2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP core. */
29 #include <linux/module.h>
31 #include <linux/types.h>
32 #include <linux/capability.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/interrupt.h>
41 #include <linux/socket.h>
42 #include <linux/skbuff.h>
43 #include <linux/list.h>
44 #include <linux/device.h>
45 #include <linux/debugfs.h>
46 #include <linux/seq_file.h>
47 #include <linux/uaccess.h>
48 #include <linux/crc16.h>
51 #include <asm/system.h>
52 #include <asm/unaligned.h>
54 #include <net/bluetooth/bluetooth.h>
55 #include <net/bluetooth/hci_core.h>
56 #include <net/bluetooth/l2cap.h>
60 static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
61 static u8 l2cap_fixed_chan[8] = { 0x02, };
63 static struct workqueue_struct *_busy_wq;
66 DEFINE_RWLOCK(chan_list_lock);
68 static void l2cap_busy_work(struct work_struct *work);
70 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
71 u8 code, u8 ident, u16 dlen, void *data);
72 static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
74 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
76 /* ---- L2CAP channels ---- */
77 static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
81 list_for_each_entry(c, &conn->chan_l, list) {
89 static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
93 list_for_each_entry(c, &conn->chan_l, list) {
100 /* Find channel with given SCID.
101 * Returns locked socket */
102 static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
104 struct l2cap_chan *c;
106 read_lock(&conn->chan_lock);
107 c = __l2cap_get_chan_by_scid(conn, cid);
110 read_unlock(&conn->chan_lock);
114 static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
116 struct l2cap_chan *c;
118 list_for_each_entry(c, &conn->chan_l, list) {
119 if (c->ident == ident)
125 static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
127 struct l2cap_chan *c;
129 read_lock(&conn->chan_lock);
130 c = __l2cap_get_chan_by_ident(conn, ident);
133 read_unlock(&conn->chan_lock);
137 static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
139 struct l2cap_chan *c;
141 list_for_each_entry(c, &chan_list, global_l) {
142 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
151 int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
155 write_lock_bh(&chan_list_lock);
157 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
170 for (p = 0x1001; p < 0x1100; p += 2)
171 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
172 chan->psm = cpu_to_le16(p);
173 chan->sport = cpu_to_le16(p);
180 write_unlock_bh(&chan_list_lock);
184 int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
186 write_lock_bh(&chan_list_lock);
190 write_unlock_bh(&chan_list_lock);
195 static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
197 u16 cid = L2CAP_CID_DYN_START;
199 for (; cid < L2CAP_CID_DYN_END; cid++) {
200 if (!__l2cap_get_chan_by_scid(conn, cid))
207 struct l2cap_chan *l2cap_chan_create(struct sock *sk)
209 struct l2cap_chan *chan;
211 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
217 write_lock_bh(&chan_list_lock);
218 list_add(&chan->global_l, &chan_list);
219 write_unlock_bh(&chan_list_lock);
224 void l2cap_chan_destroy(struct l2cap_chan *chan)
226 write_lock_bh(&chan_list_lock);
227 list_del(&chan->global_l);
228 write_unlock_bh(&chan_list_lock);
233 static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
235 struct sock *sk = chan->sk;
237 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
238 chan->psm, chan->dcid);
240 conn->disc_reason = 0x13;
244 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
245 if (conn->hcon->type == LE_LINK) {
247 chan->omtu = L2CAP_LE_DEFAULT_MTU;
248 chan->scid = L2CAP_CID_LE_DATA;
249 chan->dcid = L2CAP_CID_LE_DATA;
251 /* Alloc CID for connection-oriented socket */
252 chan->scid = l2cap_alloc_cid(conn);
253 chan->omtu = L2CAP_DEFAULT_MTU;
255 } else if (sk->sk_type == SOCK_DGRAM) {
256 /* Connectionless socket */
257 chan->scid = L2CAP_CID_CONN_LESS;
258 chan->dcid = L2CAP_CID_CONN_LESS;
259 chan->omtu = L2CAP_DEFAULT_MTU;
261 /* Raw socket can send/recv signalling messages only */
262 chan->scid = L2CAP_CID_SIGNALING;
263 chan->dcid = L2CAP_CID_SIGNALING;
264 chan->omtu = L2CAP_DEFAULT_MTU;
269 list_add(&chan->list, &conn->chan_l);
273 * Must be called on the locked socket. */
274 void l2cap_chan_del(struct l2cap_chan *chan, int err)
276 struct sock *sk = chan->sk;
277 struct l2cap_conn *conn = chan->conn;
278 struct sock *parent = bt_sk(sk)->parent;
280 l2cap_sock_clear_timer(sk);
282 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
285 /* Delete from channel list */
286 write_lock_bh(&conn->chan_lock);
287 list_del(&chan->list);
288 write_unlock_bh(&conn->chan_lock);
292 hci_conn_put(conn->hcon);
295 sk->sk_state = BT_CLOSED;
296 sock_set_flag(sk, SOCK_ZAPPED);
302 bt_accept_unlink(sk);
303 parent->sk_data_ready(parent, 0);
305 sk->sk_state_change(sk);
307 if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE &&
308 chan->conf_state & L2CAP_CONF_INPUT_DONE))
311 skb_queue_purge(&chan->tx_q);
313 if (chan->mode == L2CAP_MODE_ERTM) {
314 struct srej_list *l, *tmp;
316 del_timer(&chan->retrans_timer);
317 del_timer(&chan->monitor_timer);
318 del_timer(&chan->ack_timer);
320 skb_queue_purge(&chan->srej_q);
321 skb_queue_purge(&chan->busy_q);
323 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
330 static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
332 struct sock *sk = chan->sk;
334 if (sk->sk_type == SOCK_RAW) {
335 switch (chan->sec_level) {
336 case BT_SECURITY_HIGH:
337 return HCI_AT_DEDICATED_BONDING_MITM;
338 case BT_SECURITY_MEDIUM:
339 return HCI_AT_DEDICATED_BONDING;
341 return HCI_AT_NO_BONDING;
343 } else if (chan->psm == cpu_to_le16(0x0001)) {
344 if (chan->sec_level == BT_SECURITY_LOW)
345 chan->sec_level = BT_SECURITY_SDP;
347 if (chan->sec_level == BT_SECURITY_HIGH)
348 return HCI_AT_NO_BONDING_MITM;
350 return HCI_AT_NO_BONDING;
352 switch (chan->sec_level) {
353 case BT_SECURITY_HIGH:
354 return HCI_AT_GENERAL_BONDING_MITM;
355 case BT_SECURITY_MEDIUM:
356 return HCI_AT_GENERAL_BONDING;
358 return HCI_AT_NO_BONDING;
363 /* Service level security */
364 static inline int l2cap_check_security(struct l2cap_chan *chan)
366 struct l2cap_conn *conn = chan->conn;
369 auth_type = l2cap_get_auth_type(chan);
371 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
374 u8 l2cap_get_ident(struct l2cap_conn *conn)
378 /* Get next available identificator.
379 * 1 - 128 are used by kernel.
380 * 129 - 199 are reserved.
381 * 200 - 254 are used by utilities like l2ping, etc.
384 spin_lock_bh(&conn->lock);
386 if (++conn->tx_ident > 128)
391 spin_unlock_bh(&conn->lock);
396 void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
398 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
401 BT_DBG("code 0x%2.2x", code);
406 if (lmp_no_flush_capable(conn->hcon->hdev))
407 flags = ACL_START_NO_FLUSH;
411 hci_send_acl(conn->hcon, skb, flags);
414 static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
417 struct l2cap_hdr *lh;
418 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
419 struct l2cap_conn *conn = chan->conn;
420 struct sock *sk = (struct sock *)pi;
421 int count, hlen = L2CAP_HDR_SIZE + 2;
424 if (sk->sk_state != BT_CONNECTED)
427 if (chan->fcs == L2CAP_FCS_CRC16)
430 BT_DBG("chan %p, control 0x%2.2x", chan, control);
432 count = min_t(unsigned int, conn->mtu, hlen);
433 control |= L2CAP_CTRL_FRAME_TYPE;
435 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
436 control |= L2CAP_CTRL_FINAL;
437 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
440 if (chan->conn_state & L2CAP_CONN_SEND_PBIT) {
441 control |= L2CAP_CTRL_POLL;
442 chan->conn_state &= ~L2CAP_CONN_SEND_PBIT;
445 skb = bt_skb_alloc(count, GFP_ATOMIC);
449 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
450 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
451 lh->cid = cpu_to_le16(chan->dcid);
452 put_unaligned_le16(control, skb_put(skb, 2));
454 if (chan->fcs == L2CAP_FCS_CRC16) {
455 u16 fcs = crc16(0, (u8 *)lh, count - 2);
456 put_unaligned_le16(fcs, skb_put(skb, 2));
459 if (lmp_no_flush_capable(conn->hcon->hdev))
460 flags = ACL_START_NO_FLUSH;
464 hci_send_acl(chan->conn->hcon, skb, flags);
467 static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
469 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
470 control |= L2CAP_SUPER_RCV_NOT_READY;
471 chan->conn_state |= L2CAP_CONN_RNR_SENT;
473 control |= L2CAP_SUPER_RCV_READY;
475 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
477 l2cap_send_sframe(chan, control);
480 static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
482 return !(chan->conf_state & L2CAP_CONF_CONNECT_PEND);
485 static void l2cap_do_start(struct l2cap_chan *chan)
487 struct l2cap_conn *conn = chan->conn;
489 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
490 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
493 if (l2cap_check_security(chan) &&
494 __l2cap_no_conn_pending(chan)) {
495 struct l2cap_conn_req req;
496 req.scid = cpu_to_le16(chan->scid);
499 chan->ident = l2cap_get_ident(conn);
500 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
502 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
506 struct l2cap_info_req req;
507 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
509 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
510 conn->info_ident = l2cap_get_ident(conn);
512 mod_timer(&conn->info_timer, jiffies +
513 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
515 l2cap_send_cmd(conn, conn->info_ident,
516 L2CAP_INFO_REQ, sizeof(req), &req);
520 static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
522 u32 local_feat_mask = l2cap_feat_mask;
524 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
527 case L2CAP_MODE_ERTM:
528 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
529 case L2CAP_MODE_STREAMING:
530 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
536 void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
539 struct l2cap_disconn_req req;
546 if (chan->mode == L2CAP_MODE_ERTM) {
547 del_timer(&chan->retrans_timer);
548 del_timer(&chan->monitor_timer);
549 del_timer(&chan->ack_timer);
552 req.dcid = cpu_to_le16(chan->dcid);
553 req.scid = cpu_to_le16(chan->scid);
554 l2cap_send_cmd(conn, l2cap_get_ident(conn),
555 L2CAP_DISCONN_REQ, sizeof(req), &req);
557 sk->sk_state = BT_DISCONN;
561 /* ---- L2CAP connections ---- */
562 static void l2cap_conn_start(struct l2cap_conn *conn)
564 struct l2cap_chan *chan, *tmp;
566 BT_DBG("conn %p", conn);
568 read_lock(&conn->chan_lock);
570 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
571 struct sock *sk = chan->sk;
575 if (sk->sk_type != SOCK_SEQPACKET &&
576 sk->sk_type != SOCK_STREAM) {
581 if (sk->sk_state == BT_CONNECT) {
582 struct l2cap_conn_req req;
584 if (!l2cap_check_security(chan) ||
585 !__l2cap_no_conn_pending(chan)) {
590 if (!l2cap_mode_supported(chan->mode,
592 && chan->conf_state &
593 L2CAP_CONF_STATE2_DEVICE) {
594 /* __l2cap_sock_close() calls list_del(chan)
595 * so release the lock */
596 read_unlock_bh(&conn->chan_lock);
597 __l2cap_sock_close(sk, ECONNRESET);
598 read_lock_bh(&conn->chan_lock);
603 req.scid = cpu_to_le16(chan->scid);
606 chan->ident = l2cap_get_ident(conn);
607 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
609 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
612 } else if (sk->sk_state == BT_CONNECT2) {
613 struct l2cap_conn_rsp rsp;
615 rsp.scid = cpu_to_le16(chan->dcid);
616 rsp.dcid = cpu_to_le16(chan->scid);
618 if (l2cap_check_security(chan)) {
619 if (bt_sk(sk)->defer_setup) {
620 struct sock *parent = bt_sk(sk)->parent;
621 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
622 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
624 parent->sk_data_ready(parent, 0);
627 sk->sk_state = BT_CONFIG;
628 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
629 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
632 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
633 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
636 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
639 if (chan->conf_state & L2CAP_CONF_REQ_SENT ||
640 rsp.result != L2CAP_CR_SUCCESS) {
645 chan->conf_state |= L2CAP_CONF_REQ_SENT;
646 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
647 l2cap_build_conf_req(chan, buf), buf);
648 chan->num_conf_req++;
654 read_unlock(&conn->chan_lock);
657 /* Find socket with cid and source bdaddr.
