2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP core. */
29 #include <linux/module.h>
31 #include <linux/types.h>
32 #include <linux/capability.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/interrupt.h>
41 #include <linux/socket.h>
42 #include <linux/skbuff.h>
43 #include <linux/list.h>
44 #include <linux/device.h>
45 #include <linux/debugfs.h>
46 #include <linux/seq_file.h>
47 #include <linux/uaccess.h>
48 #include <linux/crc16.h>
51 #include <asm/system.h>
52 #include <asm/unaligned.h>
54 #include <net/bluetooth/bluetooth.h>
55 #include <net/bluetooth/hci_core.h>
56 #include <net/bluetooth/l2cap.h>
60 static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
61 static u8 l2cap_fixed_chan[8] = { 0x02, };
63 static struct workqueue_struct *_busy_wq;
65 struct bt_sock_list l2cap_sk_list = {
66 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
69 static void l2cap_busy_work(struct work_struct *work);
71 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
72 u8 code, u8 ident, u16 dlen, void *data);
74 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
76 /* ---- L2CAP channels ---- */
77 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
80 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
81 if (l2cap_pi(s)->dcid == cid)
87 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
90 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
91 if (l2cap_pi(s)->scid == cid)
97 /* Find channel with given SCID.
98 * Returns locked socket */
99 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
103 s = __l2cap_get_chan_by_scid(l, cid);
106 read_unlock(&l->lock);
110 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
113 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
114 if (l2cap_pi(s)->ident == ident)
120 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
124 s = __l2cap_get_chan_by_ident(l, ident);
127 read_unlock(&l->lock);
131 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
133 u16 cid = L2CAP_CID_DYN_START;
135 for (; cid < L2CAP_CID_DYN_END; cid++) {
136 if (!__l2cap_get_chan_by_scid(l, cid))
143 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
148 l2cap_pi(l->head)->prev_c = sk;
150 l2cap_pi(sk)->next_c = l->head;
151 l2cap_pi(sk)->prev_c = NULL;
155 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
157 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
159 write_lock_bh(&l->lock);
164 l2cap_pi(next)->prev_c = prev;
166 l2cap_pi(prev)->next_c = next;
167 write_unlock_bh(&l->lock);
172 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
174 struct l2cap_chan_list *l = &conn->chan_list;
176 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
177 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
179 conn->disc_reason = 0x13;
181 l2cap_pi(sk)->conn = conn;
183 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
184 if (conn->hcon->type == LE_LINK) {
186 l2cap_pi(sk)->omtu = L2CAP_LE_DEFAULT_MTU;
187 l2cap_pi(sk)->scid = L2CAP_CID_LE_DATA;
188 l2cap_pi(sk)->dcid = L2CAP_CID_LE_DATA;
190 /* Alloc CID for connection-oriented socket */
191 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
192 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
194 } else if (sk->sk_type == SOCK_DGRAM) {
195 /* Connectionless socket */
196 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
197 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
198 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
200 /* Raw socket can send/recv signalling messages only */
201 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
202 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
203 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
206 __l2cap_chan_link(l, sk);
209 bt_accept_enqueue(parent, sk);
213 * Must be called on the locked socket. */
214 void l2cap_chan_del(struct sock *sk, int err)
216 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
217 struct sock *parent = bt_sk(sk)->parent;
219 l2cap_sock_clear_timer(sk);
221 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
224 /* Unlink from channel list */
225 l2cap_chan_unlink(&conn->chan_list, sk);
226 l2cap_pi(sk)->conn = NULL;
227 hci_conn_put(conn->hcon);
230 sk->sk_state = BT_CLOSED;
231 sock_set_flag(sk, SOCK_ZAPPED);
237 bt_accept_unlink(sk);
238 parent->sk_data_ready(parent, 0);
240 sk->sk_state_change(sk);
242 skb_queue_purge(TX_QUEUE(sk));
244 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
245 struct srej_list *l, *tmp;
247 del_timer(&l2cap_pi(sk)->retrans_timer);
248 del_timer(&l2cap_pi(sk)->monitor_timer);
249 del_timer(&l2cap_pi(sk)->ack_timer);
251 skb_queue_purge(SREJ_QUEUE(sk));
252 skb_queue_purge(BUSY_QUEUE(sk));
254 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
261 static inline u8 l2cap_get_auth_type(struct sock *sk)
263 if (sk->sk_type == SOCK_RAW) {
264 switch (l2cap_pi(sk)->sec_level) {
265 case BT_SECURITY_HIGH:
266 return HCI_AT_DEDICATED_BONDING_MITM;
267 case BT_SECURITY_MEDIUM:
268 return HCI_AT_DEDICATED_BONDING;
270 return HCI_AT_NO_BONDING;
272 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
273 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
274 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
276 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
277 return HCI_AT_NO_BONDING_MITM;
279 return HCI_AT_NO_BONDING;
281 switch (l2cap_pi(sk)->sec_level) {
282 case BT_SECURITY_HIGH:
283 return HCI_AT_GENERAL_BONDING_MITM;
284 case BT_SECURITY_MEDIUM:
285 return HCI_AT_GENERAL_BONDING;
287 return HCI_AT_NO_BONDING;
292 /* Service level security */
293 static inline int l2cap_check_security(struct sock *sk)
295 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
298 auth_type = l2cap_get_auth_type(sk);
300 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
304 u8 l2cap_get_ident(struct l2cap_conn *conn)
308 /* Get next available identificator.
309 * 1 - 128 are used by kernel.
310 * 129 - 199 are reserved.
311 * 200 - 254 are used by utilities like l2ping, etc.
314 spin_lock_bh(&conn->lock);
316 if (++conn->tx_ident > 128)
321 spin_unlock_bh(&conn->lock);
326 void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
328 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
331 BT_DBG("code 0x%2.2x", code);
336 if (lmp_no_flush_capable(conn->hcon->hdev))
337 flags = ACL_START_NO_FLUSH;
341 hci_send_acl(conn->hcon, skb, flags);
344 static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
347 struct l2cap_hdr *lh;
348 struct l2cap_conn *conn = pi->conn;
349 struct sock *sk = (struct sock *)pi;
350 int count, hlen = L2CAP_HDR_SIZE + 2;
353 if (sk->sk_state != BT_CONNECTED)
356 if (pi->fcs == L2CAP_FCS_CRC16)
359 BT_DBG("pi %p, control 0x%2.2x", pi, control);
361 count = min_t(unsigned int, conn->mtu, hlen);
362 control |= L2CAP_CTRL_FRAME_TYPE;
364 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
365 control |= L2CAP_CTRL_FINAL;
366 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
369 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
370 control |= L2CAP_CTRL_POLL;
371 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
374 skb = bt_skb_alloc(count, GFP_ATOMIC);
378 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
379 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
380 lh->cid = cpu_to_le16(pi->dcid);
381 put_unaligned_le16(control, skb_put(skb, 2));
383 if (pi->fcs == L2CAP_FCS_CRC16) {
384 u16 fcs = crc16(0, (u8 *)lh, count - 2);
385 put_unaligned_le16(fcs, skb_put(skb, 2));
388 if (lmp_no_flush_capable(conn->hcon->hdev))
389 flags = ACL_START_NO_FLUSH;
393 hci_send_acl(pi->conn->hcon, skb, flags);
396 static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
398 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
399 control |= L2CAP_SUPER_RCV_NOT_READY;
400 pi->conn_state |= L2CAP_CONN_RNR_SENT;
402 control |= L2CAP_SUPER_RCV_READY;
404 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
406 l2cap_send_sframe(pi, control);
409 static inline int __l2cap_no_conn_pending(struct sock *sk)
411 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND);
414 static void l2cap_do_start(struct sock *sk)
416 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
418 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
419 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
422 if (l2cap_check_security(sk) && __l2cap_no_conn_pending(sk)) {
423 struct l2cap_conn_req req;
424 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
425 req.psm = l2cap_pi(sk)->psm;
427 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
428 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
430 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
431 L2CAP_CONN_REQ, sizeof(req), &req);
434 struct l2cap_info_req req;
435 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
437 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
438 conn->info_ident = l2cap_get_ident(conn);
440 mod_timer(&conn->info_timer, jiffies +
441 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
443 l2cap_send_cmd(conn, conn->info_ident,
444 L2CAP_INFO_REQ, sizeof(req), &req);
448 static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
450 u32 local_feat_mask = l2cap_feat_mask;
452 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
455 case L2CAP_MODE_ERTM:
456 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
457 case L2CAP_MODE_STREAMING:
458 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
464 void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
466 struct l2cap_disconn_req req;
471 skb_queue_purge(TX_QUEUE(sk));
473 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
474 del_timer(&l2cap_pi(sk)->retrans_timer);
475 del_timer(&l2cap_pi(sk)->monitor_timer);
476 del_timer(&l2cap_pi(sk)->ack_timer);
479 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
480 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
481 l2cap_send_cmd(conn, l2cap_get_ident(conn),
482 L2CAP_DISCONN_REQ, sizeof(req), &req);
484 sk->sk_state = BT_DISCONN;
488 /* ---- L2CAP connections ---- */
489 static void l2cap_conn_start(struct l2cap_conn *conn)
491 struct l2cap_chan_list *l = &conn->chan_list;
492 struct sock_del_list del, *tmp1, *tmp2;
495 BT_DBG("conn %p", conn);
497 INIT_LIST_HEAD(&del.list);
501 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
504 if (sk->sk_type != SOCK_SEQPACKET &&
505 sk->sk_type != SOCK_STREAM) {
510 if (sk->sk_state == BT_CONNECT) {
511 struct l2cap_conn_req req;
513 if (!l2cap_check_security(sk) ||
514 !__l2cap_no_conn_pending(sk)) {
519 if (!l2cap_mode_supported(l2cap_pi(sk)->mode,
521 && l2cap_pi(sk)->conf_state &
522 L2CAP_CONF_STATE2_DEVICE) {
523 tmp1 = kzalloc(sizeof(struct sock_del_list),
526 list_add_tail(&tmp1->list, &del.list);
531 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
532 req.psm = l2cap_pi(sk)->psm;
534 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
535 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
537 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
538 L2CAP_CONN_REQ, sizeof(req), &req);
540 } else if (sk->sk_state == BT_CONNECT2) {
541 struct l2cap_conn_rsp rsp;
543 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
544 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
546 if (l2cap_check_security(sk)) {
547 if (bt_sk(sk)->defer_setup) {
548 struct sock *parent = bt_sk(sk)->parent;
549 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
550 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
551 parent->sk_data_ready(parent, 0);
554 sk->sk_state = BT_CONFIG;
555 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
556 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
559 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
560 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
563 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
564 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
566 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT ||
567 rsp.result != L2CAP_CR_SUCCESS) {
572 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
573 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
574 l2cap_build_conf_req(sk, buf), buf);
575 l2cap_pi(sk)->num_conf_req++;
581 read_unlock(&l->lock);
583 list_for_each_entry_safe(tmp1, tmp2, &del.list, list) {
584 bh_lock_sock(tmp1->sk);
585 __l2cap_sock_close(tmp1->sk, ECONNRESET);
586 bh_unlock_sock(tmp1->sk);
587 list_del(&tmp1->list);
592 /* Find socket with cid and source bdaddr.
