2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth L2CAP core and sockets. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <linux/debugfs.h>
44 #include <linux/seq_file.h>
45 #include <linux/uaccess.h>
46 #include <linux/crc16.h>
49 #include <asm/system.h>
50 #include <asm/unaligned.h>
52 #include <net/bluetooth/bluetooth.h>
53 #include <net/bluetooth/hci_core.h>
54 #include <net/bluetooth/l2cap.h>
56 #define VERSION "2.14"
58 static int enable_ertm = 0;
59 static int max_transmit = L2CAP_DEFAULT_MAX_TX;
61 static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
62 static u8 l2cap_fixed_chan[8] = { 0x02, };
64 static const struct proto_ops l2cap_sock_ops;
66 static struct bt_sock_list l2cap_sk_list = {
67 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
70 static void __l2cap_sock_close(struct sock *sk, int reason);
71 static void l2cap_sock_close(struct sock *sk);
72 static void l2cap_sock_kill(struct sock *sk);
74 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
75 u8 code, u8 ident, u16 dlen, void *data);
77 /* ---- L2CAP timers ---- */
78 static void l2cap_sock_timeout(unsigned long arg)
80 struct sock *sk = (struct sock *) arg;
83 BT_DBG("sock %p state %d", sk, sk->sk_state);
87 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
88 reason = ECONNREFUSED;
89 else if (sk->sk_state == BT_CONNECT &&
90 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
91 reason = ECONNREFUSED;
95 __l2cap_sock_close(sk, reason);
103 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
105 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
106 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
109 static void l2cap_sock_clear_timer(struct sock *sk)
111 BT_DBG("sock %p state %d", sk, sk->sk_state);
112 sk_stop_timer(sk, &sk->sk_timer);
115 /* ---- L2CAP channels ---- */
116 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
119 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
120 if (l2cap_pi(s)->dcid == cid)
126 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
129 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
130 if (l2cap_pi(s)->scid == cid)
136 /* Find channel with given SCID.
137 * Returns locked socket */
138 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
142 s = __l2cap_get_chan_by_scid(l, cid);
145 read_unlock(&l->lock);
149 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
152 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
153 if (l2cap_pi(s)->ident == ident)
159 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
163 s = __l2cap_get_chan_by_ident(l, ident);
166 read_unlock(&l->lock);
170 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
172 u16 cid = L2CAP_CID_DYN_START;
174 for (; cid < L2CAP_CID_DYN_END; cid++) {
175 if (!__l2cap_get_chan_by_scid(l, cid))
182 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
187 l2cap_pi(l->head)->prev_c = sk;
189 l2cap_pi(sk)->next_c = l->head;
190 l2cap_pi(sk)->prev_c = NULL;
194 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
196 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
198 write_lock_bh(&l->lock);
203 l2cap_pi(next)->prev_c = prev;
205 l2cap_pi(prev)->next_c = next;
206 write_unlock_bh(&l->lock);
211 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
213 struct l2cap_chan_list *l = &conn->chan_list;
215 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
216 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
218 conn->disc_reason = 0x13;
220 l2cap_pi(sk)->conn = conn;
222 if (sk->sk_type == SOCK_SEQPACKET) {
223 /* Alloc CID for connection-oriented socket */
224 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
225 } else if (sk->sk_type == SOCK_DGRAM) {
226 /* Connectionless socket */
227 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
228 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
229 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
231 /* Raw socket can send/recv signalling messages only */
232 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
233 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
234 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
237 __l2cap_chan_link(l, sk);
240 bt_accept_enqueue(parent, sk);
244 * Must be called on the locked socket. */
245 static void l2cap_chan_del(struct sock *sk, int err)
247 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
248 struct sock *parent = bt_sk(sk)->parent;
250 l2cap_sock_clear_timer(sk);
252 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
255 /* Unlink from channel list */
256 l2cap_chan_unlink(&conn->chan_list, sk);
257 l2cap_pi(sk)->conn = NULL;
258 hci_conn_put(conn->hcon);
261 sk->sk_state = BT_CLOSED;
262 sock_set_flag(sk, SOCK_ZAPPED);
268 bt_accept_unlink(sk);
269 parent->sk_data_ready(parent, 0);
271 sk->sk_state_change(sk);
274 /* Service level security */
275 static inline int l2cap_check_security(struct sock *sk)
277 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
280 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
281 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
282 auth_type = HCI_AT_NO_BONDING_MITM;
284 auth_type = HCI_AT_NO_BONDING;
286 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
287 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
289 switch (l2cap_pi(sk)->sec_level) {
290 case BT_SECURITY_HIGH:
291 auth_type = HCI_AT_GENERAL_BONDING_MITM;
293 case BT_SECURITY_MEDIUM:
294 auth_type = HCI_AT_GENERAL_BONDING;
297 auth_type = HCI_AT_NO_BONDING;
302 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
306 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
310 /* Get next available identificator.
311 * 1 - 128 are used by kernel.
312 * 129 - 199 are reserved.
313 * 200 - 254 are used by utilities like l2ping, etc.
316 spin_lock_bh(&conn->lock);
318 if (++conn->tx_ident > 128)
323 spin_unlock_bh(&conn->lock);
328 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
330 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
332 BT_DBG("code 0x%2.2x", code);
337 return hci_send_acl(conn->hcon, skb, 0);
340 static inline int l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
343 struct l2cap_hdr *lh;
344 struct l2cap_conn *conn = pi->conn;
345 int count, hlen = L2CAP_HDR_SIZE + 2;
347 if (pi->fcs == L2CAP_FCS_CRC16)
350 BT_DBG("pi %p, control 0x%2.2x", pi, control);
352 count = min_t(unsigned int, conn->mtu, hlen);
353 control |= L2CAP_CTRL_FRAME_TYPE;
355 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
356 control |= L2CAP_CTRL_FINAL;
357 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
360 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
361 control |= L2CAP_CTRL_POLL;
362 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
365 skb = bt_skb_alloc(count, GFP_ATOMIC);
369 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
370 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
371 lh->cid = cpu_to_le16(pi->dcid);
372 put_unaligned_le16(control, skb_put(skb, 2));
374 if (pi->fcs == L2CAP_FCS_CRC16) {
375 u16 fcs = crc16(0, (u8 *)lh, count - 2);
376 put_unaligned_le16(fcs, skb_put(skb, 2));
379 return hci_send_acl(pi->conn->hcon, skb, 0);
382 static inline int l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
384 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY)
385 control |= L2CAP_SUPER_RCV_NOT_READY;
387 control |= L2CAP_SUPER_RCV_READY;
389 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
391 return l2cap_send_sframe(pi, control);
394 static void l2cap_do_start(struct sock *sk)
396 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
398 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
399 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
402 if (l2cap_check_security(sk)) {
403 struct l2cap_conn_req req;
404 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
405 req.psm = l2cap_pi(sk)->psm;
407 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
409 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
410 L2CAP_CONN_REQ, sizeof(req), &req);
413 struct l2cap_info_req req;
414 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
416 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
417 conn->info_ident = l2cap_get_ident(conn);
419 mod_timer(&conn->info_timer, jiffies +
420 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
422 l2cap_send_cmd(conn, conn->info_ident,
423 L2CAP_INFO_REQ, sizeof(req), &req);
427 static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk)
429 struct l2cap_disconn_req req;
431 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
432 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
433 l2cap_send_cmd(conn, l2cap_get_ident(conn),
434 L2CAP_DISCONN_REQ, sizeof(req), &req);
437 /* ---- L2CAP connections ---- */
438 static void l2cap_conn_start(struct l2cap_conn *conn)
440 struct l2cap_chan_list *l = &conn->chan_list;
443 BT_DBG("conn %p", conn);
447 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
450 if (sk->sk_type != SOCK_SEQPACKET) {
455 if (sk->sk_state == BT_CONNECT) {
456 if (l2cap_check_security(sk)) {
457 struct l2cap_conn_req req;
458 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
459 req.psm = l2cap_pi(sk)->psm;
461 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
463 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
464 L2CAP_CONN_REQ, sizeof(req), &req);
466 } else if (sk->sk_state == BT_CONNECT2) {
467 struct l2cap_conn_rsp rsp;
468 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
469 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
471 if (l2cap_check_security(sk)) {
472 if (bt_sk(sk)->defer_setup) {
473 struct sock *parent = bt_sk(sk)->parent;
474 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
475 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
476 parent->sk_data_ready(parent, 0);
479 sk->sk_state = BT_CONFIG;
480 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
481 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
484 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
485 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
488 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
489 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
495 read_unlock(&l->lock);
498 static void l2cap_conn_ready(struct l2cap_conn *conn)
500 struct l2cap_chan_list *l = &conn->chan_list;
503 BT_DBG("conn %p", conn);
507 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
510 if (sk->sk_type != SOCK_SEQPACKET) {
511 l2cap_sock_clear_timer(sk);
512 sk->sk_state = BT_CONNECTED;
513 sk->sk_state_change(sk);
514 } else if (sk->sk_state == BT_CONNECT)
520 read_unlock(&l->lock);
523 /* Notify sockets that we cannot guaranty reliability anymore */
524 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
526 struct l2cap_chan_list *l = &conn->chan_list;
529 BT_DBG("conn %p", conn);
533 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
534 if (l2cap_pi(sk)->force_reliable)
538 read_unlock(&l->lock);
541 static void l2cap_info_timeout(unsigned long arg)
543 struct l2cap_conn *conn = (void *) arg;
545 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
546 conn->info_ident = 0;
548 l2cap_conn_start(conn);
551 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
553 struct l2cap_conn *conn = hcon->l2cap_data;
558 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
562 hcon->l2cap_data = conn;
565 BT_DBG("hcon %p conn %p", hcon, conn);
567 conn->mtu = hcon->hdev->acl_mtu;
568 conn->src = &hcon->hdev->bdaddr;
569 conn->dst = &hcon->dst;
573 spin_lock_init(&conn->lock);
574 rwlock_init(&conn->chan_list.lock);
576 setup_timer(&conn->info_timer, l2cap_info_timeout,
577 (unsigned long) conn);
579 conn->disc_reason = 0x13;
584 static void l2cap_conn_del(struct hci_conn *hcon, int err)
586 struct l2cap_conn *conn = hcon->l2cap_data;
592 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
594 kfree_skb(conn->rx_skb);
597 while ((sk = conn->chan_list.head)) {
599 l2cap_chan_del(sk, err);
604 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
605 del_timer_sync(&conn->info_timer);
607 hcon->l2cap_data = NULL;
611 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
613 struct l2cap_chan_list *l = &conn->chan_list;
614 write_lock_bh(&l->lock);
615 __l2cap_chan_add(conn, sk, parent);
616 write_unlock_bh(&l->lock);
619 /* ---- Socket interface ---- */
620 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
623 struct hlist_node *node;
624 sk_for_each(sk, node, &l2cap_sk_list.head)
625 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
632 /* Find socket with psm and source bdaddr.