658 * Returns closest match, locked.
660 static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdaddr_t *src)
662 struct l2cap_chan *c, *c1 = NULL;
664 read_lock(&chan_list_lock);
666 list_for_each_entry(c, &chan_list, global_l) {
667 struct sock *sk = c->sk;
669 if (state && sk->sk_state != state)
672 if (c->scid == cid) {
674 if (!bacmp(&bt_sk(sk)->src, src)) {
675 read_unlock(&chan_list_lock);
680 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
685 read_unlock(&chan_list_lock);
690 static void l2cap_le_conn_ready(struct l2cap_conn *conn)
692 struct sock *parent, *sk;
693 struct l2cap_chan *chan, *pchan;
697 /* Check if we have socket listening on cid */
698 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
705 bh_lock_sock(parent);
707 /* Check for backlog size */
708 if (sk_acceptq_is_full(parent)) {
709 BT_DBG("backlog full %d", parent->sk_ack_backlog);
713 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
717 chan = l2cap_chan_create(sk);
723 l2cap_pi(sk)->chan = chan;
725 write_lock_bh(&conn->chan_lock);
727 hci_conn_hold(conn->hcon);
729 l2cap_sock_init(sk, parent);
731 bacpy(&bt_sk(sk)->src, conn->src);
732 bacpy(&bt_sk(sk)->dst, conn->dst);
734 bt_accept_enqueue(parent, sk);
736 __l2cap_chan_add(conn, chan);
738 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
740 sk->sk_state = BT_CONNECTED;
741 parent->sk_data_ready(parent, 0);
743 write_unlock_bh(&conn->chan_lock);
746 bh_unlock_sock(parent);
749 static void l2cap_conn_ready(struct l2cap_conn *conn)
751 struct l2cap_chan *chan;
753 BT_DBG("conn %p", conn);
755 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
756 l2cap_le_conn_ready(conn);
758 read_lock(&conn->chan_lock);
760 list_for_each_entry(chan, &conn->chan_l, list) {
761 struct sock *sk = chan->sk;
765 if (conn->hcon->type == LE_LINK) {
766 l2cap_sock_clear_timer(sk);
767 sk->sk_state = BT_CONNECTED;
768 sk->sk_state_change(sk);
771 if (sk->sk_type != SOCK_SEQPACKET &&
772 sk->sk_type != SOCK_STREAM) {
773 l2cap_sock_clear_timer(sk);
774 sk->sk_state = BT_CONNECTED;
775 sk->sk_state_change(sk);
776 } else if (sk->sk_state == BT_CONNECT)
777 l2cap_do_start(chan);
782 read_unlock(&conn->chan_lock);
785 /* Notify sockets that we cannot guaranty reliability anymore */
786 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
788 struct l2cap_chan *chan;
790 BT_DBG("conn %p", conn);
792 read_lock(&conn->chan_lock);
794 list_for_each_entry(chan, &conn->chan_l, list) {
795 struct sock *sk = chan->sk;
797 if (chan->force_reliable)
801 read_unlock(&conn->chan_lock);
804 static void l2cap_info_timeout(unsigned long arg)
806 struct l2cap_conn *conn = (void *) arg;
808 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
809 conn->info_ident = 0;
811 l2cap_conn_start(conn);
814 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
816 struct l2cap_conn *conn = hcon->l2cap_data;
821 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
825 hcon->l2cap_data = conn;
828 BT_DBG("hcon %p conn %p", hcon, conn);
830 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
831 conn->mtu = hcon->hdev->le_mtu;
833 conn->mtu = hcon->hdev->acl_mtu;
835 conn->src = &hcon->hdev->bdaddr;
836 conn->dst = &hcon->dst;
840 spin_lock_init(&conn->lock);
841 rwlock_init(&conn->chan_lock);
843 INIT_LIST_HEAD(&conn->chan_l);
845 if (hcon->type != LE_LINK)
846 setup_timer(&conn->info_timer, l2cap_info_timeout,
847 (unsigned long) conn);
849 conn->disc_reason = 0x13;
854 static void l2cap_conn_del(struct hci_conn *hcon, int err)
856 struct l2cap_conn *conn = hcon->l2cap_data;
857 struct l2cap_chan *chan, *l;
863 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
865 kfree_skb(conn->rx_skb);
868 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
871 l2cap_chan_del(chan, err);
876 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
877 del_timer_sync(&conn->info_timer);
879 hcon->l2cap_data = NULL;
883 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
885 write_lock_bh(&conn->chan_lock);
886 __l2cap_chan_add(conn, chan);
887 write_unlock_bh(&conn->chan_lock);
890 /* ---- Socket interface ---- */
892 /* Find socket with psm and source bdaddr.
893 * Returns closest match.
895 static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
897 struct l2cap_chan *c, *c1 = NULL;
899 read_lock(&chan_list_lock);
901 list_for_each_entry(c, &chan_list, global_l) {
902 struct sock *sk = c->sk;
904 if (state && sk->sk_state != state)
909 if (!bacmp(&bt_sk(sk)->src, src)) {
910 read_unlock(&chan_list_lock);
915 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
920 read_unlock(&chan_list_lock);
925 int l2cap_chan_connect(struct l2cap_chan *chan)
927 struct sock *sk = chan->sk;
928 bdaddr_t *src = &bt_sk(sk)->src;
929 bdaddr_t *dst = &bt_sk(sk)->dst;
930 struct l2cap_conn *conn;
931 struct hci_conn *hcon;
932 struct hci_dev *hdev;
936 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
939 hdev = hci_get_route(dst, src);
941 return -EHOSTUNREACH;
943 hci_dev_lock_bh(hdev);
945 auth_type = l2cap_get_auth_type(chan);
947 if (chan->dcid == L2CAP_CID_LE_DATA)
948 hcon = hci_connect(hdev, LE_LINK, dst,
949 chan->sec_level, auth_type);
951 hcon = hci_connect(hdev, ACL_LINK, dst,
952 chan->sec_level, auth_type);
959 conn = l2cap_conn_add(hcon, 0);
966 /* Update source addr of the socket */
967 bacpy(src, conn->src);
969 l2cap_chan_add(conn, chan);
971 sk->sk_state = BT_CONNECT;
972 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
974 if (hcon->state == BT_CONNECTED) {
975 if (sk->sk_type != SOCK_SEQPACKET &&
976 sk->sk_type != SOCK_STREAM) {
977 l2cap_sock_clear_timer(sk);
978 if (l2cap_check_security(chan))
979 sk->sk_state = BT_CONNECTED;
981 l2cap_do_start(chan);
987 hci_dev_unlock_bh(hdev);
992 int __l2cap_wait_ack(struct sock *sk)
994 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
995 DECLARE_WAITQUEUE(wait, current);
999 add_wait_queue(sk_sleep(sk), &wait);
1000 while ((chan->unacked_frames > 0 && chan->conn)) {
1001 set_current_state(TASK_INTERRUPTIBLE);
1006 if (signal_pending(current)) {
1007 err = sock_intr_errno(timeo);
1012 timeo = schedule_timeout(timeo);
1015 err = sock_error(sk);
1019 set_current_state(TASK_RUNNING);
1020 remove_wait_queue(sk_sleep(sk), &wait);
1024 static void l2cap_monitor_timeout(unsigned long arg)
1026 struct l2cap_chan *chan = (void *) arg;
1027 struct sock *sk = chan->sk;
1029 BT_DBG("chan %p", chan);
1032 if (chan->retry_count >= chan->remote_max_tx) {
1033 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
1038 chan->retry_count++;
1039 __mod_monitor_timer();
1041 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
1045 static void l2cap_retrans_timeout(unsigned long arg)
1047 struct l2cap_chan *chan = (void *) arg;
1048 struct sock *sk = chan->sk;
1050 BT_DBG("chan %p", chan);
1053 chan->retry_count = 1;
1054 __mod_monitor_timer();
1056 chan->conn_state |= L2CAP_CONN_WAIT_F;
1058 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
1062 static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1064 struct sk_buff *skb;
1066 while ((skb = skb_peek(&chan->tx_q)) &&
1067 chan->unacked_frames) {
1068 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1071 skb = skb_dequeue(&chan->tx_q);
1074 chan->unacked_frames--;
1077 if (!chan->unacked_frames)
1078 del_timer(&chan->retrans_timer);
1081 void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
1083 struct hci_conn *hcon = chan->conn->hcon;
1086 BT_DBG("chan %p, skb %p len %d", chan, skb, skb->len);
1088 if (!chan->flushable && lmp_no_flush_capable(hcon->hdev))
1089 flags = ACL_START_NO_FLUSH;
1093 hci_send_acl(hcon, skb, flags);
1096 void l2cap_streaming_send(struct l2cap_chan *chan)
1098 struct sk_buff *skb;
1101 while ((skb = skb_dequeue(&chan->tx_q))) {
1102 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
1103 control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1104 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
1106 if (chan->fcs == L2CAP_FCS_CRC16) {
1107 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1108 put_unaligned_le16(fcs, skb->data + skb->len - 2);
1111 l2cap_do_send(chan, skb);
1113 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1117 static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
1119 struct sk_buff *skb, *tx_skb;
1122 skb = skb_peek(&chan->tx_q);
1127 if (bt_cb(skb)->tx_seq == tx_seq)
1130 if (skb_queue_is_last(&chan->tx_q, skb))
1133 } while ((skb = skb_queue_next(&chan->tx_q, skb)));
1135 if (chan->remote_max_tx &&
1136 bt_cb(skb)->retries == chan->remote_max_tx) {
1137 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
1141 tx_skb = skb_clone(skb, GFP_ATOMIC);
1142 bt_cb(skb)->retries++;
1143 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1144 control &= L2CAP_CTRL_SAR;
1146 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
1147 control |= L2CAP_CTRL_FINAL;
1148 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1151 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1152 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1154 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1156 if (chan->fcs == L2CAP_FCS_CRC16) {
1157 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1158 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1161 l2cap_do_send(chan, tx_skb);
1164 int l2cap_ertm_send(struct l2cap_chan *chan)
1166 struct sk_buff *skb, *tx_skb;
1167 struct sock *sk = chan->sk;
1171 if (sk->sk_state != BT_CONNECTED)
1174 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1176 if (chan->remote_max_tx &&
1177 bt_cb(skb)->retries == chan->remote_max_tx) {
1178 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
1182 tx_skb = skb_clone(skb, GFP_ATOMIC);
1184 bt_cb(skb)->retries++;
1186 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1187 control &= L2CAP_CTRL_SAR;
1189 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
1190 control |= L2CAP_CTRL_FINAL;
1191 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1193 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1194 | (chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1195 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1198 if (chan->fcs == L2CAP_FCS_CRC16) {
1199 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1200 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1203 l2cap_do_send(chan, tx_skb);
1205 __mod_retrans_timer();
1207 bt_cb(skb)->tx_seq = chan->next_tx_seq;
1208 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1210 if (bt_cb(skb)->retries == 1)
1211 chan->unacked_frames++;
1213 chan->frames_sent++;