593 * Returns closest match, locked.
595 static struct sock *l2cap_get_sock_by_scid(int state, __le16 cid, bdaddr_t *src)
597 struct sock *s, *sk = NULL, *sk1 = NULL;
598 struct hlist_node *node;
600 read_lock(&l2cap_sk_list.lock);
602 sk_for_each(sk, node, &l2cap_sk_list.head) {
603 if (state && sk->sk_state != state)
606 if (l2cap_pi(sk)->scid == cid) {
608 if (!bacmp(&bt_sk(sk)->src, src))
612 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
619 read_unlock(&l2cap_sk_list.lock);
624 static void l2cap_le_conn_ready(struct l2cap_conn *conn)
626 struct l2cap_chan_list *list = &conn->chan_list;
627 struct sock *parent, *uninitialized_var(sk);
631 /* Check if we have socket listening on cid */
632 parent = l2cap_get_sock_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
637 /* Check for backlog size */
638 if (sk_acceptq_is_full(parent)) {
639 BT_DBG("backlog full %d", parent->sk_ack_backlog);
643 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
647 write_lock_bh(&list->lock);
649 hci_conn_hold(conn->hcon);
651 l2cap_sock_init(sk, parent);
652 bacpy(&bt_sk(sk)->src, conn->src);
653 bacpy(&bt_sk(sk)->dst, conn->dst);
655 __l2cap_chan_add(conn, sk, parent);
657 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
659 sk->sk_state = BT_CONNECTED;
660 parent->sk_data_ready(parent, 0);
662 write_unlock_bh(&list->lock);
665 bh_unlock_sock(parent);
668 static void l2cap_conn_ready(struct l2cap_conn *conn)
670 struct l2cap_chan_list *l = &conn->chan_list;
673 BT_DBG("conn %p", conn);
675 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
676 l2cap_le_conn_ready(conn);
680 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
683 if (conn->hcon->type == LE_LINK) {
684 l2cap_sock_clear_timer(sk);
685 sk->sk_state = BT_CONNECTED;
686 sk->sk_state_change(sk);
689 if (sk->sk_type != SOCK_SEQPACKET &&
690 sk->sk_type != SOCK_STREAM) {
691 l2cap_sock_clear_timer(sk);
692 sk->sk_state = BT_CONNECTED;
693 sk->sk_state_change(sk);
694 } else if (sk->sk_state == BT_CONNECT)
700 read_unlock(&l->lock);
703 /* Notify sockets that we cannot guaranty reliability anymore */
704 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
706 struct l2cap_chan_list *l = &conn->chan_list;
709 BT_DBG("conn %p", conn);
713 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
714 if (l2cap_pi(sk)->force_reliable)
718 read_unlock(&l->lock);
721 static void l2cap_info_timeout(unsigned long arg)
723 struct l2cap_conn *conn = (void *) arg;
725 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
726 conn->info_ident = 0;
728 l2cap_conn_start(conn);
731 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
733 struct l2cap_conn *conn = hcon->l2cap_data;
738 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
742 hcon->l2cap_data = conn;
745 BT_DBG("hcon %p conn %p", hcon, conn);
747 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
748 conn->mtu = hcon->hdev->le_mtu;
750 conn->mtu = hcon->hdev->acl_mtu;
752 conn->src = &hcon->hdev->bdaddr;
753 conn->dst = &hcon->dst;
757 spin_lock_init(&conn->lock);
758 rwlock_init(&conn->chan_list.lock);
760 if (hcon->type != LE_LINK)
761 setup_timer(&conn->info_timer, l2cap_info_timeout,
762 (unsigned long) conn);
764 conn->disc_reason = 0x13;
769 static void l2cap_conn_del(struct hci_conn *hcon, int err)
771 struct l2cap_conn *conn = hcon->l2cap_data;
777 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
779 kfree_skb(conn->rx_skb);
782 while ((sk = conn->chan_list.head)) {
784 l2cap_chan_del(sk, err);
789 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
790 del_timer_sync(&conn->info_timer);
792 hcon->l2cap_data = NULL;
796 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
798 struct l2cap_chan_list *l = &conn->chan_list;
799 write_lock_bh(&l->lock);
800 __l2cap_chan_add(conn, sk, parent);
801 write_unlock_bh(&l->lock);
804 /* ---- Socket interface ---- */
806 /* Find socket with psm and source bdaddr.
807 * Returns closest match.
809 static struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
811 struct sock *sk = NULL, *sk1 = NULL;
812 struct hlist_node *node;
814 read_lock(&l2cap_sk_list.lock);
816 sk_for_each(sk, node, &l2cap_sk_list.head) {
817 if (state && sk->sk_state != state)
820 if (l2cap_pi(sk)->psm == psm) {
822 if (!bacmp(&bt_sk(sk)->src, src))
826 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
831 read_unlock(&l2cap_sk_list.lock);
833 return node ? sk : sk1;
836 int l2cap_do_connect(struct sock *sk)
838 bdaddr_t *src = &bt_sk(sk)->src;
839 bdaddr_t *dst = &bt_sk(sk)->dst;
840 struct l2cap_conn *conn;
841 struct hci_conn *hcon;
842 struct hci_dev *hdev;
846 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
849 hdev = hci_get_route(dst, src);
851 return -EHOSTUNREACH;
853 hci_dev_lock_bh(hdev);
855 auth_type = l2cap_get_auth_type(sk);
857 if (l2cap_pi(sk)->dcid == L2CAP_CID_LE_DATA)
858 hcon = hci_connect(hdev, LE_LINK, dst,
859 l2cap_pi(sk)->sec_level, auth_type);
861 hcon = hci_connect(hdev, ACL_LINK, dst,
862 l2cap_pi(sk)->sec_level, auth_type);
869 conn = l2cap_conn_add(hcon, 0);
876 /* Update source addr of the socket */
877 bacpy(src, conn->src);
879 l2cap_chan_add(conn, sk, NULL);
881 sk->sk_state = BT_CONNECT;
882 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
884 if (hcon->state == BT_CONNECTED) {
885 if (sk->sk_type != SOCK_SEQPACKET &&
886 sk->sk_type != SOCK_STREAM) {
887 l2cap_sock_clear_timer(sk);
888 if (l2cap_check_security(sk))
889 sk->sk_state = BT_CONNECTED;
897 hci_dev_unlock_bh(hdev);
902 int __l2cap_wait_ack(struct sock *sk)
904 DECLARE_WAITQUEUE(wait, current);
908 add_wait_queue(sk_sleep(sk), &wait);
909 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
910 set_current_state(TASK_INTERRUPTIBLE);
915 if (signal_pending(current)) {
916 err = sock_intr_errno(timeo);
921 timeo = schedule_timeout(timeo);
924 err = sock_error(sk);
928 set_current_state(TASK_RUNNING);
929 remove_wait_queue(sk_sleep(sk), &wait);
933 static void l2cap_monitor_timeout(unsigned long arg)
935 struct sock *sk = (void *) arg;
940 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
941 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED);
946 l2cap_pi(sk)->retry_count++;
947 __mod_monitor_timer();
949 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
953 static void l2cap_retrans_timeout(unsigned long arg)
955 struct sock *sk = (void *) arg;
960 l2cap_pi(sk)->retry_count = 1;
961 __mod_monitor_timer();
963 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
965 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
969 static void l2cap_drop_acked_frames(struct sock *sk)
973 while ((skb = skb_peek(TX_QUEUE(sk))) &&
974 l2cap_pi(sk)->unacked_frames) {
975 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
978 skb = skb_dequeue(TX_QUEUE(sk));
981 l2cap_pi(sk)->unacked_frames--;
984 if (!l2cap_pi(sk)->unacked_frames)
985 del_timer(&l2cap_pi(sk)->retrans_timer);
988 void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
990 struct l2cap_pinfo *pi = l2cap_pi(sk);
991 struct hci_conn *hcon = pi->conn->hcon;
994 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
996 if (!pi->flushable && lmp_no_flush_capable(hcon->hdev))
997 flags = ACL_START_NO_FLUSH;
1001 hci_send_acl(hcon, skb, flags);
1004 void l2cap_streaming_send(struct sock *sk)
1006 struct sk_buff *skb;
1007 struct l2cap_pinfo *pi = l2cap_pi(sk);
1010 while ((skb = skb_dequeue(TX_QUEUE(sk)))) {
1011 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
1012 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1013 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
1015 if (pi->fcs == L2CAP_FCS_CRC16) {
1016 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1017 put_unaligned_le16(fcs, skb->data + skb->len - 2);
1020 l2cap_do_send(sk, skb);
1022 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1026 static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1028 struct l2cap_pinfo *pi = l2cap_pi(sk);
1029 struct sk_buff *skb, *tx_skb;
1032 skb = skb_peek(TX_QUEUE(sk));
1037 if (bt_cb(skb)->tx_seq == tx_seq)
1040 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1043 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb)));
1045 if (pi->remote_max_tx &&
1046 bt_cb(skb)->retries == pi->remote_max_tx) {
1047 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1051 tx_skb = skb_clone(skb, GFP_ATOMIC);
1052 bt_cb(skb)->retries++;
1053 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1055 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1056 control |= L2CAP_CTRL_FINAL;
1057 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1060 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1061 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1063 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1065 if (pi->fcs == L2CAP_FCS_CRC16) {
1066 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1067 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1070 l2cap_do_send(sk, tx_skb);
1073 int l2cap_ertm_send(struct sock *sk)
1075 struct sk_buff *skb, *tx_skb;
1076 struct l2cap_pinfo *pi = l2cap_pi(sk);
1080 if (sk->sk_state != BT_CONNECTED)
1083 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))) {
1085 if (pi->remote_max_tx &&
1086 bt_cb(skb)->retries == pi->remote_max_tx) {
1087 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1091 tx_skb = skb_clone(skb, GFP_ATOMIC);
1093 bt_cb(skb)->retries++;
1095 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1096 control &= L2CAP_CTRL_SAR;
1098 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1099 control |= L2CAP_CTRL_FINAL;
1100 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1102 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1103 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1104 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1107 if (pi->fcs == L2CAP_FCS_CRC16) {
1108 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1109 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1112 l2cap_do_send(sk, tx_skb);
1114 __mod_retrans_timer();
1116 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1117 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1119 if (bt_cb(skb)->retries == 1)
1120 pi->unacked_frames++;
1124 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1125 sk->sk_send_head = NULL;
1127 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1135 static int l2cap_retransmit_frames(struct sock *sk)
