2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
26 * BlueZ L2CAP core and sockets.
28 * $Id: l2cap.c,v 1.1.1.1 2005/04/11 02:51:12 jack Exp $
32 #include <linux/config.h>
33 #include <linux/module.h>
35 #include <linux/types.h>
36 #include <linux/errno.h>
37 #include <linux/kernel.h>
38 #include <linux/major.h>
39 #include <linux/sched.h>
40 #include <linux/slab.h>
41 #include <linux/poll.h>
42 #include <linux/fcntl.h>
43 #include <linux/init.h>
44 #include <linux/skbuff.h>
45 #include <linux/interrupt.h>
46 #include <linux/socket.h>
47 #include <linux/skbuff.h>
48 #include <linux/proc_fs.h>
49 #include <linux/list.h>
52 #include <asm/system.h>
53 #include <asm/uaccess.h>
54 #include <asm/unaligned.h>
56 #include <net/bluetooth/bluetooth.h>
57 #include <net/bluetooth/hci_core.h>
58 #include <net/bluetooth/l2cap.h>
62 #define BT_DBG( A... )
65 static struct proto_ops l2cap_sock_ops;
67 struct bluez_sock_list l2cap_sk_list = {
68 lock: RW_LOCK_UNLOCKED
71 static int l2cap_conn_del(struct hci_conn *conn, int err);
73 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent);
74 static void l2cap_chan_del(struct sock *sk, int err);
75 static int l2cap_chan_send(struct sock *sk, struct msghdr *msg, int len);
77 static void __l2cap_sock_close(struct sock *sk, int reason);
78 static void l2cap_sock_close(struct sock *sk);
79 static void l2cap_sock_kill(struct sock *sk);
81 static int l2cap_send_req(struct l2cap_conn *conn, __u8 code, __u16 len, void *data);
82 static int l2cap_send_rsp(struct l2cap_conn *conn, __u8 ident, __u8 code, __u16 len, void *data);
84 /* ----- L2CAP timers ------ */
85 static void l2cap_sock_timeout(unsigned long arg)
87 struct sock *sk = (struct sock *) arg;
89 BT_DBG("sock %p state %d", sk, sk->state);
92 __l2cap_sock_close(sk, ETIMEDOUT);
99 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
101 BT_DBG("sk %p state %d timeout %ld", sk, sk->state, timeout);
103 if (!mod_timer(&sk->timer, jiffies + timeout))
107 static void l2cap_sock_clear_timer(struct sock *sk)
109 BT_DBG("sock %p state %d", sk, sk->state);
111 if (timer_pending(&sk->timer) && del_timer(&sk->timer))
115 static void l2cap_sock_init_timer(struct sock *sk)
117 init_timer(&sk->timer);
118 sk->timer.function = l2cap_sock_timeout;
119 sk->timer.data = (unsigned long)sk;
122 /* -------- L2CAP connections --------- */
123 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, __u8 status)
125 struct l2cap_conn *conn;
127 if ((conn = hcon->l2cap_data))
133 if (!(conn = kmalloc(sizeof(struct l2cap_conn), GFP_ATOMIC)))
135 memset(conn, 0, sizeof(struct l2cap_conn));
137 hcon->l2cap_data = conn;
140 conn->mtu = hcon->hdev->acl_mtu;
141 conn->src = &hcon->hdev->bdaddr;
142 conn->dst = &hcon->dst;
144 spin_lock_init(&conn->lock);
145 conn->chan_list.lock = RW_LOCK_UNLOCKED;
147 BT_DBG("hcon %p conn %p", hcon, conn);
153 static int l2cap_conn_del(struct hci_conn *hcon, int err)
155 struct l2cap_conn *conn;
158 if (!(conn = hcon->l2cap_data))
161 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
164 kfree_skb(conn->rx_skb);
167 while ((sk = conn->chan_list.head)) {
169 l2cap_chan_del(sk, err);
174 hcon->l2cap_data = NULL;
181 /* -------- Socket interface ---------- */
182 static struct sock *__l2cap_get_sock_by_addr(__u16 psm, bdaddr_t *src)
185 for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
186 if (sk->sport == psm && !bacmp(&bluez_pi(sk)->src, src))
192 /* Find socket with psm and source bdaddr.
193 * Returns closest match.
195 static struct sock *__l2cap_get_sock_by_psm(int state, __u16 psm, bdaddr_t *src)
197 struct sock *sk, *sk1 = NULL;
199 for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
200 if (state && sk->state != state)
203 if (l2cap_pi(sk)->psm == psm) {
205 if (!bacmp(&bluez_pi(sk)->src, src))
209 if (!bacmp(&bluez_pi(sk)->src, BDADDR_ANY))
213 return sk ? sk : sk1;
216 /* Find socket with given address (psm, src).
217 * Returns locked socket */
218 static inline struct sock *l2cap_get_sock_by_psm(int state, __u16 psm, bdaddr_t *src)
221 read_lock(&l2cap_sk_list.lock);
222 s = __l2cap_get_sock_by_psm(state, psm, src);
223 if (s) bh_lock_sock(s);
224 read_unlock(&l2cap_sk_list.lock);
228 static void l2cap_sock_destruct(struct sock *sk)
232 skb_queue_purge(&sk->receive_queue);
233 skb_queue_purge(&sk->write_queue);
238 static void l2cap_sock_cleanup_listen(struct sock *parent)
242 BT_DBG("parent %p", parent);
244 /* Close not yet accepted channels */
245 while ((sk = bluez_accept_dequeue(parent, NULL)))
246 l2cap_sock_close(sk);
248 parent->state = BT_CLOSED;
252 /* Kill socket (only if zapped and orphan)
253 * Must be called on unlocked socket.