1215 if (skb_queue_is_last(&chan->tx_q, skb))
1216 chan->tx_send_head = NULL;
1218 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1226 static int l2cap_retransmit_frames(struct l2cap_chan *chan)
1230 if (!skb_queue_empty(&chan->tx_q))
1231 chan->tx_send_head = chan->tx_q.next;
1233 chan->next_tx_seq = chan->expected_ack_seq;
1234 ret = l2cap_ertm_send(chan);
1238 static void l2cap_send_ack(struct l2cap_chan *chan)
1242 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1244 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1245 control |= L2CAP_SUPER_RCV_NOT_READY;
1246 chan->conn_state |= L2CAP_CONN_RNR_SENT;
1247 l2cap_send_sframe(chan, control);
1251 if (l2cap_ertm_send(chan) > 0)
1254 control |= L2CAP_SUPER_RCV_READY;
1255 l2cap_send_sframe(chan, control);
1258 static void l2cap_send_srejtail(struct l2cap_chan *chan)
1260 struct srej_list *tail;
1263 control = L2CAP_SUPER_SELECT_REJECT;
1264 control |= L2CAP_CTRL_FINAL;
1266 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
1267 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1269 l2cap_send_sframe(chan, control);
1272 static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1274 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1275 struct sk_buff **frag;
1278 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1284 /* Continuation fragments (no L2CAP header) */
1285 frag = &skb_shinfo(skb)->frag_list;
1287 count = min_t(unsigned int, conn->mtu, len);
1289 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1292 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1298 frag = &(*frag)->next;
1304 struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1306 struct sock *sk = chan->sk;
1307 struct l2cap_conn *conn = chan->conn;
1308 struct sk_buff *skb;
1309 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1310 struct l2cap_hdr *lh;
1312 BT_DBG("sk %p len %d", sk, (int)len);
1314 count = min_t(unsigned int, (conn->mtu - hlen), len);
1315 skb = bt_skb_send_alloc(sk, count + hlen,
1316 msg->msg_flags & MSG_DONTWAIT, &err);
1318 return ERR_PTR(err);
1320 /* Create L2CAP header */
1321 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1322 lh->cid = cpu_to_le16(chan->dcid);
1323 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1324 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1326 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1327 if (unlikely(err < 0)) {
1329 return ERR_PTR(err);
1334 struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1336 struct sock *sk = chan->sk;
1337 struct l2cap_conn *conn = chan->conn;
1338 struct sk_buff *skb;
1339 int err, count, hlen = L2CAP_HDR_SIZE;
1340 struct l2cap_hdr *lh;
1342 BT_DBG("sk %p len %d", sk, (int)len);
1344 count = min_t(unsigned int, (conn->mtu - hlen), len);
1345 skb = bt_skb_send_alloc(sk, count + hlen,
1346 msg->msg_flags & MSG_DONTWAIT, &err);
1348 return ERR_PTR(err);
1350 /* Create L2CAP header */
1351 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1352 lh->cid = cpu_to_le16(chan->dcid);
1353 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1355 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1356 if (unlikely(err < 0)) {
1358 return ERR_PTR(err);
1363 struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1365 struct sock *sk = chan->sk;
1366 struct l2cap_conn *conn = chan->conn;
1367 struct sk_buff *skb;
1368 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1369 struct l2cap_hdr *lh;
1371 BT_DBG("sk %p len %d", sk, (int)len);
1374 return ERR_PTR(-ENOTCONN);
1379 if (chan->fcs == L2CAP_FCS_CRC16)
1382 count = min_t(unsigned int, (conn->mtu - hlen), len);
1383 skb = bt_skb_send_alloc(sk, count + hlen,
1384 msg->msg_flags & MSG_DONTWAIT, &err);
1386 return ERR_PTR(err);
1388 /* Create L2CAP header */
1389 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1390 lh->cid = cpu_to_le16(chan->dcid);
1391 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1392 put_unaligned_le16(control, skb_put(skb, 2));
1394 put_unaligned_le16(sdulen, skb_put(skb, 2));
1396 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1397 if (unlikely(err < 0)) {
1399 return ERR_PTR(err);
1402 if (chan->fcs == L2CAP_FCS_CRC16)
1403 put_unaligned_le16(0, skb_put(skb, 2));
1405 bt_cb(skb)->retries = 0;
1409 int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1411 struct sk_buff *skb;
1412 struct sk_buff_head sar_queue;
1416 skb_queue_head_init(&sar_queue);
1417 control = L2CAP_SDU_START;
1418 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
1420 return PTR_ERR(skb);
1422 __skb_queue_tail(&sar_queue, skb);
1423 len -= chan->remote_mps;
1424 size += chan->remote_mps;
1429 if (len > chan->remote_mps) {
1430 control = L2CAP_SDU_CONTINUE;
1431 buflen = chan->remote_mps;
1433 control = L2CAP_SDU_END;
1437 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
1439 skb_queue_purge(&sar_queue);
1440 return PTR_ERR(skb);
1443 __skb_queue_tail(&sar_queue, skb);
1447 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1448 if (chan->tx_send_head == NULL)
1449 chan->tx_send_head = sar_queue.next;
1454 static void l2cap_chan_ready(struct sock *sk)
1456 struct sock *parent = bt_sk(sk)->parent;
1457 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1459 BT_DBG("sk %p, parent %p", sk, parent);
1461 chan->conf_state = 0;
1462 l2cap_sock_clear_timer(sk);
1465 /* Outgoing channel.
1466 * Wake up socket sleeping on connect.
1468 sk->sk_state = BT_CONNECTED;
1469 sk->sk_state_change(sk);
1471 /* Incoming channel.
1472 * Wake up socket sleeping on accept.
1474 parent->sk_data_ready(parent, 0);
1478 /* Copy frame to all raw sockets on that connection */
1479 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1481 struct sk_buff *nskb;
1482 struct l2cap_chan *chan;
1484 BT_DBG("conn %p", conn);
1486 read_lock(&conn->chan_lock);
1487 list_for_each_entry(chan, &conn->chan_l, list) {
1488 struct sock *sk = chan->sk;
1489 if (sk->sk_type != SOCK_RAW)
1492 /* Don't send frame to the socket it came from */
1495 nskb = skb_clone(skb, GFP_ATOMIC);
1499 if (sock_queue_rcv_skb(sk, nskb))
1502 read_unlock(&conn->chan_lock);
1505 /* ---- L2CAP signalling commands ---- */
1506 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1507 u8 code, u8 ident, u16 dlen, void *data)
1509 struct sk_buff *skb, **frag;
1510 struct l2cap_cmd_hdr *cmd;
1511 struct l2cap_hdr *lh;
1514 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1515 conn, code, ident, dlen);
1517 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1518 count = min_t(unsigned int, conn->mtu, len);
1520 skb = bt_skb_alloc(count, GFP_ATOMIC);
1524 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1525 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1527 if (conn->hcon->type == LE_LINK)
1528 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1530 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1532 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1535 cmd->len = cpu_to_le16(dlen);
1538 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1539 memcpy(skb_put(skb, count), data, count);
1545 /* Continuation fragments (no L2CAP header) */
1546 frag = &skb_shinfo(skb)->frag_list;
1548 count = min_t(unsigned int, conn->mtu, len);
1550 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1554 memcpy(skb_put(*frag, count), data, count);
1559 frag = &(*frag)->next;
1569 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1571 struct l2cap_conf_opt *opt = *ptr;
1574 len = L2CAP_CONF_OPT_SIZE + opt->len;
1582 *val = *((u8 *) opt->val);
1586 *val = get_unaligned_le16(opt->val);
1590 *val = get_unaligned_le32(opt->val);
1594 *val = (unsigned long) opt->val;
1598 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1602 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1604 struct l2cap_conf_opt *opt = *ptr;
1606 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1613 *((u8 *) opt->val) = val;
1617 put_unaligned_le16(val, opt->val);
1621 put_unaligned_le32(val, opt->val);
1625 memcpy(opt->val, (void *) val, len);
1629 *ptr += L2CAP_CONF_OPT_SIZE + len;
1632 static void l2cap_ack_timeout(unsigned long arg)
1634 struct l2cap_chan *chan = (void *) arg;
1636 bh_lock_sock(chan->sk);
1637 l2cap_send_ack(chan);
1638 bh_unlock_sock(chan->sk);
1641 static inline void l2cap_ertm_init(struct l2cap_chan *chan)
1643 struct sock *sk = chan->sk;
1645 chan->expected_ack_seq = 0;
1646 chan->unacked_frames = 0;
1647 chan->buffer_seq = 0;
1648 chan->num_acked = 0;
1649 chan->frames_sent = 0;
1651 setup_timer(&chan->retrans_timer, l2cap_retrans_timeout,
1652 (unsigned long) chan);
1653 setup_timer(&chan->monitor_timer, l2cap_monitor_timeout,
1654 (unsigned long) chan);
1655 setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan);
1657 skb_queue_head_init(&chan->srej_q);
1658 skb_queue_head_init(&chan->busy_q);
1660 INIT_LIST_HEAD(&chan->srej_l);
1662 INIT_WORK(&chan->busy_work, l2cap_busy_work);
1664 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
1667 static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1670 case L2CAP_MODE_STREAMING:
1671 case L2CAP_MODE_ERTM:
1672 if (l2cap_mode_supported(mode, remote_feat_mask))
1676 return L2CAP_MODE_BASIC;
1680 static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1682 struct l2cap_conf_req *req = data;
1683 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1684 void *ptr = req->data;
1686 BT_DBG("chan %p", chan);
1688 if (chan->num_conf_req || chan->num_conf_rsp)
1691 switch (chan->mode) {
1692 case L2CAP_MODE_STREAMING:
1693 case L2CAP_MODE_ERTM:
1694 if (chan->conf_state & L2CAP_CONF_STATE2_DEVICE)
1699 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
1704 if (chan->imtu != L2CAP_DEFAULT_MTU)
1705 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
1707 switch (chan->mode) {
1708 case L2CAP_MODE_BASIC:
1709 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
1710 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
1713 rfc.mode = L2CAP_MODE_BASIC;
1715 rfc.max_transmit = 0;
1716 rfc.retrans_timeout = 0;
1717 rfc.monitor_timeout = 0;
1718 rfc.max_pdu_size = 0;
1720 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1721 (unsigned long) &rfc);
1724 case L2CAP_MODE_ERTM:
1725 rfc.mode = L2CAP_MODE_ERTM;
1726 rfc.txwin_size = chan->tx_win;
1727 rfc.max_transmit = chan->max_tx;
1728 rfc.retrans_timeout = 0;
1729 rfc.monitor_timeout = 0;
1730 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
1731 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1732 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1734 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1735 (unsigned long) &rfc);
