queue);
1608 control = L2CAP_SDU_START;
1609 skb = l2cap_create_iframe_pdu(sk, msg, pi->max_pdu_size, control, len);
1611 return PTR_ERR(skb);
1613 __skb_queue_tail(&sar_queue, skb);
1614 len -= pi->max_pdu_size;
1615 size +=pi->max_pdu_size;
1621 if (len > pi->max_pdu_size) {
1622 control |= L2CAP_SDU_CONTINUE;
1623 buflen = pi->max_pdu_size;
1625 control |= L2CAP_SDU_END;
1629 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
1631 skb_queue_purge(&sar_queue);
1632 return PTR_ERR(skb);
1635 __skb_queue_tail(&sar_queue, skb);
1640 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1641 if (sk->sk_send_head == NULL)
1642 sk->sk_send_head = sar_queue.next;
1647 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1649 struct sock *sk = sock->sk;
1650 struct l2cap_pinfo *pi = l2cap_pi(sk);
1651 struct sk_buff *skb;
1655 BT_DBG("sock %p, sk %p", sock, sk);
1657 err = sock_error(sk);
1661 if (msg->msg_flags & MSG_OOB)
1666 if (sk->sk_state != BT_CONNECTED) {
1671 /* Connectionless channel */
1672 if (sk->sk_type == SOCK_DGRAM) {
1673 skb = l2cap_create_connless_pdu(sk, msg, len);
1677 err = l2cap_do_send(sk, skb);
1682 case L2CAP_MODE_BASIC:
1683 /* Check outgoing MTU */
1684 if (len > pi->omtu) {
1689 /* Create a basic PDU */
1690 skb = l2cap_create_basic_pdu(sk, msg, len);
1696 err = l2cap_do_send(sk, skb);
1701 case L2CAP_MODE_ERTM:
1702 case L2CAP_MODE_STREAMING:
1703 /* Entire SDU fits into one PDU */
1704 if (len <= pi->max_pdu_size) {
1705 control = L2CAP_SDU_UNSEGMENTED;
1706 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1711 __skb_queue_tail(TX_QUEUE(sk), skb);
1712 if (sk->sk_send_head == NULL)
1713 sk->sk_send_head = skb;
1715 /* Segment SDU into multiples PDUs */
1716 err = l2cap_sar_segment_sdu(sk, msg, len);
1721 if (pi->mode == L2CAP_MODE_STREAMING)
1722 err = l2cap_streaming_send(sk);
1724 err = l2cap_ertm_send(sk);
1731 BT_DBG("bad state %1.1x", pi->mode);
1740 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1742 struct sock *sk = sock->sk;
1746 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1747 struct l2cap_conn_rsp rsp;
1749 sk->sk_state = BT_CONFIG;
1751 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1752 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1753 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1754 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1755 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1756 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1764 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1767 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
1769 struct sock *sk = sock->sk;
1770 struct l2cap_options opts;
1774 BT_DBG("sk %p", sk);
1780 opts.imtu = l2cap_pi(sk)->imtu;
1781 opts.omtu = l2cap_pi(sk)->omtu;
1782 opts.flush_to = l2cap_pi(sk)->flush_to;
1783 opts.mode = l2cap_pi(sk)->mode;
1784 opts.fcs = l2cap_pi(sk)->fcs;
1786 len = min_t(unsigned int, sizeof(opts), optlen);
1787 if (copy_from_user((char *) &opts, optval, len)) {
1792 l2cap_pi(sk)->imtu = opts.imtu;
1793 l2cap_pi(sk)->omtu = opts.omtu;
1794 l2cap_pi(sk)->mode = opts.mode;
1795 l2cap_pi(sk)->fcs = opts.fcs;
1799 if (get_user(opt, (u32 __user *) optval)) {
1804 if (opt & L2CAP_LM_AUTH)
1805 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1806 if (opt & L2CAP_LM_ENCRYPT)
1807 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1808 if (opt & L2CAP_LM_SECURE)
1809 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1811 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1812 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1824 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
1826 struct sock *sk = sock->sk;
1827 struct bt_security sec;
1831 BT_DBG("sk %p", sk);
1833 if (level == SOL_L2CAP)
1834 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1836 if (level != SOL_BLUETOOTH)
1837 return -ENOPROTOOPT;
1843 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1848 sec.level = BT_SECURITY_LOW;
1850 len = min_t(unsigned int, sizeof(sec), optlen);
1851 if (copy_from_user((char *) &sec, optval, len)) {
1856 if (sec.level < BT_SECURITY_LOW ||
1857 sec.level > BT_SECURITY_HIGH) {
1862 l2cap_pi(sk)->sec_level = sec.level;
1865 case BT_DEFER_SETUP:
1866 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1871 if (get_user(opt, (u32 __user *) optval)) {
1876 bt_sk(sk)->defer_setup = opt;
1888 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1890 struct sock *sk = sock->sk;
1891 struct l2cap_options opts;
1892 struct l2cap_conninfo cinfo;
1896 BT_DBG("sk %p", sk);
1898 if (get_user(len, optlen))
1905 opts.imtu = l2cap_pi(sk)->imtu;
1906 opts.omtu = l2cap_pi(sk)->omtu;
1907 opts.flush_to = l2cap_pi(sk)->flush_to;
1908 opts.mode = l2cap_pi(sk)->mode;
1909 opts.fcs = l2cap_pi(sk)->fcs;
1911 len = min_t(unsigned int, len, sizeof(opts));
1912 if (copy_to_user(optval, (char *) &opts, len))
1918 switch (l2cap_pi(sk)->sec_level) {
1919 case BT_SECURITY_LOW:
1920 opt = L2CAP_LM_AUTH;
1922 case BT_SECURITY_MEDIUM:
1923 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1925 case BT_SECURITY_HIGH:
1926 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1934 if (l2cap_pi(sk)->role_switch)
1935 opt |= L2CAP_LM_MASTER;
1937 if (l2cap_pi(sk)->force_reliable)
1938 opt |= L2CAP_LM_RELIABLE;
1940 if (put_user(opt, (u32 __user *) optval))
1944 case L2CAP_CONNINFO:
1945 if (sk->sk_state != BT_CONNECTED &&
1946 !(sk->sk_state == BT_CONNECT2 &&
1947 bt_sk(sk)->defer_setup)) {
1952 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1953 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1955 len = min_t(unsigned int, len, sizeof(cinfo));
1956 if (copy_to_user(optval, (char *) &cinfo, len))
1970 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1972 struct sock *sk = sock->sk;
1973 struct bt_security sec;
1976 BT_DBG("sk %p", sk);
1978 if (level == SOL_L2CAP)
1979 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1981 if (level != SOL_BLUETOOTH)
1982 return -ENOPROTOOPT;
1984 if (get_user(len, optlen))
1991 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1996 sec.level = l2cap_pi(sk)->sec_level;
1998 len = min_t(unsigned int, len, sizeof(sec));
1999 if (copy_to_user(optval, (char *) &sec, len))
2004 case BT_DEFER_SETUP:
2005 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
2010 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
2024 static int l2cap_sock_shutdown(struct socket *sock, int how)
2026 struct sock *sk = sock->sk;
2029 BT_DBG("sock %p, sk %p", sock, sk);
2035 if (!sk->sk_shutdown) {
2036 sk->sk_shutdown = SHUTDOWN_MASK;
2037 l2cap_sock_clear_timer(sk);
2038 __l2cap_sock_close(sk, 0);
2040 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
2041 err = bt_sock_wait_state(sk, BT_CLOSED,
2048 static int l2cap_sock_release(struct socket *sock)
2050 struct sock *sk = sock->sk;
2053 BT_DBG("sock %p, sk %p", sock, sk);
2058 err = l2cap_sock_shutdown(sock, 2);
2061 l2cap_sock_kill(sk);
2065 static void l2cap_chan_ready(struct sock *sk)
2067 struct sock *parent = bt_sk(sk)->parent;
2069 BT_DBG("sk %p, parent %p", sk, parent);
2071 l2cap_pi(sk)->conf_state = 0;
2072 l2cap_sock_clear_timer(sk);
2075 /* Outgoing channel.