633 * Returns closest match.
635 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
637 struct sock *sk = NULL, *sk1 = NULL;
638 struct hlist_node *node;
640 sk_for_each(sk, node, &l2cap_sk_list.head) {
641 if (state && sk->sk_state != state)
644 if (l2cap_pi(sk)->psm == psm) {
646 if (!bacmp(&bt_sk(sk)->src, src))
650 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
654 return node ? sk : sk1;
657 /* Find socket with given address (psm, src).
658 * Returns locked socket */
659 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
662 read_lock(&l2cap_sk_list.lock);
663 s = __l2cap_get_sock_by_psm(state, psm, src);
666 read_unlock(&l2cap_sk_list.lock);
670 static void l2cap_sock_destruct(struct sock *sk)
674 skb_queue_purge(&sk->sk_receive_queue);
675 skb_queue_purge(&sk->sk_write_queue);
678 static void l2cap_sock_cleanup_listen(struct sock *parent)
682 BT_DBG("parent %p", parent);
684 /* Close not yet accepted channels */
685 while ((sk = bt_accept_dequeue(parent, NULL)))
686 l2cap_sock_close(sk);
688 parent->sk_state = BT_CLOSED;
689 sock_set_flag(parent, SOCK_ZAPPED);
692 /* Kill socket (only if zapped and orphan)
693 * Must be called on unlocked socket.
695 static void l2cap_sock_kill(struct sock *sk)
697 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
700 BT_DBG("sk %p state %d", sk, sk->sk_state);
702 /* Kill poor orphan */
703 bt_sock_unlink(&l2cap_sk_list, sk);
704 sock_set_flag(sk, SOCK_DEAD);
708 static void __l2cap_sock_close(struct sock *sk, int reason)
710 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
712 switch (sk->sk_state) {
714 l2cap_sock_cleanup_listen(sk);
719 if (sk->sk_type == SOCK_SEQPACKET) {
720 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
722 sk->sk_state = BT_DISCONN;
723 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
724 l2cap_send_disconn_req(conn, sk);
726 l2cap_chan_del(sk, reason);
730 if (sk->sk_type == SOCK_SEQPACKET) {
731 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
732 struct l2cap_conn_rsp rsp;
735 if (bt_sk(sk)->defer_setup)
736 result = L2CAP_CR_SEC_BLOCK;
738 result = L2CAP_CR_BAD_PSM;
740 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
741 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
742 rsp.result = cpu_to_le16(result);
743 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
744 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
745 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
747 l2cap_chan_del(sk, reason);
752 l2cap_chan_del(sk, reason);
756 sock_set_flag(sk, SOCK_ZAPPED);
761 /* Must be called on unlocked socket. */
762 static void l2cap_sock_close(struct sock *sk)
764 l2cap_sock_clear_timer(sk);
766 __l2cap_sock_close(sk, ECONNRESET);
771 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
773 struct l2cap_pinfo *pi = l2cap_pi(sk);
778 sk->sk_type = parent->sk_type;
779 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
781 pi->imtu = l2cap_pi(parent)->imtu;
782 pi->omtu = l2cap_pi(parent)->omtu;
783 pi->mode = l2cap_pi(parent)->mode;
784 pi->fcs = l2cap_pi(parent)->fcs;
785 pi->sec_level = l2cap_pi(parent)->sec_level;
786 pi->role_switch = l2cap_pi(parent)->role_switch;
787 pi->force_reliable = l2cap_pi(parent)->force_reliable;
789 pi->imtu = L2CAP_DEFAULT_MTU;
791 pi->mode = L2CAP_MODE_BASIC;
792 pi->fcs = L2CAP_FCS_CRC16;
793 pi->sec_level = BT_SECURITY_LOW;
795 pi->force_reliable = 0;
798 /* Default config options */
800 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
801 skb_queue_head_init(TX_QUEUE(sk));
802 skb_queue_head_init(SREJ_QUEUE(sk));
803 INIT_LIST_HEAD(SREJ_LIST(sk));
806 static struct proto l2cap_proto = {
808 .owner = THIS_MODULE,
809 .obj_size = sizeof(struct l2cap_pinfo)
812 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
816 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
820 sock_init_data(sock, sk);
821 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
823 sk->sk_destruct = l2cap_sock_destruct;
824 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
826 sock_reset_flag(sk, SOCK_ZAPPED);
828 sk->sk_protocol = proto;
829 sk->sk_state = BT_OPEN;
831 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
833 bt_sock_link(&l2cap_sk_list, sk);
837 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
842 BT_DBG("sock %p", sock);
844 sock->state = SS_UNCONNECTED;
846 if (sock->type != SOCK_SEQPACKET &&
847 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
848 return -ESOCKTNOSUPPORT;
850 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
853 sock->ops = &l2cap_sock_ops;
855 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
859 l2cap_sock_init(sk, NULL);
863 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
865 struct sock *sk = sock->sk;
866 struct sockaddr_l2 la;
871 if (!addr || addr->sa_family != AF_BLUETOOTH)
874 memset(&la, 0, sizeof(la));
875 len = min_t(unsigned int, sizeof(la), alen);
876 memcpy(&la, addr, len);
883 if (sk->sk_state != BT_OPEN) {
888 if (la.l2_psm && __le16_to_cpu(la.l2_psm) < 0x1001 &&
889 !capable(CAP_NET_BIND_SERVICE)) {
894 write_lock_bh(&l2cap_sk_list.lock);
896 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
899 /* Save source address */
900 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
901 l2cap_pi(sk)->psm = la.l2_psm;
902 l2cap_pi(sk)->sport = la.l2_psm;
903 sk->sk_state = BT_BOUND;
905 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
906 __le16_to_cpu(la.l2_psm) == 0x0003)
907 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
910 write_unlock_bh(&l2cap_sk_list.lock);
917 static int l2cap_do_connect(struct sock *sk)
919 bdaddr_t *src = &bt_sk(sk)->src;
920 bdaddr_t *dst = &bt_sk(sk)->dst;
921 struct l2cap_conn *conn;
922 struct hci_conn *hcon;
923 struct hci_dev *hdev;
927 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
930 hdev = hci_get_route(dst, src);
932 return -EHOSTUNREACH;
934 hci_dev_lock_bh(hdev);
938 if (sk->sk_type == SOCK_RAW) {
939 switch (l2cap_pi(sk)->sec_level) {
940 case BT_SECURITY_HIGH:
941 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
943 case BT_SECURITY_MEDIUM:
944 auth_type = HCI_AT_DEDICATED_BONDING;
947 auth_type = HCI_AT_NO_BONDING;
950 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
951 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
952 auth_type = HCI_AT_NO_BONDING_MITM;
954 auth_type = HCI_AT_NO_BONDING;
956 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
957 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
959 switch (l2cap_pi(sk)->sec_level) {
960 case BT_SECURITY_HIGH:
961 auth_type = HCI_AT_GENERAL_BONDING_MITM;
963 case BT_SECURITY_MEDIUM:
964 auth_type = HCI_AT_GENERAL_BONDING;
967 auth_type = HCI_AT_NO_BONDING;
972 hcon = hci_connect(hdev, ACL_LINK, dst,
973 l2cap_pi(sk)->sec_level, auth_type);
977 conn = l2cap_conn_add(hcon, 0);
985 /* Update source addr of the socket */
986 bacpy(src, conn->src);
988 l2cap_chan_add(conn, sk, NULL);
990 sk->sk_state = BT_CONNECT;
991 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
993 if (hcon->state == BT_CONNECTED) {
994 if (sk->sk_type != SOCK_SEQPACKET) {
995 l2cap_sock_clear_timer(sk);
996 sk->sk_state = BT_CONNECTED;
1002 hci_dev_unlock_bh(hdev);
1007 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
1009 struct sock *sk = sock->sk;
1010 struct sockaddr_l2 la;
1013 BT_DBG("sk %p", sk);
1015 if (!addr || alen < sizeof(addr->sa_family) ||
1016 addr->sa_family != AF_BLUETOOTH)
1019 memset(&la, 0, sizeof(la));
1020 len = min_t(unsigned int, sizeof(la), alen);
1021 memcpy(&la, addr, len);
1028 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
1033 switch (l2cap_pi(sk)->mode) {
1034 case L2CAP_MODE_BASIC:
1036 case L2CAP_MODE_ERTM:
1037 case L2CAP_MODE_STREAMING:
1046 switch (sk->sk_state) {
1050 /* Already connecting */
1054 /* Already connected */
1067 /* Set destination address and psm */
1068 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
1069 l2cap_pi(sk)->psm = la.l2_psm;
1071 err = l2cap_do_connect(sk);
1076 err = bt_sock_wait_state(sk, BT_CONNECTED,
1077 sock_sndtimeo(sk, flags & O_NONBLOCK));
1083 static int l2cap_sock_listen(struct socket *sock, int backlog)
1085 struct sock *sk = sock->sk;
1088 BT_DBG("sk %p backlog %d", sk, backlog);
1092 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
1097 switch (l2cap_pi(sk)->mode) {
1098 case L2CAP_MODE_BASIC:
1100 case L2CAP_MODE_ERTM:
1101 case L2CAP_MODE_STREAMING:
1110 if (!l2cap_pi(sk)->psm) {
1111 bdaddr_t *src = &bt_sk(sk)->src;
1116 write_lock_bh(&l2cap_sk_list.lock);
1118 for (psm = 0x1001; psm < 0x1100; psm += 2)
1119 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1120 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1121 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1126 write_unlock_bh(&l2cap_sk_list.lock);
1132 sk->sk_max_ack_backlog = backlog;
1133 sk->sk_ack_backlog = 0;
1134 sk->sk_state = BT_LISTEN;
1141 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1143 DECLARE_WAITQUEUE(wait, current);
1144 struct sock *sk = sock->sk, *nsk;
1148 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1150 if (sk->sk_state != BT_LISTEN) {
1155 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1157 BT_DBG("sk %p timeo %ld", sk, timeo);
1159 /* Wait for an incoming connection. (wake-one). */
1160 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1161 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1162 set_current_state(TASK_INTERRUPTIBLE);
1169 timeo = schedule_timeout(timeo);
1170 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1172 if (sk->sk_state != BT_LISTEN) {
1177 if (signal_pending(current)) {
1178 err = sock_intr_errno(timeo);
1182 set_current_state(TASK_RUNNING);
1183 remove_wait_queue(sk_sleep(sk), &wait);
1188 newsock->state = SS_CONNECTED;
1190 BT_DBG("new socket %p", nsk);
1197 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1199 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1200 struct sock *sk = sock->sk;
1202 BT_DBG("sock %p, sk %p", sock, sk);
1204 addr->sa_family = AF_BLUETOOTH;
1205 *len = sizeof(struct sockaddr_l2);
1208 la->l2_psm = l2cap_pi(sk)->psm;
1209 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1210 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1212 la->l2_psm = l2cap_pi(sk)->sport;
