2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth L2CAP core and sockets. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
53 #define VERSION "2.13"
55 static u32 l2cap_feat_mask = 0x0080;
56 static u8 l2cap_fixed_chan[8] = { 0x02, };
58 static const struct proto_ops l2cap_sock_ops;
60 static struct bt_sock_list l2cap_sk_list = {
61 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
64 static void __l2cap_sock_close(struct sock *sk, int reason);
65 static void l2cap_sock_close(struct sock *sk);
66 static void l2cap_sock_kill(struct sock *sk);
68 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
71 /* ---- L2CAP timers ---- */
72 static void l2cap_sock_timeout(unsigned long arg)
74 struct sock *sk = (struct sock *) arg;
77 BT_DBG("sock %p state %d", sk, sk->sk_state);
81 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
82 reason = ECONNREFUSED;
83 else if (sk->sk_state == BT_CONNECT &&
84 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
85 reason = ECONNREFUSED;
89 __l2cap_sock_close(sk, reason);
97 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
99 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
100 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
103 static void l2cap_sock_clear_timer(struct sock *sk)
105 BT_DBG("sock %p state %d", sk, sk->sk_state);
106 sk_stop_timer(sk, &sk->sk_timer);
109 /* ---- L2CAP channels ---- */
110 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
113 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
114 if (l2cap_pi(s)->dcid == cid)
120 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
123 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
124 if (l2cap_pi(s)->scid == cid)
130 /* Find channel with given SCID.
131 * Returns locked socket */
132 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
136 s = __l2cap_get_chan_by_scid(l, cid);
137 if (s) bh_lock_sock(s);
138 read_unlock(&l->lock);
142 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
145 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
146 if (l2cap_pi(s)->ident == ident)
152 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
156 s = __l2cap_get_chan_by_ident(l, ident);
157 if (s) bh_lock_sock(s);
158 read_unlock(&l->lock);
162 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
166 for (; cid < 0xffff; cid++) {
167 if(!__l2cap_get_chan_by_scid(l, cid))
174 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
179 l2cap_pi(l->head)->prev_c = sk;
181 l2cap_pi(sk)->next_c = l->head;
182 l2cap_pi(sk)->prev_c = NULL;
186 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
188 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
190 write_lock_bh(&l->lock);
195 l2cap_pi(next)->prev_c = prev;
197 l2cap_pi(prev)->next_c = next;
198 write_unlock_bh(&l->lock);
203 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
205 struct l2cap_chan_list *l = &conn->chan_list;
207 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
209 l2cap_pi(sk)->conn = conn;
211 if (sk->sk_type == SOCK_SEQPACKET) {
212 /* Alloc CID for connection-oriented socket */
213 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
214 } else if (sk->sk_type == SOCK_DGRAM) {
215 /* Connectionless socket */
216 l2cap_pi(sk)->scid = 0x0002;
217 l2cap_pi(sk)->dcid = 0x0002;
218 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
220 /* Raw socket can send/recv signalling messages only */
221 l2cap_pi(sk)->scid = 0x0001;
222 l2cap_pi(sk)->dcid = 0x0001;
223 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
226 __l2cap_chan_link(l, sk);
229 bt_accept_enqueue(parent, sk);
233 * Must be called on the locked socket. */
234 static void l2cap_chan_del(struct sock *sk, int err)
236 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
237 struct sock *parent = bt_sk(sk)->parent;
239 l2cap_sock_clear_timer(sk);
241 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
244 /* Unlink from channel list */
245 l2cap_chan_unlink(&conn->chan_list, sk);
246 l2cap_pi(sk)->conn = NULL;
247 hci_conn_put(conn->hcon);
250 sk->sk_state = BT_CLOSED;
251 sock_set_flag(sk, SOCK_ZAPPED);
257 bt_accept_unlink(sk);
258 parent->sk_data_ready(parent, 0);
260 sk->sk_state_change(sk);
263 /* Service level security */
264 static inline int l2cap_check_security(struct sock *sk)
266 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
269 switch (l2cap_pi(sk)->sec_level) {
270 case BT_SECURITY_HIGH:
271 auth_type = HCI_AT_GENERAL_BONDING_MITM;
273 case BT_SECURITY_MEDIUM:
274 auth_type = HCI_AT_GENERAL_BONDING;
277 auth_type = HCI_AT_NO_BONDING;
281 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
285 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
289 /* Get next available identificator.
290 * 1 - 128 are used by kernel.
291 * 129 - 199 are reserved.
292 * 200 - 254 are used by utilities like l2ping, etc.
295 spin_lock_bh(&conn->lock);
297 if (++conn->tx_ident > 128)
302 spin_unlock_bh(&conn->lock);
307 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
309 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
311 BT_DBG("code 0x%2.2x", code);
316 return hci_send_acl(conn->hcon, skb, 0);
319 static void l2cap_do_start(struct sock *sk)
321 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
323 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
324 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
327 if (l2cap_check_security(sk)) {
328 struct l2cap_conn_req req;
329 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
330 req.psm = l2cap_pi(sk)->psm;
332 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
334 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
335 L2CAP_CONN_REQ, sizeof(req), &req);
338 struct l2cap_info_req req;
339 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
341 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
342 conn->info_ident = l2cap_get_ident(conn);
344 mod_timer(&conn->info_timer, jiffies +
345 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
347 l2cap_send_cmd(conn, conn->info_ident,
348 L2CAP_INFO_REQ, sizeof(req), &req);
352 /* ---- L2CAP connections ---- */
353 static void l2cap_conn_start(struct l2cap_conn *conn)
355 struct l2cap_chan_list *l = &conn->chan_list;
358 BT_DBG("conn %p", conn);
362 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
365 if (sk->sk_type != SOCK_SEQPACKET) {
370 if (sk->sk_state == BT_CONNECT) {
371 if (l2cap_check_security(sk)) {
372 struct l2cap_conn_req req;
373 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
374 req.psm = l2cap_pi(sk)->psm;
376 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
378 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