255 static void l2cap_sock_kill(struct sock *sk)
257 if (!sk->zapped || sk->socket)
260 BT_DBG("sk %p state %d", sk, sk->state);
262 /* Kill poor orphan */
263 bluez_sock_unlink(&l2cap_sk_list, sk);
270 static void __l2cap_sock_close(struct sock *sk, int reason)
272 BT_DBG("sk %p state %d socket %p", sk, sk->state, sk->socket);
276 l2cap_sock_cleanup_listen(sk);
282 if (sk->type == SOCK_SEQPACKET) {
283 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
284 l2cap_disconn_req req;
286 sk->state = BT_DISCONN;
287 l2cap_sock_set_timer(sk, HZ * 5);
289 req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
290 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
291 l2cap_send_req(conn, L2CAP_DISCONN_REQ, L2CAP_DISCONN_REQ_SIZE, &req);
293 l2cap_chan_del(sk, reason);
299 l2cap_chan_del(sk, reason);
308 /* Must be called on unlocked socket. */
309 static void l2cap_sock_close(struct sock *sk)
311 l2cap_sock_clear_timer(sk);
314 __l2cap_sock_close(sk, ECONNRESET);
320 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
322 struct l2cap_pinfo *pi = l2cap_pi(sk);
327 sk->type = parent->type;
328 pi->imtu = l2cap_pi(parent)->imtu;
329 pi->omtu = l2cap_pi(parent)->omtu;
330 pi->link_mode = l2cap_pi(parent)->link_mode;
332 pi->imtu = L2CAP_DEFAULT_MTU;
337 /* Default config options */
338 pi->conf_mtu = L2CAP_DEFAULT_MTU;
339 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
342 static struct sock *l2cap_sock_alloc(struct socket *sock, int proto, int prio)
346 if (!(sk = sk_alloc(PF_BLUETOOTH, prio, 1)))
349 bluez_sock_init(sock, sk);
353 sk->destruct = l2cap_sock_destruct;
354 sk->sndtimeo = L2CAP_CONN_TIMEOUT;
356 sk->protocol = proto;
359 l2cap_sock_init_timer(sk);
361 bluez_sock_link(&l2cap_sk_list, sk);
367 static int l2cap_sock_create(struct socket *sock, int protocol)
371 BT_DBG("sock %p", sock);
373 sock->state = SS_UNCONNECTED;
375 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
376 return -ESOCKTNOSUPPORT;
378 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
381 sock->ops = &l2cap_sock_ops;
383 if (!(sk = l2cap_sock_alloc(sock, protocol, GFP_KERNEL)))
386 l2cap_sock_init(sk, NULL);
390 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
392 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
393 struct sock *sk = sock->sk;
396 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
398 if (!addr || addr->sa_family != AF_BLUETOOTH)
403 if (sk->state != BT_OPEN) {
408 write_lock_bh(&l2cap_sk_list.lock);
409 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
412 /* Save source address */
413 bacpy(&bluez_pi(sk)->src, &la->l2_bdaddr);
414 l2cap_pi(sk)->psm = la->l2_psm;
415 sk->sport = la->l2_psm;
416 sk->state = BT_BOUND;
418 write_unlock_bh(&l2cap_sk_list.lock);
425 static int l2cap_do_connect(struct sock *sk)
427 bdaddr_t *src = &bluez_pi(sk)->src;
428 bdaddr_t *dst = &bluez_pi(sk)->dst;
429 struct l2cap_conn *conn;
430 struct hci_conn *hcon;
431 struct hci_dev *hdev;
434 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
436 if (!(hdev = hci_get_route(dst, src)))
437 return -EHOSTUNREACH;
439 hci_dev_lock_bh(hdev);
443 hcon = hci_connect(hdev, ACL_LINK, dst);
447 conn = l2cap_conn_add(hcon, 0);
455 /* Update source addr of the socket */
456 bacpy(src, conn->src);
458 l2cap_chan_add(conn, sk, NULL);
460 sk->state = BT_CONNECT;
461 l2cap_sock_set_timer(sk, sk->sndtimeo);
463 if (hcon->state == BT_CONNECTED) {
464 if (sk->type == SOCK_SEQPACKET) {
466 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
467 req.psm = l2cap_pi(sk)->psm;
468 l2cap_send_req(conn, L2CAP_CONN_REQ, L2CAP_CONN_REQ_SIZE, &req);
470 l2cap_sock_clear_timer(sk);
471 sk->state = BT_CONNECTED;
476 hci_dev_unlock_bh(hdev);
481 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
483 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
484 struct sock *sk = sock->sk;
491 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