1137 struct l2cap_pinfo *pi = l2cap_pi(sk);
1140 if (!skb_queue_empty(TX_QUEUE(sk)))
1141 sk->sk_send_head = TX_QUEUE(sk)->next;
1143 pi->next_tx_seq = pi->expected_ack_seq;
1144 ret = l2cap_ertm_send(sk);
1148 static void l2cap_send_ack(struct l2cap_pinfo *pi)
1150 struct sock *sk = (struct sock *)pi;
1153 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1155 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1156 control |= L2CAP_SUPER_RCV_NOT_READY;
1157 pi->conn_state |= L2CAP_CONN_RNR_SENT;
1158 l2cap_send_sframe(pi, control);
1162 if (l2cap_ertm_send(sk) > 0)
1165 control |= L2CAP_SUPER_RCV_READY;
1166 l2cap_send_sframe(pi, control);
1169 static void l2cap_send_srejtail(struct sock *sk)
1171 struct srej_list *tail;
1174 control = L2CAP_SUPER_SELECT_REJECT;
1175 control |= L2CAP_CTRL_FINAL;
1177 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list);
1178 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1180 l2cap_send_sframe(l2cap_pi(sk), control);
1183 static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1185 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1186 struct sk_buff **frag;
1189 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1195 /* Continuation fragments (no L2CAP header) */
1196 frag = &skb_shinfo(skb)->frag_list;
1198 count = min_t(unsigned int, conn->mtu, len);
1200 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1203 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1209 frag = &(*frag)->next;
1215 struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1217 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1218 struct sk_buff *skb;
1219 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1220 struct l2cap_hdr *lh;
1222 BT_DBG("sk %p len %d", sk, (int)len);
1224 count = min_t(unsigned int, (conn->mtu - hlen), len);
1225 skb = bt_skb_send_alloc(sk, count + hlen,
1226 msg->msg_flags & MSG_DONTWAIT, &err);
1228 return ERR_PTR(err);
1230 /* Create L2CAP header */
1231 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1232 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1233 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1234 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1236 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1237 if (unlikely(err < 0)) {
1239 return ERR_PTR(err);
1244 struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1246 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1247 struct sk_buff *skb;
1248 int err, count, hlen = L2CAP_HDR_SIZE;
1249 struct l2cap_hdr *lh;
1251 BT_DBG("sk %p len %d", sk, (int)len);
1253 count = min_t(unsigned int, (conn->mtu - hlen), len);
1254 skb = bt_skb_send_alloc(sk, count + hlen,
1255 msg->msg_flags & MSG_DONTWAIT, &err);
1257 return ERR_PTR(err);
1259 /* Create L2CAP header */
1260 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1261 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1262 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1264 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1265 if (unlikely(err < 0)) {
1267 return ERR_PTR(err);
1272 struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1274 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1275 struct sk_buff *skb;
1276 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1277 struct l2cap_hdr *lh;
1279 BT_DBG("sk %p len %d", sk, (int)len);
1282 return ERR_PTR(-ENOTCONN);
1287 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1290 count = min_t(unsigned int, (conn->mtu - hlen), len);
1291 skb = bt_skb_send_alloc(sk, count + hlen,
1292 msg->msg_flags & MSG_DONTWAIT, &err);
1294 return ERR_PTR(err);
1296 /* Create L2CAP header */
1297 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1298 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1299 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1300 put_unaligned_le16(control, skb_put(skb, 2));
1302 put_unaligned_le16(sdulen, skb_put(skb, 2));
1304 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1305 if (unlikely(err < 0)) {
1307 return ERR_PTR(err);
1310 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1311 put_unaligned_le16(0, skb_put(skb, 2));
1313 bt_cb(skb)->retries = 0;
1317 int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1319 struct l2cap_pinfo *pi = l2cap_pi(sk);
1320 struct sk_buff *skb;
1321 struct sk_buff_head sar_queue;
1325 skb_queue_head_init(&sar_queue);
1326 control = L2CAP_SDU_START;
1327 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
1329 return PTR_ERR(skb);
1331 __skb_queue_tail(&sar_queue, skb);
1332 len -= pi->remote_mps;
1333 size += pi->remote_mps;
1338 if (len > pi->remote_mps) {
1339 control = L2CAP_SDU_CONTINUE;
1340 buflen = pi->remote_mps;
1342 control = L2CAP_SDU_END;
1346 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
1348 skb_queue_purge(&sar_queue);
1349 return PTR_ERR(skb);
1352 __skb_queue_tail(&sar_queue, skb);
1356 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1357 if (sk->sk_send_head == NULL)
1358 sk->sk_send_head = sar_queue.next;
1363 static void l2cap_chan_ready(struct sock *sk)
1365 struct sock *parent = bt_sk(sk)->parent;
1367 BT_DBG("sk %p, parent %p", sk, parent);
1369 l2cap_pi(sk)->conf_state = 0;
1370 l2cap_sock_clear_timer(sk);
1373 /* Outgoing channel.
1374 * Wake up socket sleeping on connect.
1376 sk->sk_state = BT_CONNECTED;
1377 sk->sk_state_change(sk);
1379 /* Incoming channel.
1380 * Wake up socket sleeping on accept.
1382 parent->sk_data_ready(parent, 0);
1386 /* Copy frame to all raw sockets on that connection */
1387 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1389 struct l2cap_chan_list *l = &conn->chan_list;
1390 struct sk_buff *nskb;
1393 BT_DBG("conn %p", conn);
1395 read_lock(&l->lock);
1396 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1397 if (sk->sk_type != SOCK_RAW)
1400 /* Don't send frame to the socket it came from */
1403 nskb = skb_clone(skb, GFP_ATOMIC);
1407 if (sock_queue_rcv_skb(sk, nskb))
1410 read_unlock(&l->lock);
1413 /* ---- L2CAP signalling commands ---- */
1414 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1415 u8 code, u8 ident, u16 dlen, void *data)
1417 struct sk_buff *skb, **frag;
1418 struct l2cap_cmd_hdr *cmd;
1419 struct l2cap_hdr *lh;
1422 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1423 conn, code, ident, dlen);
1425 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1426 count = min_t(unsigned int, conn->mtu, len);
1428 skb = bt_skb_alloc(count, GFP_ATOMIC);
1432 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1433 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1435 if (conn->hcon->type == LE_LINK)
1436 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1438 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1440 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1443 cmd->len = cpu_to_le16(dlen);
1446 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1447 memcpy(skb_put(skb, count), data, count);
1453 /* Continuation fragments (no L2CAP header) */
1454 frag = &skb_shinfo(skb)->frag_list;
1456 count = min_t(unsigned int, conn->mtu, len);
1458 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1462 memcpy(skb_put(*frag, count), data, count);
1467 frag = &(*frag)->next;
1477 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1479 struct l2cap_conf_opt *opt = *ptr;
1482 len = L2CAP_CONF_OPT_SIZE + opt->len;
1490 *val = *((u8 *) opt->val);
1494 *val = get_unaligned_le16(opt->val);
1498 *val = get_unaligned_le32(opt->val);
1502 *val = (unsigned long) opt->val;
1506 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1510 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1512 struct l2cap_conf_opt *opt = *ptr;
1514 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1521 *((u8 *) opt->val) = val;
1525 put_unaligned_le16(val, opt->val);
1529 put_unaligned_le32(val, opt->val);
1533 memcpy(opt->val, (void *) val, len);
1537 *ptr += L2CAP_CONF_OPT_SIZE + len;
1540 static void l2cap_ack_timeout(unsigned long arg)
1542 struct sock *sk = (void *) arg;
1545 l2cap_send_ack(l2cap_pi(sk));
1549 static inline void l2cap_ertm_init(struct sock *sk)
1551 l2cap_pi(sk)->expected_ack_seq = 0;
1552 l2cap_pi(sk)->unacked_frames = 0;
1553 l2cap_pi(sk)->buffer_seq = 0;
1554 l2cap_pi(sk)->num_acked = 0;
1555 l2cap_pi(sk)->frames_sent = 0;
1557 setup_timer(&l2cap_pi(sk)->retrans_timer,
1558 l2cap_retrans_timeout, (unsigned long) sk);
1559 setup_timer(&l2cap_pi(sk)->monitor_timer,
1560 l2cap_monitor_timeout, (unsigned long) sk);
1561 setup_timer(&l2cap_pi(sk)->ack_timer,
1562 l2cap_ack_timeout, (unsigned long) sk);
1564 __skb_queue_head_init(SREJ_QUEUE(sk));
1565 __skb_queue_head_init(BUSY_QUEUE(sk));
1567 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work);
1569 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
1572 static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1575 case L2CAP_MODE_STREAMING:
1576 case L2CAP_MODE_ERTM:
1577 if (l2cap_mode_supported(mode, remote_feat_mask))
1581 return L2CAP_MODE_BASIC;
1585 int l2cap_build_conf_req(struct sock *sk, void *data)
1587 struct l2cap_pinfo *pi = l2cap_pi(sk);
1588 struct l2cap_conf_req *req = data;
1589 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
1590 void *ptr = req->data;
1592 BT_DBG("sk %p", sk);
1594 if (pi->num_conf_req || pi->num_conf_rsp)
1598 case L2CAP_MODE_STREAMING:
1599 case L2CAP_MODE_ERTM:
1600 if (pi->conf_state & L2CAP_CONF_STATE2_DEVICE)
1605 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
1610 if (pi->imtu != L2CAP_DEFAULT_MTU)
1611 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1614 case L2CAP_MODE_BASIC:
1615 if (!(pi->conn->feat_mask & L2CAP_FEAT_ERTM) &&
1616 !(pi->conn->feat_mask & L2CAP_FEAT_STREAMING))
1619 rfc.mode = L2CAP_MODE_BASIC;
1621 rfc.max_transmit = 0;
1622 rfc.retrans_timeout = 0;
1623 rfc.monitor_timeout = 0;
1624 rfc.max_pdu_size = 0;
1626 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1627 (unsigned long) &rfc);
1630 case L2CAP_MODE_ERTM:
1631 rfc.mode = L2CAP_MODE_ERTM;
1632 rfc.txwin_size = pi->tx_win;
1633 rfc.max_transmit = pi->max_tx;
1634 rfc.retrans_timeout = 0;
1635 rfc.monitor_timeout = 0;
1636 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
1637 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
1638 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1640 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1641 (unsigned long) &rfc);