379 L2CAP_CONN_REQ, sizeof(req), &req);
381 } else if (sk->sk_state == BT_CONNECT2) {
382 struct l2cap_conn_rsp rsp;
383 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
384 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
386 if (l2cap_check_security(sk)) {
387 if (bt_sk(sk)->defer_setup) {
388 struct sock *parent = bt_sk(sk)->parent;
389 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
390 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
391 parent->sk_data_ready(parent, 0);
394 sk->sk_state = BT_CONFIG;
395 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
396 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
399 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
400 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
403 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
404 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
410 read_unlock(&l->lock);
413 static void l2cap_conn_ready(struct l2cap_conn *conn)
415 struct l2cap_chan_list *l = &conn->chan_list;
418 BT_DBG("conn %p", conn);
422 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
425 if (sk->sk_type != SOCK_SEQPACKET) {
426 l2cap_sock_clear_timer(sk);
427 sk->sk_state = BT_CONNECTED;
428 sk->sk_state_change(sk);
429 } else if (sk->sk_state == BT_CONNECT)
435 read_unlock(&l->lock);
438 /* Notify sockets that we cannot guaranty reliability anymore */
439 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
441 struct l2cap_chan_list *l = &conn->chan_list;
444 BT_DBG("conn %p", conn);
448 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
449 if (l2cap_pi(sk)->force_reliable)
453 read_unlock(&l->lock);
456 static void l2cap_info_timeout(unsigned long arg)
458 struct l2cap_conn *conn = (void *) arg;
460 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
461 conn->info_ident = 0;
463 l2cap_conn_start(conn);
466 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
468 struct l2cap_conn *conn = hcon->l2cap_data;
473 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
477 hcon->l2cap_data = conn;
480 BT_DBG("hcon %p conn %p", hcon, conn);
482 conn->mtu = hcon->hdev->acl_mtu;
483 conn->src = &hcon->hdev->bdaddr;
484 conn->dst = &hcon->dst;
488 setup_timer(&conn->info_timer, l2cap_info_timeout,
489 (unsigned long) conn);
491 spin_lock_init(&conn->lock);
492 rwlock_init(&conn->chan_list.lock);
497 static void l2cap_conn_del(struct hci_conn *hcon, int err)
499 struct l2cap_conn *conn = hcon->l2cap_data;
505 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
508 kfree_skb(conn->rx_skb);
511 while ((sk = conn->chan_list.head)) {
513 l2cap_chan_del(sk, err);
518 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
519 del_timer_sync(&conn->info_timer);
521 hcon->l2cap_data = NULL;
525 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
527 struct l2cap_chan_list *l = &conn->chan_list;
528 write_lock_bh(&l->lock);
529 __l2cap_chan_add(conn, sk, parent);
530 write_unlock_bh(&l->lock);
533 /* ---- Socket interface ---- */
534 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
537 struct hlist_node *node;
538 sk_for_each(sk, node, &l2cap_sk_list.head)
539 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
546 /* Find socket with psm and source bdaddr.
547 * Returns closest match.
549 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
551 struct sock *sk = NULL, *sk1 = NULL;
552 struct hlist_node *node;
554 sk_for_each(sk, node, &l2cap_sk_list.head) {
555 if (state && sk->sk_state != state)
558 if (l2cap_pi(sk)->psm == psm) {
560 if (!bacmp(&bt_sk(sk)->src, src))
564 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
568 return node ? sk : sk1;
571 /* Find socket with given address (psm, src).
572 * Returns locked socket */
573 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
576 read_lock(&l2cap_sk_list.lock);
577 s = __l2cap_get_sock_by_psm(state, psm, src);
578 if (s) bh_lock_sock(s);
579 read_unlock(&l2cap_sk_list.lock);
583 static void l2cap_sock_destruct(struct sock *sk)
587 skb_queue_purge(&sk->sk_receive_queue);
588 skb_queue_purge(&sk->sk_write_queue);
591 static void l2cap_sock_cleanup_listen(struct sock *parent)
595 BT_DBG("parent %p", parent);
597 /* Close not yet accepted channels */
598 while ((sk = bt_accept_dequeue(parent, NULL)))
599 l2cap_sock_close(sk);
601 parent->sk_state = BT_CLOSED;
602 sock_set_flag(parent, SOCK_ZAPPED);
605 /* Kill socket (only if zapped and orphan)
606 * Must be called on unlocked socket.
608 static void l2cap_sock_kill(struct sock *sk)
610 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
613 BT_DBG("sk %p state %d", sk, sk->sk_state);
615 /* Kill poor orphan */
616 bt_sock_unlink(&l2cap_sk_list, sk);
617 sock_set_flag(sk, SOCK_DEAD);
621 static void __l2cap_sock_close(struct sock *sk, int reason)
623 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
625 switch (sk->sk_state) {
627 l2cap_sock_cleanup_listen(sk);
632 if (sk->sk_type == SOCK_SEQPACKET) {
633 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
634 struct l2cap_disconn_req req;
636 sk->sk_state = BT_DISCONN;
637 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
639 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
640 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
641 l2cap_send_cmd(conn, l2cap_get_ident(conn),
642 L2CAP_DISCONN_REQ, sizeof(req), &req);
644 l2cap_chan_del(sk, reason);
648 if (sk->sk_type == SOCK_SEQPACKET) {
649 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
650 struct l2cap_conn_rsp rsp;
653 if (bt_sk(sk)->defer_setup)
654 result = L2CAP_CR_SEC_BLOCK;
656 result = L2CAP_CR_BAD_PSM;
658 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
659 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
660 rsp.result = cpu_to_le16(result);
661 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
662 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
663 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
665 l2cap_chan_del(sk, reason);
670 l2cap_chan_del(sk, reason);
674 sock_set_flag(sk, SOCK_ZAPPED);
679 /* Must be called on unlocked socket. */
680 static void l2cap_sock_close(struct sock *sk)
682 l2cap_sock_clear_timer(sk);
684 __l2cap_sock_close(sk, ECONNRESET);
689 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
691 struct l2cap_pinfo *pi = l2cap_pi(sk);
696 sk->sk_type = parent->sk_type;
697 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
699 pi->imtu = l2cap_pi(parent)->imtu;
700 pi->omtu = l2cap_pi(parent)->omtu;
701 pi->sec_level = l2cap_pi(parent)->sec_level;
702 pi->role_switch = l2cap_pi(parent)->role_switch;
703 pi->force_reliable = l2cap_pi(parent)->force_reliable;