1737 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
1740 if (chan->fcs == L2CAP_FCS_NONE ||
1741 chan->conf_state & L2CAP_CONF_NO_FCS_RECV) {
1742 chan->fcs = L2CAP_FCS_NONE;
1743 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
1747 case L2CAP_MODE_STREAMING:
1748 rfc.mode = L2CAP_MODE_STREAMING;
1750 rfc.max_transmit = 0;
1751 rfc.retrans_timeout = 0;
1752 rfc.monitor_timeout = 0;
1753 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
1754 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1755 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1757 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1758 (unsigned long) &rfc);
1760 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
1763 if (chan->fcs == L2CAP_FCS_NONE ||
1764 chan->conf_state & L2CAP_CONF_NO_FCS_RECV) {
1765 chan->fcs = L2CAP_FCS_NONE;
1766 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
1771 req->dcid = cpu_to_le16(chan->dcid);
1772 req->flags = cpu_to_le16(0);
1777 static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1779 struct l2cap_conf_rsp *rsp = data;
1780 void *ptr = rsp->data;
1781 void *req = chan->conf_req;
1782 int len = chan->conf_len;
1783 int type, hint, olen;
1785 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1786 u16 mtu = L2CAP_DEFAULT_MTU;
1787 u16 result = L2CAP_CONF_SUCCESS;
1789 BT_DBG("chan %p", chan);
1791 while (len >= L2CAP_CONF_OPT_SIZE) {
1792 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1794 hint = type & L2CAP_CONF_HINT;
1795 type &= L2CAP_CONF_MASK;
1798 case L2CAP_CONF_MTU:
1802 case L2CAP_CONF_FLUSH_TO:
1803 chan->flush_to = val;
1806 case L2CAP_CONF_QOS:
1809 case L2CAP_CONF_RFC:
1810 if (olen == sizeof(rfc))
1811 memcpy(&rfc, (void *) val, olen);
1814 case L2CAP_CONF_FCS:
1815 if (val == L2CAP_FCS_NONE)
1816 chan->conf_state |= L2CAP_CONF_NO_FCS_RECV;
1824 result = L2CAP_CONF_UNKNOWN;
1825 *((u8 *) ptr++) = type;
1830 if (chan->num_conf_rsp || chan->num_conf_req > 1)
1833 switch (chan->mode) {
1834 case L2CAP_MODE_STREAMING:
1835 case L2CAP_MODE_ERTM:
1836 if (!(chan->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
1837 chan->mode = l2cap_select_mode(rfc.mode,
1838 chan->conn->feat_mask);
1842 if (chan->mode != rfc.mode)
1843 return -ECONNREFUSED;
1849 if (chan->mode != rfc.mode) {
1850 result = L2CAP_CONF_UNACCEPT;
1851 rfc.mode = chan->mode;
1853 if (chan->num_conf_rsp == 1)
1854 return -ECONNREFUSED;
1856 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1857 sizeof(rfc), (unsigned long) &rfc);
1861 if (result == L2CAP_CONF_SUCCESS) {
1862 /* Configure output options and let the other side know
1863 * which ones we don't like. */
1865 if (mtu < L2CAP_DEFAULT_MIN_MTU)
1866 result = L2CAP_CONF_UNACCEPT;
1869 chan->conf_state |= L2CAP_CONF_MTU_DONE;
1871 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
1874 case L2CAP_MODE_BASIC:
1875 chan->fcs = L2CAP_FCS_NONE;
1876 chan->conf_state |= L2CAP_CONF_MODE_DONE;
1879 case L2CAP_MODE_ERTM:
1880 chan->remote_tx_win = rfc.txwin_size;
1881 chan->remote_max_tx = rfc.max_transmit;
1883 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
1884 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1886 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1888 rfc.retrans_timeout =
1889 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
1890 rfc.monitor_timeout =
1891 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
1893 chan->conf_state |= L2CAP_CONF_MODE_DONE;
1895 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1896 sizeof(rfc), (unsigned long) &rfc);
1900 case L2CAP_MODE_STREAMING:
1901 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
1902 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1904 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1906 chan->conf_state |= L2CAP_CONF_MODE_DONE;
1908 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1909 sizeof(rfc), (unsigned long) &rfc);
1914 result = L2CAP_CONF_UNACCEPT;
1916 memset(&rfc, 0, sizeof(rfc));
1917 rfc.mode = chan->mode;
1920 if (result == L2CAP_CONF_SUCCESS)
1921 chan->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1923 rsp->scid = cpu_to_le16(chan->dcid);
1924 rsp->result = cpu_to_le16(result);
1925 rsp->flags = cpu_to_le16(0x0000);
1930 static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
1932 struct l2cap_conf_req *req = data;
1933 void *ptr = req->data;
1936 struct l2cap_conf_rfc rfc;
1938 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
1940 while (len >= L2CAP_CONF_OPT_SIZE) {
1941 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
1944 case L2CAP_CONF_MTU:
1945 if (val < L2CAP_DEFAULT_MIN_MTU) {
1946 *result = L2CAP_CONF_UNACCEPT;
1947 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
1950 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
1953 case L2CAP_CONF_FLUSH_TO:
1954 chan->flush_to = val;
1955 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
1959 case L2CAP_CONF_RFC:
1960 if (olen == sizeof(rfc))
1961 memcpy(&rfc, (void *)val, olen);
1963 if ((chan->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
1964 rfc.mode != chan->mode)
1965 return -ECONNREFUSED;
1969 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1970 sizeof(rfc), (unsigned long) &rfc);
1975 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
1976 return -ECONNREFUSED;
1978 chan->mode = rfc.mode;
1980 if (*result == L2CAP_CONF_SUCCESS) {
1982 case L2CAP_MODE_ERTM:
1983 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
1984 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
1985 chan->mps = le16_to_cpu(rfc.max_pdu_size);
1987 case L2CAP_MODE_STREAMING:
1988 chan->mps = le16_to_cpu(rfc.max_pdu_size);
1992 req->dcid = cpu_to_le16(chan->dcid);
1993 req->flags = cpu_to_le16(0x0000);
1998 static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
2000 struct l2cap_conf_rsp *rsp = data;
2001 void *ptr = rsp->data;
2003 BT_DBG("chan %p", chan);
2005 rsp->scid = cpu_to_le16(chan->dcid);
2006 rsp->result = cpu_to_le16(result);
2007 rsp->flags = cpu_to_le16(flags);
2012 void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
2014 struct l2cap_conn_rsp rsp;
2015 struct l2cap_conn *conn = chan->conn;
2018 rsp.scid = cpu_to_le16(chan->dcid);
2019 rsp.dcid = cpu_to_le16(chan->scid);
2020 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2021 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2022 l2cap_send_cmd(conn, chan->ident,
2023 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2025 if (chan->conf_state & L2CAP_CONF_REQ_SENT)
2028 chan->conf_state |= L2CAP_CONF_REQ_SENT;
2029 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2030 l2cap_build_conf_req(chan, buf), buf);
2031 chan->num_conf_req++;
2034 static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
2038 struct l2cap_conf_rfc rfc;
2040 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
2042 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
2045 while (len >= L2CAP_CONF_OPT_SIZE) {
2046 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2049 case L2CAP_CONF_RFC:
2050 if (olen == sizeof(rfc))
2051 memcpy(&rfc, (void *)val, olen);
2058 case L2CAP_MODE_ERTM:
2059 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2060 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2061 chan->mps = le16_to_cpu(rfc.max_pdu_size);
2063 case L2CAP_MODE_STREAMING:
2064 chan->mps = le16_to_cpu(rfc.max_pdu_size);
2068 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2070 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2072 if (rej->reason != 0x0000)
2075 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2076 cmd->ident == conn->info_ident) {
2077 del_timer(&conn->info_timer);
2079 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2080 conn->info_ident = 0;
2082 l2cap_conn_start(conn);
2088 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2090 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2091 struct l2cap_conn_rsp rsp;
2092 struct l2cap_chan *chan = NULL, *pchan;
2093 struct sock *parent, *sk = NULL;
2094 int result, status = L2CAP_CS_NO_INFO;
2096 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
2097 __le16 psm = req->psm;
2099 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2101 /* Check if we have socket listening on psm */
2102 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2104 result = L2CAP_CR_BAD_PSM;
2110 bh_lock_sock(parent);
2112 /* Check if the ACL is secure enough (if not SDP) */
2113 if (psm != cpu_to_le16(0x0001) &&
2114 !hci_conn_check_link_mode(conn->hcon)) {
2115 conn->disc_reason = 0x05;
2116 result = L2CAP_CR_SEC_BLOCK;
2120 result = L2CAP_CR_NO_MEM;
2122 /* Check for backlog size */
2123 if (sk_acceptq_is_full(parent)) {
2124 BT_DBG("backlog full %d", parent->sk_ack_backlog);
2128 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
2132 chan = l2cap_chan_create(sk);
2134 l2cap_sock_kill(sk);
2138 l2cap_pi(sk)->chan = chan;
2140 write_lock_bh(&conn->chan_lock);
2142 /* Check if we already have channel with that dcid */
2143 if (__l2cap_get_chan_by_dcid(conn, scid)) {
2144 write_unlock_bh(&conn->chan_lock);
2145 sock_set_flag(sk, SOCK_ZAPPED);
2146 l2cap_sock_kill(sk);
2150 hci_conn_hold(conn->hcon);
2152 l2cap_sock_init(sk, parent);
2153 bacpy(&bt_sk(sk)->src, conn->src);
2154 bacpy(&bt_sk(sk)->dst, conn->dst);
2158 bt_accept_enqueue(parent, sk);
2160 __l2cap_chan_add(conn, chan);
2164 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2166 chan->ident = cmd->ident;
2168 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2169 if (l2cap_check_security(chan)) {
2170 if (bt_sk(sk)->defer_setup) {
2171 sk->sk_state = BT_CONNECT2;
2172 result = L2CAP_CR_PEND;
2173 status = L2CAP_CS_AUTHOR_PEND;
2174 parent->sk_data_ready(parent, 0);
2176 sk->sk_state = BT_CONFIG;
2177 result = L2CAP_CR_SUCCESS;
2178 status = L2CAP_CS_NO_INFO;
2181 sk->sk_state = BT_CONNECT2;
2182 result = L2CAP_CR_PEND;
2183 status = L2CAP_CS_AUTHEN_PEND;
2186 sk->sk_state = BT_CONNECT2;
2187 result = L2CAP_CR_PEND;
2188 status = L2CAP_CS_NO_INFO;
2191 write_unlock_bh(&conn->chan_lock);
2194 bh_unlock_sock(parent);
2197 rsp.scid = cpu_to_le16(scid);
2198 rsp.dcid = cpu_to_le16(dcid);
2199 rsp.result = cpu_to_le16(result);
2200 rsp.status = cpu_to_le16(status);
2201 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2203 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2204 struct l2cap_info_req info;
2205 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2207 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2208 conn->info_ident = l2cap_get_ident(conn);