1213 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1214 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
1220 static void l2cap_monitor_timeout(unsigned long arg)
1222 struct sock *sk = (void *) arg;
1226 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1227 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
1232 l2cap_pi(sk)->retry_count++;
1233 __mod_monitor_timer();
1235 control = L2CAP_CTRL_POLL;
1236 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1240 static void l2cap_retrans_timeout(unsigned long arg)
1242 struct sock *sk = (void *) arg;
1246 l2cap_pi(sk)->retry_count = 1;
1247 __mod_monitor_timer();
1249 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1251 control = L2CAP_CTRL_POLL;
1252 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1256 static void l2cap_drop_acked_frames(struct sock *sk)
1258 struct sk_buff *skb;
1260 while ((skb = skb_peek(TX_QUEUE(sk)))) {
1261 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1264 skb = skb_dequeue(TX_QUEUE(sk));
1267 l2cap_pi(sk)->unacked_frames--;
1270 if (!l2cap_pi(sk)->unacked_frames)
1271 del_timer(&l2cap_pi(sk)->retrans_timer);
1276 static inline int l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1278 struct l2cap_pinfo *pi = l2cap_pi(sk);
1281 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1283 err = hci_send_acl(pi->conn->hcon, skb, 0);
1290 static int l2cap_streaming_send(struct sock *sk)
1292 struct sk_buff *skb, *tx_skb;
1293 struct l2cap_pinfo *pi = l2cap_pi(sk);
1297 while ((skb = sk->sk_send_head)) {
1298 tx_skb = skb_clone(skb, GFP_ATOMIC);
1300 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1301 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1302 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1304 if (pi->fcs == L2CAP_FCS_CRC16) {
1305 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1306 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1309 err = l2cap_do_send(sk, tx_skb);
1311 l2cap_send_disconn_req(pi->conn, sk);
1315 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1317 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1318 sk->sk_send_head = NULL;
1320 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1322 skb = skb_dequeue(TX_QUEUE(sk));
1328 static int l2cap_retransmit_frame(struct sock *sk, u8 tx_seq)
1330 struct l2cap_pinfo *pi = l2cap_pi(sk);
1331 struct sk_buff *skb, *tx_skb;
1335 skb = skb_peek(TX_QUEUE(sk));
1337 if (bt_cb(skb)->tx_seq != tx_seq) {
1338 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1340 skb = skb_queue_next(TX_QUEUE(sk), skb);
1344 if (pi->remote_max_tx &&
1345 bt_cb(skb)->retries == pi->remote_max_tx) {
1346 l2cap_send_disconn_req(pi->conn, sk);
1350 tx_skb = skb_clone(skb, GFP_ATOMIC);
1351 bt_cb(skb)->retries++;
1352 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1353 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1354 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1355 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1357 if (pi->fcs == L2CAP_FCS_CRC16) {
1358 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1359 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1362 err = l2cap_do_send(sk, tx_skb);
1364 l2cap_send_disconn_req(pi->conn, sk);
1372 static int l2cap_ertm_send(struct sock *sk)
1374 struct sk_buff *skb, *tx_skb;
1375 struct l2cap_pinfo *pi = l2cap_pi(sk);
1379 if (pi->conn_state & L2CAP_CONN_WAIT_F)
1382 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) &&
1383 !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) {
1385 if (pi->remote_max_tx &&
1386 bt_cb(skb)->retries == pi->remote_max_tx) {
1387 l2cap_send_disconn_req(pi->conn, sk);
1391 tx_skb = skb_clone(skb, GFP_ATOMIC);
1393 bt_cb(skb)->retries++;
1395 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1396 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1397 control |= L2CAP_CTRL_FINAL;
1398 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1400 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1401 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1402 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1405 if (pi->fcs == L2CAP_FCS_CRC16) {
1406 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1407 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1410 err = l2cap_do_send(sk, tx_skb);
1412 l2cap_send_disconn_req(pi->conn, sk);
1415 __mod_retrans_timer();
1417 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1418 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1420 pi->unacked_frames++;
1423 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1424 sk->sk_send_head = NULL;
1426 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1434 static int l2cap_send_ack(struct l2cap_pinfo *pi)
1436 struct sock *sk = (struct sock *)pi;
1439 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1441 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1442 control |= L2CAP_SUPER_RCV_NOT_READY;
1443 return l2cap_send_sframe(pi, control);
1444 } else if (l2cap_ertm_send(sk) == 0) {
1445 control |= L2CAP_SUPER_RCV_READY;
1446 return l2cap_send_sframe(pi, control);
1451 static int l2cap_send_srejtail(struct sock *sk)
1453 struct srej_list *tail;
1456 control = L2CAP_SUPER_SELECT_REJECT;
1457 control |= L2CAP_CTRL_FINAL;
1459 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list);
1460 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1462 l2cap_send_sframe(l2cap_pi(sk), control);
1467 static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1469 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1470 struct sk_buff **frag;
1473 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1480 /* Continuation fragments (no L2CAP header) */
1481 frag = &skb_shinfo(skb)->frag_list;
1483 count = min_t(unsigned int, conn->mtu, len);
1485 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1488 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1494 frag = &(*frag)->next;
1500 static struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1502 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1503 struct sk_buff *skb;
1504 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1505 struct l2cap_hdr *lh;
1507 BT_DBG("sk %p len %d", sk, (int)len);
1509 count = min_t(unsigned int, (conn->mtu - hlen), len);
1510 skb = bt_skb_send_alloc(sk, count + hlen,
1511 msg->msg_flags & MSG_DONTWAIT, &err);
1513 return ERR_PTR(-ENOMEM);
1515 /* Create L2CAP header */
1516 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1517 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1518 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1519 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1521 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1522 if (unlikely(err < 0)) {
1524 return ERR_PTR(err);
1529 static struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1531 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1532 struct sk_buff *skb;
1533 int err, count, hlen = L2CAP_HDR_SIZE;
1534 struct l2cap_hdr *lh;
1536 BT_DBG("sk %p len %d", sk, (int)len);
1538 count = min_t(unsigned int, (conn->mtu - hlen), len);
1539 skb = bt_skb_send_alloc(sk, count + hlen,
1540 msg->msg_flags & MSG_DONTWAIT, &err);
1542 return ERR_PTR(-ENOMEM);
1544 /* Create L2CAP header */
1545 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1546 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1547 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1549 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1550 if (unlikely(err < 0)) {
1552 return ERR_PTR(err);
1557 static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1559 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1560 struct sk_buff *skb;
1561 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1562 struct l2cap_hdr *lh;
1564 BT_DBG("sk %p len %d", sk, (int)len);
1569 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1572 count = min_t(unsigned int, (conn->mtu - hlen), len);
1573 skb = bt_skb_send_alloc(sk, count + hlen,
1574 msg->msg_flags & MSG_DONTWAIT, &err);
1576 return ERR_PTR(-ENOMEM);
1578 /* Create L2CAP header */
1579 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1580 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1581 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1582 put_unaligned_le16(control, skb_put(skb, 2));
1584 put_unaligned_le16(sdulen, skb_put(skb, 2));
1586 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1587 if (unlikely(err < 0)) {
1589 return ERR_PTR(err);
1592 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1593 put_unaligned_le16(0, skb_put(skb, 2));
1595 bt_cb(skb)->retries = 0;
1599 static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1601 struct l2cap_pinfo *pi = l2cap_pi(sk);
1602 struct sk_buff *skb;
1603 struct sk_buff_head sar_queue;
1607 __skb_queue_head_init(&sar_queue);
1608 control = L2CAP_SDU_START;
1609 skb = l2cap_create_iframe_pdu(sk, msg, pi->max_pdu_size, control, len);
1611 return PTR_ERR(skb);
1613 __skb_queue_tail(&sar_queue, skb);
1614 len -= pi->max_pdu_size;
1615 size +=pi->max_pdu_size;
1621 if (len > pi->max_pdu_size) {
1622 control |= L2CAP_SDU_CONTINUE;
1623 buflen = pi->max_pdu_size;
1625 control |= L2CAP_SDU_END;
1629 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
1631 skb_queue_purge(&sar_queue);
1632 return PTR_ERR(skb);
1635 __skb_queue_tail(&sar_queue, skb);
1640 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1641 if (sk->sk_send_head == NULL)
1642 sk->sk_send_head = sar_queue.next;
1647 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1649 struct sock *sk = sock->sk;
1650 struct l2cap_pinfo *pi = l2cap_pi(sk);
1651 struct sk_buff *skb;
1655 BT_DBG("sock %p, sk %p", sock, sk);
1657 err = sock_error(sk);
1661 if (msg->msg_flags & MSG_OOB)
1666 if (sk->sk_state != BT_CONNECTED) {
1671 /* Connectionless channel */
1672 if (sk->sk_type == SOCK_DGRAM) {
1673 skb = l2cap_create_connless_pdu(sk, msg, len);
1677 err = l2cap_do_send(sk, skb);
1682 case L2CAP_MODE_BASIC:
1683 /* Check outgoing MTU */
1684 if (len > pi->omtu) {
1689 /* Create a basic PDU */
1690 skb = l2cap_create_basic_pdu(sk, msg, len);
1696 err = l2cap_do_send(sk, skb);
1701 case L2CAP_MODE_ERTM:
1702 case L2CAP_MODE_STREAMING:
1703 /* Entire SDU fits into one PDU */
1704 if (len <= pi->max_pdu_size) {