705 pi->imtu = L2CAP_DEFAULT_MTU;
707 pi->sec_level = BT_SECURITY_LOW;
709 pi->force_reliable = 0;
712 /* Default config options */
714 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
717 static struct proto l2cap_proto = {
719 .owner = THIS_MODULE,
720 .obj_size = sizeof(struct l2cap_pinfo)
723 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
727 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
731 sock_init_data(sock, sk);
732 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
734 sk->sk_destruct = l2cap_sock_destruct;
735 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
737 sock_reset_flag(sk, SOCK_ZAPPED);
739 sk->sk_protocol = proto;
740 sk->sk_state = BT_OPEN;
742 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
744 bt_sock_link(&l2cap_sk_list, sk);
748 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
752 BT_DBG("sock %p", sock);
754 sock->state = SS_UNCONNECTED;
756 if (sock->type != SOCK_SEQPACKET &&
757 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
758 return -ESOCKTNOSUPPORT;
760 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
763 sock->ops = &l2cap_sock_ops;
765 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
769 l2cap_sock_init(sk, NULL);
773 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
775 struct sock *sk = sock->sk;
776 struct sockaddr_l2 la;
781 if (!addr || addr->sa_family != AF_BLUETOOTH)
784 memset(&la, 0, sizeof(la));
785 len = min_t(unsigned int, sizeof(la), alen);
786 memcpy(&la, addr, len);
790 if (sk->sk_state != BT_OPEN) {
795 if (la.l2_psm && btohs(la.l2_psm) < 0x1001 &&
796 !capable(CAP_NET_BIND_SERVICE)) {
801 write_lock_bh(&l2cap_sk_list.lock);
803 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
806 /* Save source address */
807 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
808 l2cap_pi(sk)->psm = la.l2_psm;
809 l2cap_pi(sk)->sport = la.l2_psm;
810 sk->sk_state = BT_BOUND;
812 if (btohs(la.l2_psm) == 0x0001 || btohs(la.l2_psm) == 0x0003)
813 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
816 write_unlock_bh(&l2cap_sk_list.lock);
823 static int l2cap_do_connect(struct sock *sk)
825 bdaddr_t *src = &bt_sk(sk)->src;
826 bdaddr_t *dst = &bt_sk(sk)->dst;
827 struct l2cap_conn *conn;
828 struct hci_conn *hcon;
829 struct hci_dev *hdev;
833 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
836 if (!(hdev = hci_get_route(dst, src)))
837 return -EHOSTUNREACH;
839 hci_dev_lock_bh(hdev);
843 if (sk->sk_type == SOCK_RAW) {
844 switch (l2cap_pi(sk)->sec_level) {
845 case BT_SECURITY_HIGH:
846 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
848 case BT_SECURITY_MEDIUM:
849 auth_type = HCI_AT_DEDICATED_BONDING;
852 auth_type = HCI_AT_NO_BONDING;
855 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
856 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
857 auth_type = HCI_AT_NO_BONDING_MITM;
859 auth_type = HCI_AT_NO_BONDING;
861 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
862 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
864 switch (l2cap_pi(sk)->sec_level) {
865 case BT_SECURITY_HIGH:
866 auth_type = HCI_AT_GENERAL_BONDING_MITM;
868 case BT_SECURITY_MEDIUM:
869 auth_type = HCI_AT_GENERAL_BONDING;
872 auth_type = HCI_AT_NO_BONDING;
877 hcon = hci_connect(hdev, ACL_LINK, dst,
878 l2cap_pi(sk)->sec_level, auth_type);
882 conn = l2cap_conn_add(hcon, 0);
890 /* Update source addr of the socket */
891 bacpy(src, conn->src);
893 l2cap_chan_add(conn, sk, NULL);
895 sk->sk_state = BT_CONNECT;
896 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
898 if (hcon->state == BT_CONNECTED) {
899 if (sk->sk_type != SOCK_SEQPACKET) {
900 l2cap_sock_clear_timer(sk);
901 sk->sk_state = BT_CONNECTED;
907 hci_dev_unlock_bh(hdev);
912 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
914 struct sock *sk = sock->sk;
915 struct sockaddr_l2 la;
922 if (!addr || addr->sa_family != AF_BLUETOOTH) {
927 memset(&la, 0, sizeof(la));
928 len = min_t(unsigned int, sizeof(la), alen);
929 memcpy(&la, addr, len);
931 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
936 switch(sk->sk_state) {
940 /* Already connecting */
944 /* Already connected */
957 /* Set destination address and psm */
958 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
959 l2cap_pi(sk)->psm = la.l2_psm;
961 if ((err = l2cap_do_connect(sk)))
965 err = bt_sock_wait_state(sk, BT_CONNECTED,
966 sock_sndtimeo(sk, flags & O_NONBLOCK));
972 static int l2cap_sock_listen(struct socket *sock, int backlog)
974 struct sock *sk = sock->sk;
977 BT_DBG("sk %p backlog %d", sk, backlog);
981 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
986 if (!l2cap_pi(sk)->psm) {
987 bdaddr_t *src = &bt_sk(sk)->src;
992 write_lock_bh(&l2cap_sk_list.lock);
994 for (psm = 0x1001; psm < 0x1100; psm += 2)
995 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
996 l2cap_pi(sk)->psm = htobs(psm);
997 l2cap_pi(sk)->sport = htobs(psm);
1002 write_unlock_bh(&l2cap_sk_list.lock);
1008 sk->sk_max_ack_backlog = backlog;
1009 sk->sk_ack_backlog = 0;
1010 sk->sk_state = BT_LISTEN;
1017 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1019 DECLARE_WAITQUEUE(wait, current);
1020 struct sock *sk = sock->sk, *nsk;
1024 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1026 if (sk->sk_state != BT_LISTEN) {
1031 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1033 BT_DBG("sk %p timeo %ld", sk, timeo);
1035 /* Wait for an incoming connection. (wake-one). */
1036 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1037 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1038 set_current_state(TASK_INTERRUPTIBLE);
1045 timeo = schedule_timeout(timeo);
1046 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1048 if (sk->sk_state != BT_LISTEN) {
1053 if (signal_pending(current)) {
1054 err = sock_intr_errno(timeo);
1058 set_current_state(TASK_RUNNING);
1059 remove_wait_queue(sk->sk_sleep, &wait);
1064 newsock->state = SS_CONNECTED;
1066 BT_DBG("new socket %p", nsk);
1073 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1075 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1076 struct sock *sk = sock->sk;
1078 BT_DBG("sock %p, sk %p", sock, sk);
1080 addr->sa_family = AF_BLUETOOTH;
1081 *len = sizeof(struct sockaddr_l2);
1084 la->l2_psm = l2cap_pi(sk)->psm;
1085 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1086 la->l2_cid = htobs(l2cap_pi(sk)->dcid);
1088 la->l2_psm = l2cap_pi(sk)->sport;
1089 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1090 la->l2_cid = htobs(l2cap_pi(sk)->scid);