2076 * Wake up socket sleeping on connect.
2078 sk->sk_state = BT_CONNECTED;
2079 sk->sk_state_change(sk);
2081 /* Incoming channel.
2082 * Wake up socket sleeping on accept.
2084 parent->sk_data_ready(parent, 0);
2088 /* Copy frame to all raw sockets on that connection */
2089 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2091 struct l2cap_chan_list *l = &conn->chan_list;
2092 struct sk_buff *nskb;
2095 BT_DBG("conn %p", conn);
2097 read_lock(&l->lock);
2098 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2099 if (sk->sk_type != SOCK_RAW)
2102 /* Don't send frame to the socket it came from */
2105 nskb = skb_clone(skb, GFP_ATOMIC);
2109 if (sock_queue_rcv_skb(sk, nskb))
2112 read_unlock(&l->lock);
2115 /* ---- L2CAP signalling commands ---- */
2116 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2117 u8 code, u8 ident, u16 dlen, void *data)
2119 struct sk_buff *skb, **frag;
2120 struct l2cap_cmd_hdr *cmd;
2121 struct l2cap_hdr *lh;
2124 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2125 conn, code, ident, dlen);
2127 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2128 count = min_t(unsigned int, conn->mtu, len);
2130 skb = bt_skb_alloc(count, GFP_ATOMIC);
2134 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
2135 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
2136 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
2138 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2141 cmd->len = cpu_to_le16(dlen);
2144 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2145 memcpy(skb_put(skb, count), data, count);
2151 /* Continuation fragments (no L2CAP header) */
2152 frag = &skb_shinfo(skb)->frag_list;
2154 count = min_t(unsigned int, conn->mtu, len);
2156 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2160 memcpy(skb_put(*frag, count), data, count);
2165 frag = &(*frag)->next;
2175 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2177 struct l2cap_conf_opt *opt = *ptr;
2180 len = L2CAP_CONF_OPT_SIZE + opt->len;
2188 *val = *((u8 *) opt->val);
2192 *val = __le16_to_cpu(*((__le16 *) opt->val));
2196 *val = __le32_to_cpu(*((__le32 *) opt->val));
2200 *val = (unsigned long) opt->val;
2204 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2208 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2210 struct l2cap_conf_opt *opt = *ptr;
2212 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2219 *((u8 *) opt->val) = val;
2223 *((__le16 *) opt->val) = cpu_to_le16(val);
2227 *((__le32 *) opt->val) = cpu_to_le32(val);
2231 memcpy(opt->val, (void *) val, len);
2235 *ptr += L2CAP_CONF_OPT_SIZE + len;
2238 static void l2cap_ack_timeout(unsigned long arg)
2240 struct sock *sk = (void *) arg;
2243 l2cap_send_ack(l2cap_pi(sk));
2247 static inline void l2cap_ertm_init(struct sock *sk)
2249 l2cap_pi(sk)->expected_ack_seq = 0;
2250 l2cap_pi(sk)->unacked_frames = 0;
2251 l2cap_pi(sk)->buffer_seq = 0;
2252 l2cap_pi(sk)->num_to_ack = 0;
2253 l2cap_pi(sk)->frames_sent = 0;
2255 setup_timer(&l2cap_pi(sk)->retrans_timer,
2256 l2cap_retrans_timeout, (unsigned long) sk);
2257 setup_timer(&l2cap_pi(sk)->monitor_timer,
2258 l2cap_monitor_timeout, (unsigned long) sk);
2259 setup_timer(&l2cap_pi(sk)->ack_timer,
2260 l2cap_ack_timeout, (unsigned long) sk);
2262 __skb_queue_head_init(SREJ_QUEUE(sk));
2265 static int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
2267 u32 local_feat_mask = l2cap_feat_mask;
2269 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
2272 case L2CAP_MODE_ERTM:
2273 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
2274 case L2CAP_MODE_STREAMING:
2275 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
2281 static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2284 case L2CAP_MODE_STREAMING:
2285 case L2CAP_MODE_ERTM:
2286 if (l2cap_mode_supported(mode, remote_feat_mask))
2290 return L2CAP_MODE_BASIC;
2294 static int l2cap_build_conf_req(struct sock *sk, void *data)
2296 struct l2cap_pinfo *pi = l2cap_pi(sk);
2297 struct l2cap_conf_req *req = data;
2298 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2299 void *ptr = req->data;
2301 BT_DBG("sk %p", sk);
2303 if (pi->num_conf_req || pi->num_conf_rsp)
2307 case L2CAP_MODE_STREAMING:
2308 case L2CAP_MODE_ERTM:
2309 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
2310 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
2311 l2cap_send_disconn_req(pi->conn, sk);
2314 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2320 case L2CAP_MODE_BASIC:
2321 if (pi->imtu != L2CAP_DEFAULT_MTU)
2322 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2325 case L2CAP_MODE_ERTM:
2326 rfc.mode = L2CAP_MODE_ERTM;
2327 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
2328 rfc.max_transmit = max_transmit;
2329 rfc.retrans_timeout = 0;
2330 rfc.monitor_timeout = 0;
2331 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2332 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2333 rfc.max_pdu_size = pi->conn->mtu - 10;
2335 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2336 sizeof(rfc), (unsigned long) &rfc);
2338 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2341 if (pi->fcs == L2CAP_FCS_NONE ||
2342 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2343 pi->fcs = L2CAP_FCS_NONE;
2344 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2348 case L2CAP_MODE_STREAMING:
2349 rfc.mode = L2CAP_MODE_STREAMING;
2351 rfc.max_transmit = 0;
2352 rfc.retrans_timeout = 0;
2353 rfc.monitor_timeout = 0;
2354 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2355 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2356 rfc.max_pdu_size = pi->conn->mtu - 10;
2358 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2359 sizeof(rfc), (unsigned long) &rfc);
2361 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2364 if (pi->fcs == L2CAP_FCS_NONE ||
2365 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2366 pi->fcs = L2CAP_FCS_NONE;
2367 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2372 /* FIXME: Need actual value of the flush timeout */
2373 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
2374 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
2376 req->dcid = cpu_to_le16(pi->dcid);
2377 req->flags = cpu_to_le16(0);
2382 static int l2cap_parse_conf_req(struct sock *sk, void *data)
2384 struct l2cap_pinfo *pi = l2cap_pi(sk);
2385 struct l2cap_conf_rsp *rsp = data;
2386 void *ptr = rsp->data;
2387 void *req = pi->conf_req;
2388 int len = pi->conf_len;
2389 int type, hint, olen;
2391 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2392 u16 mtu = L2CAP_DEFAULT_MTU;
2393 u16 result = L2CAP_CONF_SUCCESS;
2395 BT_DBG("sk %p", sk);
2397 while (len >= L2CAP_CONF_OPT_SIZE) {
2398 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
2400 hint = type & L2CAP_CONF_HINT;
2401 type &= L2CAP_CONF_MASK;
2404 case L2CAP_CONF_MTU:
2408 case L2CAP_CONF_FLUSH_TO:
2412 case L2CAP_CONF_QOS:
2415 case L2CAP_CONF_RFC:
2416 if (olen == sizeof(rfc))
2417 memcpy(&rfc, (void *) val, olen);
2420 case L2CAP_CONF_FCS:
2421 if (val == L2CAP_FCS_NONE)
2422 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