2210 mod_timer(&conn->info_timer, jiffies +
2211 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2213 l2cap_send_cmd(conn, conn->info_ident,
2214 L2CAP_INFO_REQ, sizeof(info), &info);
2217 if (chan && !(chan->conf_state & L2CAP_CONF_REQ_SENT) &&
2218 result == L2CAP_CR_SUCCESS) {
2220 chan->conf_state |= L2CAP_CONF_REQ_SENT;
2221 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2222 l2cap_build_conf_req(chan, buf), buf);
2223 chan->num_conf_req++;
2229 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2231 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2232 u16 scid, dcid, result, status;
2233 struct l2cap_chan *chan;
2237 scid = __le16_to_cpu(rsp->scid);
2238 dcid = __le16_to_cpu(rsp->dcid);
2239 result = __le16_to_cpu(rsp->result);
2240 status = __le16_to_cpu(rsp->status);
2242 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2245 chan = l2cap_get_chan_by_scid(conn, scid);
2249 chan = l2cap_get_chan_by_ident(conn, cmd->ident);
2257 case L2CAP_CR_SUCCESS:
2258 sk->sk_state = BT_CONFIG;
2261 chan->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2263 if (chan->conf_state & L2CAP_CONF_REQ_SENT)
2266 chan->conf_state |= L2CAP_CONF_REQ_SENT;
2268 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2269 l2cap_build_conf_req(chan, req), req);
2270 chan->num_conf_req++;
2274 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
2278 /* don't delete l2cap channel if sk is owned by user */
2279 if (sock_owned_by_user(sk)) {
2280 sk->sk_state = BT_DISCONN;
2281 l2cap_sock_clear_timer(sk);
2282 l2cap_sock_set_timer(sk, HZ / 5);
2286 l2cap_chan_del(chan, ECONNREFUSED);
2294 static inline void set_default_fcs(struct l2cap_chan *chan)
2296 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
2298 /* FCS is enabled only in ERTM or streaming mode, if one or both
2301 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
2302 chan->fcs = L2CAP_FCS_NONE;
2303 else if (!(pi->chan->conf_state & L2CAP_CONF_NO_FCS_RECV))
2304 chan->fcs = L2CAP_FCS_CRC16;
2307 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2309 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2312 struct l2cap_chan *chan;
2316 dcid = __le16_to_cpu(req->dcid);
2317 flags = __le16_to_cpu(req->flags);
2319 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2321 chan = l2cap_get_chan_by_scid(conn, dcid);
2327 if (sk->sk_state != BT_CONFIG && sk->sk_state != BT_CONNECT2) {
2328 struct l2cap_cmd_rej rej;
2330 rej.reason = cpu_to_le16(0x0002);
2331 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2336 /* Reject if config buffer is too small. */
2337 len = cmd_len - sizeof(*req);
2338 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
2339 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2340 l2cap_build_conf_rsp(chan, rsp,
2341 L2CAP_CONF_REJECT, flags), rsp);
2346 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2347 chan->conf_len += len;
2349 if (flags & 0x0001) {
2350 /* Incomplete config. Send empty response. */
2351 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2352 l2cap_build_conf_rsp(chan, rsp,
2353 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2357 /* Complete config. */
2358 len = l2cap_parse_conf_req(chan, rsp);
2360 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2364 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2365 chan->num_conf_rsp++;
2367 /* Reset config buffer. */
2370 if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE))
2373 if (chan->conf_state & L2CAP_CONF_INPUT_DONE) {
2374 set_default_fcs(chan);
2376 sk->sk_state = BT_CONNECTED;
2378 chan->next_tx_seq = 0;
2379 chan->expected_tx_seq = 0;
2380 skb_queue_head_init(&chan->tx_q);
2381 if (chan->mode == L2CAP_MODE_ERTM)
2382 l2cap_ertm_init(chan);
2384 l2cap_chan_ready(sk);
2388 if (!(chan->conf_state & L2CAP_CONF_REQ_SENT)) {
2390 chan->conf_state |= L2CAP_CONF_REQ_SENT;
2391 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2392 l2cap_build_conf_req(chan, buf), buf);
2393 chan->num_conf_req++;
2401 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2403 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2404 u16 scid, flags, result;
2405 struct l2cap_chan *chan;
2407 int len = cmd->len - sizeof(*rsp);
2409 scid = __le16_to_cpu(rsp->scid);
2410 flags = __le16_to_cpu(rsp->flags);
2411 result = __le16_to_cpu(rsp->result);
2413 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2414 scid, flags, result);
2416 chan = l2cap_get_chan_by_scid(conn, scid);
2423 case L2CAP_CONF_SUCCESS:
2424 l2cap_conf_rfc_get(chan, rsp->data, len);
2427 case L2CAP_CONF_UNACCEPT:
2428 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2431 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
2432 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2436 /* throw out any old stored conf requests */
2437 result = L2CAP_CONF_SUCCESS;
2438 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2441 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2445 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2446 L2CAP_CONF_REQ, len, req);
2447 chan->num_conf_req++;
2448 if (result != L2CAP_CONF_SUCCESS)
2454 sk->sk_err = ECONNRESET;
2455 l2cap_sock_set_timer(sk, HZ * 5);
2456 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2463 chan->conf_state |= L2CAP_CONF_INPUT_DONE;
2465 if (chan->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2466 set_default_fcs(chan);
2468 sk->sk_state = BT_CONNECTED;
2469 chan->next_tx_seq = 0;
2470 chan->expected_tx_seq = 0;
2471 skb_queue_head_init(&chan->tx_q);
2472 if (chan->mode == L2CAP_MODE_ERTM)
2473 l2cap_ertm_init(chan);
2475 l2cap_chan_ready(sk);
2483 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2485 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2486 struct l2cap_disconn_rsp rsp;
2488 struct l2cap_chan *chan;
2491 scid = __le16_to_cpu(req->scid);
2492 dcid = __le16_to_cpu(req->dcid);
2494 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2496 chan = l2cap_get_chan_by_scid(conn, dcid);
2502 rsp.dcid = cpu_to_le16(chan->scid);
2503 rsp.scid = cpu_to_le16(chan->dcid);
2504 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2506 sk->sk_shutdown = SHUTDOWN_MASK;
2508 /* don't delete l2cap channel if sk is owned by user */
2509 if (sock_owned_by_user(sk)) {
2510 sk->sk_state = BT_DISCONN;
2511 l2cap_sock_clear_timer(sk);
2512 l2cap_sock_set_timer(sk, HZ / 5);
2517 l2cap_chan_del(chan, ECONNRESET);
2520 l2cap_sock_kill(sk);
2524 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2526 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2528 struct l2cap_chan *chan;
2531 scid = __le16_to_cpu(rsp->scid);
2532 dcid = __le16_to_cpu(rsp->dcid);
2534 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2536 chan = l2cap_get_chan_by_scid(conn, scid);
2542 /* don't delete l2cap channel if sk is owned by user */
2543 if (sock_owned_by_user(sk)) {
2544 sk->sk_state = BT_DISCONN;
2545 l2cap_sock_clear_timer(sk);
2546 l2cap_sock_set_timer(sk, HZ / 5);
2551 l2cap_chan_del(chan, 0);
2554 l2cap_sock_kill(sk);
2558 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2560 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2563 type = __le16_to_cpu(req->type);
2565 BT_DBG("type 0x%4.4x", type);
2567 if (type == L2CAP_IT_FEAT_MASK) {
2569 u32 feat_mask = l2cap_feat_mask;
2570 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2571 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2572 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2574 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2576 put_unaligned_le32(feat_mask, rsp->data);
2577 l2cap_send_cmd(conn, cmd->ident,
2578 L2CAP_INFO_RSP, sizeof(buf), buf);
2579 } else if (type == L2CAP_IT_FIXED_CHAN) {
2581 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2582 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2583 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2584 memcpy(buf + 4, l2cap_fixed_chan, 8);
2585 l2cap_send_cmd(conn, cmd->ident,
2586 L2CAP_INFO_RSP, sizeof(buf), buf);
2588 struct l2cap_info_rsp rsp;
2589 rsp.type = cpu_to_le16(type);
2590 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2591 l2cap_send_cmd(conn, cmd->ident,
2592 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2598 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2600 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2603 type = __le16_to_cpu(rsp->type);
2604 result = __le16_to_cpu(rsp->result);
2606 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2608 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
2609 if (cmd->ident != conn->info_ident ||
2610 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
2613 del_timer(&conn->info_timer);
2615 if (result != L2CAP_IR_SUCCESS) {
2616 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2617 conn->info_ident = 0;
2619 l2cap_conn_start(conn);
2624 if (type == L2CAP_IT_FEAT_MASK) {
2625 conn->feat_mask = get_unaligned_le32(rsp->data);
2627 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
2628 struct l2cap_info_req req;
2629 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2631 conn->info_ident = l2cap_get_ident(conn);
2633 l2cap_send_cmd(conn, conn->info_ident,
2634 L2CAP_INFO_REQ, sizeof(req), &req);
2636 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2637 conn->info_ident = 0;
2639 l2cap_conn_start(conn);
2641 } else if (type == L2CAP_IT_FIXED_CHAN) {
2642 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2643 conn->info_ident = 0;
2645 l2cap_conn_start(conn);
2651 static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
2656 if (min > max || min < 6 || max > 3200)
2659 if (to_multiplier < 10 || to_multiplier > 3200)
2662 if (max >= to_multiplier * 8)
2665 max_latency = (to_multiplier * 8 / max) - 1;
2666 if (latency > 499 || latency > max_latency)
2672 static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
2673 struct l2cap_cmd_hdr *cmd, u8 *data)
2675 struct hci_conn *hcon = conn->hcon;
2676 struct l2cap_conn_param_update_req *req;
2677 struct l2cap_conn_param_update_rsp rsp;
2678 u16 min, max, latency, to_multiplier, cmd_len;
2681 if (!(hcon->link_mode & HCI_LM_MASTER))
2684 cmd_len = __le16_to_cpu(cmd->len);
2685 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
2688 req = (struct l2cap_conn_param_update_req *) data;
2689 min = __le16_to_cpu(req->min);
2690 max = __le16_to_cpu(req->max);
2691 latency = __le16_to_cpu(req->latency);
2692 to_multiplier = __le16_to_cpu(req->to_multiplier);
2694 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