1096 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1098 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1099 struct sk_buff *skb, **frag;
1100 int err, hlen, count, sent=0;
1101 struct l2cap_hdr *lh;
1103 BT_DBG("sk %p len %d", sk, len);
1105 /* First fragment (with L2CAP header) */
1106 if (sk->sk_type == SOCK_DGRAM)
1107 hlen = L2CAP_HDR_SIZE + 2;
1109 hlen = L2CAP_HDR_SIZE;
1111 count = min_t(unsigned int, (conn->mtu - hlen), len);
1113 skb = bt_skb_send_alloc(sk, hlen + count,
1114 msg->msg_flags & MSG_DONTWAIT, &err);
1118 /* Create L2CAP header */
1119 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1120 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1121 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1123 if (sk->sk_type == SOCK_DGRAM)
1124 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1126 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1134 /* Continuation fragments (no L2CAP header) */
1135 frag = &skb_shinfo(skb)->frag_list;
1137 count = min_t(unsigned int, conn->mtu, len);
1139 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1143 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1151 frag = &(*frag)->next;
1154 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1164 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1166 struct sock *sk = sock->sk;
1169 BT_DBG("sock %p, sk %p", sock, sk);
1171 err = sock_error(sk);
1175 if (msg->msg_flags & MSG_OOB)
1178 /* Check outgoing MTU */
1179 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1184 if (sk->sk_state == BT_CONNECTED)
1185 err = l2cap_do_send(sk, msg, len);
1193 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1195 struct sock *sk = sock->sk;
1199 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1200 struct l2cap_conn_rsp rsp;
1202 sk->sk_state = BT_CONFIG;
1204 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1205 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1206 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1207 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1208 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1209 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1217 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1220 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1222 struct sock *sk = sock->sk;
1223 struct l2cap_options opts;
1227 BT_DBG("sk %p", sk);
1233 opts.imtu = l2cap_pi(sk)->imtu;
1234 opts.omtu = l2cap_pi(sk)->omtu;
1235 opts.flush_to = l2cap_pi(sk)->flush_to;
1236 opts.mode = L2CAP_MODE_BASIC;
1238 len = min_t(unsigned int, sizeof(opts), optlen);
1239 if (copy_from_user((char *) &opts, optval, len)) {
1244 l2cap_pi(sk)->imtu = opts.imtu;
1245 l2cap_pi(sk)->omtu = opts.omtu;
1249 if (get_user(opt, (u32 __user *) optval)) {
1254 if (opt & L2CAP_LM_AUTH)
1255 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1256 if (opt & L2CAP_LM_ENCRYPT)
1257 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1258 if (opt & L2CAP_LM_SECURE)
1259 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1261 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1262 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1274 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1276 struct sock *sk = sock->sk;
1277 struct bt_security sec;
1281 BT_DBG("sk %p", sk);
1283 if (level == SOL_L2CAP)
1284 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1286 if (level != SOL_BLUETOOTH)
1287 return -ENOPROTOOPT;
1293 if (sk->sk_type != SOCK_SEQPACKET) {
1298 sec.level = BT_SECURITY_LOW;
1300 len = min_t(unsigned int, sizeof(sec), optlen);
1301 if (copy_from_user((char *) &sec, optval, len)) {
1306 if (sec.level < BT_SECURITY_LOW ||
1307 sec.level > BT_SECURITY_HIGH) {
1312 l2cap_pi(sk)->sec_level = sec.level;
1315 case BT_DEFER_SETUP:
1316 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1321 if (get_user(opt, (u32 __user *) optval)) {
1326 bt_sk(sk)->defer_setup = opt;
1338 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1340 struct sock *sk = sock->sk;
1341 struct l2cap_options opts;
1342 struct l2cap_conninfo cinfo;
1346 BT_DBG("sk %p", sk);
1348 if (get_user(len, optlen))
1355 opts.imtu = l2cap_pi(sk)->imtu;
1356 opts.omtu = l2cap_pi(sk)->omtu;
1357 opts.flush_to = l2cap_pi(sk)->flush_to;
1358 opts.mode = L2CAP_MODE_BASIC;
1360 len = min_t(unsigned int, len, sizeof(opts));
1361 if (copy_to_user(optval, (char *) &opts, len))
1367 switch (l2cap_pi(sk)->sec_level) {
1368 case BT_SECURITY_LOW:
1369 opt = L2CAP_LM_AUTH;
1371 case BT_SECURITY_MEDIUM:
1372 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1374 case BT_SECURITY_HIGH:
1375 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1383 if (l2cap_pi(sk)->role_switch)
1384 opt |= L2CAP_LM_MASTER;
1386 if (l2cap_pi(sk)->force_reliable)
1387 opt |= L2CAP_LM_RELIABLE;
1389 if (put_user(opt, (u32 __user *) optval))
1393 case L2CAP_CONNINFO:
1394 if (sk->sk_state != BT_CONNECTED &&
1395 !(sk->sk_state == BT_CONNECT2 &&
1396 bt_sk(sk)->defer_setup)) {
1401 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1402 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1404 len = min_t(unsigned int, len, sizeof(cinfo));
1405 if (copy_to_user(optval, (char *) &cinfo, len))
1419 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1421 struct sock *sk = sock->sk;
1422 struct bt_security sec;
1425 BT_DBG("sk %p", sk);
1427 if (level == SOL_L2CAP)
1428 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1430 if (level != SOL_BLUETOOTH)
1431 return -ENOPROTOOPT;
1433 if (get_user(len, optlen))
1440 if (sk->sk_type != SOCK_SEQPACKET) {
1445 sec.level = l2cap_pi(sk)->sec_level;
1447 len = min_t(unsigned int, len, sizeof(sec));
1448 if (copy_to_user(optval, (char *) &sec, len))
1453 case BT_DEFER_SETUP:
1454 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1459 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1473 static int l2cap_sock_shutdown(struct socket *sock, int how)
1475 struct sock *sk = sock->sk;
1478 BT_DBG("sock %p, sk %p", sock, sk);
1484 if (!sk->sk_shutdown) {
1485 sk->sk_shutdown = SHUTDOWN_MASK;
1486 l2cap_sock_clear_timer(sk);
1487 __l2cap_sock_close(sk, 0);
1489 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1490 err = bt_sock_wait_state(sk, BT_CLOSED,
1497 static int l2cap_sock_release(struct socket *sock)
1499 struct sock *sk = sock->sk;
1502 BT_DBG("sock %p, sk %p", sock, sk);
1507 err = l2cap_sock_shutdown(sock, 2);
1510 l2cap_sock_kill(sk);
1514 static void l2cap_chan_ready(struct sock *sk)
1516 struct sock *parent = bt_sk(sk)->parent;
1518 BT_DBG("sk %p, parent %p", sk, parent);
1520 l2cap_pi(sk)->conf_state = 0;
1521 l2cap_sock_clear_timer(sk);
1524 /* Outgoing channel.