1643 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
1646 if (pi->fcs == L2CAP_FCS_NONE ||
1647 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
1648 pi->fcs = L2CAP_FCS_NONE;
1649 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
1653 case L2CAP_MODE_STREAMING:
1654 rfc.mode = L2CAP_MODE_STREAMING;
1656 rfc.max_transmit = 0;
1657 rfc.retrans_timeout = 0;
1658 rfc.monitor_timeout = 0;
1659 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
1660 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
1661 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1663 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1664 (unsigned long) &rfc);
1666 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
1669 if (pi->fcs == L2CAP_FCS_NONE ||
1670 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
1671 pi->fcs = L2CAP_FCS_NONE;
1672 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
1677 req->dcid = cpu_to_le16(pi->dcid);
1678 req->flags = cpu_to_le16(0);
1683 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1685 struct l2cap_pinfo *pi = l2cap_pi(sk);
1686 struct l2cap_conf_rsp *rsp = data;
1687 void *ptr = rsp->data;
1688 void *req = pi->conf_req;
1689 int len = pi->conf_len;
1690 int type, hint, olen;
1692 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1693 u16 mtu = L2CAP_DEFAULT_MTU;
1694 u16 result = L2CAP_CONF_SUCCESS;
1696 BT_DBG("sk %p", sk);
1698 while (len >= L2CAP_CONF_OPT_SIZE) {
1699 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1701 hint = type & L2CAP_CONF_HINT;
1702 type &= L2CAP_CONF_MASK;
1705 case L2CAP_CONF_MTU:
1709 case L2CAP_CONF_FLUSH_TO:
1713 case L2CAP_CONF_QOS:
1716 case L2CAP_CONF_RFC:
1717 if (olen == sizeof(rfc))
1718 memcpy(&rfc, (void *) val, olen);
1721 case L2CAP_CONF_FCS:
1722 if (val == L2CAP_FCS_NONE)
1723 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
1731 result = L2CAP_CONF_UNKNOWN;
1732 *((u8 *) ptr++) = type;
1737 if (pi->num_conf_rsp || pi->num_conf_req > 1)
1741 case L2CAP_MODE_STREAMING:
1742 case L2CAP_MODE_ERTM:
1743 if (!(pi->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
1744 pi->mode = l2cap_select_mode(rfc.mode,
1745 pi->conn->feat_mask);
1749 if (pi->mode != rfc.mode)
1750 return -ECONNREFUSED;
1756 if (pi->mode != rfc.mode) {
1757 result = L2CAP_CONF_UNACCEPT;
1758 rfc.mode = pi->mode;
1760 if (pi->num_conf_rsp == 1)
1761 return -ECONNREFUSED;
1763 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1764 sizeof(rfc), (unsigned long) &rfc);
1768 if (result == L2CAP_CONF_SUCCESS) {
1769 /* Configure output options and let the other side know
1770 * which ones we don't like. */
1772 if (mtu < L2CAP_DEFAULT_MIN_MTU)
1773 result = L2CAP_CONF_UNACCEPT;
1776 pi->conf_state |= L2CAP_CONF_MTU_DONE;
1778 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1781 case L2CAP_MODE_BASIC:
1782 pi->fcs = L2CAP_FCS_NONE;
1783 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1786 case L2CAP_MODE_ERTM:
1787 pi->remote_tx_win = rfc.txwin_size;
1788 pi->remote_max_tx = rfc.max_transmit;
1790 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
1791 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1793 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1795 rfc.retrans_timeout =
1796 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
1797 rfc.monitor_timeout =
1798 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
1800 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1802 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1803 sizeof(rfc), (unsigned long) &rfc);
1807 case L2CAP_MODE_STREAMING:
1808 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
1809 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1811 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1813 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1815 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1816 sizeof(rfc), (unsigned long) &rfc);
1821 result = L2CAP_CONF_UNACCEPT;
1823 memset(&rfc, 0, sizeof(rfc));
1824 rfc.mode = pi->mode;
1827 if (result == L2CAP_CONF_SUCCESS)
1828 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1830 rsp->scid = cpu_to_le16(pi->dcid);
1831 rsp->result = cpu_to_le16(result);
1832 rsp->flags = cpu_to_le16(0x0000);
1837 static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
1839 struct l2cap_pinfo *pi = l2cap_pi(sk);
1840 struct l2cap_conf_req *req = data;
1841 void *ptr = req->data;
1844 struct l2cap_conf_rfc rfc;
1846 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
1848 while (len >= L2CAP_CONF_OPT_SIZE) {
1849 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
1852 case L2CAP_CONF_MTU:
1853 if (val < L2CAP_DEFAULT_MIN_MTU) {
1854 *result = L2CAP_CONF_UNACCEPT;
1855 pi->imtu = L2CAP_DEFAULT_MIN_MTU;
1858 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1861 case L2CAP_CONF_FLUSH_TO:
1863 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
1867 case L2CAP_CONF_RFC:
1868 if (olen == sizeof(rfc))
1869 memcpy(&rfc, (void *)val, olen);
1871 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
1872 rfc.mode != pi->mode)
1873 return -ECONNREFUSED;
1877 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1878 sizeof(rfc), (unsigned long) &rfc);
1883 if (pi->mode == L2CAP_MODE_BASIC && pi->mode != rfc.mode)
1884 return -ECONNREFUSED;
1886 pi->mode = rfc.mode;
1888 if (*result == L2CAP_CONF_SUCCESS) {
1890 case L2CAP_MODE_ERTM:
1891 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
1892 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
1893 pi->mps = le16_to_cpu(rfc.max_pdu_size);
1895 case L2CAP_MODE_STREAMING:
1896 pi->mps = le16_to_cpu(rfc.max_pdu_size);
1900 req->dcid = cpu_to_le16(pi->dcid);
1901 req->flags = cpu_to_le16(0x0000);
1906 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1908 struct l2cap_conf_rsp *rsp = data;
1909 void *ptr = rsp->data;
1911 BT_DBG("sk %p", sk);
1913 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1914 rsp->result = cpu_to_le16(result);
1915 rsp->flags = cpu_to_le16(flags);
1920 static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
1922 struct l2cap_pinfo *pi = l2cap_pi(sk);
1925 struct l2cap_conf_rfc rfc;
1927 BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len);
1929 if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING))
1932 while (len >= L2CAP_CONF_OPT_SIZE) {
1933 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
1936 case L2CAP_CONF_RFC:
1937 if (olen == sizeof(rfc))
1938 memcpy(&rfc, (void *)val, olen);
1945 case L2CAP_MODE_ERTM:
1946 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
1947 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
1948 pi->mps = le16_to_cpu(rfc.max_pdu_size);
1950 case L2CAP_MODE_STREAMING:
1951 pi->mps = le16_to_cpu(rfc.max_pdu_size);
1955 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1957 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1959 if (rej->reason != 0x0000)
1962 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1963 cmd->ident == conn->info_ident) {
1964 del_timer(&conn->info_timer);
1966 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
1967 conn->info_ident = 0;
1969 l2cap_conn_start(conn);
1975 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1977 struct l2cap_chan_list *list = &conn->chan_list;
1978 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1979 struct l2cap_conn_rsp rsp;
1980 struct sock *parent, *sk = NULL;
1981 int result, status = L2CAP_CS_NO_INFO;
1983 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1984 __le16 psm = req->psm;
1986 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1988 /* Check if we have socket listening on psm */
1989 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1991 result = L2CAP_CR_BAD_PSM;
1995 bh_lock_sock(parent);
1997 /* Check if the ACL is secure enough (if not SDP) */
1998 if (psm != cpu_to_le16(0x0001) &&
1999 !hci_conn_check_link_mode(conn->hcon)) {
2000 conn->disc_reason = 0x05;
2001 result = L2CAP_CR_SEC_BLOCK;
2005 result = L2CAP_CR_NO_MEM;
2007 /* Check for backlog size */
2008 if (sk_acceptq_is_full(parent)) {
2009 BT_DBG("backlog full %d", parent->sk_ack_backlog);
2013 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
2017 write_lock_bh(&list->lock);
2019 /* Check if we already have channel with that dcid */
2020 if (__l2cap_get_chan_by_dcid(list, scid)) {
2021 write_unlock_bh(&list->lock);
2022 sock_set_flag(sk, SOCK_ZAPPED);
2023 l2cap_sock_kill(sk);
2027 hci_conn_hold(conn->hcon);
2029 l2cap_sock_init(sk, parent);
2030 bacpy(&bt_sk(sk)->src, conn->src);
2031 bacpy(&bt_sk(sk)->dst, conn->dst);
2032 l2cap_pi(sk)->psm = psm;
2033 l2cap_pi(sk)->dcid = scid;
2035 __l2cap_chan_add(conn, sk, parent);
2036 dcid = l2cap_pi(sk)->scid;
2038 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2040 l2cap_pi(sk)->ident = cmd->ident;
2042 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2043 if (l2cap_check_security(sk)) {
2044 if (bt_sk(sk)->defer_setup) {
2045 sk->sk_state = BT_CONNECT2;
2046 result = L2CAP_CR_PEND;
2047 status = L2CAP_CS_AUTHOR_PEND;
2048 parent->sk_data_ready(parent, 0);
2050 sk->sk_state = BT_CONFIG;
2051 result = L2CAP_CR_SUCCESS;
2052 status = L2CAP_CS_NO_INFO;
2055 sk->sk_state = BT_CONNECT2;
2056 result = L2CAP_CR_PEND;
2057 status = L2CAP_CS_AUTHEN_PEND;
2060 sk->sk_state = BT_CONNECT2;
2061 result = L2CAP_CR_PEND;
2062 status = L2CAP_CS_NO_INFO;
2065 write_unlock_bh(&list->lock);
2068 bh_unlock_sock(parent);
2071 rsp.scid = cpu_to_le16(scid);
2072 rsp.dcid = cpu_to_le16(dcid);
2073 rsp.result = cpu_to_le16(result);
2074 rsp.status = cpu_to_le16(status);
2075 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2077 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2078 struct l2cap_info_req info;
2079 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2081 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2082 conn->info_ident = l2cap_get_ident(conn);
2084 mod_timer(&conn->info_timer, jiffies +
2085 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2087 l2cap_send_cmd(conn, conn->info_ident,
2088 L2CAP_INFO_REQ, sizeof(info), &info);
2091 if (sk && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) &&
2092 result == L2CAP_CR_SUCCESS) {
2094 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2095 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2096 l2cap_build_conf_req(sk, buf), buf);