2430 result = L2CAP_CONF_UNKNOWN;
2431 *((u8 *) ptr++) = type;
2436 if (pi->num_conf_rsp || pi->num_conf_req)
2440 case L2CAP_MODE_STREAMING:
2441 case L2CAP_MODE_ERTM:
2442 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
2443 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
2444 return -ECONNREFUSED;
2447 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2452 if (pi->mode != rfc.mode) {
2453 result = L2CAP_CONF_UNACCEPT;
2454 rfc.mode = pi->mode;
2456 if (pi->num_conf_rsp == 1)
2457 return -ECONNREFUSED;
2459 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2460 sizeof(rfc), (unsigned long) &rfc);
2464 if (result == L2CAP_CONF_SUCCESS) {
2465 /* Configure output options and let the other side know
2466 * which ones we don't like. */
2468 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2469 result = L2CAP_CONF_UNACCEPT;
2472 pi->conf_state |= L2CAP_CONF_MTU_DONE;
2474 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2477 case L2CAP_MODE_BASIC:
2478 pi->fcs = L2CAP_FCS_NONE;
2479 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2482 case L2CAP_MODE_ERTM:
2483 pi->remote_tx_win = rfc.txwin_size;
2484 pi->remote_max_tx = rfc.max_transmit;
2485 pi->max_pdu_size = rfc.max_pdu_size;
2487 rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
2488 rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
2490 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2492 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2493 sizeof(rfc), (unsigned long) &rfc);
2497 case L2CAP_MODE_STREAMING:
2498 pi->max_pdu_size = rfc.max_pdu_size;
2500 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2502 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2503 sizeof(rfc), (unsigned long) &rfc);
2508 result = L2CAP_CONF_UNACCEPT;
2510 memset(&rfc, 0, sizeof(rfc));
2511 rfc.mode = pi->mode;
2514 if (result == L2CAP_CONF_SUCCESS)
2515 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
2517 rsp->scid = cpu_to_le16(pi->dcid);
2518 rsp->result = cpu_to_le16(result);
2519 rsp->flags = cpu_to_le16(0x0000);
2524 static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
2526 struct l2cap_pinfo *pi = l2cap_pi(sk);
2527 struct l2cap_conf_req *req = data;
2528 void *ptr = req->data;
2531 struct l2cap_conf_rfc rfc;
2533 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
2535 while (len >= L2CAP_CONF_OPT_SIZE) {
2536 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2539 case L2CAP_CONF_MTU:
2540 if (val < L2CAP_DEFAULT_MIN_MTU) {
2541 *result = L2CAP_CONF_UNACCEPT;
2542 pi->omtu = L2CAP_DEFAULT_MIN_MTU;
2545 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2548 case L2CAP_CONF_FLUSH_TO:
2550 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2554 case L2CAP_CONF_RFC:
2555 if (olen == sizeof(rfc))
2556 memcpy(&rfc, (void *)val, olen);
2558 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2559 rfc.mode != pi->mode)
2560 return -ECONNREFUSED;
2562 pi->mode = rfc.mode;
2565 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2566 sizeof(rfc), (unsigned long) &rfc);
2571 if (*result == L2CAP_CONF_SUCCESS) {
2573 case L2CAP_MODE_ERTM:
2574 pi->remote_tx_win = rfc.txwin_size;
2575 pi->retrans_timeout = rfc.retrans_timeout;
2576 pi->monitor_timeout = rfc.monitor_timeout;
2577 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2579 case L2CAP_MODE_STREAMING:
2580 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2585 req->dcid = cpu_to_le16(pi->dcid);
2586 req->flags = cpu_to_le16(0x0000);
2591 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
2593 struct l2cap_conf_rsp *rsp = data;
2594 void *ptr = rsp->data;
2596 BT_DBG("sk %p", sk);
2598 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2599 rsp->result = cpu_to_le16(result);
2600 rsp->flags = cpu_to_le16(flags);
2605 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2607 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2609 if (rej->reason != 0x0000)
2612 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2613 cmd->ident == conn->info_ident) {
2614 del_timer(&conn->info_timer);
2616 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2617 conn->info_ident = 0;
2619 l2cap_conn_start(conn);
2625 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2627 struct l2cap_chan_list *list = &conn->chan_list;
2628 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2629 struct l2cap_conn_rsp rsp;
2630 struct sock *sk, *parent;
2631 int result, status = L2CAP_CS_NO_INFO;
2633 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
2634 __le16 psm = req->psm;
2636 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2638 /* Check if we have socket listening on psm */
2639 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
2641 result = L2CAP_CR_BAD_PSM;
2645 /* Check if the ACL is secure enough (if not SDP) */
2646 if (psm != cpu_to_le16(0x0001) &&
2647 !hci_conn_check_link_mode(conn->hcon)) {
2648 conn->disc_reason = 0x05;
2649 result = L2CAP_CR_SEC_BLOCK;
2653 result = L2CAP_CR_NO_MEM;
2655 /* Check for backlog size */
2656 if (sk_acceptq_is_full(parent)) {
2657 BT_DBG("backlog full %d", parent->sk_ack_backlog);
2661 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
2665 write_lock_bh(&list->lock);
2667 /* Check if we already have channel with that dcid */
2668 if (__l2cap_get_chan_by_dcid(list, scid)) {
2669 write_unlock_bh(&list->lock);
2670 sock_set_flag(sk, SOCK_ZAPPED);
2671 l2cap_sock_kill(sk);
2675 hci_conn_hold(conn->hcon);
2677 l2cap_sock_init(sk, parent);
2678 bacpy(&bt_sk(sk)->src, conn->src);
2679 bacpy(&bt_sk(sk)->dst, conn->dst);
2680 l2cap_pi(sk)->psm = psm;
2681 l2cap_pi(sk)->dcid = scid;
2683 __l2cap_chan_add(conn, sk, parent);
2684 dcid = l2cap_pi(sk)->scid;
2686 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2688 l2cap_pi(sk)->ident = cmd->ident;
2690 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2691 if (l2cap_check_security(sk)) {
2692 if (bt_sk(sk)->defer_setup) {
2693 sk->sk_state = BT_CONNECT2;
2694 result = L2CAP_CR_PEND;
2695 status = L2CAP_CS_AUTHOR_PEND;
2696 parent->sk_data_ready(parent, 0);
2698 sk->sk_state = BT_CONFIG;
2699 result = L2CAP_CR_SUCCESS;
2700 status = L2CAP_CS_NO_INFO;
2703 sk->sk_state = BT_CONNECT2;
2704 result = L2CAP_CR_PEND;
2705 status = L2CAP_CS_AUTHEN_PEND;
2708 sk->sk_state = BT_CONNECT2;
2709 result = L2CAP_CR_PEND;
2710 status = L2CAP_CS_NO_INFO;
2713 write_unlock_bh(&list->lock);
2716 bh_unlock_sock(parent);
2719 rsp.scid = cpu_to_le16(scid);
2720 rsp.dcid = cpu_to_le16(dcid);
2721 rsp.result = cpu_to_le16(result);
2722 rsp.status = cpu_to_le16(status);
2723 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2725 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2726 struct l2cap_info_req info;
2727 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2729 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2730 conn->info_ident = l2cap_get_ident(conn);
2732 mod_timer(&conn->info_timer, jiffies +
2733 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2735 l2cap_send_cmd(conn, conn->info_ident,
2736 L2CAP_INFO_REQ, sizeof(info), &info);