1705 control = L2CAP_SDU_UNSEGMENTED;
1706 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1711 __skb_queue_tail(TX_QUEUE(sk), skb);
1712 if (sk->sk_send_head == NULL)
1713 sk->sk_send_head = skb;
1715 /* Segment SDU into multiples PDUs */
1716 err = l2cap_sar_segment_sdu(sk, msg, len);
1721 if (pi->mode == L2CAP_MODE_STREAMING)
1722 err = l2cap_streaming_send(sk);
1724 err = l2cap_ertm_send(sk);
1731 BT_DBG("bad state %1.1x", pi->mode);
1740 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1742 struct sock *sk = sock->sk;
1746 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1747 struct l2cap_conn_rsp rsp;
1749 sk->sk_state = BT_CONFIG;
1751 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1752 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1753 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1754 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1755 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1756 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1764 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1767 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
1769 struct sock *sk = sock->sk;
1770 struct l2cap_options opts;
1774 BT_DBG("sk %p", sk);
1780 opts.imtu = l2cap_pi(sk)->imtu;
1781 opts.omtu = l2cap_pi(sk)->omtu;
1782 opts.flush_to = l2cap_pi(sk)->flush_to;
1783 opts.mode = l2cap_pi(sk)->mode;
1784 opts.fcs = l2cap_pi(sk)->fcs;
1786 len = min_t(unsigned int, sizeof(opts), optlen);
1787 if (copy_from_user((char *) &opts, optval, len)) {
1792 l2cap_pi(sk)->imtu = opts.imtu;
1793 l2cap_pi(sk)->omtu = opts.omtu;
1794 l2cap_pi(sk)->mode = opts.mode;
1795 l2cap_pi(sk)->fcs = opts.fcs;
1799 if (get_user(opt, (u32 __user *) optval)) {
1804 if (opt & L2CAP_LM_AUTH)
1805 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1806 if (opt & L2CAP_LM_ENCRYPT)
1807 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1808 if (opt & L2CAP_LM_SECURE)
1809 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1811 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1812 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1824 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
1826 struct sock *sk = sock->sk;
1827 struct bt_security sec;
1831 BT_DBG("sk %p", sk);
1833 if (level == SOL_L2CAP)
1834 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1836 if (level != SOL_BLUETOOTH)
1837 return -ENOPROTOOPT;
1843 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1848 sec.level = BT_SECURITY_LOW;
1850 len = min_t(unsigned int, sizeof(sec), optlen);
1851 if (copy_from_user((char *) &sec, optval, len)) {
1856 if (sec.level < BT_SECURITY_LOW ||
1857 sec.level > BT_SECURITY_HIGH) {
1862 l2cap_pi(sk)->sec_level = sec.level;
1865 case BT_DEFER_SETUP:
1866 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1871 if (get_user(opt, (u32 __user *) optval)) {
1876 bt_sk(sk)->defer_setup = opt;
1888 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1890 struct sock *sk = sock->sk;
1891 struct l2cap_options opts;
1892 struct l2cap_conninfo cinfo;
1896 BT_DBG("sk %p", sk);
1898 if (get_user(len, optlen))
1905 opts.imtu = l2cap_pi(sk)->imtu;
1906 opts.omtu = l2cap_pi(sk)->omtu;
1907 opts.flush_to = l2cap_pi(sk)->flush_to;
1908 opts.mode = l2cap_pi(sk)->mode;
1909 opts.fcs = l2cap_pi(sk)->fcs;
1911 len = min_t(unsigned int, len, sizeof(opts));
1912 if (copy_to_user(optval, (char *) &opts, len))
1918 switch (l2cap_pi(sk)->sec_level) {
1919 case BT_SECURITY_LOW:
1920 opt = L2CAP_LM_AUTH;
1922 case BT_SECURITY_MEDIUM:
1923 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1925 case BT_SECURITY_HIGH:
1926 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1934 if (l2cap_pi(sk)->role_switch)
1935 opt |= L2CAP_LM_MASTER;
1937 if (l2cap_pi(sk)->force_reliable)
1938 opt |= L2CAP_LM_RELIABLE;
1940 if (put_user(opt, (u32 __user *) optval))
1944 case L2CAP_CONNINFO:
1945 if (sk->sk_state != BT_CONNECTED &&
1946 !(sk->sk_state == BT_CONNECT2 &&
1947 bt_sk(sk)->defer_setup)) {
1952 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1953 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1955 len = min_t(unsigned int, len, sizeof(cinfo));
1956 if (copy_to_user(optval, (char *) &cinfo, len))
1970 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1972 struct sock *sk = sock->sk;
1973 struct bt_security sec;
1976 BT_DBG("sk %p", sk);
1978 if (level == SOL_L2CAP)
1979 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1981 if (level != SOL_BLUETOOTH)
1982 return -ENOPROTOOPT;
1984 if (get_user(len, optlen))
1991 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1996 sec.level = l2cap_pi(sk)->sec_level;
1998 len = min_t(unsigned int, len, sizeof(sec));
1999 if (copy_to_user(optval, (char *) &sec, len))
2004 case BT_DEFER_SETUP:
2005 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
2010 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
2024 static int l2cap_sock_shutdown(struct socket *sock, int how)
2026 struct sock *sk = sock->sk;
2029 BT_DBG("sock %p, sk %p", sock, sk);
2035 if (!sk->sk_shutdown) {
2036 sk->sk_shutdown = SHUTDOWN_MASK;
2037 l2cap_sock_clear_timer(sk);
2038 __l2cap_sock_close(sk, 0);
2040 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
2041 err = bt_sock_wait_state(sk, BT_CLOSED,
2048 static int l2cap_sock_release(struct socket *sock)
2050 struct sock *sk = sock->sk;
2053 BT_DBG("sock %p, sk %p", sock, sk);
2058 err = l2cap_sock_shutdown(sock, 2);
2061 l2cap_sock_kill(sk);
2065 static void l2cap_chan_ready(struct sock *sk)
2067 struct sock *parent = bt_sk(sk)->parent;
2069 BT_DBG("sk %p, parent %p", sk, parent);
2071 l2cap_pi(sk)->conf_state = 0;
2072 l2cap_sock_clear_timer(sk);
2075 /* Outgoing channel.
2076 * Wake up socket sleeping on connect.
2078 sk->sk_state = BT_CONNECTED;
2079 sk->sk_state_change(sk);
2081 /* Incoming channel.
2082 * Wake up socket sleeping on accept.
2084 parent->sk_data_ready(parent, 0);
2088 /* Copy frame to all raw sockets on that connection */
2089 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2091 struct l2cap_chan_list *l = &conn->chan_list;
2092 struct sk_buff *nskb;
2095 BT_DBG("conn %p", conn);
2097 read_lock(&l->lock);
2098 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2099 if (sk->sk_type != SOCK_RAW)
2102 /* Don't send frame to the socket it came from */
2105 nskb = skb_clone(skb, GFP_ATOMIC);
2109 if (sock_queue_rcv_skb(sk, nskb))
2112 read_unlock(&l->lock);
2115 /* ---- L2CAP signalling commands ---- */
2116 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2117 u8 code, u8 ident, u16 dlen, void *data)
2119 struct sk_buff *skb, **frag;
2120 struct l2cap_cmd_hdr *cmd;
2121 struct l2cap_hdr *lh;
2124 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2125 conn, code, ident, dlen);
2127 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2128 count = min_t(unsigned int, conn->mtu, len);
2130 skb = bt_skb_alloc(count, GFP_ATOMIC);
2134 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
2135 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
2136 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
2138 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2141 cmd->len = cpu_to_le16(dlen);
2144 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2145 memcpy(skb_put(skb, count), data, count);
2151 /* Continuation fragments (no L2CAP header) */
2152 frag = &skb_shinfo(skb)->frag_list;
2154 count = min_t(unsigned int, conn->mtu, len);
2156 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2160 memcpy(skb_put(*frag, count), data, count);
2165 frag = &(*frag)->next;
2175 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2177 struct l2cap_conf_opt *opt = *ptr;
2180 len = L2CAP_CONF_OPT_SIZE + opt->len;
2188 *val = *((u8 *) opt->val);
2192 *val = __le16_to_cpu(*((__le16 *) opt->val));
2196 *val = __le32_to_cpu(*((__le32 *) opt->val));
2200 *val = (unsigned long) opt->val;
2204 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2208 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2210 struct l2cap_conf_opt *opt = *ptr;
2212 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2219 *((u8 *) opt->val) = val;
2223 *((__le16 *) opt->val) = cpu_to_le16(val);
2227 *((__le32 *) opt->val) = cpu_to_le32(val);
2231 memcpy(opt->val, (void *) val, len);
2235 *ptr += L2CAP_CONF_OPT_SIZE + len;
2238 static inline void l2cap_ertm_init(struct sock *sk)
2240 l2cap_pi(sk)->expected_ack_seq = 0;
2241 l2cap_pi(sk)->unacked_frames = 0;
2242 l2cap_pi(sk)->buffer_seq = 0;
2243 l2cap_pi(sk)->num_to_ack = 0;
2244 l2cap_pi(sk)->frames_sent = 0;
2246 setup_timer(&l2cap_pi(sk)->retrans_timer,
2247 l2cap_retrans_timeout, (unsigned long) sk);
2248 setup_timer(&l2cap_pi(sk)->monitor_timer,
2249 l2cap_monitor_timeout, (unsigned long) sk);
2251 __skb_queue_head_init(SREJ_QUEUE(sk));
2254 static int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
2256 u32 local_feat_mask = l2cap_feat_mask;
2258 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
2261 case L2CAP_MODE_ERTM:
2262 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
2263 case L2CAP_MODE_STREAMING:
2264 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
2270 static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2273 case L2CAP_MODE_STREAMING:
2274 case L2CAP_MODE_ERTM:
2275 if (l2cap_mode_supported(mode, remote_feat_mask))
2279 return L2CAP_MODE_BASIC;
2283 static int l2cap_build_conf_req(struct sock *sk, void *data)
2285 struct l2cap_pinfo *pi = l2cap_pi(sk);
2286 struct l2cap_conf_req *req = data;
2287 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2288 void *ptr = req->data;
2290 BT_DBG("sk %p", sk);
2292 if (pi->num_conf_req || pi->num_conf_rsp)
2296 case L2CAP_MODE_STREAMING:
2297 case L2CAP_MODE_ERTM:
2298 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
2299 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
2300 l2cap_send_disconn_req(pi->conn, sk);
2303 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2309 case L2CAP_MODE_BASIC:
2310 if (pi->imtu != L2CAP_DEFAULT_MTU)
2311 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2314 case L2CAP_MODE_ERTM:
2315 rfc.mode = L2CAP_MODE_ERTM;
2316 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
2317 rfc.max_transmit = max_transmit;
2318 rfc.retrans_timeout = 0;
2319 rfc.monitor_timeout = 0;