2695 min, max, latency, to_multiplier);
2697 memset(&rsp, 0, sizeof(rsp));
2699 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
2701 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
2703 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
2705 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
2709 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
2714 static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
2715 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2719 switch (cmd->code) {
2720 case L2CAP_COMMAND_REJ:
2721 l2cap_command_rej(conn, cmd, data);
2724 case L2CAP_CONN_REQ:
2725 err = l2cap_connect_req(conn, cmd, data);
2728 case L2CAP_CONN_RSP:
2729 err = l2cap_connect_rsp(conn, cmd, data);
2732 case L2CAP_CONF_REQ:
2733 err = l2cap_config_req(conn, cmd, cmd_len, data);
2736 case L2CAP_CONF_RSP:
2737 err = l2cap_config_rsp(conn, cmd, data);
2740 case L2CAP_DISCONN_REQ:
2741 err = l2cap_disconnect_req(conn, cmd, data);
2744 case L2CAP_DISCONN_RSP:
2745 err = l2cap_disconnect_rsp(conn, cmd, data);
2748 case L2CAP_ECHO_REQ:
2749 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
2752 case L2CAP_ECHO_RSP:
2755 case L2CAP_INFO_REQ:
2756 err = l2cap_information_req(conn, cmd, data);
2759 case L2CAP_INFO_RSP:
2760 err = l2cap_information_rsp(conn, cmd, data);
2764 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
2772 static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
2773 struct l2cap_cmd_hdr *cmd, u8 *data)
2775 switch (cmd->code) {
2776 case L2CAP_COMMAND_REJ:
2779 case L2CAP_CONN_PARAM_UPDATE_REQ:
2780 return l2cap_conn_param_update_req(conn, cmd, data);
2782 case L2CAP_CONN_PARAM_UPDATE_RSP:
2786 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
2791 static inline void l2cap_sig_channel(struct l2cap_conn *conn,
2792 struct sk_buff *skb)
2794 u8 *data = skb->data;
2796 struct l2cap_cmd_hdr cmd;
2799 l2cap_raw_recv(conn, skb);
2801 while (len >= L2CAP_CMD_HDR_SIZE) {
2803 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2804 data += L2CAP_CMD_HDR_SIZE;
2805 len -= L2CAP_CMD_HDR_SIZE;
2807 cmd_len = le16_to_cpu(cmd.len);
2809 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
2811 if (cmd_len > len || !cmd.ident) {
2812 BT_DBG("corrupted command");
2816 if (conn->hcon->type == LE_LINK)
2817 err = l2cap_le_sig_cmd(conn, &cmd, data);
2819 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
2822 struct l2cap_cmd_rej rej;
2824 BT_ERR("Wrong link type (%d)", err);
2826 /* FIXME: Map err to a valid reason */
2827 rej.reason = cpu_to_le16(0);
2828 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2838 static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
2840 u16 our_fcs, rcv_fcs;
2841 int hdr_size = L2CAP_HDR_SIZE + 2;
2843 if (chan->fcs == L2CAP_FCS_CRC16) {
2844 skb_trim(skb, skb->len - 2);
2845 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
2846 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
2848 if (our_fcs != rcv_fcs)
2854 static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
2858 chan->frames_sent = 0;
2860 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2862 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
2863 control |= L2CAP_SUPER_RCV_NOT_READY;
2864 l2cap_send_sframe(chan, control);
2865 chan->conn_state |= L2CAP_CONN_RNR_SENT;
2868 if (chan->conn_state & L2CAP_CONN_REMOTE_BUSY)
2869 l2cap_retransmit_frames(chan);
2871 l2cap_ertm_send(chan);
2873 if (!(chan->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
2874 chan->frames_sent == 0) {
2875 control |= L2CAP_SUPER_RCV_READY;
2876 l2cap_send_sframe(chan, control);
2880 static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u8 tx_seq, u8 sar)
2882 struct sk_buff *next_skb;
2883 int tx_seq_offset, next_tx_seq_offset;
2885 bt_cb(skb)->tx_seq = tx_seq;
2886 bt_cb(skb)->sar = sar;
2888 next_skb = skb_peek(&chan->srej_q);
2890 __skb_queue_tail(&chan->srej_q, skb);
2894 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
2895 if (tx_seq_offset < 0)
2896 tx_seq_offset += 64;
2899 if (bt_cb(next_skb)->tx_seq == tx_seq)
2902 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
2903 chan->buffer_seq) % 64;
2904 if (next_tx_seq_offset < 0)
2905 next_tx_seq_offset += 64;
2907 if (next_tx_seq_offset > tx_seq_offset) {
2908 __skb_queue_before(&chan->srej_q, next_skb, skb);
2912 if (skb_queue_is_last(&chan->srej_q, next_skb))
2915 } while ((next_skb = skb_queue_next(&chan->srej_q, next_skb)));
2917 __skb_queue_tail(&chan->srej_q, skb);
2922 static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
2924 struct sk_buff *_skb;
2927 switch (control & L2CAP_CTRL_SAR) {
2928 case L2CAP_SDU_UNSEGMENTED:
2929 if (chan->conn_state & L2CAP_CONN_SAR_SDU)
2932 err = sock_queue_rcv_skb(chan->sk, skb);
2938 case L2CAP_SDU_START:
2939 if (chan->conn_state & L2CAP_CONN_SAR_SDU)
2942 chan->sdu_len = get_unaligned_le16(skb->data);
2944 if (chan->sdu_len > chan->imtu)
2947 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
2951 /* pull sdu_len bytes only after alloc, because of Local Busy
2952 * condition we have to be sure that this will be executed
2953 * only once, i.e., when alloc does not fail */
2956 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
2958 chan->conn_state |= L2CAP_CONN_SAR_SDU;
2959 chan->partial_sdu_len = skb->len;
2962 case L2CAP_SDU_CONTINUE:
2963 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
2969 chan->partial_sdu_len += skb->len;
2970 if (chan->partial_sdu_len > chan->sdu_len)
2973 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
2978 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
2984 if (!(chan->conn_state & L2CAP_CONN_SAR_RETRY)) {
2985 chan->partial_sdu_len += skb->len;
2987 if (chan->partial_sdu_len > chan->imtu)
2990 if (chan->partial_sdu_len != chan->sdu_len)
2993 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
2996 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
2998 chan->conn_state |= L2CAP_CONN_SAR_RETRY;
3002 err = sock_queue_rcv_skb(chan->sk, _skb);
3005 chan->conn_state |= L2CAP_CONN_SAR_RETRY;
3009 chan->conn_state &= ~L2CAP_CONN_SAR_RETRY;
3010 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
3012 kfree_skb(chan->sdu);
3020 kfree_skb(chan->sdu);
3024 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3029 static int l2cap_try_push_rx_skb(struct l2cap_chan *chan)
3031 struct sk_buff *skb;
3035 while ((skb = skb_dequeue(&chan->busy_q))) {
3036 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3037 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
3039 skb_queue_head(&chan->busy_q, skb);
3043 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
3046 if (!(chan->conn_state & L2CAP_CONN_RNR_SENT))
3049 control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3050 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
3051 l2cap_send_sframe(chan, control);
3052 chan->retry_count = 1;
3054 del_timer(&chan->retrans_timer);
3055 __mod_monitor_timer();
3057 chan->conn_state |= L2CAP_CONN_WAIT_F;
3060 chan->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
3061 chan->conn_state &= ~L2CAP_CONN_RNR_SENT;
3063 BT_DBG("chan %p, Exit local busy", chan);
3068 static void l2cap_busy_work(struct work_struct *work)
3070 DECLARE_WAITQUEUE(wait, current);
3071 struct l2cap_chan *chan =
3072 container_of(work, struct l2cap_chan, busy_work);
3073 struct sock *sk = chan->sk;
3074 int n_tries = 0, timeo = HZ/5, err;
3075 struct sk_buff *skb;
3079 add_wait_queue(sk_sleep(sk), &wait);
3080 while ((skb = skb_peek(&chan->busy_q))) {
3081 set_current_state(TASK_INTERRUPTIBLE);
3083 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3085 l2cap_send_disconn_req(chan->conn, chan, EBUSY);
3092 if (signal_pending(current)) {
3093 err = sock_intr_errno(timeo);
3098 timeo = schedule_timeout(timeo);
3101 err = sock_error(sk);
3105 if (l2cap_try_push_rx_skb(chan) == 0)
3109 set_current_state(TASK_RUNNING);
3110 remove_wait_queue(sk_sleep(sk), &wait);
3115 static int l2cap_push_rx_skb(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
3119 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3120 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3121 __skb_queue_tail(&chan->busy_q, skb);
3122 return l2cap_try_push_rx_skb(chan);
3127 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
3129 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
3133 /* Busy Condition */
3134 BT_DBG("chan %p, Enter local busy", chan);
3136 chan->conn_state |= L2CAP_CONN_LOCAL_BUSY;
3137 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3138 __skb_queue_tail(&chan->busy_q, skb);
3140 sctrl = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3141 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
3142 l2cap_send_sframe(chan, sctrl);
3144 chan->conn_state |= L2CAP_CONN_RNR_SENT;
3146 del_timer(&chan->ack_timer);
3148 queue_work(_busy_wq, &chan->busy_work);
3153 static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
3155 struct sk_buff *_skb;
3159 * TODO: We have to notify the userland if some data is lost with the
3163 switch (control & L2CAP_CTRL_SAR) {
3164 case L2CAP_SDU_UNSEGMENTED:
3165 if (chan->conn_state & L2CAP_CONN_SAR_SDU) {
3166 kfree_skb(chan->sdu);
3170 err = sock_queue_rcv_skb(chan->sk, skb);
3176 case L2CAP_SDU_START:
3177 if (chan->conn_state & L2CAP_CONN_SAR_SDU) {
3178 kfree_skb(chan->sdu);
3182 chan->sdu_len = get_unaligned_le16(skb->data);
3185 if (chan->sdu_len > chan->imtu) {
3190 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
3196 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
3198 chan->conn_state |= L2CAP_CONN_SAR_SDU;
3199 chan->partial_sdu_len = skb->len;
3203 case L2CAP_SDU_CONTINUE:
3204 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
3207 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
3209 chan->partial_sdu_len += skb->len;
3210 if (chan->partial_sdu_len > chan->sdu_len)
3211 kfree_skb(chan->sdu);
3218 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
3221 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
3223 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
3224 chan->partial_sdu_len += skb->len;
3226 if (chan->partial_sdu_len > chan->imtu)
3229 if (chan->partial_sdu_len == chan->sdu_len) {
3230 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
3231 err = sock_queue_rcv_skb(chan->sk, _skb);
3238 kfree_skb(chan->sdu);
3246 static void l2cap_check_srej_gap(struct l2cap_chan *chan, u8 tx_seq)
3248 struct sk_buff *skb;
3251 while ((skb = skb_peek(&chan->srej_q))) {
3252 if (bt_cb(skb)->tx_seq != tx_seq)
3255 skb = skb_dequeue(&chan->srej_q);