2742 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2744 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2745 u16 scid, dcid, result, status;
2749 scid = __le16_to_cpu(rsp->scid);
2750 dcid = __le16_to_cpu(rsp->dcid);
2751 result = __le16_to_cpu(rsp->result);
2752 status = __le16_to_cpu(rsp->status);
2754 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2757 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2761 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
2767 case L2CAP_CR_SUCCESS:
2768 sk->sk_state = BT_CONFIG;
2769 l2cap_pi(sk)->ident = 0;
2770 l2cap_pi(sk)->dcid = dcid;
2771 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2773 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2775 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2776 l2cap_build_conf_req(sk, req), req);
2777 l2cap_pi(sk)->num_conf_req++;
2781 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
2785 l2cap_chan_del(sk, ECONNREFUSED);
2793 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2795 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2801 dcid = __le16_to_cpu(req->dcid);
2802 flags = __le16_to_cpu(req->flags);
2804 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2806 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2810 if (sk->sk_state == BT_DISCONN)
2813 /* Reject if config buffer is too small. */
2814 len = cmd_len - sizeof(*req);
2815 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2816 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2817 l2cap_build_conf_rsp(sk, rsp,
2818 L2CAP_CONF_REJECT, flags), rsp);
2823 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2824 l2cap_pi(sk)->conf_len += len;
2826 if (flags & 0x0001) {
2827 /* Incomplete config. Send empty response. */
2828 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2829 l2cap_build_conf_rsp(sk, rsp,
2830 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2834 /* Complete config. */
2835 len = l2cap_parse_conf_req(sk, rsp);
2837 l2cap_send_disconn_req(conn, sk);
2841 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2842 l2cap_pi(sk)->num_conf_rsp++;
2844 /* Reset config buffer. */
2845 l2cap_pi(sk)->conf_len = 0;
2847 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2850 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2851 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
2852 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2853 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2855 sk->sk_state = BT_CONNECTED;
2857 l2cap_pi(sk)->next_tx_seq = 0;
2858 l2cap_pi(sk)->expected_tx_seq = 0;
2859 __skb_queue_head_init(TX_QUEUE(sk));
2860 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2861 l2cap_ertm_init(sk);
2863 l2cap_chan_ready(sk);
2867 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2869 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2870 l2cap_build_conf_req(sk, buf), buf);
2871 l2cap_pi(sk)->num_conf_req++;
2879 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2881 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2882 u16 scid, flags, result;
2885 scid = __le16_to_cpu(rsp->scid);
2886 flags = __le16_to_cpu(rsp->flags);
2887 result = __le16_to_cpu(rsp->result);
2889 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2890 scid, flags, result);
2892 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2897 case L2CAP_CONF_SUCCESS:
2900 case L2CAP_CONF_UNACCEPT:
2901 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2902 int len = cmd->len - sizeof(*rsp);
2905 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
2906 l2cap_send_disconn_req(conn, sk);
2910 /* throw out any old stored conf requests */
2911 result = L2CAP_CONF_SUCCESS;
2912 len = l2cap_parse_conf_rsp(sk, rsp->data,
2915 l2cap_send_disconn_req(conn, sk);
2919 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2920 L2CAP_CONF_REQ, len, req);
2921 l2cap_pi(sk)->num_conf_req++;
2922 if (result != L2CAP_CONF_SUCCESS)
2928 sk->sk_state = BT_DISCONN;
2929 sk->sk_err = ECONNRESET;
2930 l2cap_sock_set_timer(sk, HZ * 5);
2931 l2cap_send_disconn_req(conn, sk);
2938 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2940 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2941 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
2942 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2943 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2945 sk->sk_state = BT_CONNECTED;
2946 l2cap_pi(sk)->next_tx_seq = 0;
2947 l2cap_pi(sk)->expected_tx_seq = 0;
2948 __skb_queue_head_init(TX_QUEUE(sk));
2949 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2950 l2cap_ertm_init(sk);
2952 l2cap_chan_ready(sk);
2960 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2962 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2963 struct l2cap_disconn_rsp rsp;
2967 scid = __le16_to_cpu(req->scid);
2968 dcid = __le16_to_cpu(req->dcid);
2970 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2972 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2976 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2977 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2978 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2980 sk->sk_shutdown = SHUTDOWN_MASK;
2982 skb_queue_purge(TX_QUEUE(sk));
2984 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
2985 skb_queue_purge(SREJ_QUEUE(sk));
2986 del_timer(&l2cap_pi(sk)->retrans_timer);
2987 del_timer(&l2cap_pi(sk)->monitor_timer);
2988 del_timer(&l2cap_pi(sk)->ack_timer);
2991 l2cap_chan_del(sk, ECONNRESET);
2994 l2cap_sock_kill(sk);
2998 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3000 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3004 scid = __le16_to_cpu(rsp->scid);
3005 dcid = __le16_to_cpu(rsp->dcid);
3007 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3009 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3013 skb_queue_purge(TX_QUEUE(sk));
3015 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
3016 skb_queue_purge(SREJ_QUEUE(sk));
3017 del_timer(&l2cap_pi(sk)->retrans_timer);
3018 del_timer(&l2cap_pi(sk)->monitor_timer);
3019 del_timer(&l2cap_pi(sk)->ack_timer);
3022 l2cap_chan_del(sk, 0);
3025 l2cap_sock_kill(sk);
3029 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3031 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
3034 type = __le16_to_cpu(req->type);
3036 BT_DBG("type 0x%4.4x", type);
3038 if (type == L2CAP_IT_FEAT_MASK) {
3040 u32 feat_mask = l2cap_feat_mask;
3041 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3042 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3043 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3045 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3047 put_unaligned_le32(feat_mask, rsp->data);
3048 l2cap_send_cmd(conn, cmd->ident,
3049 L2CAP_INFO_RSP, sizeof(buf), buf);
3050 } else if (type == L2CAP_IT_FIXED_CHAN) {
3052 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3053 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3054 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3055 memcpy(buf + 4, l2cap_fixed_chan, 8);
3056 l2cap_send_cmd(conn, cmd->ident,