2320 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2321 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2322 rfc.max_pdu_size = pi->conn->mtu - 10;
2324 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2325 sizeof(rfc), (unsigned long) &rfc);
2327 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2330 if (pi->fcs == L2CAP_FCS_NONE ||
2331 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2332 pi->fcs = L2CAP_FCS_NONE;
2333 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2337 case L2CAP_MODE_STREAMING:
2338 rfc.mode = L2CAP_MODE_STREAMING;
2340 rfc.max_transmit = 0;
2341 rfc.retrans_timeout = 0;
2342 rfc.monitor_timeout = 0;
2343 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2344 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2345 rfc.max_pdu_size = pi->conn->mtu - 10;
2347 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2348 sizeof(rfc), (unsigned long) &rfc);
2350 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2353 if (pi->fcs == L2CAP_FCS_NONE ||
2354 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2355 pi->fcs = L2CAP_FCS_NONE;
2356 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2361 /* FIXME: Need actual value of the flush timeout */
2362 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
2363 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
2365 req->dcid = cpu_to_le16(pi->dcid);
2366 req->flags = cpu_to_le16(0);
2371 static int l2cap_parse_conf_req(struct sock *sk, void *data)
2373 struct l2cap_pinfo *pi = l2cap_pi(sk);
2374 struct l2cap_conf_rsp *rsp = data;
2375 void *ptr = rsp->data;
2376 void *req = pi->conf_req;
2377 int len = pi->conf_len;
2378 int type, hint, olen;
2380 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2381 u16 mtu = L2CAP_DEFAULT_MTU;
2382 u16 result = L2CAP_CONF_SUCCESS;
2384 BT_DBG("sk %p", sk);
2386 while (len >= L2CAP_CONF_OPT_SIZE) {
2387 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
2389 hint = type & L2CAP_CONF_HINT;
2390 type &= L2CAP_CONF_MASK;
2393 case L2CAP_CONF_MTU:
2397 case L2CAP_CONF_FLUSH_TO:
2401 case L2CAP_CONF_QOS:
2404 case L2CAP_CONF_RFC:
2405 if (olen == sizeof(rfc))
2406 memcpy(&rfc, (void *) val, olen);
2409 case L2CAP_CONF_FCS:
2410 if (val == L2CAP_FCS_NONE)
2411 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
2419 result = L2CAP_CONF_UNKNOWN;
2420 *((u8 *) ptr++) = type;
2425 if (pi->num_conf_rsp || pi->num_conf_req)
2429 case L2CAP_MODE_STREAMING:
2430 case L2CAP_MODE_ERTM:
2431 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
2432 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
2433 return -ECONNREFUSED;
2436 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2441 if (pi->mode != rfc.mode) {
2442 result = L2CAP_CONF_UNACCEPT;
2443 rfc.mode = pi->mode;
2445 if (pi->num_conf_rsp == 1)
2446 return -ECONNREFUSED;
2448 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2449 sizeof(rfc), (unsigned long) &rfc);
2453 if (result == L2CAP_CONF_SUCCESS) {
2454 /* Configure output options and let the other side know
2455 * which ones we don't like. */
2457 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2458 result = L2CAP_CONF_UNACCEPT;
2461 pi->conf_state |= L2CAP_CONF_MTU_DONE;
2463 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2466 case L2CAP_MODE_BASIC:
2467 pi->fcs = L2CAP_FCS_NONE;
2468 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2471 case L2CAP_MODE_ERTM:
2472 pi->remote_tx_win = rfc.txwin_size;
2473 pi->remote_max_tx = rfc.max_transmit;
2474 pi->max_pdu_size = rfc.max_pdu_size;
2476 rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
2477 rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
2479 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2481 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2482 sizeof(rfc), (unsigned long) &rfc);
2486 case L2CAP_MODE_STREAMING:
2487 pi->remote_tx_win = rfc.txwin_size;
2488 pi->max_pdu_size = rfc.max_pdu_size;
2490 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2492 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2493 sizeof(rfc), (unsigned long) &rfc);
2498 result = L2CAP_CONF_UNACCEPT;
2500 memset(&rfc, 0, sizeof(rfc));
2501 rfc.mode = pi->mode;
2504 if (result == L2CAP_CONF_SUCCESS)
2505 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
2507 rsp->scid = cpu_to_le16(pi->dcid);
2508 rsp->result = cpu_to_le16(result);
2509 rsp->flags = cpu_to_le16(0x0000);
2514 static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
2516 struct l2cap_pinfo *pi = l2cap_pi(sk);
2517 struct l2cap_conf_req *req = data;
2518 void *ptr = req->data;
2521 struct l2cap_conf_rfc rfc;
2523 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
2525 while (len >= L2CAP_CONF_OPT_SIZE) {
2526 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2529 case L2CAP_CONF_MTU:
2530 if (val < L2CAP_DEFAULT_MIN_MTU) {
2531 *result = L2CAP_CONF_UNACCEPT;
2532 pi->omtu = L2CAP_DEFAULT_MIN_MTU;
2535 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2538 case L2CAP_CONF_FLUSH_TO:
2540 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2544 case L2CAP_CONF_RFC:
2545 if (olen == sizeof(rfc))
2546 memcpy(&rfc, (void *)val, olen);
2548 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2549 rfc.mode != pi->mode)
2550 return -ECONNREFUSED;
2552 pi->mode = rfc.mode;
2555 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2556 sizeof(rfc), (unsigned long) &rfc);
2561 if (*result == L2CAP_CONF_SUCCESS) {
2563 case L2CAP_MODE_ERTM:
2564 pi->remote_tx_win = rfc.txwin_size;
2565 pi->retrans_timeout = rfc.retrans_timeout;
2566 pi->monitor_timeout = rfc.monitor_timeout;
2567 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2569 case L2CAP_MODE_STREAMING:
2570 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2575 req->dcid = cpu_to_le16(pi->dcid);
2576 req->flags = cpu_to_le16(0x0000);
2581 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
2583 struct l2cap_conf_rsp *rsp = data;
2584 void *ptr = rsp->data;
2586 BT_DBG("sk %p", sk);
2588 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2589 rsp->result = cpu_to_le16(result);
2590 rsp->flags = cpu_to_le16(flags);
2595 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2597 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2599 if (rej->reason != 0x0000)
2602 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2603 cmd->ident == conn->info_ident) {
2604 del_timer(&conn->info_timer);
2606 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2607 conn->info_ident = 0;
2609 l2cap_conn_start(conn);
2615 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2617 struct l2cap_chan_list *list = &conn->chan_list;
2618 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2619 struct l2cap_conn_rsp rsp;
2620 struct sock *sk, *parent;
2621 int result, status = L2CAP_CS_NO_INFO;
2623 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
2624 __le16 psm = req->psm;
2626 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2628 /* Check if we have socket listening on psm */
2629 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
2631 result = L2CAP_CR_BAD_PSM;
2635 /* Check if the ACL is secure enough (if not SDP) */
2636 if (psm != cpu_to_le16(0x0001) &&
2637 !hci_conn_check_link_mode(conn->hcon)) {
2638 conn->disc_reason = 0x05;
2639 result = L2CAP_CR_SEC_BLOCK;
2643 result = L2CAP_CR_NO_MEM;
2645 /* Check for backlog size */
2646 if (sk_acceptq_is_full(parent)) {
2647 BT_DBG("backlog full %d", parent->sk_ack_backlog);
2651 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
2655 write_lock_bh(&list->lock);
2657 /* Check if we already have channel with that dcid */
2658 if (__l2cap_get_chan_by_dcid(list, scid)) {
2659 write_unlock_bh(&list->lock);
2660 sock_set_flag(sk, SOCK_ZAPPED);
2661 l2cap_sock_kill(sk);
2665 hci_conn_hold(conn->hcon);
2667 l2cap_sock_init(sk, parent);
2668 bacpy(&bt_sk(sk)->src, conn->src);
2669 bacpy(&bt_sk(sk)->dst, conn->dst);
2670 l2cap_pi(sk)->psm = psm;
2671 l2cap_pi(sk)->dcid = scid;
2673 __l2cap_chan_add(conn, sk, parent);
2674 dcid = l2cap_pi(sk)->scid;
2676 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2678 l2cap_pi(sk)->ident = cmd->ident;
2680 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2681 if (l2cap_check_security(sk)) {
2682 if (bt_sk(sk)->defer_setup) {
2683 sk->sk_state = BT_CONNECT2;
2684 result = L2CAP_CR_PEND;
2685 status = L2CAP_CS_AUTHOR_PEND;
2686 parent->sk_data_ready(parent, 0);
2688 sk->sk_state = BT_CONFIG;
2689 result = L2CAP_CR_SUCCESS;
2690 status = L2CAP_CS_NO_INFO;
2693 sk->sk_state = BT_CONNECT2;
2694 result = L2CAP_CR_PEND;
2695 status = L2CAP_CS_AUTHEN_PEND;
2698 sk->sk_state = BT_CONNECT2;
2699 result = L2CAP_CR_PEND;
2700 status = L2CAP_CS_NO_INFO;
2703 write_unlock_bh(&list->lock);
2706 bh_unlock_sock(parent);
2709 rsp.scid = cpu_to_le16(scid);
2710 rsp.dcid = cpu_to_le16(dcid);
2711 rsp.result = cpu_to_le16(result);
2712 rsp.status = cpu_to_le16(status);
2713 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2715 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2716 struct l2cap_info_req info;
2717 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2719 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2720 conn->info_ident = l2cap_get_ident(conn);
2722 mod_timer(&conn->info_timer, jiffies +
2723 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2725 l2cap_send_cmd(conn, conn->info_ident,
2726 L2CAP_INFO_REQ, sizeof(info), &info);
2732 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2734 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2735 u16 scid, dcid, result, status;
2739 scid = __le16_to_cpu(rsp->scid);
2740 dcid = __le16_to_cpu(rsp->dcid);
2741 result = __le16_to_cpu(rsp->result);
2742 status = __le16_to_cpu(rsp->status);
2744 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2747 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2751 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
2757 case L2CAP_CR_SUCCESS:
2758 sk->sk_state = BT_CONFIG;
2759 l2cap_pi(sk)->ident = 0;
2760 l2cap_pi(sk)->dcid = dcid;
2761 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2763 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2765 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2766 l2cap_build_conf_req(sk, req), req);
2767 l2cap_pi(sk)->num_conf_req++;