2097 l2cap_pi(sk)->num_conf_req++;
2103 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2105 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2106 u16 scid, dcid, result, status;
2110 scid = __le16_to_cpu(rsp->scid);
2111 dcid = __le16_to_cpu(rsp->dcid);
2112 result = __le16_to_cpu(rsp->result);
2113 status = __le16_to_cpu(rsp->status);
2115 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2118 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2122 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
2128 case L2CAP_CR_SUCCESS:
2129 sk->sk_state = BT_CONFIG;
2130 l2cap_pi(sk)->ident = 0;
2131 l2cap_pi(sk)->dcid = dcid;
2132 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2134 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)
2137 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2139 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2140 l2cap_build_conf_req(sk, req), req);
2141 l2cap_pi(sk)->num_conf_req++;
2145 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
2149 /* don't delete l2cap channel if sk is owned by user */
2150 if (sock_owned_by_user(sk)) {
2151 sk->sk_state = BT_DISCONN;
2152 l2cap_sock_clear_timer(sk);
2153 l2cap_sock_set_timer(sk, HZ / 5);
2157 l2cap_chan_del(sk, ECONNREFUSED);
2165 static inline void set_default_fcs(struct l2cap_pinfo *pi)
2167 /* FCS is enabled only in ERTM or streaming mode, if one or both
2170 if (pi->mode != L2CAP_MODE_ERTM && pi->mode != L2CAP_MODE_STREAMING)
2171 pi->fcs = L2CAP_FCS_NONE;
2172 else if (!(pi->conf_state & L2CAP_CONF_NO_FCS_RECV))
2173 pi->fcs = L2CAP_FCS_CRC16;
2176 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2178 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2184 dcid = __le16_to_cpu(req->dcid);
2185 flags = __le16_to_cpu(req->flags);
2187 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2189 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2193 if (sk->sk_state != BT_CONFIG) {
2194 struct l2cap_cmd_rej rej;
2196 rej.reason = cpu_to_le16(0x0002);
2197 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2202 /* Reject if config buffer is too small. */
2203 len = cmd_len - sizeof(*req);
2204 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2205 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2206 l2cap_build_conf_rsp(sk, rsp,
2207 L2CAP_CONF_REJECT, flags), rsp);
2212 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2213 l2cap_pi(sk)->conf_len += len;
2215 if (flags & 0x0001) {
2216 /* Incomplete config. Send empty response. */
2217 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2218 l2cap_build_conf_rsp(sk, rsp,
2219 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2223 /* Complete config. */
2224 len = l2cap_parse_conf_req(sk, rsp);
2226 l2cap_send_disconn_req(conn, sk, ECONNRESET);
2230 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2231 l2cap_pi(sk)->num_conf_rsp++;
2233 /* Reset config buffer. */
2234 l2cap_pi(sk)->conf_len = 0;
2236 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2239 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2240 set_default_fcs(l2cap_pi(sk));
2242 sk->sk_state = BT_CONNECTED;
2244 l2cap_pi(sk)->next_tx_seq = 0;
2245 l2cap_pi(sk)->expected_tx_seq = 0;
2246 __skb_queue_head_init(TX_QUEUE(sk));
2247 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2248 l2cap_ertm_init(sk);
2250 l2cap_chan_ready(sk);
2254 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2256 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2257 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2258 l2cap_build_conf_req(sk, buf), buf);
2259 l2cap_pi(sk)->num_conf_req++;
2267 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2269 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2270 u16 scid, flags, result;
2272 int len = cmd->len - sizeof(*rsp);
2274 scid = __le16_to_cpu(rsp->scid);
2275 flags = __le16_to_cpu(rsp->flags);
2276 result = __le16_to_cpu(rsp->result);
2278 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2279 scid, flags, result);
2281 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2286 case L2CAP_CONF_SUCCESS:
2287 l2cap_conf_rfc_get(sk, rsp->data, len);
2290 case L2CAP_CONF_UNACCEPT:
2291 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2294 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
2295 l2cap_send_disconn_req(conn, sk, ECONNRESET);
2299 /* throw out any old stored conf requests */
2300 result = L2CAP_CONF_SUCCESS;
2301 len = l2cap_parse_conf_rsp(sk, rsp->data,
2304 l2cap_send_disconn_req(conn, sk, ECONNRESET);
2308 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2309 L2CAP_CONF_REQ, len, req);
2310 l2cap_pi(sk)->num_conf_req++;
2311 if (result != L2CAP_CONF_SUCCESS)
2317 sk->sk_err = ECONNRESET;
2318 l2cap_sock_set_timer(sk, HZ * 5);
2319 l2cap_send_disconn_req(conn, sk, ECONNRESET);
2326 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2328 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2329 set_default_fcs(l2cap_pi(sk));
2331 sk->sk_state = BT_CONNECTED;
2332 l2cap_pi(sk)->next_tx_seq = 0;
2333 l2cap_pi(sk)->expected_tx_seq = 0;
2334 __skb_queue_head_init(TX_QUEUE(sk));
2335 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2336 l2cap_ertm_init(sk);
2338 l2cap_chan_ready(sk);
2346 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2348 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2349 struct l2cap_disconn_rsp rsp;
2353 scid = __le16_to_cpu(req->scid);
2354 dcid = __le16_to_cpu(req->dcid);
2356 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2358 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2362 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2363 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2364 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2366 sk->sk_shutdown = SHUTDOWN_MASK;
2368 /* don't delete l2cap channel if sk is owned by user */
2369 if (sock_owned_by_user(sk)) {
2370 sk->sk_state = BT_DISCONN;
2371 l2cap_sock_clear_timer(sk);
2372 l2cap_sock_set_timer(sk, HZ / 5);
2377 l2cap_chan_del(sk, ECONNRESET);
2380 l2cap_sock_kill(sk);
2384 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2386 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2390 scid = __le16_to_cpu(rsp->scid);
2391 dcid = __le16_to_cpu(rsp->dcid);
2393 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2395 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2399 /* don't delete l2cap channel if sk is owned by user */
2400 if (sock_owned_by_user(sk)) {
2401 sk->sk_state = BT_DISCONN;
2402 l2cap_sock_clear_timer(sk);
2403 l2cap_sock_set_timer(sk, HZ / 5);
2408 l2cap_chan_del(sk, 0);
2411 l2cap_sock_kill(sk);
2415 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2417 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2420 type = __le16_to_cpu(req->type);
2422 BT_DBG("type 0x%4.4x", type);
2424 if (type == L2CAP_IT_FEAT_MASK) {
2426 u32 feat_mask = l2cap_feat_mask;
2427 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2428 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2429 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2431 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2433 put_unaligned_le32(feat_mask, rsp->data);
2434 l2cap_send_cmd(conn, cmd->ident,
2435 L2CAP_INFO_RSP, sizeof(buf), buf);
2436 } else if (type == L2CAP_IT_FIXED_CHAN) {
2438 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2439 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2440 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2441 memcpy(buf + 4, l2cap_fixed_chan, 8);
2442 l2cap_send_cmd(conn, cmd->ident,
2443 L2CAP_INFO_RSP, sizeof(buf), buf);
2445 struct l2cap_info_rsp rsp;
2446 rsp.type = cpu_to_le16(type);
2447 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2448 l2cap_send_cmd(conn, cmd->ident,
2449 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2455 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2457 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2460 type = __le16_to_cpu(rsp->type);
2461 result = __le16_to_cpu(rsp->result);
2463 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2465 del_timer(&conn->info_timer);
2467 if (result != L2CAP_IR_SUCCESS) {
2468 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2469 conn->info_ident = 0;
2471 l2cap_conn_start(conn);
2476 if (type == L2CAP_IT_FEAT_MASK) {
2477 conn->feat_mask = get_unaligned_le32(rsp->data);
2479 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
2480 struct l2cap_info_req req;
2481 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2483 conn->info_ident = l2cap_get_ident(conn);
2485 l2cap_send_cmd(conn, conn->info_ident,
2486 L2CAP_INFO_REQ, sizeof(req), &req);
2488 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2489 conn->info_ident = 0;
2491 l2cap_conn_start(conn);
2493 } else if (type == L2CAP_IT_FIXED_CHAN) {
2494 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2495 conn->info_ident = 0;
2497 l2cap_conn_start(conn);
2503 static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
2508 if (min > max || min < 6 || max > 3200)
2511 if (to_multiplier < 10 || to_multiplier > 3200)
2514 if (max >= to_multiplier * 8)
2517 max_latency = (to_multiplier * 8 / max) - 1;
2518 if (latency > 499 || latency > max_latency)
2524 static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
2525 struct l2cap_cmd_hdr *cmd, u8 *data)
2527 struct hci_conn *hcon = conn->hcon;
2528 struct l2cap_conn_param_update_req *req;
2529 struct l2cap_conn_param_update_rsp rsp;
2530 u16 min, max, latency, to_multiplier, cmd_len;
2533 if (!(hcon->link_mode & HCI_LM_MASTER))
2536 cmd_len = __le16_to_cpu(cmd->len);
2537 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
2540 req = (struct l2cap_conn_param_update_req *) data;
2541 min = __le16_to_cpu(req->min);
2542 max = __le16_to_cpu(req->max);
2543 latency = __le16_to_cpu(req->latency);
2544 to_multiplier = __le16_to_cpu(req->to_multiplier);
2546 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
2547 min, max, latency, to_multiplier);
2549 memset(&rsp, 0, sizeof(rsp));
2551 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
2553 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
2555 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
2557 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
2561 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
2566 static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