3057 L2CAP_INFO_RSP, sizeof(buf), buf);
3059 struct l2cap_info_rsp rsp;
3060 rsp.type = cpu_to_le16(type);
3061 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3062 l2cap_send_cmd(conn, cmd->ident,
3063 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3069 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3071 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3074 type = __le16_to_cpu(rsp->type);
3075 result = __le16_to_cpu(rsp->result);
3077 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3079 del_timer(&conn->info_timer);
3081 if (type == L2CAP_IT_FEAT_MASK) {
3082 conn->feat_mask = get_unaligned_le32(rsp->data);
3084 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
3085 struct l2cap_info_req req;
3086 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3088 conn->info_ident = l2cap_get_ident(conn);
3090 l2cap_send_cmd(conn, conn->info_ident,
3091 L2CAP_INFO_REQ, sizeof(req), &req);
3093 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3094 conn->info_ident = 0;
3096 l2cap_conn_start(conn);
3098 } else if (type == L2CAP_IT_FIXED_CHAN) {
3099 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3100 conn->info_ident = 0;
3102 l2cap_conn_start(conn);
3108 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
3110 u8 *data = skb->data;
3112 struct l2cap_cmd_hdr cmd;
3115 l2cap_raw_recv(conn, skb);
3117 while (len >= L2CAP_CMD_HDR_SIZE) {
3119 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3120 data += L2CAP_CMD_HDR_SIZE;
3121 len -= L2CAP_CMD_HDR_SIZE;
3123 cmd_len = le16_to_cpu(cmd.len);
3125 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
3127 if (cmd_len > len || !cmd.ident) {
3128 BT_DBG("corrupted command");
3133 case L2CAP_COMMAND_REJ:
3134 l2cap_command_rej(conn, &cmd, data);
3137 case L2CAP_CONN_REQ:
3138 err = l2cap_connect_req(conn, &cmd, data);
3141 case L2CAP_CONN_RSP:
3142 err = l2cap_connect_rsp(conn, &cmd, data);
3145 case L2CAP_CONF_REQ:
3146 err = l2cap_config_req(conn, &cmd, cmd_len, data);
3149 case L2CAP_CONF_RSP:
3150 err = l2cap_config_rsp(conn, &cmd, data);
3153 case L2CAP_DISCONN_REQ:
3154 err = l2cap_disconnect_req(conn, &cmd, data);
3157 case L2CAP_DISCONN_RSP:
3158 err = l2cap_disconnect_rsp(conn, &cmd, data);
3161 case L2CAP_ECHO_REQ:
3162 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
3165 case L2CAP_ECHO_RSP:
3168 case L2CAP_INFO_REQ:
3169 err = l2cap_information_req(conn, &cmd, data);
3172 case L2CAP_INFO_RSP:
3173 err = l2cap_information_rsp(conn, &cmd, data);
3177 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
3183 struct l2cap_cmd_rej rej;
3184 BT_DBG("error %d", err);
3186 /* FIXME: Map err to a valid reason */
3187 rej.reason = cpu_to_le16(0);
3188 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3198 static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3200 u16 our_fcs, rcv_fcs;
3201 int hdr_size = L2CAP_HDR_SIZE + 2;
3203 if (pi->fcs == L2CAP_FCS_CRC16) {
3204 skb_trim(skb, skb->len - 2);
3205 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3206 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3208 if (our_fcs != rcv_fcs)
3214 static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
3216 struct l2cap_pinfo *pi = l2cap_pi(sk);
3219 pi->frames_sent = 0;
3220 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
3222 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3224 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3225 control |= L2CAP_SUPER_RCV_NOT_READY | L2CAP_CTRL_FINAL;
3226 l2cap_send_sframe(pi, control);
3227 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
3230 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY && pi->unacked_frames > 0)
3231 __mod_retrans_timer();
3233 l2cap_ertm_send(sk);
3235 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
3236 pi->frames_sent == 0) {
3237 control |= L2CAP_SUPER_RCV_READY;
3238 l2cap_send_sframe(pi, control);
3242 static void l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3244 struct sk_buff *next_skb;
3246 bt_cb(skb)->tx_seq = tx_seq;
3247 bt_cb(skb)->sar = sar;
3249 next_skb = skb_peek(SREJ_QUEUE(sk));
3251 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3256 if (bt_cb(next_skb)->tx_seq > tx_seq) {
3257 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3261 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3264 } while((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3266 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3269 static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3271 struct l2cap_pinfo *pi = l2cap_pi(sk);
3272 struct sk_buff *_skb;
3275 switch (control & L2CAP_CTRL_SAR) {
3276 case L2CAP_SDU_UNSEGMENTED:
3277 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3282 err = sock_queue_rcv_skb(sk, skb);
3288 case L2CAP_SDU_START:
3289 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3294 pi->sdu_len = get_unaligned_le16(skb->data);
3297 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3303 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3305 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3306 pi->partial_sdu_len = skb->len;
3310 case L2CAP_SDU_CONTINUE:
3311 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3314 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3316 pi->partial_sdu_len += skb->len;
3317 if (pi->partial_sdu_len > pi->sdu_len)
3325 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3328 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3330 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3331 pi->partial_sdu_len += skb->len;
3333 if (pi->partial_sdu_len > pi->imtu)
3336 if (pi->partial_sdu_len == pi->sdu_len) {
3337 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3338 err = sock_queue_rcv_skb(sk, _skb);
3353 static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3355 struct sk_buff *skb;
3358 while((skb = skb_peek(SREJ_QUEUE(sk)))) {
3359 if (bt_cb(skb)->tx_seq != tx_seq)
3362 skb = skb_dequeue(SREJ_QUEUE(sk));
3363 control |= bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3364 l2cap_sar_reassembly_sdu(sk, skb, control);
3365 l2cap_pi(sk)->buffer_seq_srej =
3366 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3371 static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3373 struct l2cap_pinfo *pi = l2cap_pi(sk);
3374 struct srej_list *l, *tmp;
3377 list_for_each_entry_safe(l,tmp, SREJ_LIST(sk), list) {
3378 if (l->tx_seq == tx_seq) {
3383 control = L2CAP_SUPER_SELECT_REJECT;
3384 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3385 l2cap_send_sframe(pi, control);
3387 list_add_tail(&l->list, SREJ_LIST(sk));
3391 static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3393 struct l2cap_pinfo *pi = l2cap_pi(sk);
3394 struct srej_list *new;
3397 while (tx_seq != pi->expected_tx_seq) {
3398 control = L2CAP_SUPER_SELECT_REJECT;
3399 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3400 l2cap_send_sframe(pi, control);
3402 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3403 new->tx_seq = pi->expected_tx_seq++;
3404 list_add_tail(&new->list, SREJ_LIST(sk));
3406 pi->expected_tx_seq++;