2771 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
2775 l2cap_chan_del(sk, ECONNREFUSED);
2783 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2785 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2791 dcid = __le16_to_cpu(req->dcid);
2792 flags = __le16_to_cpu(req->flags);
2794 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2796 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2800 if (sk->sk_state == BT_DISCONN)
2803 /* Reject if config buffer is too small. */
2804 len = cmd_len - sizeof(*req);
2805 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2806 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2807 l2cap_build_conf_rsp(sk, rsp,
2808 L2CAP_CONF_REJECT, flags), rsp);
2813 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2814 l2cap_pi(sk)->conf_len += len;
2816 if (flags & 0x0001) {
2817 /* Incomplete config. Send empty response. */
2818 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2819 l2cap_build_conf_rsp(sk, rsp,
2820 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2824 /* Complete config. */
2825 len = l2cap_parse_conf_req(sk, rsp);
2827 l2cap_send_disconn_req(conn, sk);
2831 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2832 l2cap_pi(sk)->num_conf_rsp++;
2834 /* Reset config buffer. */
2835 l2cap_pi(sk)->conf_len = 0;
2837 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2840 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2841 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
2842 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2843 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2845 sk->sk_state = BT_CONNECTED;
2847 l2cap_pi(sk)->next_tx_seq = 0;
2848 l2cap_pi(sk)->expected_tx_seq = 0;
2849 __skb_queue_head_init(TX_QUEUE(sk));
2850 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2851 l2cap_ertm_init(sk);
2853 l2cap_chan_ready(sk);
2857 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2859 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2860 l2cap_build_conf_req(sk, buf), buf);
2861 l2cap_pi(sk)->num_conf_req++;
2869 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2871 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2872 u16 scid, flags, result;
2875 scid = __le16_to_cpu(rsp->scid);
2876 flags = __le16_to_cpu(rsp->flags);
2877 result = __le16_to_cpu(rsp->result);
2879 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2880 scid, flags, result);
2882 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2887 case L2CAP_CONF_SUCCESS:
2890 case L2CAP_CONF_UNACCEPT:
2891 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2892 int len = cmd->len - sizeof(*rsp);
2895 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
2896 l2cap_send_disconn_req(conn, sk);
2900 /* throw out any old stored conf requests */
2901 result = L2CAP_CONF_SUCCESS;
2902 len = l2cap_parse_conf_rsp(sk, rsp->data,
2905 l2cap_send_disconn_req(conn, sk);
2909 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2910 L2CAP_CONF_REQ, len, req);
2911 l2cap_pi(sk)->num_conf_req++;
2912 if (result != L2CAP_CONF_SUCCESS)
2918 sk->sk_state = BT_DISCONN;
2919 sk->sk_err = ECONNRESET;
2920 l2cap_sock_set_timer(sk, HZ * 5);
2921 l2cap_send_disconn_req(conn, sk);
2928 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2930 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2931 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
2932 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2933 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2935 sk->sk_state = BT_CONNECTED;
2936 l2cap_pi(sk)->next_tx_seq = 0;
2937 l2cap_pi(sk)->expected_tx_seq = 0;
2938 __skb_queue_head_init(TX_QUEUE(sk));
2939 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2940 l2cap_ertm_init(sk);
2942 l2cap_chan_ready(sk);
2950 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2952 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2953 struct l2cap_disconn_rsp rsp;
2957 scid = __le16_to_cpu(req->scid);
2958 dcid = __le16_to_cpu(req->dcid);
2960 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2962 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2966 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2967 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2968 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2970 sk->sk_shutdown = SHUTDOWN_MASK;
2972 skb_queue_purge(TX_QUEUE(sk));
2974 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
2975 skb_queue_purge(SREJ_QUEUE(sk));
2976 del_timer(&l2cap_pi(sk)->retrans_timer);
2977 del_timer(&l2cap_pi(sk)->monitor_timer);
2980 l2cap_chan_del(sk, ECONNRESET);
2983 l2cap_sock_kill(sk);
2987 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2989 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2993 scid = __le16_to_cpu(rsp->scid);
2994 dcid = __le16_to_cpu(rsp->dcid);
2996 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2998 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3002 skb_queue_purge(TX_QUEUE(sk));
3004 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
3005 skb_queue_purge(SREJ_QUEUE(sk));
3006 del_timer(&l2cap_pi(sk)->retrans_timer);
3007 del_timer(&l2cap_pi(sk)->monitor_timer);
3010 l2cap_chan_del(sk, 0);
3013 l2cap_sock_kill(sk);
3017 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3019 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
3022 type = __le16_to_cpu(req->type);
3024 BT_DBG("type 0x%4.4x", type);
3026 if (type == L2CAP_IT_FEAT_MASK) {
3028 u32 feat_mask = l2cap_feat_mask;
3029 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3030 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3031 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3033 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3035 put_unaligned_le32(feat_mask, rsp->data);
3036 l2cap_send_cmd(conn, cmd->ident,
3037 L2CAP_INFO_RSP, sizeof(buf), buf);
3038 } else if (type == L2CAP_IT_FIXED_CHAN) {
3040 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3041 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3042 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3043 memcpy(buf + 4, l2cap_fixed_chan, 8);
3044 l2cap_send_cmd(conn, cmd->ident,
3045 L2CAP_INFO_RSP, sizeof(buf), buf);
3047 struct l2cap_info_rsp rsp;
3048 rsp.type = cpu_to_le16(type);
3049 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3050 l2cap_send_cmd(conn, cmd->ident,
3051 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3057 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3059 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3062 type = __le16_to_cpu(rsp->type);
3063 result = __le16_to_cpu(rsp->result);
3065 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3067 del_timer(&conn->info_timer);
3069 if (type == L2CAP_IT_FEAT_MASK) {
3070 conn->feat_mask = get_unaligned_le32(rsp->data);
3072 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
3073 struct l2cap_info_req req;
3074 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3076 conn->info_ident = l2cap_get_ident(conn);
3078 l2cap_send_cmd(conn, conn->info_ident,
3079 L2CAP_INFO_REQ, sizeof(req), &req);
3081 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3082 conn->info_ident = 0;
3084 l2cap_conn_start(conn);
3086 } else if (type == L2CAP_IT_FIXED_CHAN) {
3087 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3088 conn->info_ident = 0;
3090 l2cap_conn_start(conn);
3096 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
3098 u8 *data = skb->data;
3100 struct l2cap_cmd_hdr cmd;
3103 l2cap_raw_recv(conn, skb);
3105 while (len >= L2CAP_CMD_HDR_SIZE) {
3107 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3108 data += L2CAP_CMD_HDR_SIZE;
3109 len -= L2CAP_CMD_HDR_SIZE;
3111 cmd_len = le16_to_cpu(cmd.len);
3113 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
3115 if (cmd_len > len || !cmd.ident) {
3116 BT_DBG("corrupted command");
3121 case L2CAP_COMMAND_REJ:
3122 l2cap_command_rej(conn, &cmd, data);
3125 case L2CAP_CONN_REQ:
3126 err = l2cap_connect_req(conn, &cmd, data);
3129 case L2CAP_CONN_RSP:
3130 err = l2cap_connect_rsp(conn, &cmd, data);
3133 case L2CAP_CONF_REQ:
3134 err = l2cap_config_req(conn, &cmd, cmd_len, data);
3137 case L2CAP_CONF_RSP:
3138 err = l2cap_config_rsp(conn, &cmd, data);
3141 case L2CAP_DISCONN_REQ:
3142 err = l2cap_disconnect_req(conn, &cmd, data);
3145 case L2CAP_DISCONN_RSP:
3146 err = l2cap_disconnect_rsp(conn, &cmd, data);
3149 case L2CAP_ECHO_REQ:
3150 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
3153 case L2CAP_ECHO_RSP:
3156 case L2CAP_INFO_REQ:
3157 err = l2cap_information_req(conn, &cmd, data);
3160 case L2CAP_INFO_RSP:
3161 err = l2cap_information_rsp(conn, &cmd, data);
3165 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
3171 struct l2cap_cmd_rej rej;
3172 BT_DBG("error %d", err);
3174 /* FIXME: Map err to a valid reason */
3175 rej.reason = cpu_to_le16(0);
3176 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3186 static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3188 u16 our_fcs, rcv_fcs;
3189 int hdr_size = L2CAP_HDR_SIZE + 2;
3191 if (pi->fcs == L2CAP_FCS_CRC16) {
3192 skb_trim(skb, skb->len - 2);
3193 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3194 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3196 if (our_fcs != rcv_fcs)
3202 static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
3204 struct l2cap_pinfo *pi = l2cap_pi(sk);
3207 pi->frames_sent = 0;
3208 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
3210 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3212 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3213 control |= L2CAP_SUPER_RCV_NOT_READY | L2CAP_CTRL_FINAL;
3214 l2cap_send_sframe(pi, control);
3215 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
3218 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY && pi->unacked_frames > 0)
3219 __mod_retrans_timer();
3221 l2cap_ertm_send(sk);
3223 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
3224 pi->frames_sent == 0) {
3225 control |= L2CAP_SUPER_RCV_READY;
3226 l2cap_send_sframe(pi, control);
3230 static void l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3232 struct sk_buff *next_skb;
3234 bt_cb(skb)->tx_seq = tx_seq;
3235 bt_cb(skb)->sar = sar;
3237 next_skb = skb_peek(SREJ_QUEUE(sk));
3239 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3244 if (bt_cb(next_skb)->tx_seq > tx_seq) {