496 if (sk->type == SOCK_SEQPACKET && !la->l2_psm) {
505 /* Already connecting */
509 /* Already connected */
522 /* Set destination address and psm */
523 bacpy(&bluez_pi(sk)->dst, &la->l2_bdaddr);
524 l2cap_pi(sk)->psm = la->l2_psm;
526 if ((err = l2cap_do_connect(sk)))
530 err = bluez_sock_w4_connect(sk, flags);
537 int l2cap_sock_listen(struct socket *sock, int backlog)
539 struct sock *sk = sock->sk;
542 BT_DBG("sk %p backlog %d", sk, backlog);
546 if (sk->state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
551 if (!l2cap_pi(sk)->psm) {
556 sk->max_ack_backlog = backlog;
558 sk->state = BT_LISTEN;
565 int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
567 DECLARE_WAITQUEUE(wait, current);
568 struct sock *sk = sock->sk, *nsk;
574 if (sk->state != BT_LISTEN) {
579 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
581 BT_DBG("sk %p timeo %ld", sk, timeo);
583 /* Wait for an incoming connection. (wake-one). */
584 add_wait_queue_exclusive(sk->sleep, &wait);
585 while (!(nsk = bluez_accept_dequeue(sk, newsock))) {
586 set_current_state(TASK_INTERRUPTIBLE);
593 timeo = schedule_timeout(timeo);
596 if (sk->state != BT_LISTEN) {
601 if (signal_pending(current)) {
602 err = sock_intr_errno(timeo);
606 set_current_state(TASK_RUNNING);
607 remove_wait_queue(sk->sleep, &wait);
612 newsock->state = SS_CONNECTED;
614 BT_DBG("new socket %p", nsk);
621 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
623 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
624 struct sock *sk = sock->sk;
626 BT_DBG("sock %p, sk %p", sock, sk);
628 addr->sa_family = AF_BLUETOOTH;
629 *len = sizeof(struct sockaddr_l2);
632 bacpy(&la->l2_bdaddr, &bluez_pi(sk)->dst);
634 bacpy(&la->l2_bdaddr, &bluez_pi(sk)->src);
636 la->l2_psm = l2cap_pi(sk)->psm;
640 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm)
642 struct sock *sk = sock->sk;
645 BT_DBG("sock %p, sk %p", sock, sk);
648 return sock_error(sk);
650 if (msg->msg_flags & MSG_OOB)
653 /* Check outgoing MTU */
654 if (len > l2cap_pi(sk)->omtu)
659 if (sk->state == BT_CONNECTED)
660 err = l2cap_chan_send(sk, msg, len);
668 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen)
670 struct sock *sk = sock->sk;
671 struct l2cap_options opts;
681 len = MIN(sizeof(opts), optlen);
682 if (copy_from_user((char *)&opts, optval, len)) {
686 l2cap_pi(sk)->imtu = opts.imtu;
687 l2cap_pi(sk)->omtu = opts.omtu;
691 if (get_user(opt, (__u32 *)optval)) {
696 l2cap_pi(sk)->link_mode = opt;
708 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen)
710 struct sock *sk = sock->sk;
711 struct l2cap_options opts;
712 struct l2cap_conninfo cinfo;
715 if (get_user(len, optlen))
722 opts.imtu = l2cap_pi(sk)->imtu;
723 opts.omtu = l2cap_pi(sk)->omtu;
724 opts.flush_to = l2cap_pi(sk)->flush_to;
726 len = MIN(len, sizeof(opts));
727 if (copy_to_user(optval, (char *)&opts, len))
733 if (put_user(l2cap_pi(sk)->link_mode, (__u32 *)optval))
738 if (sk->state != BT_CONNECTED) {
743 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
745 len = MIN(len, sizeof(cinfo));
746 if (copy_to_user(optval, (char *)&cinfo, len))
760 static int l2cap_sock_shutdown(struct socket *sock, int how)
762 struct sock *sk = sock->sk;
764 BT_DBG("sock %p, sk %p", sock, sk);
768 l2cap_sock_clear_timer(sk);
771 sk->shutdown = SHUTDOWN_MASK;
772 __l2cap_sock_close(sk, ECONNRESET);
778 static int l2cap_sock_release(struct socket *sock)
780 struct sock *sk = sock->sk;
782 BT_DBG("sock %p, sk %p", sock, sk);
787 l2cap_sock_close(sk);
791 /* --------- L2CAP channels --------- */
792 static struct sock * __l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, __u16 cid)
795 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
796 if (l2cap_pi(s)->dcid == cid)
802 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, __u16 cid)
805 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
806 if (l2cap_pi(s)->scid == cid)
812 /* Find channel with given SCID.