2567 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2571 switch (cmd->code) {
2572 case L2CAP_COMMAND_REJ:
2573 l2cap_command_rej(conn, cmd, data);
2576 case L2CAP_CONN_REQ:
2577 err = l2cap_connect_req(conn, cmd, data);
2580 case L2CAP_CONN_RSP:
2581 err = l2cap_connect_rsp(conn, cmd, data);
2584 case L2CAP_CONF_REQ:
2585 err = l2cap_config_req(conn, cmd, cmd_len, data);
2588 case L2CAP_CONF_RSP:
2589 err = l2cap_config_rsp(conn, cmd, data);
2592 case L2CAP_DISCONN_REQ:
2593 err = l2cap_disconnect_req(conn, cmd, data);
2596 case L2CAP_DISCONN_RSP:
2597 err = l2cap_disconnect_rsp(conn, cmd, data);
2600 case L2CAP_ECHO_REQ:
2601 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
2604 case L2CAP_ECHO_RSP:
2607 case L2CAP_INFO_REQ:
2608 err = l2cap_information_req(conn, cmd, data);
2611 case L2CAP_INFO_RSP:
2612 err = l2cap_information_rsp(conn, cmd, data);
2616 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
2624 static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
2625 struct l2cap_cmd_hdr *cmd, u8 *data)
2627 switch (cmd->code) {
2628 case L2CAP_COMMAND_REJ:
2631 case L2CAP_CONN_PARAM_UPDATE_REQ:
2632 return l2cap_conn_param_update_req(conn, cmd, data);
2634 case L2CAP_CONN_PARAM_UPDATE_RSP:
2638 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
2643 static inline void l2cap_sig_channel(struct l2cap_conn *conn,
2644 struct sk_buff *skb)
2646 u8 *data = skb->data;
2648 struct l2cap_cmd_hdr cmd;
2651 l2cap_raw_recv(conn, skb);
2653 while (len >= L2CAP_CMD_HDR_SIZE) {
2655 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2656 data += L2CAP_CMD_HDR_SIZE;
2657 len -= L2CAP_CMD_HDR_SIZE;
2659 cmd_len = le16_to_cpu(cmd.len);
2661 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
2663 if (cmd_len > len || !cmd.ident) {
2664 BT_DBG("corrupted command");
2668 if (conn->hcon->type == LE_LINK)
2669 err = l2cap_le_sig_cmd(conn, &cmd, data);
2671 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
2674 struct l2cap_cmd_rej rej;
2675 BT_DBG("error %d", err);
2677 /* FIXME: Map err to a valid reason */
2678 rej.reason = cpu_to_le16(0);
2679 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2689 static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
2691 u16 our_fcs, rcv_fcs;
2692 int hdr_size = L2CAP_HDR_SIZE + 2;
2694 if (pi->fcs == L2CAP_FCS_CRC16) {
2695 skb_trim(skb, skb->len - 2);
2696 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
2697 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
2699 if (our_fcs != rcv_fcs)
2705 static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
2707 struct l2cap_pinfo *pi = l2cap_pi(sk);
2710 pi->frames_sent = 0;
2712 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2714 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
2715 control |= L2CAP_SUPER_RCV_NOT_READY;
2716 l2cap_send_sframe(pi, control);
2717 pi->conn_state |= L2CAP_CONN_RNR_SENT;
2720 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY)
2721 l2cap_retransmit_frames(sk);
2723 l2cap_ertm_send(sk);
2725 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
2726 pi->frames_sent == 0) {
2727 control |= L2CAP_SUPER_RCV_READY;
2728 l2cap_send_sframe(pi, control);
2732 static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
2734 struct sk_buff *next_skb;
2735 struct l2cap_pinfo *pi = l2cap_pi(sk);
2736 int tx_seq_offset, next_tx_seq_offset;
2738 bt_cb(skb)->tx_seq = tx_seq;
2739 bt_cb(skb)->sar = sar;
2741 next_skb = skb_peek(SREJ_QUEUE(sk));
2743 __skb_queue_tail(SREJ_QUEUE(sk), skb);
2747 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
2748 if (tx_seq_offset < 0)
2749 tx_seq_offset += 64;
2752 if (bt_cb(next_skb)->tx_seq == tx_seq)
2755 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
2756 pi->buffer_seq) % 64;
2757 if (next_tx_seq_offset < 0)
2758 next_tx_seq_offset += 64;
2760 if (next_tx_seq_offset > tx_seq_offset) {
2761 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
2765 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
2768 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
2770 __skb_queue_tail(SREJ_QUEUE(sk), skb);
2775 static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
2777 struct l2cap_pinfo *pi = l2cap_pi(sk);
2778 struct sk_buff *_skb;
2781 switch (control & L2CAP_CTRL_SAR) {
2782 case L2CAP_SDU_UNSEGMENTED:
2783 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
2786 err = sock_queue_rcv_skb(sk, skb);
2792 case L2CAP_SDU_START:
2793 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
2796 pi->sdu_len = get_unaligned_le16(skb->data);
2798 if (pi->sdu_len > pi->imtu)
2801 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
2805 /* pull sdu_len bytes only after alloc, because of Local Busy
2806 * condition we have to be sure that this will be executed
2807 * only once, i.e., when alloc does not fail */
2810 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2812 pi->conn_state |= L2CAP_CONN_SAR_SDU;
2813 pi->partial_sdu_len = skb->len;
2816 case L2CAP_SDU_CONTINUE:
2817 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
2823 pi->partial_sdu_len += skb->len;
2824 if (pi->partial_sdu_len > pi->sdu_len)
2827 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2832 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
2838 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) {
2839 pi->partial_sdu_len += skb->len;
2841 if (pi->partial_sdu_len > pi->imtu)
2844 if (pi->partial_sdu_len != pi->sdu_len)
2847 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2850 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
2852 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
2856 err = sock_queue_rcv_skb(sk, _skb);
2859 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
2863 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY;
2864 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
2878 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
2883 static int l2cap_try_push_rx_skb(struct sock *sk)
2885 struct l2cap_pinfo *pi = l2cap_pi(sk);
2886 struct sk_buff *skb;
2890 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) {
2891 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
2892 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
2894 skb_queue_head(BUSY_QUEUE(sk), skb);
2898 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
2901 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT))
2904 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2905 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
2906 l2cap_send_sframe(pi, control);
2907 l2cap_pi(sk)->retry_count = 1;
2909 del_timer(&pi->retrans_timer);
2910 __mod_monitor_timer();
2912 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
2915 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
2916 pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
2918 BT_DBG("sk %p, Exit local busy", sk);
2923 static void l2cap_busy_work(struct work_struct *work)
2925 DECLARE_WAITQUEUE(wait, current);
2926 struct l2cap_pinfo *pi =
2927 container_of(work, struct l2cap_pinfo, busy_work);
2928 struct sock *sk = (struct sock *)pi;
2929 int n_tries = 0, timeo = HZ/5, err;
2930 struct sk_buff *skb;
2934 add_wait_queue(sk_sleep(sk), &wait);
2935 while ((skb = skb_peek(BUSY_QUEUE(sk)))) {
2936 set_current_state(TASK_INTERRUPTIBLE);
2938 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
2940 l2cap_send_disconn_req(pi->conn, sk, EBUSY);
2947 if (signal_pending(current)) {
2948 err = sock_intr_errno(timeo);
2953 timeo = schedule_timeout(timeo);
2956 err = sock_error(sk);
2960 if (l2cap_try_push_rx_skb(sk) == 0)
2964 set_current_state(TASK_RUNNING);
2965 remove_wait_queue(sk_sleep(sk), &wait);
2970 static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
2972 struct l2cap_pinfo *pi = l2cap_pi(sk);
2975 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
2976 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
2977 __skb_queue_tail(BUSY_QUEUE(sk), skb);
2978 return l2cap_try_push_rx_skb(sk);
2983 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
2985 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
2989 /* Busy Condition */
2990 BT_DBG("sk %p, Enter local busy", sk);
2992 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY;
2993 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
2994 __skb_queue_tail(BUSY_QUEUE(sk), skb);
2996 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2997 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
2998 l2cap_send_sframe(pi, sctrl);
3000 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3002 del_timer(&pi->ack_timer);
3004 queue_work(_busy_wq, &pi->busy_work);
3009 static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3011 struct l2cap_pinfo *pi = l2cap_pi(sk);
3012 struct sk_buff *_skb;
3016 * TODO: We have to notify the userland if some data is lost with the
3020 switch (control & L2CAP_CTRL_SAR) {
3021 case L2CAP_SDU_UNSEGMENTED:
3022 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3027 err = sock_queue_rcv_skb(sk, skb);
3033 case L2CAP_SDU_START:
3034 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3039 pi->sdu_len = get_unaligned_le16(skb->data);
3042 if (pi->sdu_len > pi->imtu) {
3047 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3053 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3055 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3056 pi->partial_sdu_len = skb->len;
3060 case L2CAP_SDU_CONTINUE:
3061 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3064 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3066 pi->partial_sdu_len += skb->len;
3067 if (pi->partial_sdu_len > pi->sdu_len)
3075 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3078 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3080 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3081 pi->partial_sdu_len += skb->len;
3083 if (pi->partial_sdu_len > pi->imtu)
3086 if (pi->partial_sdu_len == pi->sdu_len) {
3087 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3088 err = sock_queue_rcv_skb(sk, _skb);
3103 static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3105 struct sk_buff *skb;
3108 while ((skb = skb_peek(SREJ_QUEUE(sk)))) {
3109 if (bt_cb(skb)->tx_seq != tx_seq)
3112 skb = skb_dequeue(SREJ_QUEUE(sk));
3113 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3114 l2cap_ertm_reassembly_sdu(sk, skb, control);
3115 l2cap_pi(sk)->buffer_seq_srej =