1525 * Wake up socket sleeping on connect.
1527 sk->sk_state = BT_CONNECTED;
1528 sk->sk_state_change(sk);
1530 /* Incoming channel.
1531 * Wake up socket sleeping on accept.
1533 parent->sk_data_ready(parent, 0);
1537 /* Copy frame to all raw sockets on that connection */
1538 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1540 struct l2cap_chan_list *l = &conn->chan_list;
1541 struct sk_buff *nskb;
1544 BT_DBG("conn %p", conn);
1546 read_lock(&l->lock);
1547 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1548 if (sk->sk_type != SOCK_RAW)
1551 /* Don't send frame to the socket it came from */
1555 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1558 if (sock_queue_rcv_skb(sk, nskb))
1561 read_unlock(&l->lock);
1564 /* ---- L2CAP signalling commands ---- */
1565 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1566 u8 code, u8 ident, u16 dlen, void *data)
1568 struct sk_buff *skb, **frag;
1569 struct l2cap_cmd_hdr *cmd;
1570 struct l2cap_hdr *lh;
1573 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1575 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1576 count = min_t(unsigned int, conn->mtu, len);
1578 skb = bt_skb_alloc(count, GFP_ATOMIC);
1582 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1583 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1584 lh->cid = cpu_to_le16(0x0001);
1586 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1589 cmd->len = cpu_to_le16(dlen);
1592 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1593 memcpy(skb_put(skb, count), data, count);
1599 /* Continuation fragments (no L2CAP header) */
1600 frag = &skb_shinfo(skb)->frag_list;
1602 count = min_t(unsigned int, conn->mtu, len);
1604 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1608 memcpy(skb_put(*frag, count), data, count);
1613 frag = &(*frag)->next;
1623 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1625 struct l2cap_conf_opt *opt = *ptr;
1628 len = L2CAP_CONF_OPT_SIZE + opt->len;
1636 *val = *((u8 *) opt->val);
1640 *val = __le16_to_cpu(*((__le16 *) opt->val));
1644 *val = __le32_to_cpu(*((__le32 *) opt->val));
1648 *val = (unsigned long) opt->val;
1652 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1656 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1658 struct l2cap_conf_opt *opt = *ptr;
1660 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1667 *((u8 *) opt->val) = val;
1671 *((__le16 *) opt->val) = cpu_to_le16(val);
1675 *((__le32 *) opt->val) = cpu_to_le32(val);
1679 memcpy(opt->val, (void *) val, len);
1683 *ptr += L2CAP_CONF_OPT_SIZE + len;
1686 static int l2cap_build_conf_req(struct sock *sk, void *data)
1688 struct l2cap_pinfo *pi = l2cap_pi(sk);
1689 struct l2cap_conf_req *req = data;
1690 void *ptr = req->data;
1692 BT_DBG("sk %p", sk);
1694 if (pi->imtu != L2CAP_DEFAULT_MTU)
1695 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1697 /* FIXME: Need actual value of the flush timeout */
1698 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1699 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1701 req->dcid = cpu_to_le16(pi->dcid);
1702 req->flags = cpu_to_le16(0);
1707 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1709 struct l2cap_pinfo *pi = l2cap_pi(sk);
1710 struct l2cap_conf_rsp *rsp = data;
1711 void *ptr = rsp->data;
1712 void *req = pi->conf_req;
1713 int len = pi->conf_len;
1714 int type, hint, olen;
1716 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1717 u16 mtu = L2CAP_DEFAULT_MTU;
1718 u16 result = L2CAP_CONF_SUCCESS;
1720 BT_DBG("sk %p", sk);
1722 while (len >= L2CAP_CONF_OPT_SIZE) {
1723 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1729 case L2CAP_CONF_MTU:
1733 case L2CAP_CONF_FLUSH_TO:
1737 case L2CAP_CONF_QOS:
1740 case L2CAP_CONF_RFC:
1741 if (olen == sizeof(rfc))
1742 memcpy(&rfc, (void *) val, olen);
1749 result = L2CAP_CONF_UNKNOWN;
1750 *((u8 *) ptr++) = type;
1755 if (result == L2CAP_CONF_SUCCESS) {
1756 /* Configure output options and let the other side know
1757 * which ones we don't like. */
1759 if (rfc.mode == L2CAP_MODE_BASIC) {
1761 result = L2CAP_CONF_UNACCEPT;
1764 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1767 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1769 result = L2CAP_CONF_UNACCEPT;
1771 memset(&rfc, 0, sizeof(rfc));
1772 rfc.mode = L2CAP_MODE_BASIC;
1774 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1775 sizeof(rfc), (unsigned long) &rfc);
1779 rsp->scid = cpu_to_le16(pi->dcid);
1780 rsp->result = cpu_to_le16(result);
1781 rsp->flags = cpu_to_le16(0x0000);
1786 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1788 struct l2cap_conf_rsp *rsp = data;
1789 void *ptr = rsp->data;
1791 BT_DBG("sk %p", sk);
1793 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1794 rsp->result = cpu_to_le16(result);
1795 rsp->flags = cpu_to_le16(flags);
1800 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1802 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1804 if (rej->reason != 0x0000)
1807 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1808 cmd->ident == conn->info_ident) {
1809 del_timer(&conn->info_timer);
1811 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
1812 conn->info_ident = 0;
1814 l2cap_conn_start(conn);
1820 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1822 struct l2cap_chan_list *list = &conn->chan_list;
1823 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1824 struct l2cap_conn_rsp rsp;
1825 struct sock *sk, *parent;
1826 int result, status = L2CAP_CS_NO_INFO;
1828 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1829 __le16 psm = req->psm;
1831 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1833 /* Check if we have socket listening on psm */
1834 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1836 result = L2CAP_CR_BAD_PSM;
1840 /* Check if the ACL is secure enough (if not SDP) */
1841 if (psm != cpu_to_le16(0x0001) &&
1842 !hci_conn_check_link_mode(conn->hcon)) {
1843 result = L2CAP_CR_SEC_BLOCK;
1847 result = L2CAP_CR_NO_MEM;
1849 /* Check for backlog size */
1850 if (sk_acceptq_is_full(parent)) {
1851 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1855 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1859 write_lock_bh(&list->lock);
1861 /* Check if we already have channel with that dcid */
1862 if (__l2cap_get_chan_by_dcid(list, scid)) {
1863 write_unlock_bh(&list->lock);
1864 sock_set_flag(sk, SOCK_ZAPPED);
1865 l2cap_sock_kill(sk);
1869 hci_conn_hold(conn->hcon);