813 * Returns locked socket */
814 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, __u16 cid)
818 s = __l2cap_get_chan_by_scid(l, cid);
819 if (s) bh_lock_sock(s);
820 read_unlock(&l->lock);
824 static __u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
828 for (; cid < 0xffff; cid++) {
829 if(!__l2cap_get_chan_by_scid(l, cid))
836 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
841 l2cap_pi(l->head)->prev_c = sk;
843 l2cap_pi(sk)->next_c = l->head;
844 l2cap_pi(sk)->prev_c = NULL;
848 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
850 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
852 write_lock(&l->lock);
857 l2cap_pi(next)->prev_c = prev;
859 l2cap_pi(prev)->next_c = next;
860 write_unlock(&l->lock);
865 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
867 struct l2cap_chan_list *l = &conn->chan_list;
869 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
871 l2cap_pi(sk)->conn = conn;
873 if (sk->type == SOCK_SEQPACKET) {
874 /* Alloc CID for connection-oriented socket */
875 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
876 } else if (sk->type == SOCK_DGRAM) {
877 /* Connectionless socket */
878 l2cap_pi(sk)->scid = 0x0002;
879 l2cap_pi(sk)->dcid = 0x0002;
880 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
882 /* Raw socket can send/recv signalling messages only */
883 l2cap_pi(sk)->scid = 0x0001;
884 l2cap_pi(sk)->dcid = 0x0001;
885 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
888 __l2cap_chan_link(l, sk);
891 bluez_accept_enqueue(parent, sk);
894 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
896 struct l2cap_chan_list *l = &conn->chan_list;
897 write_lock(&l->lock);
898 __l2cap_chan_add(conn, sk, parent);
899 write_unlock(&l->lock);
903 * Must be called on the locked socket. */
904 static void l2cap_chan_del(struct sock *sk, int err)
906 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
907 struct sock *parent = bluez_pi(sk)->parent;
909 l2cap_sock_clear_timer(sk);
911 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
914 /* Unlink from channel list */
915 l2cap_chan_unlink(&conn->chan_list, sk);
916 l2cap_pi(sk)->conn = NULL;
917 hci_conn_put(conn->hcon);
920 sk->state = BT_CLOSED;
925 parent->data_ready(parent, 0);
927 sk->state_change(sk);
930 static void l2cap_conn_ready(struct l2cap_conn *conn)
932 struct l2cap_chan_list *l = &conn->chan_list;
935 BT_DBG("conn %p", conn);
939 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
942 if (sk->type != SOCK_SEQPACKET) {
943 l2cap_sock_clear_timer(sk);
944 sk->state = BT_CONNECTED;
945 sk->state_change(sk);
946 } else if (sk->state == BT_CONNECT) {
948 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
949 req.psm = l2cap_pi(sk)->psm;
950 l2cap_send_req(conn, L2CAP_CONN_REQ, L2CAP_CONN_REQ_SIZE, &req);
956 read_unlock(&l->lock);
959 static void l2cap_chan_ready(struct sock *sk)
961 struct sock *parent = bluez_pi(sk)->parent;
963 BT_DBG("sk %p, parent %p", sk, parent);
965 l2cap_pi(sk)->conf_state = 0;
966 l2cap_sock_clear_timer(sk);
970 * Wake up socket sleeping on connect.
972 sk->state = BT_CONNECTED;
973 sk->state_change(sk);
975 /* Incomming channel.
976 * Wake up socket sleeping on accept.
978 parent->data_ready(parent, 0);
982 /* Copy frame to all raw sockets on that connection */
983 void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
985 struct l2cap_chan_list *l = &conn->chan_list;
986 struct sk_buff *nskb;
989 BT_DBG("conn %p", conn);
992 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
993 if (sk->type != SOCK_RAW)
996 /* Don't send frame to the socket it came from */
1000 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1003 if (sock_queue_rcv_skb(sk, nskb))
1006 read_unlock(&l->lock);
1009 static int l2cap_chan_send(struct sock *sk, struct msghdr *msg, int len)
1011 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1012 struct sk_buff *skb, **frag;
1013 int err, hlen, count, sent=0;
1016 BT_DBG("sk %p len %d", sk, len);
1018 /* First fragment (with L2CAP header) */
1019 if (sk->type == SOCK_DGRAM)
1020 hlen = L2CAP_HDR_SIZE + 2;
1022 hlen = L2CAP_HDR_SIZE;
1024 count = MIN(conn->mtu - hlen, len);
1026 skb = bluez_skb_send_alloc(sk, hlen + count,
1027 msg->msg_flags & MSG_DONTWAIT, &err);
1031 /* Create L2CAP header */
1032 lh = (l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1033 lh->cid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1034 lh->len = __cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1036 if (sk->type == SOCK_DGRAM)
1037 put_unaligned(l2cap_pi(sk)->psm, (__u16 *) skb_put(skb, 2));
1039 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1047 /* Continuation fragments (no L2CAP header) */
1048 frag = &skb_shinfo(skb)->frag_list;
1050 count = MIN(conn->mtu, len);
1052 *frag = bluez_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1056 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1064 frag = &(*frag)->next;
1067 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1077 /* --------- L2CAP signalling commands --------- */
1078 static inline __u8 l2cap_get_ident(struct l2cap_conn *conn)
1082 /* Get next available identificator.
1083 * 1 - 199 are used by kernel.
1084 * 200 - 254 are used by utilities like l2ping, etc
1087 spin_lock(&conn->lock);
1089 if (++conn->tx_ident > 199)
1092 id = conn->tx_ident;
1094 spin_unlock(&conn->lock);
1099 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1100 __u8 code, __u8 ident, __u16 dlen, void *data)
1102 struct sk_buff *skb, **frag;
1107 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1109 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1110 count = MIN(conn->mtu, len);
1112 skb = bluez_skb_alloc(count, GFP_ATOMIC);