3245 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3249 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3252 } while((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3254 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3257 static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3259 struct l2cap_pinfo *pi = l2cap_pi(sk);
3260 struct sk_buff *_skb;
3263 switch (control & L2CAP_CTRL_SAR) {
3264 case L2CAP_SDU_UNSEGMENTED:
3265 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3270 err = sock_queue_rcv_skb(sk, skb);
3276 case L2CAP_SDU_START:
3277 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3282 pi->sdu_len = get_unaligned_le16(skb->data);
3285 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3291 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3293 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3294 pi->partial_sdu_len = skb->len;
3298 case L2CAP_SDU_CONTINUE:
3299 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3302 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3304 pi->partial_sdu_len += skb->len;
3305 if (pi->partial_sdu_len > pi->sdu_len)
3313 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3316 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3318 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3319 pi->partial_sdu_len += skb->len;
3321 if (pi->partial_sdu_len > pi->imtu)
3324 if (pi->partial_sdu_len == pi->sdu_len) {
3325 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3326 err = sock_queue_rcv_skb(sk, _skb);
3341 static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3343 struct sk_buff *skb;
3346 while((skb = skb_peek(SREJ_QUEUE(sk)))) {
3347 if (bt_cb(skb)->tx_seq != tx_seq)
3350 skb = skb_dequeue(SREJ_QUEUE(sk));
3351 control |= bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3352 l2cap_sar_reassembly_sdu(sk, skb, control);
3353 l2cap_pi(sk)->buffer_seq_srej =
3354 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3359 static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3361 struct l2cap_pinfo *pi = l2cap_pi(sk);
3362 struct srej_list *l, *tmp;
3365 list_for_each_entry_safe(l,tmp, SREJ_LIST(sk), list) {
3366 if (l->tx_seq == tx_seq) {
3371 control = L2CAP_SUPER_SELECT_REJECT;
3372 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3373 l2cap_send_sframe(pi, control);
3375 list_add_tail(&l->list, SREJ_LIST(sk));
3379 static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3381 struct l2cap_pinfo *pi = l2cap_pi(sk);
3382 struct srej_list *new;
3385 while (tx_seq != pi->expected_tx_seq) {
3386 control = L2CAP_SUPER_SELECT_REJECT;
3387 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3388 l2cap_send_sframe(pi, control);
3390 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3391 new->tx_seq = pi->expected_tx_seq++;
3392 list_add_tail(&new->list, SREJ_LIST(sk));
3394 pi->expected_tx_seq++;
3397 static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3399 struct l2cap_pinfo *pi = l2cap_pi(sk);
3400 u8 tx_seq = __get_txseq(rx_control);
3401 u8 req_seq = __get_reqseq(rx_control);
3402 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3405 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3407 if (L2CAP_CTRL_FINAL & rx_control) {
3408 del_timer(&pi->monitor_timer);
3409 if (pi->unacked_frames > 0)
3410 __mod_retrans_timer();
3411 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3414 pi->expected_ack_seq = req_seq;
3415 l2cap_drop_acked_frames(sk);
3417 if (tx_seq == pi->expected_tx_seq)
3420 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3421 struct srej_list *first;
3423 first = list_first_entry(SREJ_LIST(sk),
3424 struct srej_list, list);
3425 if (tx_seq == first->tx_seq) {
3426 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3427 l2cap_check_srej_gap(sk, tx_seq);
3429 list_del(&first->list);
3432 if (list_empty(SREJ_LIST(sk))) {
3433 pi->buffer_seq = pi->buffer_seq_srej;
3434 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3437 struct srej_list *l;
3438 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3440 list_for_each_entry(l, SREJ_LIST(sk), list) {
3441 if (l->tx_seq == tx_seq) {
3442 l2cap_resend_srejframe(sk, tx_seq);
3446 l2cap_send_srejframe(sk, tx_seq);
3449 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
3451 INIT_LIST_HEAD(SREJ_LIST(sk));
3452 pi->buffer_seq_srej = pi->buffer_seq;
3454 __skb_queue_head_init(SREJ_QUEUE(sk));
3455 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3457 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
3459 l2cap_send_srejframe(sk, tx_seq);
3464 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3466 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3467 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3471 if (rx_control & L2CAP_CTRL_FINAL) {
3472 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3473 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3475 sk->sk_send_head = TX_QUEUE(sk)->next;
3476 pi->next_tx_seq = pi->expected_ack_seq;
3477 l2cap_ertm_send(sk);
3481 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3483 err = l2cap_sar_reassembly_sdu(sk, skb, rx_control);
3487 pi->num_to_ack = (pi->num_to_ack + 1) % L2CAP_DEFAULT_NUM_TO_ACK;
3488 if (pi->num_to_ack == L2CAP_DEFAULT_NUM_TO_ACK - 1)
3494 static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
3496 struct l2cap_pinfo *pi = l2cap_pi(sk);
3498 pi->expected_ack_seq = __get_reqseq(rx_control);
3499 l2cap_drop_acked_frames(sk);
3501 if (rx_control & L2CAP_CTRL_POLL) {
3502 l2cap_send_i_or_rr_or_rnr(sk);
3503 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3505 } else if (rx_control & L2CAP_CTRL_FINAL) {
3506 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3508 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3509 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3511 sk->sk_send_head = TX_QUEUE(sk)->next;
3512 pi->next_tx_seq = pi->expected_ack_seq;
3513 l2cap_ertm_send(sk);
3517 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3518 (pi->unacked_frames > 0))
3519 __mod_retrans_timer();
3521 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3522 if (pi->conn_state & L2CAP_CONN_SREJ_SENT)
3525 l2cap_ertm_send(sk);
3529 static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
3531 struct l2cap_pinfo *pi = l2cap_pi(sk);
3532 u8 tx_seq = __get_reqseq(rx_control);
3534 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3536 pi->expected_ack_seq = __get_reqseq(rx_control);
3537 l2cap_drop_acked_frames(sk);
3539 if (rx_control & L2CAP_CTRL_FINAL) {
3540 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3541 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3543 sk->sk_send_head = TX_QUEUE(sk)->next;
3544 pi->next_tx_seq = pi->expected_ack_seq;
3545 l2cap_ertm_send(sk);
3548 sk->sk_send_head = TX_QUEUE(sk)->next;
3549 pi->next_tx_seq = pi->expected_ack_seq;
3550 l2cap_ertm_send(sk);
3552 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3553 pi->srej_save_reqseq = tx_seq;
3554 pi->conn_state |= L2CAP_CONN_REJ_ACT;
3558 static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
3560 struct l2cap_pinfo *pi = l2cap_pi(sk);
3561 u8 tx_seq = __get_reqseq(rx_control);
3563 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3565 if (rx_control & L2CAP_CTRL_POLL) {
3566 pi->expected_ack_seq = tx_seq;
3567 l2cap_drop_acked_frames(sk);
3568 l2cap_retransmit_frame(sk, tx_seq);
3569 l2cap_ertm_send(sk);
3570 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3571 pi->srej_save_reqseq = tx_seq;
3572 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3574 } else if (rx_control & L2CAP_CTRL_FINAL) {
3575 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
3576 pi->srej_save_reqseq == tx_seq)
3577 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3579 l2cap_retransmit_frame(sk, tx_seq);
3581 l2cap_retransmit_frame(sk, tx_seq);
3582 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3583 pi->srej_save_reqseq = tx_seq;
3584 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3589 static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
3591 struct l2cap_pinfo *pi = l2cap_pi(sk);
3592 u8 tx_seq = __get_reqseq(rx_control);
3594 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3595 pi->expected_ack_seq = tx_seq;
3596 l2cap_drop_acked_frames(sk);
3598 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
3599 del_timer(&pi->retrans_timer);
3600 if (rx_control & L2CAP_CTRL_POLL) {
3601 u16 control = L2CAP_CTRL_FINAL;
3602 l2cap_send_rr_or_rnr(pi, control);
3607 if (rx_control & L2CAP_CTRL_POLL)
3608 l2cap_send_srejtail(sk);
3610 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY);
3613 static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3615 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3617 if (L2CAP_CTRL_FINAL & rx_control) {
3618 del_timer(&l2cap_pi(sk)->monitor_timer);
3619 if (l2cap_pi(sk)->unacked_frames > 0)
3620 __mod_retrans_timer();
3621 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F;
3624 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3625 case L2CAP_SUPER_RCV_READY:
3626 l2cap_data_channel_rrframe(sk, rx_control);
3629 case L2CAP_SUPER_REJECT:
3630 l2cap_data_channel_rejframe(sk, rx_control);
3633 case L2CAP_SUPER_SELECT_REJECT:
3634 l2cap_data_channel_srejframe(sk, rx_control);
3637 case L2CAP_SUPER_RCV_NOT_READY:
3638 l2cap_data_channel_rnrframe(sk, rx_control);
3646 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3649 struct l2cap_pinfo *pi;
3653 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3655 BT_DBG("unknown cid 0x%4.4x", cid);
3661 BT_DBG("sk %p, len %d", sk, skb->len);
3663 if (sk->sk_state != BT_CONNECTED)
3667 case L2CAP_MODE_BASIC:
3668 /* If socket recv buffers overflows we drop data here
3669 * which is *bad* because L2CAP has to be reliable.
3670 * But we don't have any other choice. L2CAP doesn't
3671 * provide flow control mechanism. */
3673 if (pi->imtu < skb->len)
3676 if (!sock_queue_rcv_skb(sk, skb))
3680 case L2CAP_MODE_ERTM:
3681 control = get_unaligned_le16(skb->data);
3685 if (__is_sar_start(control))
3688 if (pi->fcs == L2CAP_FCS_CRC16)
3692 * We can just drop the corrupted I-frame here.
3693 * Receiver will miss it and start proper recovery
3694 * procedures and ask retransmission.