1871 l2cap_sock_init(sk, parent);
1872 bacpy(&bt_sk(sk)->src, conn->src);
1873 bacpy(&bt_sk(sk)->dst, conn->dst);
1874 l2cap_pi(sk)->psm = psm;
1875 l2cap_pi(sk)->dcid = scid;
1877 __l2cap_chan_add(conn, sk, parent);
1878 dcid = l2cap_pi(sk)->scid;
1880 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1882 l2cap_pi(sk)->ident = cmd->ident;
1884 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
1885 if (l2cap_check_security(sk)) {
1886 if (bt_sk(sk)->defer_setup) {
1887 sk->sk_state = BT_CONNECT2;
1888 result = L2CAP_CR_PEND;
1889 status = L2CAP_CS_AUTHOR_PEND;
1890 parent->sk_data_ready(parent, 0);
1892 sk->sk_state = BT_CONFIG;
1893 result = L2CAP_CR_SUCCESS;
1894 status = L2CAP_CS_NO_INFO;
1897 sk->sk_state = BT_CONNECT2;
1898 result = L2CAP_CR_PEND;
1899 status = L2CAP_CS_AUTHEN_PEND;
1902 sk->sk_state = BT_CONNECT2;
1903 result = L2CAP_CR_PEND;
1904 status = L2CAP_CS_NO_INFO;
1907 write_unlock_bh(&list->lock);
1910 bh_unlock_sock(parent);
1913 rsp.scid = cpu_to_le16(scid);
1914 rsp.dcid = cpu_to_le16(dcid);
1915 rsp.result = cpu_to_le16(result);
1916 rsp.status = cpu_to_le16(status);
1917 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1919 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1920 struct l2cap_info_req info;
1921 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1923 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1924 conn->info_ident = l2cap_get_ident(conn);
1926 mod_timer(&conn->info_timer, jiffies +
1927 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1929 l2cap_send_cmd(conn, conn->info_ident,
1930 L2CAP_INFO_REQ, sizeof(info), &info);
1936 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1938 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1939 u16 scid, dcid, result, status;
1943 scid = __le16_to_cpu(rsp->scid);
1944 dcid = __le16_to_cpu(rsp->dcid);
1945 result = __le16_to_cpu(rsp->result);
1946 status = __le16_to_cpu(rsp->status);
1948 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1951 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1954 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1959 case L2CAP_CR_SUCCESS:
1960 sk->sk_state = BT_CONFIG;
1961 l2cap_pi(sk)->ident = 0;
1962 l2cap_pi(sk)->dcid = dcid;
1963 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1965 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
1967 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1968 l2cap_build_conf_req(sk, req), req);
1972 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
1976 l2cap_chan_del(sk, ECONNREFUSED);
1984 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1986 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1992 dcid = __le16_to_cpu(req->dcid);
1993 flags = __le16_to_cpu(req->flags);
1995 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1997 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2000 if (sk->sk_state == BT_DISCONN)
2003 /* Reject if config buffer is too small. */
2004 len = cmd_len - sizeof(*req);
2005 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2006 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2007 l2cap_build_conf_rsp(sk, rsp,
2008 L2CAP_CONF_REJECT, flags), rsp);
2013 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2014 l2cap_pi(sk)->conf_len += len;
2016 if (flags & 0x0001) {
2017 /* Incomplete config. Send empty response. */
2018 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2019 l2cap_build_conf_rsp(sk, rsp,
2020 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2024 /* Complete config. */
2025 len = l2cap_parse_conf_req(sk, rsp);
2029 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2031 /* Reset config buffer. */
2032 l2cap_pi(sk)->conf_len = 0;
2034 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2037 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2038 sk->sk_state = BT_CONNECTED;
2039 l2cap_chan_ready(sk);
2043 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2045 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2046 l2cap_build_conf_req(sk, buf), buf);
2054 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2056 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2057 u16 scid, flags, result;
2060 scid = __le16_to_cpu(rsp->scid);
2061 flags = __le16_to_cpu(rsp->flags);
2062 result = __le16_to_cpu(rsp->result);
2064 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
2066 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2070 case L2CAP_CONF_SUCCESS:
2073 case L2CAP_CONF_UNACCEPT:
2074 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2076 /* It does not make sense to adjust L2CAP parameters
2077 * that are currently defined in the spec. We simply
2078 * resend config request that we sent earlier. It is
2079 * stupid, but it helps qualification testing which
2080 * expects at least some response from us. */
2081 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2082 l2cap_build_conf_req(sk, req), req);
2087 sk->sk_state = BT_DISCONN;
2088 sk->sk_err = ECONNRESET;
2089 l2cap_sock_set_timer(sk, HZ * 5);
2091 struct l2cap_disconn_req req;
2092 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2093 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2094 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2095 L2CAP_DISCONN_REQ, sizeof(req), &req);
2103 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2105 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2106 sk->sk_state = BT_CONNECTED;
2107 l2cap_chan_ready(sk);
2115 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2117 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2118 struct l2cap_disconn_rsp rsp;
2122 scid = __le16_to_cpu(req->scid);
2123 dcid = __le16_to_cpu(req->dcid);
2125 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2127 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2130 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2131 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2132 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2134 sk->sk_shutdown = SHUTDOWN_MASK;
2136 l2cap_chan_del(sk, ECONNRESET);
2139 l2cap_sock_kill(sk);
2143 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2145 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2149 scid = __le16_to_cpu(rsp->scid);
2150 dcid = __le16_to_cpu(rsp->dcid);
2152 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2154 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2157 l2cap_chan_del(sk, 0);
2160 l2cap_sock_kill(sk);