1116 lh = (l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1117 lh->len = __cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1118 lh->cid = __cpu_to_le16(0x0001);
1120 cmd = (l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1123 cmd->len = __cpu_to_le16(dlen);
1126 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1127 memcpy(skb_put(skb, count), data, count);
1133 /* Continuation fragments (no L2CAP header) */
1134 frag = &skb_shinfo(skb)->frag_list;
1136 count = MIN(conn->mtu, len);
1138 *frag = bluez_skb_alloc(count, GFP_ATOMIC);
1142 memcpy(skb_put(*frag, count), data, count);
1147 frag = &(*frag)->next;
1157 static int l2cap_send_req(struct l2cap_conn *conn, __u8 code, __u16 len, void *data)
1159 __u8 ident = l2cap_get_ident(conn);
1160 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
1162 BT_DBG("code 0x%2.2x", code);
1166 return hci_send_acl(conn->hcon, skb, 0);
1169 static int l2cap_send_rsp(struct l2cap_conn *conn, __u8 ident, __u8 code, __u16 len, void *data)
1171 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
1173 BT_DBG("code 0x%2.2x", code);
1177 return hci_send_acl(conn->hcon, skb, 0);
1180 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1182 l2cap_conf_opt *opt = *ptr;
1185 len = L2CAP_CONF_OPT_SIZE + opt->len;
1193 *val = *((__u8 *) opt->val);
1197 *val = __le16_to_cpu(*((__u16 *)opt->val));
1201 *val = __le32_to_cpu(*((__u32 *)opt->val));
1205 *val = (unsigned long) opt->val;
1209 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1213 static inline void l2cap_parse_conf_req(struct sock *sk, void *data, int len)
1215 int type, hint, olen;
1219 BT_DBG("sk %p len %d", sk, len);
1221 while (len >= L2CAP_CONF_OPT_SIZE) {
1222 len -= l2cap_get_conf_opt(&ptr, &type, &olen, &val);
1228 case L2CAP_CONF_MTU:
1229 l2cap_pi(sk)->conf_mtu = val;
1232 case L2CAP_CONF_FLUSH_TO:
1233 l2cap_pi(sk)->flush_to = val;
1236 case L2CAP_CONF_QOS:
1243 /* FIXME: Reject unknown option */
1249 static void l2cap_add_conf_opt(void **ptr, __u8 type, __u8 len, unsigned long val)
1251 register l2cap_conf_opt *opt = *ptr;
1253 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1260 *((__u8 *) opt->val) = val;
1264 *((__u16 *) opt->val) = __cpu_to_le16(val);
1268 *((__u32 *) opt->val) = __cpu_to_le32(val);
1272 memcpy(opt->val, (void *) val, len);
1276 *ptr += L2CAP_CONF_OPT_SIZE + len;
1279 static int l2cap_build_conf_req(struct sock *sk, void *data)
1281 struct l2cap_pinfo *pi = l2cap_pi(sk);
1282 l2cap_conf_req *req = (l2cap_conf_req *) data;
1283 void *ptr = req->data;
1285 BT_DBG("sk %p", sk);
1287 if (pi->imtu != L2CAP_DEFAULT_MTU)
1288 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1290 /* FIXME. Need actual value of the flush timeout */
1291 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1292 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1294 req->dcid = __cpu_to_le16(pi->dcid);
1295 req->flags = __cpu_to_le16(0);
1300 static inline int l2cap_conf_output(struct sock *sk, void **ptr)
1302 struct l2cap_pinfo *pi = l2cap_pi(sk);
1305 /* Configure output options and let the other side know
1306 * which ones we don't like.
1308 if (pi->conf_mtu < pi->omtu) {
1309 l2cap_add_conf_opt(ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1310 result = L2CAP_CONF_UNACCEPT;
1312 pi->omtu = pi->conf_mtu;
1315 BT_DBG("sk %p result %d", sk, result);
1319 static int l2cap_build_conf_rsp(struct sock *sk, void *data, int *result)
1321 l2cap_conf_rsp *rsp = (l2cap_conf_rsp *) data;
1322 void *ptr = rsp->data;
1324 BT_DBG("sk %p complete %d", sk, result ? 1 : 0);
1327 *result = l2cap_conf_output(sk, &ptr);
1329 rsp->scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1330 rsp->result = __cpu_to_le16(result ? *result : 0);
1331 rsp->flags = __cpu_to_le16(0);
1336 static inline int l2cap_connect_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1338 struct l2cap_chan_list *list = &conn->chan_list;
1339 l2cap_conn_req *req = (l2cap_conn_req *) data;
1341 struct sock *sk, *parent;
1342 int result = 0, status = 0;
1344 __u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1345 __u16 psm = req->psm;
1347 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1349 /* Check if we have socket listening on psm */
1350 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1352 result = L2CAP_CR_BAD_PSM;
1356 result = L2CAP_CR_NO_MEM;
1358 /* Check for backlog size */
1359 if (parent->ack_backlog > parent->max_ack_backlog) {
1360 BT_DBG("backlog full %d", parent->ack_backlog);
1364 sk = l2cap_sock_alloc(NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1368 write_lock(&list->lock);
1370 /* Check if we already have channel with that dcid */
1371 if (__l2cap_get_chan_by_dcid(list, scid)) {
1372 write_unlock(&list->lock);
1374 l2cap_sock_kill(sk);
1378 hci_conn_hold(conn->hcon);
1380 l2cap_sock_init(sk, parent);
1381 bacpy(&bluez_pi(sk)->src, conn->src);
1382 bacpy(&bluez_pi(sk)->dst, conn->dst);
1383 l2cap_pi(sk)->psm = psm;
1384 l2cap_pi(sk)->dcid = scid;
1386 __l2cap_chan_add(conn, sk, parent);
1387 dcid = l2cap_pi(sk)->scid;
1389 l2cap_sock_set_timer(sk, sk->sndtimeo);
1391 /* Service level security */
1392 result = L2CAP_CR_PEND;
1393 status = L2CAP_CS_AUTHEN_PEND;
1394 sk->state = BT_CONNECT2;
1395 l2cap_pi(sk)->ident = cmd->ident;
1397 if (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) {
1398 if (!hci_conn_encrypt(conn->hcon))
1400 } else if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH) {
1401 if (!hci_conn_auth(conn->hcon))
1405 sk->state = BT_CONFIG;
1406 result = status = 0;
1409 write_unlock(&list->lock);
1412 bh_unlock_sock(parent);
1415 rsp.scid = __cpu_to_le16(scid);
1416 rsp.dcid = __cpu_to_le16(dcid);
1417 rsp.result = __cpu_to_le16(result);