3409 static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3411 struct l2cap_pinfo *pi = l2cap_pi(sk);
3412 u8 tx_seq = __get_txseq(rx_control);
3413 u8 req_seq = __get_reqseq(rx_control);
3414 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3417 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3419 if (L2CAP_CTRL_FINAL & rx_control) {
3420 del_timer(&pi->monitor_timer);
3421 if (pi->unacked_frames > 0)
3422 __mod_retrans_timer();
3423 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3426 pi->expected_ack_seq = req_seq;
3427 l2cap_drop_acked_frames(sk);
3429 if (tx_seq == pi->expected_tx_seq)
3432 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3433 struct srej_list *first;
3435 first = list_first_entry(SREJ_LIST(sk),
3436 struct srej_list, list);
3437 if (tx_seq == first->tx_seq) {
3438 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3439 l2cap_check_srej_gap(sk, tx_seq);
3441 list_del(&first->list);
3444 if (list_empty(SREJ_LIST(sk))) {
3445 pi->buffer_seq = pi->buffer_seq_srej;
3446 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3449 struct srej_list *l;
3450 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3452 list_for_each_entry(l, SREJ_LIST(sk), list) {
3453 if (l->tx_seq == tx_seq) {
3454 l2cap_resend_srejframe(sk, tx_seq);
3458 l2cap_send_srejframe(sk, tx_seq);
3461 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
3463 INIT_LIST_HEAD(SREJ_LIST(sk));
3464 pi->buffer_seq_srej = pi->buffer_seq;
3466 __skb_queue_head_init(SREJ_QUEUE(sk));
3467 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3469 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
3471 l2cap_send_srejframe(sk, tx_seq);
3476 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3478 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3479 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3483 if (rx_control & L2CAP_CTRL_FINAL) {
3484 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3485 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3487 sk->sk_send_head = TX_QUEUE(sk)->next;
3488 pi->next_tx_seq = pi->expected_ack_seq;
3489 l2cap_ertm_send(sk);
3493 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3495 err = l2cap_sar_reassembly_sdu(sk, skb, rx_control);
3501 pi->num_to_ack = (pi->num_to_ack + 1) % L2CAP_DEFAULT_NUM_TO_ACK;
3502 if (pi->num_to_ack == L2CAP_DEFAULT_NUM_TO_ACK - 1)
3508 static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
3510 struct l2cap_pinfo *pi = l2cap_pi(sk);
3512 pi->expected_ack_seq = __get_reqseq(rx_control);
3513 l2cap_drop_acked_frames(sk);
3515 if (rx_control & L2CAP_CTRL_POLL) {
3516 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3517 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3518 (pi->unacked_frames > 0))
3519 __mod_retrans_timer();
3521 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3522 l2cap_send_srejtail(sk);
3524 l2cap_send_i_or_rr_or_rnr(sk);
3525 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3528 } else if (rx_control & L2CAP_CTRL_FINAL) {
3529 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3531 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3532 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3534 sk->sk_send_head = TX_QUEUE(sk)->next;
3535 pi->next_tx_seq = pi->expected_ack_seq;
3536 l2cap_ertm_send(sk);
3540 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3541 (pi->unacked_frames > 0))
3542 __mod_retrans_timer();
3544 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3545 if (pi->conn_state & L2CAP_CONN_SREJ_SENT)
3548 l2cap_ertm_send(sk);
3552 static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
3554 struct l2cap_pinfo *pi = l2cap_pi(sk);
3555 u8 tx_seq = __get_reqseq(rx_control);
3557 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3559 pi->expected_ack_seq = tx_seq;
3560 l2cap_drop_acked_frames(sk);
3562 if (rx_control & L2CAP_CTRL_FINAL) {
3563 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3564 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3566 sk->sk_send_head = TX_QUEUE(sk)->next;
3567 pi->next_tx_seq = pi->expected_ack_seq;
3568 l2cap_ertm_send(sk);
3571 sk->sk_send_head = TX_QUEUE(sk)->next;
3572 pi->next_tx_seq = pi->expected_ack_seq;
3573 l2cap_ertm_send(sk);
3575 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3576 pi->srej_save_reqseq = tx_seq;
3577 pi->conn_state |= L2CAP_CONN_REJ_ACT;
3581 static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
3583 struct l2cap_pinfo *pi = l2cap_pi(sk);
3584 u8 tx_seq = __get_reqseq(rx_control);
3586 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3588 if (rx_control & L2CAP_CTRL_POLL) {
3589 pi->expected_ack_seq = tx_seq;
3590 l2cap_drop_acked_frames(sk);
3591 l2cap_retransmit_frame(sk, tx_seq);
3592 l2cap_ertm_send(sk);
3593 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3594 pi->srej_save_reqseq = tx_seq;
3595 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3597 } else if (rx_control & L2CAP_CTRL_FINAL) {
3598 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
3599 pi->srej_save_reqseq == tx_seq)
3600 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3602 l2cap_retransmit_frame(sk, tx_seq);
3604 l2cap_retransmit_frame(sk, tx_seq);
3605 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3606 pi->srej_save_reqseq = tx_seq;
3607 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3612 static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
3614 struct l2cap_pinfo *pi = l2cap_pi(sk);
3615 u8 tx_seq = __get_reqseq(rx_control);
3617 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3618 pi->expected_ack_seq = tx_seq;
3619 l2cap_drop_acked_frames(sk);
3621 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
3622 del_timer(&pi->retrans_timer);
3623 if (rx_control & L2CAP_CTRL_POLL) {
3624 u16 control = L2CAP_CTRL_FINAL;
3625 l2cap_send_rr_or_rnr(pi, control);
3630 if (rx_control & L2CAP_CTRL_POLL)
3631 l2cap_send_srejtail(sk);
3633 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY);
3636 static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3638 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3640 if (L2CAP_CTRL_FINAL & rx_control) {
3641 del_timer(&l2cap_pi(sk)->monitor_timer);
3642 if (l2cap_pi(sk)->unacked_frames > 0)
3643 __mod_retrans_timer();
3644 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F;
3647 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3648 case L2CAP_SUPER_RCV_READY:
3649 l2cap_data_channel_rrframe(sk, rx_control);
3652 case L2CAP_SUPER_REJECT:
3653 l2cap_data_channel_rejframe(sk, rx_control);
3656 case L2CAP_SUPER_SELECT_REJECT:
3657 l2cap_data_channel_srejframe(sk, rx_control);
3660 case L2CAP_SUPER_RCV_NOT_READY:
3661 l2cap_data_channel_rnrframe(sk, rx_control);
3669 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3672 struct l2cap_pinfo *pi;
3676 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3678 BT_DBG("unknown cid 0x%4.4x", cid);
3684 BT_DBG("sk %p, len %d", sk, skb->len);
3686 if (sk->sk_state != BT_CONNECTED)
3690 case L2CAP_MODE_BASIC:
3691 /* If socket recv buffers overflows we drop data here
3692 * which is *bad* because L2CAP has to be reliable.