2164 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2166 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2169 type = __le16_to_cpu(req->type);
2171 BT_DBG("type 0x%4.4x", type);
2173 if (type == L2CAP_IT_FEAT_MASK) {
2175 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2176 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2177 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2178 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2179 l2cap_send_cmd(conn, cmd->ident,
2180 L2CAP_INFO_RSP, sizeof(buf), buf);
2181 } else if (type == L2CAP_IT_FIXED_CHAN) {
2183 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2184 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2185 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2186 memcpy(buf + 4, l2cap_fixed_chan, 8);
2187 l2cap_send_cmd(conn, cmd->ident,
2188 L2CAP_INFO_RSP, sizeof(buf), buf);
2190 struct l2cap_info_rsp rsp;
2191 rsp.type = cpu_to_le16(type);
2192 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2193 l2cap_send_cmd(conn, cmd->ident,
2194 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2200 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2202 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2205 type = __le16_to_cpu(rsp->type);
2206 result = __le16_to_cpu(rsp->result);
2208 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2210 del_timer(&conn->info_timer);
2212 if (type == L2CAP_IT_FEAT_MASK) {
2213 conn->feat_mask = get_unaligned_le32(rsp->data);
2215 if (conn->feat_mask & 0x0080) {
2216 struct l2cap_info_req req;
2217 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2219 conn->info_ident = l2cap_get_ident(conn);
2221 l2cap_send_cmd(conn, conn->info_ident,
2222 L2CAP_INFO_REQ, sizeof(req), &req);
2224 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2225 conn->info_ident = 0;
2227 l2cap_conn_start(conn);
2229 } else if (type == L2CAP_IT_FIXED_CHAN) {
2230 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2231 conn->info_ident = 0;
2233 l2cap_conn_start(conn);
2239 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2241 u8 *data = skb->data;
2243 struct l2cap_cmd_hdr cmd;
2246 l2cap_raw_recv(conn, skb);
2248 while (len >= L2CAP_CMD_HDR_SIZE) {
2250 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2251 data += L2CAP_CMD_HDR_SIZE;
2252 len -= L2CAP_CMD_HDR_SIZE;
2254 cmd_len = le16_to_cpu(cmd.len);
2256 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
2258 if (cmd_len > len || !cmd.ident) {
2259 BT_DBG("corrupted command");
2264 case L2CAP_COMMAND_REJ:
2265 l2cap_command_rej(conn, &cmd, data);
2268 case L2CAP_CONN_REQ:
2269 err = l2cap_connect_req(conn, &cmd, data);
2272 case L2CAP_CONN_RSP:
2273 err = l2cap_connect_rsp(conn, &cmd, data);
2276 case L2CAP_CONF_REQ:
2277 err = l2cap_config_req(conn, &cmd, cmd_len, data);
2280 case L2CAP_CONF_RSP:
2281 err = l2cap_config_rsp(conn, &cmd, data);
2284 case L2CAP_DISCONN_REQ:
2285 err = l2cap_disconnect_req(conn, &cmd, data);
2288 case L2CAP_DISCONN_RSP:
2289 err = l2cap_disconnect_rsp(conn, &cmd, data);
2292 case L2CAP_ECHO_REQ:
2293 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
2296 case L2CAP_ECHO_RSP:
2299 case L2CAP_INFO_REQ:
2300 err = l2cap_information_req(conn, &cmd, data);
2303 case L2CAP_INFO_RSP:
2304 err = l2cap_information_rsp(conn, &cmd, data);
2308 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2314 struct l2cap_cmd_rej rej;
2315 BT_DBG("error %d", err);
2317 /* FIXME: Map err to a valid reason */
2318 rej.reason = cpu_to_le16(0);
2319 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2329 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2333 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2335 BT_DBG("unknown cid 0x%4.4x", cid);
2339 BT_DBG("sk %p, len %d", sk, skb->len);
2341 if (sk->sk_state != BT_CONNECTED)
2344 if (l2cap_pi(sk)->imtu < skb->len)
2347 /* If socket recv buffers overflows we drop data here
2348 * which is *bad* because L2CAP has to be reliable.
2349 * But we don't have any other choice. L2CAP doesn't
2350 * provide flow control mechanism. */
2352 if (!sock_queue_rcv_skb(sk, skb))
2365 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
2369 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2373 BT_DBG("sk %p, len %d", sk, skb->len);
2375 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2378 if (l2cap_pi(sk)->imtu < skb->len)
2381 if (!sock_queue_rcv_skb(sk, skb))
2388 if (sk) bh_unlock_sock(sk);
2392 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2394 struct l2cap_hdr *lh = (void *) skb->data;
2398 skb_pull(skb, L2CAP_HDR_SIZE);
2399 cid = __le16_to_cpu(lh->cid);
2400 len = __le16_to_cpu(lh->len);
2402 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2406 l2cap_sig_channel(conn, skb);
2410 psm = get_unaligned((__le16 *) skb->data);
2412 l2cap_conless_channel(conn, psm, skb);
2416 l2cap_data_channel(conn, cid, skb);
2421 /* ---- L2CAP interface with lower layer (HCI) ---- */
2423 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2425 int exact = 0, lm1 = 0, lm2 = 0;
2426 register struct sock *sk;
2427 struct hlist_node *node;
2429 if (type != ACL_LINK)
2432 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2434 /* Find listening sockets and check their link_mode */
2435 read_lock(&l2cap_sk_list.lock);
2436 sk_for_each(sk, node, &l2cap_sk_list.head) {
2437 if (sk->sk_state != BT_LISTEN)
2440 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2441 lm1 |= HCI_LM_ACCEPT;
2442 if (l2cap_pi(sk)->role_switch)
2443 lm1 |= HCI_LM_MASTER;
2445 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2446 lm2 |= HCI_LM_ACCEPT;
2447 if (l2cap_pi(sk)->role_switch)
2448 lm2 |= HCI_LM_MASTER;
2451 read_unlock(&l2cap_sk_list.lock);
2453 return exact ? lm1 : lm2;
2456 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2458 struct l2cap_conn *conn;
2460 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2462 if (hcon->type != ACL_LINK)
2466 conn = l2cap_conn_add(hcon, status);
2468 l2cap_conn_ready(conn);
2470 l2cap_conn_del(hcon, bt_err(status));
2475 static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2477 BT_DBG("hcon %p reason %d", hcon, reason);
2479 if (hcon->type != ACL_LINK)
2482 l2cap_conn_del(hcon, bt_err(reason));
2487 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2489 if (sk->sk_type != SOCK_SEQPACKET)
2492 if (encrypt == 0x00) {
2493 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2494 l2cap_sock_clear_timer(sk);
2495 l2cap_sock_set_timer(sk, HZ * 5);