1418 rsp.status = __cpu_to_le16(status);
1419 l2cap_send_rsp(conn, cmd->ident, L2CAP_CONN_RSP, L2CAP_CONN_RSP_SIZE, &rsp);
1423 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1425 l2cap_conn_rsp *rsp = (l2cap_conn_rsp *) data;
1426 __u16 scid, dcid, result, status;
1430 scid = __le16_to_cpu(rsp->scid);
1431 dcid = __le16_to_cpu(rsp->dcid);
1432 result = __le16_to_cpu(rsp->result);
1433 status = __le16_to_cpu(rsp->status);
1435 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1437 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1441 case L2CAP_CR_SUCCESS:
1442 sk->state = BT_CONFIG;
1443 l2cap_pi(sk)->dcid = dcid;
1444 l2cap_pi(sk)->conf_state |= CONF_REQ_SENT;
1446 l2cap_send_req(conn, L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req);
1453 l2cap_chan_del(sk, ECONNREFUSED);
1461 static inline int l2cap_config_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1463 l2cap_conf_req * req = (l2cap_conf_req *) data;
1469 dcid = __le16_to_cpu(req->dcid);
1470 flags = __le16_to_cpu(req->flags);
1472 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1474 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1477 l2cap_parse_conf_req(sk, req->data, cmd->len - L2CAP_CONF_REQ_SIZE);
1480 /* Incomplete config. Send empty response. */
1481 l2cap_send_rsp(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, NULL), rsp);
1485 /* Complete config. */
1486 l2cap_send_rsp(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, &result), rsp);
1491 /* Output config done */
1492 l2cap_pi(sk)->conf_state |= CONF_OUTPUT_DONE;
1494 if (l2cap_pi(sk)->conf_state & CONF_INPUT_DONE) {
1495 sk->state = BT_CONNECTED;
1496 l2cap_chan_ready(sk);
1497 } else if (!(l2cap_pi(sk)->conf_state & CONF_REQ_SENT)) {
1499 l2cap_send_req(conn, L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req);
1507 static inline int l2cap_config_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1509 l2cap_conf_rsp *rsp = (l2cap_conf_rsp *)data;
1510 __u16 scid, flags, result;
1514 scid = __le16_to_cpu(rsp->scid);
1515 flags = __le16_to_cpu(rsp->flags);
1516 result = __le16_to_cpu(rsp->result);
1518 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
1520 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1524 l2cap_disconn_req req;
1526 /* They didn't like our options. Well... we do not negotiate.
1529 sk->state = BT_DISCONN;
1530 l2cap_sock_set_timer(sk, HZ * 5);
1532 req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1533 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
1534 l2cap_send_req(conn, L2CAP_DISCONN_REQ, L2CAP_DISCONN_REQ_SIZE, &req);
1541 /* Input config done */
1542 l2cap_pi(sk)->conf_state |= CONF_INPUT_DONE;
1544 if (l2cap_pi(sk)->conf_state & CONF_OUTPUT_DONE) {
1545 sk->state = BT_CONNECTED;
1546 l2cap_chan_ready(sk);
1554 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1556 l2cap_disconn_req *req = (l2cap_disconn_req *) data;
1557 l2cap_disconn_rsp rsp;
1561 scid = __le16_to_cpu(req->scid);
1562 dcid = __le16_to_cpu(req->dcid);
1564 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
1566 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1569 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
1570 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1571 l2cap_send_rsp(conn, cmd->ident, L2CAP_DISCONN_RSP, L2CAP_DISCONN_RSP_SIZE, &rsp);
1573 sk->shutdown = SHUTDOWN_MASK;
1575 l2cap_chan_del(sk, ECONNRESET);
1578 l2cap_sock_kill(sk);
1582 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1584 l2cap_disconn_rsp *rsp = (l2cap_disconn_rsp *) data;
1588 scid = __le16_to_cpu(rsp->scid);
1589 dcid = __le16_to_cpu(rsp->dcid);
1591 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
1593 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1595 l2cap_chan_del(sk, ECONNABORTED);
1598 l2cap_sock_kill(sk);
1602 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1604 __u8 *data = skb->data;
1609 while (len >= L2CAP_CMD_HDR_SIZE) {
1610 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
1611 data += L2CAP_CMD_HDR_SIZE;
1612 len -= L2CAP_CMD_HDR_SIZE;
1614 cmd.len = __le16_to_cpu(cmd.len);
1616 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd.len, cmd.ident);
1618 if (cmd.len > len || !cmd.ident) {
1619 BT_DBG("corrupted command");
1624 case L2CAP_CONN_REQ:
1625 err = l2cap_connect_req(conn, &cmd, data);
1628 case L2CAP_CONN_RSP:
1629 err = l2cap_connect_rsp(conn, &cmd, data);
1632 case L2CAP_CONF_REQ:
1633 err = l2cap_config_req(conn, &cmd, data);
1636 case L2CAP_CONF_RSP:
1637 err = l2cap_config_rsp(conn, &cmd, data);
1640 case L2CAP_DISCONN_REQ:
1641 err = l2cap_disconnect_req(conn, &cmd, data);
1644 case L2CAP_DISCONN_RSP:
1645 err = l2cap_disconnect_rsp(conn, &cmd, data);
1648 case L2CAP_COMMAND_REJ:
1649 /* FIXME: We should process this */
1650 l2cap_raw_recv(conn, skb);
1653 case L2CAP_ECHO_REQ:
1654 l2cap_send_rsp(conn, cmd.ident, L2CAP_ECHO_RSP, cmd.len, data);
1657 case L2CAP_ECHO_RSP:
1658 case L2CAP_INFO_REQ:
1659 case L2CAP_INFO_RSP:
1660 l2cap_raw_recv(conn, skb);
1664 BT_ERR("Uknown signaling command 0x%2.2x", cmd.code);
1671 BT_DBG("error %d", err);
1673 /* FIXME: Map err to a valid reason. */
1674 rej.reason = __cpu_to_le16(0);
1675 l2cap_send_rsp(conn, cmd.ident, L2CAP_COMMAND_REJ, L2CAP_CMD_REJ_SIZE, &rej);
1685 static inline int l2cap_data_channel(struct l2cap_conn *conn, __u16 cid, struct sk_buff *skb)
1689 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
1691 BT_DBG("unknown cid 0x%4.4x", cid);
1695 BT_DBG("sk %p, len %d", sk, skb->len);
1697 if (sk->state != BT_CONNECTED)
1700 if (l2cap_pi(sk)->imtu < skb->len)
1703 /* If socket recv buffers overflows we drop data here
1704 * which is *bad* because L2CAP has to be reliable.