3693 * But we don't have any other choice. L2CAP doesn't
3694 * provide flow control mechanism. */
3696 if (pi->imtu < skb->len)
3699 if (!sock_queue_rcv_skb(sk, skb))
3703 case L2CAP_MODE_ERTM:
3704 control = get_unaligned_le16(skb->data);
3708 if (__is_sar_start(control))
3711 if (pi->fcs == L2CAP_FCS_CRC16)
3715 * We can just drop the corrupted I-frame here.
3716 * Receiver will miss it and start proper recovery
3717 * procedures and ask retransmission.
3719 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE)
3722 if (l2cap_check_fcs(pi, skb))
3725 if (__is_iframe(control)) {
3729 l2cap_data_channel_iframe(sk, control, skb);
3734 l2cap_data_channel_sframe(sk, control, skb);
3739 case L2CAP_MODE_STREAMING:
3740 control = get_unaligned_le16(skb->data);
3744 if (__is_sar_start(control))
3747 if (pi->fcs == L2CAP_FCS_CRC16)
3750 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE || len < 4
3751 || __is_sframe(control))
3754 if (l2cap_check_fcs(pi, skb))
3757 tx_seq = __get_txseq(control);
3759 if (pi->expected_tx_seq == tx_seq)
3760 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3762 pi->expected_tx_seq = (tx_seq + 1) % 64;
3764 l2cap_sar_reassembly_sdu(sk, skb, control);
3769 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode);
3783 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
3787 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
3791 BT_DBG("sk %p, len %d", sk, skb->len);
3793 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3796 if (l2cap_pi(sk)->imtu < skb->len)
3799 if (!sock_queue_rcv_skb(sk, skb))
3811 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3813 struct l2cap_hdr *lh = (void *) skb->data;
3817 skb_pull(skb, L2CAP_HDR_SIZE);
3818 cid = __le16_to_cpu(lh->cid);
3819 len = __le16_to_cpu(lh->len);
3821 if (len != skb->len) {
3826 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3829 case L2CAP_CID_SIGNALING:
3830 l2cap_sig_channel(conn, skb);
3833 case L2CAP_CID_CONN_LESS:
3834 psm = get_unaligned_le16(skb->data);
3836 l2cap_conless_channel(conn, psm, skb);
3840 l2cap_data_channel(conn, cid, skb);
3845 /* ---- L2CAP interface with lower layer (HCI) ---- */
3847 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3849 int exact = 0, lm1 = 0, lm2 = 0;
3850 register struct sock *sk;
3851 struct hlist_node *node;
3853 if (type != ACL_LINK)
3856 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3858 /* Find listening sockets and check their link_mode */
3859 read_lock(&l2cap_sk_list.lock);
3860 sk_for_each(sk, node, &l2cap_sk_list.head) {
3861 if (sk->sk_state != BT_LISTEN)
3864 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
3865 lm1 |= HCI_LM_ACCEPT;
3866 if (l2cap_pi(sk)->role_switch)
3867 lm1 |= HCI_LM_MASTER;
3869 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3870 lm2 |= HCI_LM_ACCEPT;
3871 if (l2cap_pi(sk)->role_switch)
3872 lm2 |= HCI_LM_MASTER;
3875 read_unlock(&l2cap_sk_list.lock);
3877 return exact ? lm1 : lm2;
3880 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
3882 struct l2cap_conn *conn;
3884 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
3886 if (hcon->type != ACL_LINK)
3890 conn = l2cap_conn_add(hcon, status);
3892 l2cap_conn_ready(conn);
3894 l2cap_conn_del(hcon, bt_err(status));
3899 static int l2cap_disconn_ind(struct hci_conn *hcon)
3901 struct l2cap_conn *conn = hcon->l2cap_data;
3903 BT_DBG("hcon %p", hcon);
3905 if (hcon->type != ACL_LINK || !conn)
3908 return conn->disc_reason;
3911 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
3913 BT_DBG("hcon %p reason %d", hcon, reason);
3915 if (hcon->type != ACL_LINK)
3918 l2cap_conn_del(hcon, bt_err(reason));
3923 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
3925 if (sk->sk_type != SOCK_SEQPACKET)
3928 if (encrypt == 0x00) {
3929 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
3930 l2cap_sock_clear_timer(sk);
3931 l2cap_sock_set_timer(sk, HZ * 5);
3932 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
3933 __l2cap_sock_close(sk, ECONNREFUSED);
3935 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
3936 l2cap_sock_clear_timer(sk);
3940 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3942 struct l2cap_chan_list *l;
3943 struct l2cap_conn *conn = hcon->l2cap_data;
3949 l = &conn->chan_list;
3951 BT_DBG("conn %p", conn);
3953 read_lock(&l->lock);
3955 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
3958 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
3963 if (!status && (sk->sk_state == BT_CONNECTED ||
3964 sk->sk_state == BT_CONFIG)) {
3965 l2cap_check_encryption(sk, encrypt);
3970 if (sk->sk_state == BT_CONNECT) {
3972 struct l2cap_conn_req req;
3973 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
3974 req.psm = l2cap_pi(sk)->psm;
3976 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
3978 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3979 L2CAP_CONN_REQ, sizeof(req), &req);
3981 l2cap_sock_clear_timer(sk);
3982 l2cap_sock_set_timer(sk, HZ / 10);
3984 } else if (sk->sk_state == BT_CONNECT2) {
3985 struct l2cap_conn_rsp rsp;
3989 sk->sk_state = BT_CONFIG;
3990 result = L2CAP_CR_SUCCESS;
3992 sk->sk_state = BT_DISCONN;
3993 l2cap_sock_set_timer(sk, HZ / 10);
3994 result = L2CAP_CR_SEC_BLOCK;
3997 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
3998 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3999 rsp.result = cpu_to_le16(result);
4000 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