3116 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3117 tx_seq = (tx_seq + 1) % 64;
3121 static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3123 struct l2cap_pinfo *pi = l2cap_pi(sk);
3124 struct srej_list *l, *tmp;
3127 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
3128 if (l->tx_seq == tx_seq) {
3133 control = L2CAP_SUPER_SELECT_REJECT;
3134 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3135 l2cap_send_sframe(pi, control);
3137 list_add_tail(&l->list, SREJ_LIST(sk));
3141 static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3143 struct l2cap_pinfo *pi = l2cap_pi(sk);
3144 struct srej_list *new;
3147 while (tx_seq != pi->expected_tx_seq) {
3148 control = L2CAP_SUPER_SELECT_REJECT;
3149 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3150 l2cap_send_sframe(pi, control);
3152 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3153 new->tx_seq = pi->expected_tx_seq;
3154 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3155 list_add_tail(&new->list, SREJ_LIST(sk));
3157 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3160 static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3162 struct l2cap_pinfo *pi = l2cap_pi(sk);
3163 u8 tx_seq = __get_txseq(rx_control);
3164 u8 req_seq = __get_reqseq(rx_control);
3165 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3166 int tx_seq_offset, expected_tx_seq_offset;
3167 int num_to_ack = (pi->tx_win/6) + 1;
3170 BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq,
3173 if (L2CAP_CTRL_FINAL & rx_control &&
3174 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
3175 del_timer(&pi->monitor_timer);
3176 if (pi->unacked_frames > 0)
3177 __mod_retrans_timer();
3178 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3181 pi->expected_ack_seq = req_seq;
3182 l2cap_drop_acked_frames(sk);
3184 if (tx_seq == pi->expected_tx_seq)
3187 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3188 if (tx_seq_offset < 0)
3189 tx_seq_offset += 64;
3191 /* invalid tx_seq */
3192 if (tx_seq_offset >= pi->tx_win) {
3193 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3197 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY)
3200 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3201 struct srej_list *first;
3203 first = list_first_entry(SREJ_LIST(sk),
3204 struct srej_list, list);
3205 if (tx_seq == first->tx_seq) {
3206 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3207 l2cap_check_srej_gap(sk, tx_seq);
3209 list_del(&first->list);
3212 if (list_empty(SREJ_LIST(sk))) {
3213 pi->buffer_seq = pi->buffer_seq_srej;
3214 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3216 BT_DBG("sk %p, Exit SREJ_SENT", sk);
3219 struct srej_list *l;
3221 /* duplicated tx_seq */
3222 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0)
3225 list_for_each_entry(l, SREJ_LIST(sk), list) {
3226 if (l->tx_seq == tx_seq) {
3227 l2cap_resend_srejframe(sk, tx_seq);
3231 l2cap_send_srejframe(sk, tx_seq);
3234 expected_tx_seq_offset =
3235 (pi->expected_tx_seq - pi->buffer_seq) % 64;
3236 if (expected_tx_seq_offset < 0)
3237 expected_tx_seq_offset += 64;
3239 /* duplicated tx_seq */
3240 if (tx_seq_offset < expected_tx_seq_offset)
3243 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
3245 BT_DBG("sk %p, Enter SREJ", sk);
3247 INIT_LIST_HEAD(SREJ_LIST(sk));
3248 pi->buffer_seq_srej = pi->buffer_seq;
3250 __skb_queue_head_init(SREJ_QUEUE(sk));
3251 __skb_queue_head_init(BUSY_QUEUE(sk));
3252 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3254 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
3256 l2cap_send_srejframe(sk, tx_seq);
3258 del_timer(&pi->ack_timer);
3263 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3265 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3266 bt_cb(skb)->tx_seq = tx_seq;
3267 bt_cb(skb)->sar = sar;
3268 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3272 err = l2cap_push_rx_skb(sk, skb, rx_control);
3276 if (rx_control & L2CAP_CTRL_FINAL) {
3277 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3278 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3280 l2cap_retransmit_frames(sk);
3285 pi->num_acked = (pi->num_acked + 1) % num_to_ack;
3286 if (pi->num_acked == num_to_ack - 1)
3296 static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
3298 struct l2cap_pinfo *pi = l2cap_pi(sk);
3300 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
3303 pi->expected_ack_seq = __get_reqseq(rx_control);
3304 l2cap_drop_acked_frames(sk);
3306 if (rx_control & L2CAP_CTRL_POLL) {
3307 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
3308 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3309 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3310 (pi->unacked_frames > 0))
3311 __mod_retrans_timer();
3313 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3314 l2cap_send_srejtail(sk);
3316 l2cap_send_i_or_rr_or_rnr(sk);
3319 } else if (rx_control & L2CAP_CTRL_FINAL) {
3320 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3322 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3323 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3325 l2cap_retransmit_frames(sk);
3328 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3329 (pi->unacked_frames > 0))
3330 __mod_retrans_timer();
3332 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3333 if (pi->conn_state & L2CAP_CONN_SREJ_SENT)
3336 l2cap_ertm_send(sk);
3340 static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
3342 struct l2cap_pinfo *pi = l2cap_pi(sk);
3343 u8 tx_seq = __get_reqseq(rx_control);
3345 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
3347 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3349 pi->expected_ack_seq = tx_seq;
3350 l2cap_drop_acked_frames(sk);
3352 if (rx_control & L2CAP_CTRL_FINAL) {
3353 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3354 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3356 l2cap_retransmit_frames(sk);
3358 l2cap_retransmit_frames(sk);
3360 if (pi->conn_state & L2CAP_CONN_WAIT_F)
3361 pi->conn_state |= L2CAP_CONN_REJ_ACT;
3364 static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
3366 struct l2cap_pinfo *pi = l2cap_pi(sk);
3367 u8 tx_seq = __get_reqseq(rx_control);
3369 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
3371 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3373 if (rx_control & L2CAP_CTRL_POLL) {
3374 pi->expected_ack_seq = tx_seq;
3375 l2cap_drop_acked_frames(sk);
3377 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
3378 l2cap_retransmit_one_frame(sk, tx_seq);
3380 l2cap_ertm_send(sk);
3382 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3383 pi->srej_save_reqseq = tx_seq;
3384 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3386 } else if (rx_control & L2CAP_CTRL_FINAL) {
3387 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
3388 pi->srej_save_reqseq == tx_seq)
3389 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3391 l2cap_retransmit_one_frame(sk, tx_seq);
3393 l2cap_retransmit_one_frame(sk, tx_seq);
3394 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3395 pi->srej_save_reqseq = tx_seq;
3396 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3401 static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
3403 struct l2cap_pinfo *pi = l2cap_pi(sk);
3404 u8 tx_seq = __get_reqseq(rx_control);
3406 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
3408 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3409 pi->expected_ack_seq = tx_seq;
3410 l2cap_drop_acked_frames(sk);
3412 if (rx_control & L2CAP_CTRL_POLL)
3413 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
3415 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
3416 del_timer(&pi->retrans_timer);
3417 if (rx_control & L2CAP_CTRL_POLL)
3418 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL);
3422 if (rx_control & L2CAP_CTRL_POLL)
3423 l2cap_send_srejtail(sk);
3425 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY);
3428 static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3430 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3432 if (L2CAP_CTRL_FINAL & rx_control &&
3433 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
3434 del_timer(&l2cap_pi(sk)->monitor_timer);
3435 if (l2cap_pi(sk)->unacked_frames > 0)
3436 __mod_retrans_timer();
3437 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F;
3440 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3441 case L2CAP_SUPER_RCV_READY:
3442 l2cap_data_channel_rrframe(sk, rx_control);
3445 case L2CAP_SUPER_REJECT:
3446 l2cap_data_channel_rejframe(sk, rx_control);
3449 case L2CAP_SUPER_SELECT_REJECT:
3450 l2cap_data_channel_srejframe(sk, rx_control);
3453 case L2CAP_SUPER_RCV_NOT_READY:
3454 l2cap_data_channel_rnrframe(sk, rx_control);
3462 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3464 struct l2cap_pinfo *pi = l2cap_pi(sk);
3467 int len, next_tx_seq_offset, req_seq_offset;
3469 control = get_unaligned_le16(skb->data);
3474 * We can just drop the corrupted I-frame here.
3475 * Receiver will miss it and start proper recovery
3476 * procedures and ask retransmission.
3478 if (l2cap_check_fcs(pi, skb))
3481 if (__is_sar_start(control) && __is_iframe(control))
3484 if (pi->fcs == L2CAP_FCS_CRC16)
3487 if (len > pi->mps) {
3488 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3492 req_seq = __get_reqseq(control);
3493 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
3494 if (req_seq_offset < 0)
3495 req_seq_offset += 64;
3497 next_tx_seq_offset =
3498 (pi->next_tx_seq - pi->expected_ack_seq) % 64;
3499 if (next_tx_seq_offset < 0)
3500 next_tx_seq_offset += 64;
3502 /* check for invalid req-seq */
3503 if (req_seq_offset > next_tx_seq_offset) {
3504 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3508 if (__is_iframe(control)) {
3510 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3514 l2cap_data_channel_iframe(sk, control, skb);
3518 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3522 l2cap_data_channel_sframe(sk, control, skb);
3532 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3535 struct l2cap_pinfo *pi;
3540 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3542 BT_DBG("unknown cid 0x%4.4x", cid);
3548 BT_DBG("sk %p, len %d", sk, skb->len);
3550 if (sk->sk_state != BT_CONNECTED)
3554 case L2CAP_MODE_BASIC:
3555 /* If socket recv buffers overflows we drop data here
3556 * which is *bad* because L2CAP has to be reliable.