1705 * But we don't have any other choice. L2CAP doesn't
1706 * provide flow control mechanism */
1708 if (!sock_queue_rcv_skb(sk, skb))
1715 if (sk) bh_unlock_sock(sk);
1719 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __u16 psm, struct sk_buff *skb)
1723 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
1727 BT_DBG("sk %p, len %d", sk, skb->len);
1729 if (sk->state != BT_BOUND && sk->state != BT_CONNECTED)
1732 if (l2cap_pi(sk)->imtu < skb->len)
1735 if (!sock_queue_rcv_skb(sk, skb))
1742 if (sk) bh_unlock_sock(sk);
1746 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
1748 l2cap_hdr *lh = (l2cap_hdr *) skb->data;
1749 __u16 cid, psm, len;
1751 skb_pull(skb, L2CAP_HDR_SIZE);
1752 cid = __le16_to_cpu(lh->cid);
1753 len = __le16_to_cpu(lh->len);
1755 BT_DBG("len %d, cid 0x%4.4x", len, cid);
1759 l2cap_sig_channel(conn, skb);
1763 psm = get_unaligned((__u16 *) skb->data);
1765 l2cap_conless_channel(conn, psm, skb);
1769 l2cap_data_channel(conn, cid, skb);
1774 /* ------------ L2CAP interface with lower layer (HCI) ------------- */
1776 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type)
1778 int exact = 0, lm1 = 0, lm2 = 0;
1779 register struct sock *sk;
1781 if (type != ACL_LINK)
1784 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
1786 /* Find listening sockets and check their link_mode */
1787 read_lock(&l2cap_sk_list.lock);
1788 for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
1789 if (sk->state != BT_LISTEN)
1792 if (!bacmp(&bluez_pi(sk)->src, bdaddr)) {
1793 lm1 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
1795 } else if (!bacmp(&bluez_pi(sk)->src, BDADDR_ANY))
1796 lm2 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
1798 read_unlock(&l2cap_sk_list.lock);
1800 return exact ? lm1 : lm2;
1803 static int l2cap_connect_cfm(struct hci_conn *hcon, __u8 status)
1805 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
1807 if (hcon->type != ACL_LINK)
1811 struct l2cap_conn *conn;
1813 conn = l2cap_conn_add(hcon, status);
1815 l2cap_conn_ready(conn);
1817 l2cap_conn_del(hcon, bterr(status));
1822 static int l2cap_disconn_ind(struct hci_conn *hcon, __u8 reason)
1824 BT_DBG("hcon %p reason %d", hcon, reason);
1826 if (hcon->type != ACL_LINK)
1829 l2cap_conn_del(hcon, bterr(reason));
1833 static int l2cap_auth_cfm(struct hci_conn *hcon, __u8 status)
1835 struct l2cap_chan_list *l;
1836 struct l2cap_conn *conn;
1841 if (!(conn = hcon->l2cap_data))
1843 l = &conn->chan_list;
1845 BT_DBG("conn %p", conn);
1847 read_lock(&l->lock);
1849 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1852 if (sk->state != BT_CONNECT2 ||
1853 (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT)) {
1859 sk->state = BT_CONFIG;
1862 sk->state = BT_DISCONN;
1863 l2cap_sock_set_timer(sk, HZ/10);
1864 result = L2CAP_CR_SEC_BLOCK;
1867 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1868 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
1869 rsp.result = __cpu_to_le16(result);
1870 rsp.status = __cpu_to_le16(0);
1871 l2cap_send_rsp(conn, l2cap_pi(sk)->ident, L2CAP_CONN_RSP,
1872 L2CAP_CONN_RSP_SIZE, &rsp);
1877 read_unlock(&l->lock);
1881 static int l2cap_encrypt_cfm(struct hci_conn *hcon, __u8 status)
1883 struct l2cap_chan_list *l;
1884 struct l2cap_conn *conn;
1889 if (!(conn = hcon->l2cap_data))
1891 l = &conn->chan_list;
1893 BT_DBG("conn %p", conn);
1895 read_lock(&l->lock);
1897 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1900 if (sk->state != BT_CONNECT2) {
1906 sk->state = BT_CONFIG;
1909 sk->state = BT_DISCONN;
1910 l2cap_sock_set_timer(sk, HZ/10);
1911 result = L2CAP_CR_SEC_BLOCK;
1914 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1915 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
1916 rsp.result = __cpu_to_le16(result);
1917 rsp.status = __cpu_to_le16(0);
1918 l2cap_send_rsp(conn, l2cap_pi(sk)->ident, L2CAP_CONN_RSP,
1919 L2CAP_CONN_RSP_SIZE, &rsp);
1924 read_unlock(&l->lock);
1928 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, __u16 flags)
1930 struct l2cap_conn *conn = hcon->l2cap_data;
1932 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