3256 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3257 l2cap_ertm_reassembly_sdu(chan, skb, control);
3258 chan->buffer_seq_srej =
3259 (chan->buffer_seq_srej + 1) % 64;
3260 tx_seq = (tx_seq + 1) % 64;
3264 static void l2cap_resend_srejframe(struct l2cap_chan *chan, u8 tx_seq)
3266 struct srej_list *l, *tmp;
3269 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
3270 if (l->tx_seq == tx_seq) {
3275 control = L2CAP_SUPER_SELECT_REJECT;
3276 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3277 l2cap_send_sframe(chan, control);
3279 list_add_tail(&l->list, &chan->srej_l);
3283 static void l2cap_send_srejframe(struct l2cap_chan *chan, u8 tx_seq)
3285 struct srej_list *new;
3288 while (tx_seq != chan->expected_tx_seq) {
3289 control = L2CAP_SUPER_SELECT_REJECT;
3290 control |= chan->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3291 l2cap_send_sframe(chan, control);
3293 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3294 new->tx_seq = chan->expected_tx_seq;
3295 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3296 list_add_tail(&new->list, &chan->srej_l);
3298 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3301 static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
3303 u8 tx_seq = __get_txseq(rx_control);
3304 u8 req_seq = __get_reqseq(rx_control);
3305 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3306 int tx_seq_offset, expected_tx_seq_offset;
3307 int num_to_ack = (chan->tx_win/6) + 1;
3310 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,
3311 tx_seq, rx_control);
3313 if (L2CAP_CTRL_FINAL & rx_control &&
3314 chan->conn_state & L2CAP_CONN_WAIT_F) {
3315 del_timer(&chan->monitor_timer);
3316 if (chan->unacked_frames > 0)
3317 __mod_retrans_timer();
3318 chan->conn_state &= ~L2CAP_CONN_WAIT_F;
3321 chan->expected_ack_seq = req_seq;
3322 l2cap_drop_acked_frames(chan);
3324 if (tx_seq == chan->expected_tx_seq)
3327 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
3328 if (tx_seq_offset < 0)
3329 tx_seq_offset += 64;
3331 /* invalid tx_seq */
3332 if (tx_seq_offset >= chan->tx_win) {
3333 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3337 if (chan->conn_state == L2CAP_CONN_LOCAL_BUSY)
3340 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3341 struct srej_list *first;
3343 first = list_first_entry(&chan->srej_l,
3344 struct srej_list, list);
3345 if (tx_seq == first->tx_seq) {
3346 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
3347 l2cap_check_srej_gap(chan, tx_seq);
3349 list_del(&first->list);
3352 if (list_empty(&chan->srej_l)) {
3353 chan->buffer_seq = chan->buffer_seq_srej;
3354 chan->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3355 l2cap_send_ack(chan);
3356 BT_DBG("chan %p, Exit SREJ_SENT", chan);
3359 struct srej_list *l;
3361 /* duplicated tx_seq */
3362 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
3365 list_for_each_entry(l, &chan->srej_l, list) {
3366 if (l->tx_seq == tx_seq) {
3367 l2cap_resend_srejframe(chan, tx_seq);
3371 l2cap_send_srejframe(chan, tx_seq);
3374 expected_tx_seq_offset =
3375 (chan->expected_tx_seq - chan->buffer_seq) % 64;
3376 if (expected_tx_seq_offset < 0)
3377 expected_tx_seq_offset += 64;
3379 /* duplicated tx_seq */
3380 if (tx_seq_offset < expected_tx_seq_offset)
3383 chan->conn_state |= L2CAP_CONN_SREJ_SENT;
3385 BT_DBG("chan %p, Enter SREJ", chan);
3387 INIT_LIST_HEAD(&chan->srej_l);
3388 chan->buffer_seq_srej = chan->buffer_seq;
3390 __skb_queue_head_init(&chan->srej_q);
3391 __skb_queue_head_init(&chan->busy_q);
3392 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
3394 chan->conn_state |= L2CAP_CONN_SEND_PBIT;
3396 l2cap_send_srejframe(chan, tx_seq);
3398 del_timer(&chan->ack_timer);
3403 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3405 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3406 bt_cb(skb)->tx_seq = tx_seq;
3407 bt_cb(skb)->sar = sar;
3408 __skb_queue_tail(&chan->srej_q, skb);
3412 err = l2cap_push_rx_skb(chan, skb, rx_control);
3416 if (rx_control & L2CAP_CTRL_FINAL) {
3417 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3418 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
3420 l2cap_retransmit_frames(chan);
3425 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
3426 if (chan->num_acked == num_to_ack - 1)
3427 l2cap_send_ack(chan);
3436 static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u16 rx_control)
3438 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, __get_reqseq(rx_control),
3441 chan->expected_ack_seq = __get_reqseq(rx_control);
3442 l2cap_drop_acked_frames(chan);
3444 if (rx_control & L2CAP_CTRL_POLL) {
3445 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3446 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3447 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3448 (chan->unacked_frames > 0))
3449 __mod_retrans_timer();
3451 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3452 l2cap_send_srejtail(chan);
3454 l2cap_send_i_or_rr_or_rnr(chan);
3457 } else if (rx_control & L2CAP_CTRL_FINAL) {
3458 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3460 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3461 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
3463 l2cap_retransmit_frames(chan);
3466 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3467 (chan->unacked_frames > 0))
3468 __mod_retrans_timer();
3470 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3471 if (chan->conn_state & L2CAP_CONN_SREJ_SENT)
3472 l2cap_send_ack(chan);
3474 l2cap_ertm_send(chan);
3478 static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u16 rx_control)
3480 u8 tx_seq = __get_reqseq(rx_control);
3482 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
3484 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3486 chan->expected_ack_seq = tx_seq;
3487 l2cap_drop_acked_frames(chan);
3489 if (rx_control & L2CAP_CTRL_FINAL) {
3490 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3491 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
3493 l2cap_retransmit_frames(chan);
3495 l2cap_retransmit_frames(chan);
3497 if (chan->conn_state & L2CAP_CONN_WAIT_F)
3498 chan->conn_state |= L2CAP_CONN_REJ_ACT;
3501 static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_control)
3503 u8 tx_seq = __get_reqseq(rx_control);
3505 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
3507 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3509 if (rx_control & L2CAP_CTRL_POLL) {
3510 chan->expected_ack_seq = tx_seq;
3511 l2cap_drop_acked_frames(chan);
3513 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3514 l2cap_retransmit_one_frame(chan, tx_seq);
3516 l2cap_ertm_send(chan);
3518 if (chan->conn_state & L2CAP_CONN_WAIT_F) {
3519 chan->srej_save_reqseq = tx_seq;
3520 chan->conn_state |= L2CAP_CONN_SREJ_ACT;
3522 } else if (rx_control & L2CAP_CTRL_FINAL) {
3523 if ((chan->conn_state & L2CAP_CONN_SREJ_ACT) &&
3524 chan->srej_save_reqseq == tx_seq)
3525 chan->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3527 l2cap_retransmit_one_frame(chan, tx_seq);
3529 l2cap_retransmit_one_frame(chan, tx_seq);
3530 if (chan->conn_state & L2CAP_CONN_WAIT_F) {
3531 chan->srej_save_reqseq = tx_seq;
3532 chan->conn_state |= L2CAP_CONN_SREJ_ACT;
3537 static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u16 rx_control)
3539 u8 tx_seq = __get_reqseq(rx_control);
3541 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
3543 chan->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3544 chan->expected_ack_seq = tx_seq;
3545 l2cap_drop_acked_frames(chan);
3547 if (rx_control & L2CAP_CTRL_POLL)
3548 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3550 if (!(chan->conn_state & L2CAP_CONN_SREJ_SENT)) {
3551 del_timer(&chan->retrans_timer);
3552 if (rx_control & L2CAP_CTRL_POLL)
3553 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
3557 if (rx_control & L2CAP_CTRL_POLL)
3558 l2cap_send_srejtail(chan);
3560 l2cap_send_sframe(chan, L2CAP_SUPER_RCV_READY);
3563 static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
3565 BT_DBG("chan %p rx_control 0x%4.4x len %d", chan, rx_control, skb->len);
3567 if (L2CAP_CTRL_FINAL & rx_control &&
3568 chan->conn_state & L2CAP_CONN_WAIT_F) {
3569 del_timer(&chan->monitor_timer);
3570 if (chan->unacked_frames > 0)
3571 __mod_retrans_timer();
3572 chan->conn_state &= ~L2CAP_CONN_WAIT_F;
3575 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3576 case L2CAP_SUPER_RCV_READY:
3577 l2cap_data_channel_rrframe(chan, rx_control);
3580 case L2CAP_SUPER_REJECT:
3581 l2cap_data_channel_rejframe(chan, rx_control);
3584 case L2CAP_SUPER_SELECT_REJECT:
3585 l2cap_data_channel_srejframe(chan, rx_control);
3588 case L2CAP_SUPER_RCV_NOT_READY:
3589 l2cap_data_channel_rnrframe(chan, rx_control);
3597 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3599 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3602 int len, next_tx_seq_offset, req_seq_offset;
3604 control = get_unaligned_le16(skb->data);
3609 * We can just drop the corrupted I-frame here.
3610 * Receiver will miss it and start proper recovery
3611 * procedures and ask retransmission.
3613 if (l2cap_check_fcs(chan, skb))
3616 if (__is_sar_start(control) && __is_iframe(control))
3619 if (chan->fcs == L2CAP_FCS_CRC16)
3622 if (len > chan->mps) {
3623 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3627 req_seq = __get_reqseq(control);
3628 req_seq_offset = (req_seq - chan->expected_ack_seq) % 64;
3629 if (req_seq_offset < 0)
3630 req_seq_offset += 64;
3632 next_tx_seq_offset =
3633 (chan->next_tx_seq - chan->expected_ack_seq) % 64;
3634 if (next_tx_seq_offset < 0)
3635 next_tx_seq_offset += 64;
3637 /* check for invalid req-seq */
3638 if (req_seq_offset > next_tx_seq_offset) {
3639 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3643 if (__is_iframe(control)) {
3645 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3649 l2cap_data_channel_iframe(chan, control, skb);
3653 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3657 l2cap_data_channel_sframe(chan, control, skb);
3667 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3669 struct l2cap_chan *chan;
3670 struct sock *sk = NULL;
3671 struct l2cap_pinfo *pi;
3676 chan = l2cap_get_chan_by_scid(conn, cid);
3678 BT_DBG("unknown cid 0x%4.4x", cid);
3685 BT_DBG("chan %p, len %d", chan, skb->len);
3687 if (sk->sk_state != BT_CONNECTED)
3690 switch (chan->mode) {
3691 case L2CAP_MODE_BASIC:
3692 /* If socket recv buffers overflows we drop data here
3693 * which is *bad* because L2CAP has to be reliable.