3557 * But we don't have any other choice. L2CAP doesn't
3558 * provide flow control mechanism. */
3560 if (pi->imtu < skb->len)
3563 if (!sock_queue_rcv_skb(sk, skb))
3567 case L2CAP_MODE_ERTM:
3568 if (!sock_owned_by_user(sk)) {
3569 l2cap_ertm_data_rcv(sk, skb);
3571 if (sk_add_backlog(sk, skb))
3577 case L2CAP_MODE_STREAMING:
3578 control = get_unaligned_le16(skb->data);
3582 if (l2cap_check_fcs(pi, skb))
3585 if (__is_sar_start(control))
3588 if (pi->fcs == L2CAP_FCS_CRC16)
3591 if (len > pi->mps || len < 0 || __is_sframe(control))
3594 tx_seq = __get_txseq(control);
3596 if (pi->expected_tx_seq == tx_seq)
3597 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3599 pi->expected_tx_seq = (tx_seq + 1) % 64;
3601 l2cap_streaming_reassembly_sdu(sk, skb, control);
3606 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode);
3620 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
3624 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
3630 BT_DBG("sk %p, len %d", sk, skb->len);
3632 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3635 if (l2cap_pi(sk)->imtu < skb->len)
3638 if (!sock_queue_rcv_skb(sk, skb))
3650 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3652 struct l2cap_hdr *lh = (void *) skb->data;
3656 skb_pull(skb, L2CAP_HDR_SIZE);
3657 cid = __le16_to_cpu(lh->cid);
3658 len = __le16_to_cpu(lh->len);
3660 if (len != skb->len) {
3665 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3668 case L2CAP_CID_LE_SIGNALING:
3669 case L2CAP_CID_SIGNALING:
3670 l2cap_sig_channel(conn, skb);
3673 case L2CAP_CID_CONN_LESS:
3674 psm = get_unaligned_le16(skb->data);
3676 l2cap_conless_channel(conn, psm, skb);
3680 l2cap_data_channel(conn, cid, skb);
3685 /* ---- L2CAP interface with lower layer (HCI) ---- */
3687 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3689 int exact = 0, lm1 = 0, lm2 = 0;
3690 register struct sock *sk;
3691 struct hlist_node *node;
3693 if (type != ACL_LINK)
3696 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3698 /* Find listening sockets and check their link_mode */
3699 read_lock(&l2cap_sk_list.lock);
3700 sk_for_each(sk, node, &l2cap_sk_list.head) {
3701 if (sk->sk_state != BT_LISTEN)
3704 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
3705 lm1 |= HCI_LM_ACCEPT;
3706 if (l2cap_pi(sk)->role_switch)
3707 lm1 |= HCI_LM_MASTER;
3709 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3710 lm2 |= HCI_LM_ACCEPT;
3711 if (l2cap_pi(sk)->role_switch)
3712 lm2 |= HCI_LM_MASTER;
3715 read_unlock(&l2cap_sk_list.lock);
3717 return exact ? lm1 : lm2;
3720 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
3722 struct l2cap_conn *conn;
3724 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
3726 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
3730 conn = l2cap_conn_add(hcon, status);
3732 l2cap_conn_ready(conn);
3734 l2cap_conn_del(hcon, bt_err(status));
3739 static int l2cap_disconn_ind(struct hci_conn *hcon)
3741 struct l2cap_conn *conn = hcon->l2cap_data;
3743 BT_DBG("hcon %p", hcon);
3745 if (hcon->type != ACL_LINK || !conn)
3748 return conn->disc_reason;
3751 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
3753 BT_DBG("hcon %p reason %d", hcon, reason);
3755 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
3758 l2cap_conn_del(hcon, bt_err(reason));
3763 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
3765 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
3768 if (encrypt == 0x00) {
3769 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
3770 l2cap_sock_clear_timer(sk);
3771 l2cap_sock_set_timer(sk, HZ * 5);
3772 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
3773 __l2cap_sock_close(sk, ECONNREFUSED);
3775 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
3776 l2cap_sock_clear_timer(sk);
3780 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3782 struct l2cap_chan_list *l;
3783 struct l2cap_conn *conn = hcon->l2cap_data;
3789 l = &conn->chan_list;
3791 BT_DBG("conn %p", conn);
3793 read_lock(&l->lock);
3795 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
3798 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
3803 if (!status && (sk->sk_state == BT_CONNECTED ||
3804 sk->sk_state == BT_CONFIG)) {
3805 l2cap_check_encryption(sk, encrypt);
3810 if (sk->sk_state == BT_CONNECT) {
3812 struct l2cap_conn_req req;
3813 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
3814 req.psm = l2cap_pi(sk)->psm;
3816 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
3817 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
3819 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3820 L2CAP_CONN_REQ, sizeof(req), &req);
3822 l2cap_sock_clear_timer(sk);
3823 l2cap_sock_set_timer(sk, HZ / 10);
3825 } else if (sk->sk_state == BT_CONNECT2) {
3826 struct l2cap_conn_rsp rsp;
3830 sk->sk_state = BT_CONFIG;
3831 result = L2CAP_CR_SUCCESS;
3833 sk->sk_state = BT_DISCONN;
3834 l2cap_sock_set_timer(sk, HZ / 10);
3835 result = L2CAP_CR_SEC_BLOCK;
3838 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
3839 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3840 rsp.result = cpu_to_le16(result);
3841 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3842 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3843 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3849 read_unlock(&l->lock);
3854 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
3856 struct l2cap_conn *conn = hcon->l2cap_data;
3859 conn = l2cap_conn_add(hcon, 0);
3864 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
3866 if (!(flags & ACL_CONT)) {
3867 struct l2cap_hdr *hdr;
3873 BT_ERR("Unexpected start frame (len %d)", skb->len);
3874 kfree_skb(conn->rx_skb);
3875 conn->rx_skb = NULL;
3877 l2cap_conn_unreliable(conn, ECOMM);
3880 /* Start fragment always begin with Basic L2CAP header */
3881 if (skb->len < L2CAP_HDR_SIZE) {
3882 BT_ERR("Frame is too short (len %d)", skb->len);
3883 l2cap_conn_unreliable(conn, ECOMM);
3887 hdr = (struct l2cap_hdr *) skb->data;
3888 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
3889 cid = __le16_to_cpu(hdr->cid);
3891 if (len == skb->len) {
3892 /* Complete frame received */
3893 l2cap_recv_frame(conn, skb);
3897 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
3899 if (skb->len > len) {
3900 BT_ERR("Frame is too long (len %d, expected len %d)",
3902 l2cap_conn_unreliable(conn, ECOMM);
3906 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3908 if (sk && l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) {
3909 BT_ERR("Frame exceeding recv MTU (len %d, MTU %d)",
3910 len, l2cap_pi(sk)->imtu);
3912 l2cap_conn_unreliable(conn, ECOMM);
3919 /* Allocate skb for the complete frame (with header) */
3920 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
3924 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
3926 conn->rx_len = len - skb->len;
3928 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
3930 if (!conn->rx_len) {
3931 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
3932 l2cap_conn_unreliable(conn, ECOMM);
3936 if (skb->len > conn->rx_len) {
3937 BT_ERR("Fragment is too long (len %d, expected %d)",
3938 skb->len, conn->rx_len);
3939 kfree_skb(conn->rx_skb);
3940 conn->rx_skb = NULL;
3942 l2cap_conn_unreliable(conn, ECOMM);
3946 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
3948 conn->rx_len -= skb->len;
3950 if (!conn->rx_len) {
3951 /* Complete frame received */
3952 l2cap_recv_frame(conn, conn->rx_skb);
3953 conn->rx_skb = NULL;
3962 static int l2cap_debugfs_show(struct seq_file *f, void *p)
3965 struct hlist_node *node;
3967 read_lock_bh(&l2cap_sk_list.lock);
3969 sk_for_each(sk, node, &l2cap_sk_list.head) {
3970 struct l2cap_pinfo *pi = l2cap_pi(sk);
3972 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
3973 batostr(&bt_sk(sk)->src),
3974 batostr(&bt_sk(sk)->dst),
3975 sk->sk_state, __le16_to_cpu(pi->psm),
3977 pi->imtu, pi->omtu, pi->sec_level,
3981 read_unlock_bh(&l2cap_sk_list.lock);
3986 static int l2cap_debugfs_open(struct inode *inode, struct file *file)
3988 return single_open(file, l2cap_debugfs_show, inode->i_private);
3991 static const struct file_operations l2cap_debugfs_fops = {
3992 .open = l2cap_debugfs_open,
3994 .llseek = seq_lseek,
3995 .release = single_release,
3998 static struct dentry *l2cap_debugfs;
4000 static struct hci_proto l2cap_hci_proto = {
4002 .id = HCI_PROTO_L2CAP,
4003 .connect_ind = l2cap_connect_ind,
4004 .connect_cfm = l2cap_connect_cfm,
4005 .disconn_ind = l2cap_disconn_ind,
4006 .disconn_cfm = l2cap_disconn_cfm,
4007 .security_cfm = l2cap_security_cfm,
4008 .recv_acldata = l2cap_recv_acldata
4011 int __init l2cap_init(void)
4015 err = l2cap_init_sockets();
4019 _busy_wq = create_singlethread_workqueue("l2cap");
4025 err = hci_register_proto(&l2cap_hci_proto);
4027 BT_ERR("L2CAP protocol registration failed");
4028 bt_sock_unregister(BTPROTO_L2CAP);
4033 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4034 bt_debugfs, NULL, &l2cap_debugfs_fops);
4036 BT_ERR("Failed to create L2CAP debug file");
4042 destroy_workqueue(_busy_wq);
4043 l2cap_cleanup_sockets();
4047 void l2cap_exit(void)
4049 debugfs_remove(l2cap_debugfs);
4051 flush_workqueue(_busy_wq);
4052 destroy_workqueue(_busy_wq);
4054 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4055 BT_ERR("L2CAP protocol unregistration failed");
4057 l2cap_cleanup_sockets();
4060 module_param(disable_ertm, bool, 0644);
4061 MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
git.openpandora.org / pandora-kernel.git / blob