2496 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2497 __l2cap_sock_close(sk, ECONNREFUSED);
2499 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2500 l2cap_sock_clear_timer(sk);
2504 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2506 struct l2cap_chan_list *l;
2507 struct l2cap_conn *conn = hcon->l2cap_data;
2513 l = &conn->chan_list;
2515 BT_DBG("conn %p", conn);
2517 read_lock(&l->lock);
2519 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2522 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
2527 if (!status && (sk->sk_state == BT_CONNECTED ||
2528 sk->sk_state == BT_CONFIG)) {
2529 l2cap_check_encryption(sk, encrypt);
2534 if (sk->sk_state == BT_CONNECT) {
2536 struct l2cap_conn_req req;
2537 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2538 req.psm = l2cap_pi(sk)->psm;
2540 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2542 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2543 L2CAP_CONN_REQ, sizeof(req), &req);
2545 l2cap_sock_clear_timer(sk);
2546 l2cap_sock_set_timer(sk, HZ / 10);
2548 } else if (sk->sk_state == BT_CONNECT2) {
2549 struct l2cap_conn_rsp rsp;
2553 sk->sk_state = BT_CONFIG;
2554 result = L2CAP_CR_SUCCESS;
2556 sk->sk_state = BT_DISCONN;
2557 l2cap_sock_set_timer(sk, HZ / 10);
2558 result = L2CAP_CR_SEC_BLOCK;
2561 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2562 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2563 rsp.result = cpu_to_le16(result);
2564 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2565 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2566 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2572 read_unlock(&l->lock);
2577 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2579 struct l2cap_conn *conn = hcon->l2cap_data;
2581 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2584 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2586 if (flags & ACL_START) {
2587 struct l2cap_hdr *hdr;
2591 BT_ERR("Unexpected start frame (len %d)", skb->len);
2592 kfree_skb(conn->rx_skb);
2593 conn->rx_skb = NULL;
2595 l2cap_conn_unreliable(conn, ECOMM);
2599 BT_ERR("Frame is too short (len %d)", skb->len);
2600 l2cap_conn_unreliable(conn, ECOMM);
2604 hdr = (struct l2cap_hdr *) skb->data;
2605 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2607 if (len == skb->len) {
2608 /* Complete frame received */
2609 l2cap_recv_frame(conn, skb);
2613 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2615 if (skb->len > len) {
2616 BT_ERR("Frame is too long (len %d, expected len %d)",
2618 l2cap_conn_unreliable(conn, ECOMM);
2622 /* Allocate skb for the complete frame (with header) */
2623 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2626 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2628 conn->rx_len = len - skb->len;
2630 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2632 if (!conn->rx_len) {
2633 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2634 l2cap_conn_unreliable(conn, ECOMM);
2638 if (skb->len > conn->rx_len) {
2639 BT_ERR("Fragment is too long (len %d, expected %d)",
2640 skb->len, conn->rx_len);
2641 kfree_skb(conn->rx_skb);
2642 conn->rx_skb = NULL;
2644 l2cap_conn_unreliable(conn, ECOMM);
2648 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2650 conn->rx_len -= skb->len;
2652 if (!conn->rx_len) {
2653 /* Complete frame received */
2654 l2cap_recv_frame(conn, conn->rx_skb);
2655 conn->rx_skb = NULL;
2664 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
2667 struct hlist_node *node;
2670 read_lock_bh(&l2cap_sk_list.lock);
2672 sk_for_each(sk, node, &l2cap_sk_list.head) {
2673 struct l2cap_pinfo *pi = l2cap_pi(sk);
2675 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
2676 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2677 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2678 pi->imtu, pi->omtu, pi->sec_level);
2681 read_unlock_bh(&l2cap_sk_list.lock);
2686 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
2688 static const struct proto_ops l2cap_sock_ops = {
2689 .family = PF_BLUETOOTH,
2690 .owner = THIS_MODULE,
2691 .release = l2cap_sock_release,
2692 .bind = l2cap_sock_bind,
2693 .connect = l2cap_sock_connect,
2694 .listen = l2cap_sock_listen,
2695 .accept = l2cap_sock_accept,
2696 .getname = l2cap_sock_getname,
2697 .sendmsg = l2cap_sock_sendmsg,
2698 .recvmsg = l2cap_sock_recvmsg,
2699 .poll = bt_sock_poll,
2700 .ioctl = bt_sock_ioctl,
2701 .mmap = sock_no_mmap,
2702 .socketpair = sock_no_socketpair,
2703 .shutdown = l2cap_sock_shutdown,
2704 .setsockopt = l2cap_sock_setsockopt,
2705 .getsockopt = l2cap_sock_getsockopt
2708 static struct net_proto_family l2cap_sock_family_ops = {
2709 .family = PF_BLUETOOTH,
2710 .owner = THIS_MODULE,
2711 .create = l2cap_sock_create,
2714 static struct hci_proto l2cap_hci_proto = {
2716 .id = HCI_PROTO_L2CAP,
2717 .connect_ind = l2cap_connect_ind,
2718 .connect_cfm = l2cap_connect_cfm,
2719 .disconn_ind = l2cap_disconn_ind,
2720 .security_cfm = l2cap_security_cfm,
2721 .recv_acldata = l2cap_recv_acldata
2724 static int __init l2cap_init(void)
2728 err = proto_register(&l2cap_proto, 0);
2732 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2734 BT_ERR("L2CAP socket registration failed");
2738 err = hci_register_proto(&l2cap_hci_proto);
2740 BT_ERR("L2CAP protocol registration failed");
2741 bt_sock_unregister(BTPROTO_L2CAP);
2745 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2746 BT_ERR("Failed to create L2CAP info file");
2748 BT_INFO("L2CAP ver %s", VERSION);
2749 BT_INFO("L2CAP socket layer initialized");
2754 proto_unregister(&l2cap_proto);
2758 static void __exit l2cap_exit(void)
2760 class_remove_file(bt_class, &class_attr_l2cap);
2762 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2763 BT_ERR("L2CAP socket unregistration failed");
2765 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2766 BT_ERR("L2CAP protocol unregistration failed");
2768 proto_unregister(&l2cap_proto);
2771 void l2cap_load(void)
2773 /* Dummy function to trigger automatic L2CAP module loading by
2774 * other modules that use L2CAP sockets but don't use any other
2775 * symbols from it. */
2778 EXPORT_SYMBOL(l2cap_load);
2780 module_init(l2cap_init);
2781 module_exit(l2cap_exit);
2783 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2784 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2785 MODULE_VERSION(VERSION);
2786 MODULE_LICENSE("GPL");
2787 MODULE_ALIAS("bt-proto-0");
git.openpandora.org / pandora-kernel.git / blob