1935 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
1937 if (flags & ACL_START) {
1942 BT_ERR("Unexpected start frame (len %d)", skb->len);
1943 kfree_skb(conn->rx_skb);
1944 conn->rx_skb = NULL;
1949 BT_ERR("Frame is too small (len %d)", skb->len);
1953 hdr = (l2cap_hdr *) skb->data;
1954 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
1956 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
1958 if (len == skb->len) {
1959 /* Complete frame received */
1960 l2cap_recv_frame(conn, skb);
1964 /* Allocate skb for the complete frame (with header) */
1965 if (!(conn->rx_skb = bluez_skb_alloc(len, GFP_ATOMIC)))
1968 memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
1969 conn->rx_len = len - skb->len;
1971 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
1973 if (!conn->rx_len) {
1974 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
1978 if (skb->len > conn->rx_len) {
1979 BT_ERR("Fragment is too large (len %d, expect %d)",
1980 skb->len, conn->rx_len);
1981 kfree_skb(conn->rx_skb);
1982 conn->rx_skb = NULL;
1987 memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
1988 conn->rx_len -= skb->len;
1990 if (!conn->rx_len) {
1991 /* Complete frame received */
1992 l2cap_recv_frame(conn, conn->rx_skb);
1993 conn->rx_skb = NULL;
2002 /* ----- Proc fs support ------ */
2003 static int l2cap_sock_dump(char *buf, struct bluez_sock_list *list)
2005 struct l2cap_pinfo *pi;
2009 read_lock_bh(&list->lock);
2011 for (sk = list->head; sk; sk = sk->next) {
2013 ptr += sprintf(ptr, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d 0x%x\n",
2014 batostr(&bluez_pi(sk)->src), batostr(&bluez_pi(sk)->dst),
2015 sk->state, pi->psm, pi->scid, pi->dcid, pi->imtu, pi->omtu,
2019 read_unlock_bh(&list->lock);
2021 ptr += sprintf(ptr, "\n");
2025 static int l2cap_read_proc(char *buf, char **start, off_t offset, int count, int *eof, void *priv)
2030 BT_DBG("count %d, offset %ld", count, offset);
2032 ptr += l2cap_sock_dump(ptr, &l2cap_sk_list);
2035 if (len <= count + offset)
2038 *start = buf + offset;
2049 static struct proto_ops l2cap_sock_ops = {
2050 family: PF_BLUETOOTH,
2051 release: l2cap_sock_release,
2052 bind: l2cap_sock_bind,
2053 connect: l2cap_sock_connect,
2054 listen: l2cap_sock_listen,
2055 accept: l2cap_sock_accept,
2056 getname: l2cap_sock_getname,
2057 sendmsg: l2cap_sock_sendmsg,
2058 recvmsg: bluez_sock_recvmsg,
2059 poll: bluez_sock_poll,
2060 socketpair: sock_no_socketpair,
2061 ioctl: sock_no_ioctl,
2062 shutdown: l2cap_sock_shutdown,
2063 setsockopt: l2cap_sock_setsockopt,
2064 getsockopt: l2cap_sock_getsockopt,
2068 static struct net_proto_family l2cap_sock_family_ops = {
2069 family: PF_BLUETOOTH,
2070 create: l2cap_sock_create
2073 static struct hci_proto l2cap_hci_proto = {
2075 id: HCI_PROTO_L2CAP,
2076 connect_ind: l2cap_connect_ind,
2077 connect_cfm: l2cap_connect_cfm,
2078 disconn_ind: l2cap_disconn_ind,
2079 recv_acldata: l2cap_recv_acldata,
2080 auth_cfm: l2cap_auth_cfm,
2081 encrypt_cfm: l2cap_encrypt_cfm
2084 int __init l2cap_init(void)
2088 if ((err = bluez_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops))) {
2089 BT_ERR("Can't register L2CAP socket");
2093 if ((err = hci_register_proto(&l2cap_hci_proto))) {
2094 BT_ERR("Can't register L2CAP protocol");
2098 create_proc_read_entry("bluetooth/l2cap", 0, 0, l2cap_read_proc, NULL);
2100 BT_INFO("BlueZ L2CAP ver %s Copyright (C) 2000,2001 Qualcomm Inc", VERSION);
2101 BT_INFO("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
2105 void l2cap_cleanup(void)
2107 remove_proc_entry("bluetooth/l2cap", NULL);
2109 /* Unregister socket and protocol */
2110 if (bluez_sock_unregister(BTPROTO_L2CAP))
2111 BT_ERR("Can't unregister L2CAP socket");
2113 if (hci_unregister_proto(&l2cap_hci_proto))
2114 BT_ERR("Can't unregister L2CAP protocol");
2117 module_init(l2cap_init);
2118 module_exit(l2cap_cleanup);
2120 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>");
2121 MODULE_DESCRIPTION("BlueZ L2CAP ver " VERSION);
2122 MODULE_LICENSE("GPL");
projects / linux-2.4.21-pre4.git / blob