4001 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4002 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
4008 read_unlock(&l->lock);
4013 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4015 struct l2cap_conn *conn = hcon->l2cap_data;
4017 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
4020 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4022 if (flags & ACL_START) {
4023 struct l2cap_hdr *hdr;
4027 BT_ERR("Unexpected start frame (len %d)", skb->len);
4028 kfree_skb(conn->rx_skb);
4029 conn->rx_skb = NULL;
4031 l2cap_conn_unreliable(conn, ECOMM);
4035 BT_ERR("Frame is too short (len %d)", skb->len);
4036 l2cap_conn_unreliable(conn, ECOMM);
4040 hdr = (struct l2cap_hdr *) skb->data;
4041 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
4043 if (len == skb->len) {
4044 /* Complete frame received */
4045 l2cap_recv_frame(conn, skb);
4049 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4051 if (skb->len > len) {
4052 BT_ERR("Frame is too long (len %d, expected len %d)",
4054 l2cap_conn_unreliable(conn, ECOMM);
4058 /* Allocate skb for the complete frame (with header) */
4059 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4063 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4065 conn->rx_len = len - skb->len;
4067 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4069 if (!conn->rx_len) {
4070 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4071 l2cap_conn_unreliable(conn, ECOMM);
4075 if (skb->len > conn->rx_len) {
4076 BT_ERR("Fragment is too long (len %d, expected %d)",
4077 skb->len, conn->rx_len);
4078 kfree_skb(conn->rx_skb);
4079 conn->rx_skb = NULL;
4081 l2cap_conn_unreliable(conn, ECOMM);
4085 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4087 conn->rx_len -= skb->len;
4089 if (!conn->rx_len) {
4090 /* Complete frame received */
4091 l2cap_recv_frame(conn, conn->rx_skb);
4092 conn->rx_skb = NULL;
4101 static int l2cap_debugfs_show(struct seq_file *f, void *p)
4104 struct hlist_node *node;
4106 read_lock_bh(&l2cap_sk_list.lock);
4108 sk_for_each(sk, node, &l2cap_sk_list.head) {
4109 struct l2cap_pinfo *pi = l2cap_pi(sk);
4111 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
4112 batostr(&bt_sk(sk)->src),
4113 batostr(&bt_sk(sk)->dst),
4114 sk->sk_state, __le16_to_cpu(pi->psm),
4116 pi->imtu, pi->omtu, pi->sec_level);
4119 read_unlock_bh(&l2cap_sk_list.lock);
4124 static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4126 return single_open(file, l2cap_debugfs_show, inode->i_private);
4129 static const struct file_operations l2cap_debugfs_fops = {
4130 .open = l2cap_debugfs_open,
4132 .llseek = seq_lseek,
4133 .release = single_release,
4136 static struct dentry *l2cap_debugfs;
4138 static const struct proto_ops l2cap_sock_ops = {
4139 .family = PF_BLUETOOTH,
4140 .owner = THIS_MODULE,
4141 .release = l2cap_sock_release,
4142 .bind = l2cap_sock_bind,
4143 .connect = l2cap_sock_connect,
4144 .listen = l2cap_sock_listen,
4145 .accept = l2cap_sock_accept,
4146 .getname = l2cap_sock_getname,
4147 .sendmsg = l2cap_sock_sendmsg,
4148 .recvmsg = l2cap_sock_recvmsg,
4149 .poll = bt_sock_poll,
4150 .ioctl = bt_sock_ioctl,
4151 .mmap = sock_no_mmap,
4152 .socketpair = sock_no_socketpair,
4153 .shutdown = l2cap_sock_shutdown,
4154 .setsockopt = l2cap_sock_setsockopt,
4155 .getsockopt = l2cap_sock_getsockopt
4158 static const struct net_proto_family l2cap_sock_family_ops = {
4159 .family = PF_BLUETOOTH,
4160 .owner = THIS_MODULE,
4161 .create = l2cap_sock_create,
4164 static struct hci_proto l2cap_hci_proto = {
4166 .id = HCI_PROTO_L2CAP,
4167 .connect_ind = l2cap_connect_ind,
4168 .connect_cfm = l2cap_connect_cfm,
4169 .disconn_ind = l2cap_disconn_ind,
4170 .disconn_cfm = l2cap_disconn_cfm,
4171 .security_cfm = l2cap_security_cfm,
4172 .recv_acldata = l2cap_recv_acldata
4175 static int __init l2cap_init(void)
4179 err = proto_register(&l2cap_proto, 0);
4183 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
4185 BT_ERR("L2CAP socket registration failed");
4189 err = hci_register_proto(&l2cap_hci_proto);
4191 BT_ERR("L2CAP protocol registration failed");
4192 bt_sock_unregister(BTPROTO_L2CAP);
4197 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4198 bt_debugfs, NULL, &l2cap_debugfs_fops);
4200 BT_ERR("Failed to create L2CAP debug file");
4203 BT_INFO("L2CAP ver %s", VERSION);
4204 BT_INFO("L2CAP socket layer initialized");
4209 proto_unregister(&l2cap_proto);
4213 static void __exit l2cap_exit(void)
4215 debugfs_remove(l2cap_debugfs);
4217 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
4218 BT_ERR("L2CAP socket unregistration failed");
4220 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4221 BT_ERR("L2CAP protocol unregistration failed");
4223 proto_unregister(&l2cap_proto);
4226 void l2cap_load(void)
4228 /* Dummy function to trigger automatic L2CAP module loading by
4229 * other modules that use L2CAP sockets but don't use any other
4230 * symbols from it. */
4233 EXPORT_SYMBOL(l2cap_load);
4235 module_init(l2cap_init);
4236 module_exit(l2cap_exit);
4238 module_param(enable_ertm, bool, 0644);
4239 MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
4241 module_param(max_transmit, uint, 0644);
4242 MODULE_PARM_DESC(max_transmit, "Max transmit value (default = 3)");
4244 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4245 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
4246 MODULE_VERSION(VERSION);
4247 MODULE_LICENSE("GPL");
4248 MODULE_ALIAS("bt-proto-0");
git.openpandora.org / pandora-kernel.git / blob