3694 * But we don't have any other choice. L2CAP doesn't
3695 * provide flow control mechanism. */
3697 if (chan->imtu < skb->len)
3700 if (!sock_queue_rcv_skb(sk, skb))
3704 case L2CAP_MODE_ERTM:
3705 if (!sock_owned_by_user(sk)) {
3706 l2cap_ertm_data_rcv(sk, skb);
3708 if (sk_add_backlog(sk, skb))
3714 case L2CAP_MODE_STREAMING:
3715 control = get_unaligned_le16(skb->data);
3719 if (l2cap_check_fcs(chan, skb))
3722 if (__is_sar_start(control))
3725 if (chan->fcs == L2CAP_FCS_CRC16)
3728 if (len > chan->mps || len < 0 || __is_sframe(control))
3731 tx_seq = __get_txseq(control);
3733 if (chan->expected_tx_seq == tx_seq)
3734 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3736 chan->expected_tx_seq = (tx_seq + 1) % 64;
3738 l2cap_streaming_reassembly_sdu(chan, skb, control);
3743 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
3757 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
3759 struct sock *sk = NULL;
3760 struct l2cap_chan *chan;
3762 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
3770 BT_DBG("sk %p, len %d", sk, skb->len);
3772 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3775 if (l2cap_pi(sk)->chan->imtu < skb->len)
3778 if (!sock_queue_rcv_skb(sk, skb))
3790 static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
3792 struct sock *sk = NULL;
3793 struct l2cap_chan *chan;
3795 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
3803 BT_DBG("sk %p, len %d", sk, skb->len);
3805 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3808 if (l2cap_pi(sk)->chan->imtu < skb->len)
3811 if (!sock_queue_rcv_skb(sk, skb))
3823 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3825 struct l2cap_hdr *lh = (void *) skb->data;
3829 skb_pull(skb, L2CAP_HDR_SIZE);
3830 cid = __le16_to_cpu(lh->cid);
3831 len = __le16_to_cpu(lh->len);
3833 if (len != skb->len) {
3838 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3841 case L2CAP_CID_LE_SIGNALING:
3842 case L2CAP_CID_SIGNALING:
3843 l2cap_sig_channel(conn, skb);
3846 case L2CAP_CID_CONN_LESS:
3847 psm = get_unaligned_le16(skb->data);
3849 l2cap_conless_channel(conn, psm, skb);
3852 case L2CAP_CID_LE_DATA:
3853 l2cap_att_channel(conn, cid, skb);
3857 l2cap_data_channel(conn, cid, skb);
3862 /* ---- L2CAP interface with lower layer (HCI) ---- */
3864 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3866 int exact = 0, lm1 = 0, lm2 = 0;
3867 struct l2cap_chan *c;
3869 if (type != ACL_LINK)
3872 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3874 /* Find listening sockets and check their link_mode */
3875 read_lock(&chan_list_lock);
3876 list_for_each_entry(c, &chan_list, global_l) {
3877 struct sock *sk = c->sk;
3879 if (sk->sk_state != BT_LISTEN)
3882 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
3883 lm1 |= HCI_LM_ACCEPT;
3885 lm1 |= HCI_LM_MASTER;
3887 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3888 lm2 |= HCI_LM_ACCEPT;
3890 lm2 |= HCI_LM_MASTER;
3893 read_unlock(&chan_list_lock);
3895 return exact ? lm1 : lm2;
3898 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
3900 struct l2cap_conn *conn;
3902 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
3904 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
3908 conn = l2cap_conn_add(hcon, status);
3910 l2cap_conn_ready(conn);
3912 l2cap_conn_del(hcon, bt_err(status));
3917 static int l2cap_disconn_ind(struct hci_conn *hcon)
3919 struct l2cap_conn *conn = hcon->l2cap_data;
3921 BT_DBG("hcon %p", hcon);
3923 if (hcon->type != ACL_LINK || !conn)
3926 return conn->disc_reason;
3929 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
3931 BT_DBG("hcon %p reason %d", hcon, reason);
3933 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
3936 l2cap_conn_del(hcon, bt_err(reason));
3941 static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
3943 struct sock *sk = chan->sk;
3945 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
3948 if (encrypt == 0x00) {
3949 if (chan->sec_level == BT_SECURITY_MEDIUM) {
3950 l2cap_sock_clear_timer(sk);
3951 l2cap_sock_set_timer(sk, HZ * 5);
3952 } else if (chan->sec_level == BT_SECURITY_HIGH)
3953 __l2cap_sock_close(sk, ECONNREFUSED);
3955 if (chan->sec_level == BT_SECURITY_MEDIUM)
3956 l2cap_sock_clear_timer(sk);
3960 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3962 struct l2cap_conn *conn = hcon->l2cap_data;
3963 struct l2cap_chan *chan;
3968 BT_DBG("conn %p", conn);
3970 read_lock(&conn->chan_lock);
3972 list_for_each_entry(chan, &conn->chan_l, list) {
3973 struct sock *sk = chan->sk;
3977 if (chan->conf_state & L2CAP_CONF_CONNECT_PEND) {
3982 if (!status && (sk->sk_state == BT_CONNECTED ||
3983 sk->sk_state == BT_CONFIG)) {
3984 l2cap_check_encryption(chan, encrypt);
3989 if (sk->sk_state == BT_CONNECT) {
3991 struct l2cap_conn_req req;
3992 req.scid = cpu_to_le16(chan->scid);
3993 req.psm = chan->psm;
3995 chan->ident = l2cap_get_ident(conn);
3996 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
3998 l2cap_send_cmd(conn, chan->ident,
3999 L2CAP_CONN_REQ, sizeof(req), &req);
4001 l2cap_sock_clear_timer(sk);
4002 l2cap_sock_set_timer(sk, HZ / 10);
4004 } else if (sk->sk_state == BT_CONNECT2) {
4005 struct l2cap_conn_rsp rsp;
4009 if (bt_sk(sk)->defer_setup) {
4010 struct sock *parent = bt_sk(sk)->parent;
4011 res = L2CAP_CR_PEND;
4012 stat = L2CAP_CS_AUTHOR_PEND;
4014 parent->sk_data_ready(parent, 0);
4016 sk->sk_state = BT_CONFIG;
4017 res = L2CAP_CR_SUCCESS;
4018 stat = L2CAP_CS_NO_INFO;
4021 sk->sk_state = BT_DISCONN;
4022 l2cap_sock_set_timer(sk, HZ / 10);
4023 res = L2CAP_CR_SEC_BLOCK;
4024 stat = L2CAP_CS_NO_INFO;
4027 rsp.scid = cpu_to_le16(chan->dcid);
4028 rsp.dcid = cpu_to_le16(chan->scid);
4029 rsp.result = cpu_to_le16(res);
4030 rsp.status = cpu_to_le16(stat);
4031 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4038 read_unlock(&conn->chan_lock);
4043 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4045 struct l2cap_conn *conn = hcon->l2cap_data;
4048 conn = l2cap_conn_add(hcon, 0);
4053 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4055 if (!(flags & ACL_CONT)) {
4056 struct l2cap_hdr *hdr;
4057 struct l2cap_chan *chan;
4062 BT_ERR("Unexpected start frame (len %d)", skb->len);
4063 kfree_skb(conn->rx_skb);
4064 conn->rx_skb = NULL;
4066 l2cap_conn_unreliable(conn, ECOMM);
4069 /* Start fragment always begin with Basic L2CAP header */
4070 if (skb->len < L2CAP_HDR_SIZE) {
4071 BT_ERR("Frame is too short (len %d)", skb->len);
4072 l2cap_conn_unreliable(conn, ECOMM);
4076 hdr = (struct l2cap_hdr *) skb->data;
4077 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
4078 cid = __le16_to_cpu(hdr->cid);
4080 if (len == skb->len) {
4081 /* Complete frame received */
4082 l2cap_recv_frame(conn, skb);
4086 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4088 if (skb->len > len) {
4089 BT_ERR("Frame is too long (len %d, expected len %d)",
4091 l2cap_conn_unreliable(conn, ECOMM);
4095 chan = l2cap_get_chan_by_scid(conn, cid);
4097 if (chan && chan->sk) {
4098 struct sock *sk = chan->sk;
4100 if (chan->imtu < len - L2CAP_HDR_SIZE) {
4101 BT_ERR("Frame exceeding recv MTU (len %d, "
4105 l2cap_conn_unreliable(conn, ECOMM);
4111 /* Allocate skb for the complete frame (with header) */
4112 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4116 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4118 conn->rx_len = len - skb->len;
4120 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4122 if (!conn->rx_len) {
4123 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4124 l2cap_conn_unreliable(conn, ECOMM);
4128 if (skb->len > conn->rx_len) {
4129 BT_ERR("Fragment is too long (len %d, expected %d)",
4130 skb->len, conn->rx_len);
4131 kfree_skb(conn->rx_skb);
4132 conn->rx_skb = NULL;
4134 l2cap_conn_unreliable(conn, ECOMM);
4138 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4140 conn->rx_len -= skb->len;
4142 if (!conn->rx_len) {
4143 /* Complete frame received */
4144 l2cap_recv_frame(conn, conn->rx_skb);
4145 conn->rx_skb = NULL;
4154 static int l2cap_debugfs_show(struct seq_file *f, void *p)
4156 struct l2cap_chan *c;
4158 read_lock_bh(&chan_list_lock);
4160 list_for_each_entry(c, &chan_list, global_l) {
4161 struct sock *sk = c->sk;
4163 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
4164 batostr(&bt_sk(sk)->src),
4165 batostr(&bt_sk(sk)->dst),
4166 sk->sk_state, __le16_to_cpu(c->psm),
4167 c->scid, c->dcid, c->imtu, c->omtu,
4168 c->sec_level, c->mode);
4171 read_unlock_bh(&chan_list_lock);
4176 static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4178 return single_open(file, l2cap_debugfs_show, inode->i_private);
4181 static const struct file_operations l2cap_debugfs_fops = {
4182 .open = l2cap_debugfs_open,
4184 .llseek = seq_lseek,
4185 .release = single_release,
4188 static struct dentry *l2cap_debugfs;
4190 static struct hci_proto l2cap_hci_proto = {
4192 .id = HCI_PROTO_L2CAP,
4193 .connect_ind = l2cap_connect_ind,
4194 .connect_cfm = l2cap_connect_cfm,
4195 .disconn_ind = l2cap_disconn_ind,
4196 .disconn_cfm = l2cap_disconn_cfm,
4197 .security_cfm = l2cap_security_cfm,
4198 .recv_acldata = l2cap_recv_acldata
4201 int __init l2cap_init(void)
4205 err = l2cap_init_sockets();
4209 _busy_wq = create_singlethread_workqueue("l2cap");
4215 err = hci_register_proto(&l2cap_hci_proto);
4217 BT_ERR("L2CAP protocol registration failed");
4218 bt_sock_unregister(BTPROTO_L2CAP);
4223 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4224 bt_debugfs, NULL, &l2cap_debugfs_fops);
4226 BT_ERR("Failed to create L2CAP debug file");
4232 destroy_workqueue(_busy_wq);
4233 l2cap_cleanup_sockets();
4237 void l2cap_exit(void)
4239 debugfs_remove(l2cap_debugfs);
4241 flush_workqueue(_busy_wq);
4242 destroy_workqueue(_busy_wq);
4244 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4245 BT_ERR("L2CAP protocol unregistration failed");
4247 l2cap_cleanup_sockets();
4250 module_param(disable_ertm, bool, 0644);
4251 MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
git.openpandora.org / pandora-kernel.git / blob