3696 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE)
3699 if (l2cap_check_fcs(pi, skb))
3702 if (__is_iframe(control)) {
3706 l2cap_data_channel_iframe(sk, control, skb);
3711 l2cap_data_channel_sframe(sk, control, skb);
3716 case L2CAP_MODE_STREAMING:
3717 control = get_unaligned_le16(skb->data);
3721 if (__is_sar_start(control))
3724 if (pi->fcs == L2CAP_FCS_CRC16)
3727 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE || len < 4
3728 || __is_sframe(control))
3731 if (l2cap_check_fcs(pi, skb))
3734 tx_seq = __get_txseq(control);
3736 if (pi->expected_tx_seq == tx_seq)
3737 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3739 pi->expected_tx_seq = (tx_seq + 1) % 64;
3741 l2cap_sar_reassembly_sdu(sk, skb, control);
3746 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode);
3760 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
3764 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
3768 BT_DBG("sk %p, len %d", sk, skb->len);
3770 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3773 if (l2cap_pi(sk)->imtu < skb->len)
3776 if (!sock_queue_rcv_skb(sk, skb))
3788 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3790 struct l2cap_hdr *lh = (void *) skb->data;
3794 skb_pull(skb, L2CAP_HDR_SIZE);
3795 cid = __le16_to_cpu(lh->cid);
3796 len = __le16_to_cpu(lh->len);
3798 if (len != skb->len) {
3803 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3806 case L2CAP_CID_SIGNALING:
3807 l2cap_sig_channel(conn, skb);
3810 case L2CAP_CID_CONN_LESS:
3811 psm = get_unaligned_le16(skb->data);
3813 l2cap_conless_channel(conn, psm, skb);
3817 l2cap_data_channel(conn, cid, skb);
3822 /* ---- L2CAP interface with lower layer (HCI) ---- */
3824 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3826 int exact = 0, lm1 = 0, lm2 = 0;
3827 register struct sock *sk;
3828 struct hlist_node *node;
3830 if (type != ACL_LINK)
3833 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3835 /* Find listening sockets and check their link_mode */
3836 read_lock(&l2cap_sk_list.lock);
3837 sk_for_each(sk, node, &l2cap_sk_list.head) {
3838 if (sk->sk_state != BT_LISTEN)
3841 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
3842 lm1 |= HCI_LM_ACCEPT;
3843 if (l2cap_pi(sk)->role_switch)
3844 lm1 |= HCI_LM_MASTER;
3846 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3847 lm2 |= HCI_LM_ACCEPT;
3848 if (l2cap_pi(sk)->role_switch)
3849 lm2 |= HCI_LM_MASTER;
3852 read_unlock(&l2cap_sk_list.lock);
3854 return exact ? lm1 : lm2;
3857 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
3859 struct l2cap_conn *conn;
3861 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
3863 if (hcon->type != ACL_LINK)
3867 conn = l2cap_conn_add(hcon, status);
3869 l2cap_conn_ready(conn);
3871 l2cap_conn_del(hcon, bt_err(status));
3876 static int l2cap_disconn_ind(struct hci_conn *hcon)
3878 struct l2cap_conn *conn = hcon->l2cap_data;
3880 BT_DBG("hcon %p", hcon);
3882 if (hcon->type != ACL_LINK || !conn)
3885 return conn->disc_reason;
3888 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
3890 BT_DBG("hcon %p reason %d", hcon, reason);
3892 if (hcon->type != ACL_LINK)
3895 l2cap_conn_del(hcon, bt_err(reason));
3900 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
3902 if (sk->sk_type != SOCK_SEQPACKET)
3905 if (encrypt == 0x00) {
3906 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
3907 l2cap_sock_clear_timer(sk);
3908 l2cap_sock_set_timer(sk, HZ * 5);
3909 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
3910 __l2cap_sock_close(sk, ECONNREFUSED);
3912 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
3913 l2cap_sock_clear_timer(sk);
3917 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3919 struct l2cap_chan_list *l;
3920 struct l2cap_conn *conn = hcon->l2cap_data;
3926 l = &conn->chan_list;
3928 BT_DBG("conn %p", conn);
3930 read_lock(&l->lock);
3932 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
3935 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
3940 if (!status && (sk->sk_state == BT_CONNECTED ||
3941 sk->sk_state == BT_CONFIG)) {
3942 l2cap_check_encryption(sk, encrypt);
3947 if (sk->sk_state == BT_CONNECT) {
3949 struct l2cap_conn_req req;
3950 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
3951 req.psm = l2cap_pi(sk)->psm;
3953 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
3955 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3956 L2CAP_CONN_REQ, sizeof(req), &req);
3958 l2cap_sock_clear_timer(sk);
3959 l2cap_sock_set_timer(sk, HZ / 10);
3961 } else if (sk->sk_state == BT_CONNECT2) {
3962 struct l2cap_conn_rsp rsp;
3966 sk->sk_state = BT_CONFIG;
3967 result = L2CAP_CR_SUCCESS;
3969 sk->sk_state = BT_DISCONN;
3970 l2cap_sock_set_timer(sk, HZ / 10);
3971 result = L2CAP_CR_SEC_BLOCK;
3974 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
3975 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3976 rsp.result = cpu_to_le16(result);
3977 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3978 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3979 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3985 read_unlock(&l->lock);
3990 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
3992 struct l2cap_conn *conn = hcon->l2cap_data;
3994 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
3997 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
3999 if (flags & ACL_START) {
4000 struct l2cap_hdr *hdr;
4004 BT_ERR("Unexpected start frame (len %d)", skb->len);
4005 kfree_skb(conn->rx_skb);
4006 conn->rx_skb = NULL;
4008 l2cap_conn_unreliable(conn, ECOMM);
4012 BT_ERR("Frame is too short (len %d)", skb->len);
4013 l2cap_conn_unreliable(conn, ECOMM);
4017 hdr = (struct l2cap_hdr *) skb->data;
4018 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
4020 if (len == skb->len) {
4021 /* Complete frame received */
4022 l2cap_recv_frame(conn, skb);
4026 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4028 if (skb->len > len) {
4029 BT_ERR("Frame is too long (len %d, expected len %d)",
4031 l2cap_conn_unreliable(conn, ECOMM);
4035 /* Allocate skb for the complete frame (with header) */
4036 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4040 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4042 conn->rx_len = len - skb->len;
4044 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4046 if (!conn->rx_len) {
4047 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4048 l2cap_conn_unreliable(conn, ECOMM);
4052 if (skb->len > conn->rx_len) {
4053 BT_ERR("Fragment is too long (len %d, expected %d)",
4054 skb->len, conn->rx_len);
4055 kfree_skb(conn->rx_skb);
4056 conn->rx_skb = NULL;
4058 l2cap_conn_unreliable(conn, ECOMM);
4062 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4064 conn->rx_len -= skb->len;
4066 if (!conn->rx_len) {
4067 /* Complete frame received */
4068 l2cap_recv_frame(conn, conn->rx_skb);
4069 conn->rx_skb = NULL;
4078 static int l2cap_debugfs_show(struct seq_file *f, void *p)
4081 struct hlist_node *node;
4083 read_lock_bh(&l2cap_sk_list.lock);
4085 sk_for_each(sk, node, &l2cap_sk_list.head) {
4086 struct l2cap_pinfo *pi = l2cap_pi(sk);
4088 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
4089 batostr(&bt_sk(sk)->src),
4090 batostr(&bt_sk(sk)->dst),
4091 sk->sk_state, __le16_to_cpu(pi->psm),
4093 pi->imtu, pi->omtu, pi->sec_level);
4096 read_unlock_bh(&l2cap_sk_list.lock);
4101 static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4103 return single_open(file, l2cap_debugfs_show, inode->i_private);
4106 static const struct file_operations l2cap_debugfs_fops = {
4107 .open = l2cap_debugfs_open,
4109 .llseek = seq_lseek,
4110 .release = single_release,
4113 static struct dentry *l2cap_debugfs;
4115 static const struct proto_ops l2cap_sock_ops = {
4116 .family = PF_BLUETOOTH,
4117 .owner = THIS_MODULE,
4118 .release = l2cap_sock_release,
4119 .bind = l2cap_sock_bind,
4120 .connect = l2cap_sock_connect,
4121 .listen = l2cap_sock_listen,
4122 .accept = l2cap_sock_accept,
4123 .getname = l2cap_sock_getname,
4124 .sendmsg = l2cap_sock_sendmsg,
4125 .recvmsg = l2cap_sock_recvmsg,
4126 .poll = bt_sock_poll,
4127 .ioctl = bt_sock_ioctl,
4128 .mmap = sock_no_mmap,
4129 .socketpair = sock_no_socketpair,
4130 .shutdown = l2cap_sock_shutdown,
4131 .setsockopt = l2cap_sock_setsockopt,
4132 .getsockopt = l2cap_sock_getsockopt
4135 static const struct net_proto_family l2cap_sock_family_ops = {
4136 .family = PF_BLUETOOTH,
4137 .owner = THIS_MODULE,
4138 .create = l2cap_sock_create,
4141 static struct hci_proto l2cap_hci_proto = {
4143 .id = HCI_PROTO_L2CAP,
4144 .connect_ind = l2cap_connect_ind,
4145 .connect_cfm = l2cap_connect_cfm,
4146 .disconn_ind = l2cap_disconn_ind,
4147 .disconn_cfm = l2cap_disconn_cfm,
4148 .security_cfm = l2cap_security_cfm,
4149 .recv_acldata = l2cap_recv_acldata
4152 static int __init l2cap_init(void)
4156 err = proto_register(&l2cap_proto, 0);
4160 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
4162 BT_ERR("L2CAP socket registration failed");
4166 err = hci_register_proto(&l2cap_hci_proto);
4168 BT_ERR("L2CAP protocol registration failed");
4169 bt_sock_unregister(BTPROTO_L2CAP);
4174 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4175 bt_debugfs, NULL, &l2cap_debugfs_fops);
4177 BT_ERR("Failed to create L2CAP debug file");
4180 BT_INFO("L2CAP ver %s", VERSION);
4181 BT_INFO("L2CAP socket layer initialized");
4186 proto_unregister(&l2cap_proto);
4190 static void __exit l2cap_exit(void)
4192 debugfs_remove(l2cap_debugfs);
4194 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
4195 BT_ERR("L2CAP socket unregistration failed");
4197 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4198 BT_ERR("L2CAP protocol unregistration failed");
4200 proto_unregister(&l2cap_proto);
4203 void l2cap_load(void)
4205 /* Dummy function to trigger automatic L2CAP module loading by
4206 * other modules that use L2CAP sockets but don't use any other
4207 * symbols from it. */
4210 EXPORT_SYMBOL(l2cap_load);
4212 module_init(l2cap_init);
4213 module_exit(l2cap_exit);
4215 module_param(enable_ertm, bool, 0644);
4216 MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
4218 module_param(max_transmit, uint, 0644);
4219 MODULE_PARM_DESC(max_transmit, "Max transmit value (default = 3)");
4221 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4222 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
4223 MODULE_VERSION(VERSION);
4224 MODULE_LICENSE("GPL");
4225 MODULE_ALIAS("bt-proto-0");
git.openpandora.org / pandora-kernel.git / blob